├── .gitignore ├── .gitreview ├── CHANGELOG ├── CHANGELOG-0.1.md ├── CHANGELOG-1.0.md ├── CHANGELOG-2.0.md ├── CHANGELOG-3.0.md ├── CHANGELOG-4.0.md ├── CHANGELOG-5.0.md ├── CHANGELOG-6.0.md └── README.md ├── LICENSE ├── Makefile ├── README.md ├── build ├── Dockerfile.centos ├── Dockerfile.nodus-ubuntu-base ├── Dockerfile.ubuntu ├── Makefile └── bin │ ├── entrypoint │ └── user_setup ├── cmd ├── nfn-agent │ └── nfn-agent.go ├── nfn-operator │ └── nfn-operator.go └── ovn4nfvk8s-cni │ ├── app │ └── helper_linux.go │ └── ovn4nfvk8s-cni.go ├── demo ├── calico-nodus-secondary-sfc-setup-II │ ├── README.md │ └── deploy │ │ ├── namespace-left.yaml │ │ ├── namespace-right.yaml │ │ ├── ngfw.yaml │ │ ├── nginx-left-deployment-1.yaml │ │ ├── nginx-left-deployment.yaml │ │ ├── nginx-right-deployment-1.yaml │ │ ├── nginx-right-deployment.yaml │ │ ├── sdewan-multiple-network.yaml │ │ ├── sfc-private-network.yaml │ │ ├── sfc.yaml │ │ ├── slb-multiple-network.yaml │ │ ├── virtual-ngfw.yaml │ │ ├── virtual-sdewan-multiple-network.yaml │ │ ├── virtual-sfc.yaml │ │ └── virtual-slb-multiple-network.yaml ├── calico-nodus-secondary-sfc-setup │ ├── README.md │ └── deploy │ │ ├── namespace-left.yaml │ │ ├── namespace-right.yaml │ │ ├── ngfw.yaml │ │ ├── nginx-left-deployment.yaml │ │ ├── nginx-right-deployment.yaml │ │ ├── sdewan-multiple-network.yaml │ │ ├── sfc-virtual-network.yaml │ │ ├── sfc-with-virtual-and-provider-network.yaml │ │ └── slb-multiple-network.yaml ├── nodus-primary-sfc-setup │ ├── README.md │ ├── Vagrantfile │ ├── config │ │ └── default.yml │ ├── connectivity-test.yml │ ├── demo-traffic-test.yml │ ├── demo.yml │ ├── deploy │ │ ├── firewall-dyn-net-2.yaml │ │ ├── firewall-right-pnetwork.yaml │ │ ├── firewall-rule-reject-icmp-right-pnetwork.yaml │ │ ├── ms1.yaml │ │ ├── sfc-virtual-network.yaml │ │ ├── sfc.yaml │ │ └── slb-ngfw-sdewan-cnf-deployment.yaml │ ├── deployment.yml │ ├── insecure_keys │ │ ├── key │ │ └── key.pub │ ├── node.sh │ ├── ovn4nfv-pod-network │ │ ├── ovn-daemonset.yaml │ │ └── ovn4nfv-k8s-plugin.yml │ └── setup.sh └── vm-setup │ ├── Vagrantfile │ ├── config │ └── default.yml │ ├── insecure_keys │ ├── key │ └── key.pub │ ├── node.sh │ └── setup.sh ├── deploy ├── apiextensions.k8s.io-v1beta1 │ ├── ovn-daemonset.yaml │ ├── ovn4nfv-k8s-plugin-sfc-setup-II.yaml │ └── ovn4nfv-k8s-plugin.yaml ├── calico.yaml ├── cert-manager │ ├── cert-manager-kustomize.yaml │ └── kustomization.yaml ├── crds │ ├── k8s.plugin.opnfv.org_networkchainings_crd.yaml │ ├── k8s.plugin.opnfv.org_networks_crd.yaml │ ├── k8s.plugin.opnfv.org_providernetworks_crd.yaml │ ├── k8s_v1alpha1_network_cr.yaml │ ├── k8s_v1alpha1_network_crd.yaml │ ├── k8s_v1alpha1_networkchaining_cr.yaml │ ├── k8s_v1alpha1_providernetwork_cr.yaml │ └── k8s_v1alpha1_providernetwork_crd.yaml ├── deprecated │ ├── ovn-daemonset-centos.yaml │ └── ovn4nfv-k8s-plugin-centos.yaml ├── multus-daemonset.yaml ├── ovn-daemonset.yaml ├── ovn4nfv-k8s-plugin-sfc-setup-II.yaml └── ovn4nfv-k8s-plugin.yaml ├── doc ├── configuration.md ├── development.md ├── how-to-use.md └── ipv6.md ├── example ├── defaut-gateway-pod-with-multus-and-nodus.yaml ├── defaut-gateway-pod-with-nodus.yaml ├── multus-net-attach-def-cr.yaml ├── ovn-port-net.yaml ├── ovn-priv-net.yaml ├── ovn4nfv-deployment-hostnames-svc.yaml ├── ovn4nfv-deployment-noannotation-hostnames.yaml ├── ovn4nfv-deployment-noannotation-sandbox.yaml ├── ovn4nfv-deployment-replica-2-noannotation.yaml ├── ovn4nfv-deployment-replica-2-with-multus-ovn4nfv-annotations.yaml ├── ovn4nfv-deployment-replica-2-withannotation.yaml ├── ovn4nfv-deployment-with-multus-annotation-sandbox.yaml ├── ovn4nfv-k8s-plugin-daemonset.yml ├── ovn4nfv_direct_pn.yml └── ovn4nfv_vlan_pn.yml ├── go.mod ├── go.sum ├── images ├── direct-provider-networking.png ├── logo │ ├── license_details.md │ └── nodus_logo.png ├── ovn4nfv-k8s-arch-block.png ├── ovn4nfv-network-traffic.png ├── sfc-test-scenario-diagram.png ├── sfc-test-scenario-ms1-icmp-blocked.png ├── sfc-test-scenario-ms1-to-internet.png ├── sfc-test-scenario-tm1-icmp-blocked.png ├── sfc-test-scenario-tm1-to-internet.png ├── sfc-virtual-and-provider-network-setup.png ├── sfc-with-sdewan.png └── vlan-tagging.png ├── internal └── pkg │ ├── auth │ └── auth.go │ ├── cniserver │ ├── cni.go │ └── cniserver.go │ ├── cnishim │ └── cnishim.go │ ├── config │ ├── config.go │ └── config_test.go │ ├── containerd │ └── containerd.go │ ├── criclient │ └── criclient.go │ ├── crio │ └── crio.go │ ├── docker │ └── docker.go │ ├── kube │ └── kube.go │ ├── network │ ├── iface.go │ ├── iptables.go │ ├── pool.go │ └── subnet.go │ ├── nfnNotify │ ├── proto │ │ ├── nfn.pb.go │ │ ├── nfn.proto │ │ └── nfn_grpc.pb.go │ └── server.go │ ├── node │ └── node.go │ ├── ovn │ ├── acl.go │ ├── common.go │ ├── ovn.go │ ├── port_group.go │ └── utils.go │ ├── testing │ └── testing.go │ └── utils │ └── chain.go ├── pkg ├── apis │ ├── addtoscheme_k8s_v1alpha1.go │ ├── apis.go │ └── k8s │ │ ├── group.go │ │ └── v1alpha1 │ │ ├── doc.go │ │ ├── network_types.go │ │ ├── networkchaining_types.go │ │ ├── providernetwork_types.go │ │ ├── register.go │ │ ├── zz_generated.deepcopy.go │ │ └── zz_generated.openapi.go ├── controller │ ├── add_network.go │ ├── add_networkchaining.go │ ├── add_networkpolicy.go │ ├── add_pod.go │ ├── add_providernetwork.go │ ├── controller.go │ ├── network │ │ └── network_controller.go │ ├── networkchaining │ │ └── networkchaining_controller.go │ ├── networkpolicy │ │ └── networkpolicy_controller.go │ ├── pod │ │ └── pod_controller.go │ └── providernetwork │ │ └── providernetwork_controller.go ├── generated │ ├── clientset │ │ └── versioned │ │ │ ├── clientset.go │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── clientset_generated.go │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ ├── scheme │ │ │ ├── doc.go │ │ │ └── register.go │ │ │ └── typed │ │ │ └── k8s │ │ │ └── v1alpha1 │ │ │ ├── doc.go │ │ │ ├── fake │ │ │ ├── doc.go │ │ │ ├── fake_k8s_client.go │ │ │ ├── fake_network.go │ │ │ ├── fake_networkchaining.go │ │ │ └── fake_providernetwork.go │ │ │ ├── generated_expansion.go │ │ │ ├── k8s_client.go │ │ │ ├── network.go │ │ │ ├── networkchaining.go │ │ │ └── providernetwork.go │ ├── informers │ │ └── externalversions │ │ │ ├── factory.go │ │ │ ├── generic.go │ │ │ ├── internalinterfaces │ │ │ └── factory_interfaces.go │ │ │ └── k8s │ │ │ ├── interface.go │ │ │ └── v1alpha1 │ │ │ ├── interface.go │ │ │ ├── network.go │ │ │ ├── networkchaining.go │ │ │ └── providernetwork.go │ └── listers │ │ └── k8s │ │ └── v1alpha1 │ │ ├── expansion_generated.go │ │ ├── network.go │ │ ├── networkchaining.go │ │ └── providernetwork.go └── utils │ └── finalizer_utils.go ├── testing └── fuzzing │ └── test.sh ├── tox.ini └── utilities ├── docker ├── Makefile ├── centos │ └── Dockerfile ├── debian │ └── Dockerfile └── ovn4nfv-k8s.sh └── kernel └── debian └── install_kernel_modules.sh /.gitignore: -------------------------------------------------------------------------------- 1 | .tox/ 2 | demo/nodus-primary-sfc-setup/.vagrant/ 3 | demo/calico-nodus-secondary-sfc-setup/.vagrant/ 4 | demo/calico-nodus-secondary-sfc-setup-II/.vagrant/ 5 | -------------------------------------------------------------------------------- /.gitreview: -------------------------------------------------------------------------------- 1 | [gerrit] 2 | host=gerrit.akraino.org 3 | port=29418 4 | project=icn/nodus 5 | defaultbranch=master 6 | -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-0.1.md: -------------------------------------------------------------------------------- 1 | # v0.1.0 2 | 3 | ## Downloads for v0.1.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-0.1.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v0.1.0.tar.gz) | 9f4bdb08e0709dc741e7ac797fe28250b7c2c77dfb3ff1f2bb6bb28abc1abfceecbb38594fb3a8a6b9a98a335763499c621c34e87aff0484649f70db6e697a25 10 | 11 | ### Container Images 12 | 13 | name | 14 | ---- | 15 | [integratedcloudnative/ovn4nfv-k8s-plugin:v0.1.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 16 | 17 | ## Changelog 18 | ### Feature 19 | 20 | - Nodus initial code contributed and the following features added 21 | - Added Nodus CRD controller for the network using Operator SDK 22 | - Added gRPC proto server in network CRD controller and client in nfn-agent components 23 | - added provider and vlan network CRD controller 24 | 25 | 26 | ### Bug 27 | 28 | - _Nothing to add_ 29 | -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-1.0.md: -------------------------------------------------------------------------------- 1 | # v1.0.0 2 | 3 | ## Downloads for v1.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-1.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v1.0.0.tar.gz) | aa8e259c4d167724e8814d7529d4b7a43c37196081e2a68008d9cc59ca18cea47e6ee621f557874ba8aed15fcab3511f5608b6c94b89faa0ec877dcfd63b6d92 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v1.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | 16 | 17 | ## Changelog since v0.1.0 18 | ### Feature 19 | 20 | - Following features added 21 | - Added initial working Service chaining API and generated code for route based chaining CRD 22 | - Added direct provider network CRD controller, update the nfn.proto, apis 23 | - Include direct provider network API in the nfn-agent 24 | - Modified the nfnNotify server to include the direct provider network 25 | - Updated the ovn4nfv k8s plugin docker build golang version to v1.14 26 | 27 | ### Bug 28 | 29 | - Fixed the Vlan interface up bug -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-2.0.md: -------------------------------------------------------------------------------- 1 | # v2.0.0 2 | 3 | ## Downloads for v2.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-2.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v2.0.0.tar.gz) | 94e0e01d2e40b0efc514973a869402a3fe3792693e3d3132d09915fde6443f09aca32f9e30ed5fd984870130b5c9baa72ac1ebfc23e26da27022414ff5fc1f72 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v2.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | [integratedcloudnative/ovn4nfv-k8s-plugin:centos-v2.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 16 | [integratedcloudnative/ovn-images:v2.0.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 17 | [integratedcloudnative/ovn-images:centos-v2.0.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 18 | 19 | 20 | ## Changelog since v1.0.0 21 | ### Feature 22 | 23 | - Following features added 24 | - Adding the Primary network feature in Nodus and removing the dependence on cni proxy plugin 25 | - Nodus creates ovn overlay multi-networking using pod annotations itself 26 | - Adding ovn containerization and ovn daemonset deployment in nodus and removing the dependencies on standalone ovn installation on the host 27 | - Divided the CNI plugin into two parts CNI server and CNI shim. CNI sever resides in nfn-agent 28 | - Added the Nodus gateway interfaces, OVN node switch port, and SNAT rules for Nodus gateway interfaces 29 | - Added SFC controller based on route based chaining 30 | - Added iface pkg in nodus 31 | - Added gwipaddress features in network annotation 32 | - Added centos 8 support for Nodus and OVN docker images 33 | - update the documentation on development.md and configuration.md 34 | 35 | ### Bug 36 | 37 | - Removed the outdated unit test 38 | - Fixing the insync message issues in nfn-agent 39 | - Fixing the broken link in readme.md -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-3.0.md: -------------------------------------------------------------------------------- 1 | # v3.0.0 2 | 3 | ## Downloads for v3.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-3.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v3.0.0.tar.gz) | 114d9fca18afa03bebdff6c06a30537043d0daef113511d2c4f3f1ea0d97024ec0a6c82987d79b9641eada1d109f26af3c545506f5d703bb7c8cc5e5e22bb4b4 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v3.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | [integratedcloudnative/ovn-images:v2.2.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 16 | 17 | 18 | 19 | ## Changelog since v2.0.0 20 | ### Feature 21 | 22 | - Following features added 23 | - Upgraded vagrant version and optimized the vagrant installations 24 | - Added the automated testing 25 | - Added automated testing for the SFC demo 26 | - Added K8s service routing for the SFC pods 27 | - Added the interface hotplug feature in Nodus 28 | - Added the delete option for the SFC to reverse the SFC modification to reuse the SFC/CNFs pods 29 | - Added virtual mode in the SFC CRD and used the Kubernetes network labels instead of app name 30 | - Added validation and counter checking conditions to track the SFC creation for pod before and after SFC implemented 31 | - Added the pod groups in SFC CRD and interface hot-plugging for the pod groups 32 | - Added Nodus logo and documentation for the Calico SFC demos 33 | - Added features to support Kubevirt deployment with Multus to configure only the interface requested in NetworkAttachmentDefinition 34 | - Added "nfn-network" in the nodus CNI to be called through Multus to support VM deployment with Kubevirt 35 | 36 | ### Bug 37 | 38 | - Fixed the "eth0" interface name conflict between Nodus and CNI proxy plugins 39 | - Fixed the nfn-agent to wait for the ovs service in the host 40 | - Handled the pod deletion appropriately to release deleted ports 41 | - Calico by default doesn't allow the IP forwarding, fixed it in calico YAML 42 | - Fixed the route deletion to check the route existence first 43 | - Fixed the SFC VF routing miscalculation 44 | - Fixed Nodus to support K8s generic pod label format 45 | -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-4.0.md: -------------------------------------------------------------------------------- 1 | # v4.0.0 2 | 3 | ## Downloads for v4.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-4.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v4.0.0.tar.gz) | 743ab1ecc97da9d845a73bb3e9b6d644cddf78a6ac82e89c188f0284d10d06f25f823f5e37edae089a623691bf46d425bb4895172bffa169e273f1c2741b2dc0 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v4.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | [integratedcloudnative/ovn-images:v2.2.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 16 | 17 | ## Changelog since v3.0.0 18 | ### Feature 19 | 20 | - Following features added 21 | - Added hostnetwork, svc network, and pod network routes in the podSelector pods 22 | - Added subnet/supernet calculation package to support dynamic network creation 23 | - Added dynamic virtual network creation in Nodus using network pool mechanism 24 | - Added dynamic SFC deployment features to support EMCO deployment. 25 | - Added validation features in Nodus to check the container state before deploying SFC in pod network namespace 26 | 27 | ### Bug 28 | 29 | - Fixed the nodus internal pkg and github pkg url 30 | - Fixed host network, svc network and pod network routing in pod group in SFC with primary network gw ip 31 | - Fixed the bug to support multiple podSelector in SFC CR -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-5.0.md: -------------------------------------------------------------------------------- 1 | # v5.0.0 2 | 3 | ## Downloads for v5.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-5.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v5.0.0.tar.gz) | 64f315cae5e8186577a12868254017702db27849d2b54f4559978b6a6c31ce5c376740c1697a3f1f56636211e5953b953a9cf0dfcc87cdfe9316590f420107f1 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v5.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | [integratedcloudnative/ovn-images:v2.2.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 16 | 17 | ## Changelog since v4.0.0 18 | ### Feature 19 | 20 | - Following features added 21 | - Added feature to support multicast router in distance vector multicast routing protocol 22 | - Added the CNI packages in the Nodus docker images to secure the deployment issues 23 | - Updated the Nodus Primary network SFC and SDEWAN testing demo script 24 | - Added the pool pkg to support dynamic subnet calculation from user config 25 | - Supported dynamic pool networks using network label with prefix "net" in SFC 26 | - Added multiple Pod Selector in SFC CRD 27 | - Added the mutex locking mechanism to access the network pool through multiple SFC threats 28 | - Deprecated the CRD apiversion "apiextensions.k8s.io/v1beta1" to support "apiextensions.k8s.io/v1" 29 | - Deprecated the OVN Centos Support from Nodus 30 | 31 | ### Bug 32 | 33 | - Fixed SFC labels to support kubernetes fqdn format 34 | - Fixed the Nodus CNI filename to avoid conflict in secondary network mode 35 | - Removed the deprecated CRD and centos OVN yamls 36 | -------------------------------------------------------------------------------- /CHANGELOG/CHANGELOG-6.0.md: -------------------------------------------------------------------------------- 1 | # v6.0.0 2 | 3 | ## Downloads for v6.0.0 4 | 5 | ### Source Code 6 | 7 | filename | sha512 hash 8 | -------- | ----------- 9 | [icn-nodus-6.0.0.tar.gz](https://github.com/akraino-edge-stack/icn-nodus/archive/refs/tags/v6.0.0.tar.gz) | 564fa4a9ded91676b48ecd0a32fd6fcc7a4e9dd784001d29710314a331edc9d175fae8ce9002c1c92469046c8107ae48950b7a6e26aafde8c6138faa3f92daf5 10 | ### Container Images 11 | 12 | name | 13 | ---- | 14 | [integratedcloudnative/ovn4nfv-k8s-plugin:v6.0.0](https://hub.docker.com/r/integratedcloudnative/ovn4nfv-k8s-plugin/tags) | 15 | [integratedcloudnative/ovn-images:v2.3.0](https://hub.docker.com/r/integratedcloudnative/ovn-images/tags) | 16 | 17 | ## Changelog since v5.0.0 18 | ### Feature 19 | 20 | - Following features added 21 | - Updated the Docker images to have a multi-stage build with a golang base image 22 | - Update client-go package to support k8s 1.23 23 | - updated K8S API to k8s 1.23 24 | - Added optimization feature for user to select the host interface for the OVS binding in Nodus 25 | - Added IPv6 feature to support the Kubernetes dual-stack mode with IPv4 as the primary IP address and IPv6 as the secondary IP address or IPv6 as the primary IP address and IPv4 as the secondary IP address and IPv6 only mode. Please see this [guide](https://github.com/akraino-edge-stack/icn-nodus/blob/master/doc/ipv6.md) 26 | - Developed the OVN ACL and OVN port group golang package in Nodus 27 | - Developed Kubernetes network policy controller based on the OVN ACLs to implement the control traffic flow based on the OVN port group concept. Kubernetes network policies control traffic flow at the IP address or port level(OSI Layer 3 or 4). Please see this [guide](https://kubernetes.io/docs/concepts/services-networking/network-policies/) 28 | - Developed Fuzz tool using radamsa using to validate all YAML input fields in Nodus CR. Please see the [test script](https://github.com/akraino-edge-stack/icn-nodus/blob/master/testing/fuzzing/test.sh) 29 | - Integrated Cert Manager in Nodus to generate and store certificate, signature key, and CA certificates for the mTLS connectivity as k8s secrets 30 | - Developed auth pkg in Nodus to use Cert Manager secrets to establish minimum TLSv1.2 and cipher TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 across all entity in Nodus to secure the OVN and Nodus control data. 31 | 32 | ### Bug 33 | 34 | - Upgraded protobuf package version to 1.3.2 to fix the vulnerability [CVE-2021-3121](https://github.com/advisories/GHSA-c3h9-896r-86jm) in 1.3.1 35 | - Fixed nodus build issue by deprecating the go-openapi/spec package and used kube-openapi/pkg/validation/spec in Nodus 36 | - Fixed interface creation issue in PodSelectors in SFC by adding both IPv4 and IPv6 data fields 37 | - Removed the BDBA high and medium vulnerability in both OVN and Nodus docker images 38 | - Removed the Synk scan high and medium vulnerability in Nodus 39 | - Remove the privileges access in the Nodus pods -------------------------------------------------------------------------------- /CHANGELOG/README.md: -------------------------------------------------------------------------------- 1 | # CHANGELOGs 2 | 3 | - [CHANGELOG-6.0.md](./CHANGELOG-6.0.md) 4 | - [CHANGELOG-5.0.md](./CHANGELOG-5.0.md) 5 | - [CHANGELOG-4.0.md](./CHANGELOG-4.0.md) 6 | - [CHANGELOG-3.0.md](./CHANGELOG-3.0.md) 7 | - [CHANGELOG-2.0.md](./CHANGELOG-2.0.md) 8 | - [CHANGELOG-1.0.md](./CHANGELOG-1.0.md) 9 | - [CHANGELOG-0.1.md](./CHANGELOG-0.1.md) -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | GOPATH := $(shell realpath "$(PWD)/../../") 2 | 3 | export GOPATH ... 4 | export GO111MODULE=on 5 | 6 | .PHONY: all 7 | all: clean nfn-operator ovn4nfvk8s-cni nfn-agent 8 | 9 | nfn-operator: 10 | @go build -o build/bin/nfn-operator ./cmd/nfn-operator 11 | 12 | ovn4nfvk8s-cni: 13 | @go build -o build/bin/ovn4nfvk8s-cni ./cmd/ovn4nfvk8s-cni 14 | 15 | nfn-agent: 16 | @go build -o build/bin/nfn-agent ./cmd/nfn-agent 17 | 18 | test: 19 | @go test -v ./... 20 | 21 | clean: 22 | @rm -f build/bin/ovn4nfvk8s* 23 | @rm -f build/bin/nfn-operator* 24 | @rm -f build/bin/nfn-agent* 25 | 26 | -------------------------------------------------------------------------------- /build/Dockerfile.centos: -------------------------------------------------------------------------------- 1 | FROM centos:8 2 | 3 | ARG HTTP_PROXY=${HTTP_PROXY} 4 | ARG HTTPS_PROXY=${HTTPS_PROXY} 5 | 6 | ENV http_proxy $HTTP_PROXY 7 | ENV https_proxy $HTTPS_PROXY 8 | ENV no_proxy $NO_PROXY 9 | 10 | RUN yum update -y && yum install -y -qq make curl net-tools iproute iptables \ 11 | wget nc jq ipset unbound unbound-devel 12 | 13 | RUN mkdir -p /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64 14 | RUN bash -xc "\ 15 | pushd /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64; \ 16 | wget -q -nv -O- https://api.github.com/repos/akraino-icn/ovs/releases/tags/v2.14.0 2>/dev/null | jq -r '.assets[] | select(.browser_download_url | contains("\""rpm"\"")) | .browser_download_url' | wget -i -; \ 17 | popd; \ 18 | " 19 | RUN rpm -ivh --nodeps /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64/*.rpm 20 | 21 | RUN mkdir -p /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64 22 | RUN bash -xc "\ 23 | pushd /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64; \ 24 | wget -q -nv -O- https://api.github.com/repos/akraino-icn/ovn/releases/tags/v20.06.0 2>/dev/null | jq -r '.assets[] | select(.browser_download_url | contains("\""rpm"\"")) | .browser_download_url' | wget -i -; \ 25 | popd; \ 26 | " 27 | RUN rpm -ivh --nodeps /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64/*.rpm 28 | 29 | ENV GOLANG_VERSION 1.14.1 30 | RUN curl -sSL https://storage.googleapis.com/golang/go$GOLANG_VERSION.linux-amd64.tar.gz \ 31 | | tar -v -C /usr/local -xz 32 | 33 | ENV PATH /usr/local/go/bin:$PATH 34 | RUN mkdir -p /go/src /go/bin && chmod -R 777 /go 35 | ENV GOROOT /usr/local/go 36 | ENV GOPATH /go 37 | ENV PATH /go/bin:$PATH 38 | 39 | WORKDIR /go/src/github.com/opnfv/ovn4nfv-k8s-plugin 40 | COPY . . 41 | RUN make all 42 | 43 | ENV OPERATOR=/usr/local/bin/nfn-operator \ 44 | AGENT=/usr/local/bin/nfn-agent \ 45 | USER_UID=1001 \ 46 | USER_NAME=nfn-operator 47 | 48 | RUN cp -r build/bin/* /usr/local/bin/ 49 | ENTRYPOINT ["entrypoint"] 50 | -------------------------------------------------------------------------------- /build/Dockerfile.nodus-ubuntu-base: -------------------------------------------------------------------------------- 1 | FROM ubuntu:20.04 2 | 3 | ARG CNI_VERSION=v1.0.1 4 | ENV DEBIAN_FRONTEND=noninteractive \ 5 | USER_UID=1001 \ 6 | CNI_VERSION=$CNI_VERSION 7 | WORKDIR / 8 | RUN apt-get update && apt-get upgrade -y && \ 9 | apt-get install -y -qq --no-install-recommends apt-utils \ 10 | apt-transport-https=2.0.6 \ 11 | make=4.2.1-1.2 \ 12 | curl=7.68.0-1ubuntu2.11 \ 13 | net-tools=1.60+git20180626.aebd88e-1ubuntu1 \ 14 | iproute2=5.5.0-1ubuntu1 \ 15 | iptables=1.8.4-3ubuntu2 \ 16 | netcat=1.206-1ubuntu1 \ 17 | jq=1.6-1ubuntu0.20.04.1 \ 18 | ovn-common=20.03.2-0ubuntu0.20.04.3 \ 19 | openvswitch-common=2.13.5-0ubuntu1 \ 20 | openvswitch-switch=2.13.5-0ubuntu1 && \ 21 | mkdir -p /opt/cni/bin && \ 22 | curl --insecure --compressed -O -L https://github.com/akraino-icn/plugins/releases/download/$CNI_VERSION/cni-plugins-linux-amd64-$CNI_VERSION.tgz && \ 23 | tar -zxvf cni-plugins-linux-amd64-$CNI_VERSION.tgz -C /opt/cni/bin && \ 24 | rm -rf cni-plugins-linux-amd64-$CNI_VERSION.tgz && \ 25 | apt purge -y curl && \ 26 | apt clean -y && \ 27 | apt autoremove -y 28 | -------------------------------------------------------------------------------- /build/Dockerfile.ubuntu: -------------------------------------------------------------------------------- 1 | FROM golang:1.17.6 as builder 2 | 3 | WORKDIR /workspace 4 | 5 | # Copy the Go Modules manifests 6 | COPY go.mod go.mod 7 | COPY go.sum go.sum 8 | # cache deps before building and copying source so that we don't need to re-download as much 9 | # and so that source changes don't invalidate our downloaded layer 10 | RUN go mod download 11 | COPY cmd cmd 12 | COPY pkg pkg 13 | COPY internal internal 14 | COPY build build 15 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o build/bin/nfn-operator ./cmd/nfn-operator 16 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o build/bin/ovn4nfvk8s-cni ./cmd/ovn4nfvk8s-cni 17 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -o build/bin/nfn-agent ./cmd/nfn-agent 18 | 19 | FROM integratedcloudnative/nodus-ubuntu-base:20.04 20 | 21 | ENV OPERATOR=/usr/local/bin/nfn-operator \ 22 | AGENT=/usr/local/bin/nfn-agent \ 23 | USER_NAME=nfn-operator 24 | 25 | COPY --from=builder /workspace/build/bin/* usr/local/bin/ 26 | 27 | ENTRYPOINT ["entrypoint"] 28 | -------------------------------------------------------------------------------- /build/Makefile: -------------------------------------------------------------------------------- 1 | IMAGE_REGISTRY ?= integratedcloudnative/ 2 | BUILD_VERSION ?= master 3 | CNI_VERSION ?= v0.8.5 4 | 5 | export NODUS_IMAGE_NAME ?= $(IMAGE_REGISTRY)ovn4nfv-k8s-plugin:$(BUILD_VERSION) 6 | 7 | DOCKERARGS?= 8 | ifdef HTTP_PROXY 9 | DOCKERARGS += --build-arg http_proxy=$(HTTP_PROXY) 10 | endif 11 | ifdef HTTPS_PROXY 12 | DOCKERARGS += --build-arg https_proxy=$(HTTPS_PROXY) 13 | endif 14 | DOCKERARGS += --build-arg CNI_VERSION=$(CNI_VERSION) 15 | 16 | docker-build: 17 | docker build -t $(NODUS_IMAGE_NAME) $(DOCKERARGS) --network host --no-cache -f ./Dockerfile.ubuntu ../ 18 | 19 | docker-push: 20 | docker push $(NODUS_IMAGE_NAME) 21 | 22 | 23 | -------------------------------------------------------------------------------- /build/bin/entrypoint: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -e 3 | CNI_VERSION=${CNI_VERSION:-"v0.8.5"} 4 | IMAGE_ARC=${IMAGE_ARC:-"amd64"} 5 | 6 | create_kubeconfig() { 7 | # Make a ovn4nfv.d directory (for our kubeconfig) 8 | # Inspired from t.ly/Xgbbe 9 | mkdir -p $CNI_CONF_DIR/ovn4nfv-k8s.d 10 | OVN4NFV_KUBECONFIG=$CNI_CONF_DIR/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig 11 | SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount 12 | KUBE_CA_FILE=${KUBE_CA_FILE:-$SERVICE_ACCOUNT_PATH/ca.crt} 13 | SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token) 14 | SKIP_TLS_VERIFY=${SKIP_TLS_VERIFY:-false} 15 | 16 | # Check if we're running as a k8s pod. 17 | if [ -f "$SERVICE_ACCOUNT_PATH/token" ]; then 18 | # We're running as a k8d pod - expect some variables. 19 | if [ -z ${KUBERNETES_SERVICE_HOST} ]; then 20 | error "KUBERNETES_SERVICE_HOST not set"; exit 1; 21 | fi 22 | if [ -z ${KUBERNETES_SERVICE_PORT} ]; then 23 | error "KUBERNETES_SERVICE_PORT not set"; exit 1; 24 | fi 25 | 26 | if [ "$SKIP_TLS_VERIFY" == "true" ]; then 27 | TLS_CFG="insecure-skip-tls-verify: true" 28 | elif [ -f "$KUBE_CA_FILE" ]; then 29 | TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')" 30 | fi 31 | 32 | # Write a kubeconfig file for the CNI plugin. Do this 33 | # to skip TLS verification for now. We should eventually support 34 | # writing more complete kubeconfig files. This is only used 35 | # if the provided CNI network config references it. 36 | touch $OVN4NFV_KUBECONFIG 37 | chmod ${KUBECONFIG_MODE:-600} $OVN4NFV_KUBECONFIG 38 | cat > $OVN4NFV_KUBECONFIG </dev/null ; then 68 | iptables -t nat -A POSTROUTING -o $default_interface -j MASQUERADE 69 | fi 70 | 71 | # Checking the SNAT for default interfaces - IPv6 72 | if ! ip6tables -t nat -C POSTROUTING -o $default_interface -j MASQUERADE 2>/dev/null ; then 73 | ip6tables -t nat -A POSTROUTING -o $default_interface -j MASQUERADE 2>/dev/null 74 | fi 75 | } 76 | 77 | cmd=${1:-""} 78 | 79 | case ${cmd} in 80 | "cni") 81 | CNI_BIN_DIR="/host/opt/cni/bin" 82 | DOWNLOADED_CNI_BIN="/opt/cni/bin" 83 | OVN4NFV_CONF_DIR="/host/etc/openvswitch" 84 | OVN4NFV_BIN_FILE="/usr/local/bin/ovn4nfvk8s-cni" 85 | OVN4NFV_CONF_FILE="/tmp/ovn4nfv-conf/ovn4nfv_k8s.conf" 86 | OVN4NFV_NET_CONF_FILE="/tmp/ovn4nfv-cni/20-network.conf" 87 | CNI_CONF_DIR="/host/etc/cni/net.d" 88 | 89 | cp -f $OVN4NFV_BIN_FILE $CNI_BIN_DIR 90 | mv -f $DOWNLOADED_CNI_BIN/* $CNI_BIN_DIR 91 | cp -f $OVN4NFV_CONF_FILE $OVN4NFV_CONF_DIR 92 | cp -f $OVN4NFV_NET_CONF_FILE $CNI_CONF_DIR 93 | set_snat_default_inteface 94 | create_kubeconfig 95 | # Sleep forever. 96 | sleep infinity 97 | ;; 98 | 99 | "operator") 100 | shift 101 | exec ${OPERATOR} $@ 102 | ;; 103 | 104 | "agent") 105 | until ovs-vsctl show >/dev/null; do echo "waiting for ovs"; sleep 2; done 106 | shift 107 | exec ${AGENT} $@ 108 | ;; 109 | *) 110 | echo "invalid command ${cmd}" 111 | esac 112 | 113 | -------------------------------------------------------------------------------- /build/bin/user_setup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -x 3 | 4 | # ensure $HOME exists and is accessible by group 0 (we don't know what the runtime UID will be) 5 | mkdir -p ${HOME} 6 | chown ${USER_UID}:0 ${HOME} 7 | chmod ug+rwx ${HOME} 8 | 9 | # runtime user will need to be able to self-insert in /etc/passwd 10 | chmod g+rw /etc/passwd 11 | 12 | # no need for this script to remain in the image after running 13 | rm $0 14 | -------------------------------------------------------------------------------- /cmd/nfn-operator/nfn-operator.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "os" 7 | "runtime" 8 | 9 | // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) 10 | _ "k8s.io/client-go/plugin/pkg/client/auth" 11 | "sigs.k8s.io/controller-runtime/pkg/log/zap" 12 | 13 | notif "github.com/akraino-edge-stack/icn-nodus/internal/pkg/nfnNotify" 14 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/ovn" 15 | "github.com/akraino-edge-stack/icn-nodus/pkg/apis" 16 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller" 17 | 18 | "github.com/spf13/pflag" 19 | "sigs.k8s.io/controller-runtime/pkg/client/config" 20 | "sigs.k8s.io/controller-runtime/pkg/manager" 21 | 22 | logf "sigs.k8s.io/controller-runtime/pkg/log" 23 | 24 | "sigs.k8s.io/controller-runtime/pkg/manager/signals" 25 | ) 26 | 27 | var log = logf.Log.WithName("nfn-operator") 28 | 29 | func printVersion() { 30 | log.Info(fmt.Sprintf("Go Version: %s", runtime.Version())) 31 | log.Info(fmt.Sprintf("Go OS/Arch: %s/%s", runtime.GOOS, runtime.GOARCH)) 32 | } 33 | 34 | func main() { 35 | 36 | // Add flags registered by imported packages (e.g. glog and 37 | // controller-runtime) 38 | pflag.CommandLine.AddGoFlagSet(flag.CommandLine) 39 | 40 | pflag.Parse() 41 | 42 | // Use a zap logr.Logger implementation. If none of the zap 43 | // flags are configured (or if the zap flag set is not being 44 | // used), this defaults to a production zap logger. 45 | // 46 | // The logger instantiated here can be changed to any logger 47 | // implementing the logr.Logger interface. This logger will 48 | // be propagated through the whole operator, generating 49 | // uniform and structured logs. 50 | logf.SetLogger(zap.New()) 51 | 52 | printVersion() 53 | 54 | // Create an OVN Controller 55 | _, err := ovn.NewOvnController(nil) 56 | if err != nil { 57 | log.Error(err, "") 58 | os.Exit(1) 59 | } 60 | //Initialize all the controllers that are supported here 61 | 62 | // Get a config to talk to the apiserver 63 | cfg, err := config.GetConfig() 64 | if err != nil { 65 | log.Error(err, "") 66 | os.Exit(1) 67 | } 68 | 69 | // Start GRPC Notification Server 70 | go notif.SetupNotifServer(cfg) 71 | 72 | // Create a new Cmd to provide shared dependencies and start components 73 | mgr, err := manager.New(cfg, manager.Options{}) 74 | if err != nil { 75 | log.Error(err, "") 76 | os.Exit(1) 77 | } 78 | 79 | log.Info("Registering Components.") 80 | 81 | // Setup Scheme for all resources 82 | if err := apis.AddToScheme(mgr.GetScheme()); err != nil { 83 | log.Error(err, "") 84 | os.Exit(1) 85 | } 86 | 87 | // Setup all Controllers 88 | if err := controller.AddToManager(mgr); err != nil { 89 | log.Error(err, "") 90 | os.Exit(1) 91 | } 92 | log.Info("Starting the Cmd.") 93 | 94 | // Start the Cmd 95 | if err := mgr.Start(signals.SetupSignalHandler()); err != nil { 96 | log.Error(err, "Manager exited non-zero") 97 | os.Exit(1) 98 | } 99 | 100 | } 101 | -------------------------------------------------------------------------------- /cmd/ovn4nfvk8s-cni/ovn4nfvk8s-cni.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "os" 5 | 6 | "github.com/sirupsen/logrus" 7 | "github.com/urfave/cli" 8 | 9 | cni "github.com/akraino-edge-stack/icn-nodus/internal/pkg/cnishim" 10 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/config" 11 | 12 | "github.com/containernetworking/cni/pkg/skel" 13 | "github.com/containernetworking/cni/pkg/types" 14 | "github.com/containernetworking/cni/pkg/version" 15 | "github.com/containernetworking/plugins/pkg/utils/buildversion" 16 | ) 17 | 18 | func main() { 19 | logrus.Infof("ovn4nfvk8s-cni shim cni") 20 | c := cli.NewApp() 21 | c.Name = "ovn4nfvk8s-cni" 22 | c.Usage = "a CNI plugin to set up or tear down a additional interfaces with OVN" 23 | c.Version = "0.1.0" 24 | c.Flags = config.Flags 25 | 26 | ep := cni.CNIEndpoint("") 27 | c.Action = func(ctx *cli.Context) error { 28 | if _, err := config.InitConfig(ctx); err != nil { 29 | return err 30 | } 31 | skel.PluginMain( 32 | ep.CmdAdd, 33 | ep.CmdCheck, 34 | ep.CmdDel, 35 | version.All, 36 | buildversion.BuildString("ovn4nfv-k8s shim cni")) 37 | 38 | return nil 39 | } 40 | 41 | if err := c.Run(os.Args); err != nil { 42 | // Print the error to stdout in conformance with the CNI spec 43 | e, ok := err.(*types.Error) 44 | if !ok { 45 | e = &types.Error{Code: 100, Msg: err.Error()} 46 | } 47 | e.Print() 48 | } 49 | } 50 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/namespace-left.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sfc-head 6 | labels: 7 | sfc: head 8 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/namespace-right.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sfc-tail 6 | labels: 7 | sfc: tail 8 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/ngfw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ngfw 5 | labels: 6 | app.kubernetes.io/name: ngfw 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: ngfw 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: ngfw 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dynamic-1", "interface": "net2", "defaultGateway": "false"}, { "name": "dynamic-2", "interface": "net3", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: ngfw 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | --- 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/nginx-left-deployment-1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-left-deployment-1 5 | namespace: sfc-head 6 | labels: 7 | sfc: head-1 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: head-1 13 | template: 14 | metadata: 15 | labels: 16 | sfc: head-1 17 | 18 | spec: 19 | containers: 20 | - name: nginx-1 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | securityContext: 28 | privileged: true 29 | capabilities: 30 | add: ["NET_ADMIN"] 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/nginx-left-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-left-deployment 5 | namespace: sfc-head 6 | labels: 7 | sfc: head 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: head 13 | template: 14 | metadata: 15 | labels: 16 | sfc: head 17 | 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | securityContext: 28 | privileged: true 29 | capabilities: 30 | add: ["NET_ADMIN"] 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/nginx-right-deployment-1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-right-deployment-1 5 | namespace: sfc-tail 6 | labels: 7 | sfc: tail-1 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: tail-1 13 | template: 14 | metadata: 15 | labels: 16 | sfc: tail-1 17 | 18 | spec: 19 | containers: 20 | - name: nginx-1 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | securityContext: 28 | privileged: true 29 | capabilities: 30 | add: ["NET_ADMIN"] 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/nginx-right-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-right-deployment 5 | namespace: sfc-tail 6 | labels: 7 | sfc: tail 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: tail 13 | template: 14 | metadata: 15 | labels: 16 | sfc: tail 17 | 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | securityContext: 28 | privileged: true 29 | capabilities: 30 | add: ["NET_ADMIN"] 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/sdewan-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sdewan 5 | labels: 6 | app.kubernetes.io/name: sdewan 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: sdewan 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: sdewan 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "dynamic-2", "interface": "net2", "defaultGateway": "false"}, { "name": "my-subnet2", "interface": "net3", "defaultGateway": "false"}, { "name": "right-pnetwork", "interface": "net4", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: sdewan 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | --- 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/sfc-private-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: ProviderNetwork 3 | metadata: 4 | name: left-pnetwork 5 | spec: 6 | cniType: ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.30.10.0/24 9 | name: subnet1 10 | gateway: 172.30.10.1/24 11 | excludeIps: 172.30.10.2 12 | providerNetType: VLAN 13 | vlan: 14 | vlanId: "100" 15 | providerInterfaceName: eth1 16 | logicalInterfaceName: eth1.100 17 | vlanNodeSelector: specific 18 | nodeLabelList: 19 | - kubernetes.io/os=linux 20 | 21 | --- 22 | 23 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 24 | kind: ProviderNetwork 25 | metadata: 26 | name: right-pnetwork 27 | spec: 28 | cniType: ovn4nfv 29 | ipv4Subnets: 30 | - subnet: 172.30.20.0/24 31 | name: subnet1 32 | gateway: 172.30.20.1/24 33 | excludeIps: 172.30.20.2 34 | providerNetType: VLAN 35 | vlan: 36 | vlanId: "200" 37 | providerInterfaceName: eth1 38 | logicalInterfaceName: eth1.200 39 | vlanNodeSelector: specific 40 | nodeLabelList: 41 | - kubernetes.io/os=linux 42 | 43 | --- 44 | 45 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 46 | kind: ProviderNetwork 47 | metadata: 48 | name: left2-pnetwork 49 | spec: 50 | cniType: ovn4nfv 51 | ipv4Subnets: 52 | - subnet: 172.30.50.0/24 53 | name: subnet1 54 | gateway: 172.30.50.1/24 55 | excludeIps: 172.30.50.2 56 | providerNetType: VLAN 57 | vlan: 58 | vlanId: "300" 59 | providerInterfaceName: eth1 60 | logicalInterfaceName: eth1.300 61 | vlanNodeSelector: specific 62 | nodeLabelList: 63 | - kubernetes.io/os=linux 64 | 65 | --- 66 | 67 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 68 | kind: ProviderNetwork 69 | metadata: 70 | name: right2-pnetwork 71 | spec: 72 | cniType: ovn4nfv 73 | ipv4Subnets: 74 | - subnet: 172.30.60.0/24 75 | name: subnet1 76 | gateway: 172.30.60.1/24 77 | excludeIps: 172.30.60.2 78 | providerNetType: VLAN 79 | vlan: 80 | vlanId: "400" 81 | providerInterfaceName: eth1 82 | logicalInterfaceName: eth1.400 83 | vlanNodeSelector: specific 84 | nodeLabelList: 85 | - kubernetes.io/os=linux 86 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/sfc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: NetworkChaining 3 | metadata: 4 | name: example-networkchaining 5 | spec: 6 | # Add fields here 7 | chainType: "Routing" 8 | routingSpec: 9 | namespace: "default" 10 | networkChain: "net=my-subnet1,app.kubernetes.io/name=slb,net=dynamic-1,app.kubernetes.io/name=ngfw,net=dynamic-2,app.kubernetes.io/name=sdewan,net=my-subnet2" 11 | left: 12 | - networkName: "left-pnetwork" 13 | gatewayIp: "172.30.10.2" 14 | subnet: "172.30.10.0/24" 15 | podSelector: 16 | matchLabels: 17 | sfc: head 18 | namespaceSelector: 19 | matchLabels: 20 | sfc: head 21 | right: 22 | - networkName: "right-pnetwork" 23 | gatewayIp: "172.30.20.2" 24 | subnet: "172.30.20.0/24" 25 | podSelector: 26 | matchLabels: 27 | sfc: tail 28 | namespaceSelector: 29 | matchLabels: 30 | sfc: tail 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/slb-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: slb 5 | labels: 6 | app.kubernetes.io/name: slb 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: slb 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: slb 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "my-subnet1", "interface": "net2", "defaultGateway": "false"}, {"name": "left-pnetwork", "interface": "net3", "defaultGateway": "false"}, { "name": "dynamic-1", "interface": "net4", "defaultGateway": "false"}]}' 22 | spec: 23 | containers: 24 | - name: slb 25 | image: rkamudhan/netshoot:v1.0 26 | imagePullPolicy: IfNotPresent 27 | stdin: true 28 | tty: true 29 | --- 30 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/virtual-ngfw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ngfw 5 | labels: 6 | app.kubernetes.io/name: ngfw 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: ngfw 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: ngfw 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dynamic-1", "interface": "net2", "defaultGateway": "false"}, { "name": "dynamic-2", "interface": "net3", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: ngfw 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | --- 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/virtual-sdewan-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sdewan 5 | labels: 6 | app.kubernetes.io/name: sdewan 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: sdewan 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: sdewan 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "dynamic-2", "interface": "net2", "defaultGateway": "false"}, { "name": "my-subnet2", "interface": "net3", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: sdewan 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | --- 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/virtual-sfc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: NetworkChaining 3 | metadata: 4 | name: example-networkchaining 5 | spec: 6 | # Add fields here 7 | chainType: "Routing" 8 | routingSpec: 9 | namespace: "default" 10 | networkChain: "net=my-subnet1,app.kubernetes.io/name=slb,net=dynamic-1,app.kubernetes.io/name=ngfw,net=dynamic-2,app.kubernetes.io/name=sdewan,net=my-subnet2" 11 | left: 12 | - podSelector: 13 | matchLabels: 14 | sfc: head 15 | namespaceSelector: 16 | matchLabels: 17 | sfc: head 18 | - podSelector: 19 | matchLabels: 20 | sfc: head-1 21 | namespaceSelector: 22 | matchLabels: 23 | sfc: head 24 | right: 25 | - podSelector: 26 | matchLabels: 27 | sfc: tail 28 | namespaceSelector: 29 | matchLabels: 30 | sfc: tail 31 | - podSelector: 32 | matchLabels: 33 | sfc: tail-1 34 | namespaceSelector: 35 | matchLabels: 36 | sfc: tail 37 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup-II/deploy/virtual-slb-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: slb 5 | labels: 6 | app.kubernetes.io/name: slb 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app.kubernetes.io/name: slb 12 | template: 13 | metadata: 14 | labels: 15 | app.kubernetes.io/name: slb 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "my-subnet1", "interface": "net2", "defaultGateway": "false"}, { "name": "dynamic-1", "interface": "net4", "defaultGateway": "false"}]}' 22 | spec: 23 | containers: 24 | - name: slb 25 | image: rkamudhan/netshoot:v1.0 26 | imagePullPolicy: IfNotPresent 27 | stdin: true 28 | tty: true 29 | --- 30 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/namespace-left.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sfc-head 6 | labels: 7 | sfc: head 8 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/namespace-right.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: sfc-tail 6 | labels: 7 | sfc: tail 8 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/ngfw.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ngfw 5 | labels: 6 | app: ngfw 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: ngfw 12 | template: 13 | metadata: 14 | labels: 15 | app: ngfw 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "dync-net1", "interface": "net2", "defaultGateway": "false"}, { "name": "dync-net2", "interface": "net3", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: ngfw 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | nodeSelector: 31 | kubernetes.io/hostname: minion01 32 | 33 | --- 34 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/nginx-left-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-left-deployment 5 | namespace: sfc-head 6 | labels: 7 | sfc: head 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: head 13 | template: 14 | metadata: 15 | labels: 16 | sfc: head 17 | 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/nginx-right-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: nginx-right-deployment 5 | namespace: sfc-tail 6 | labels: 7 | sfc: tail 8 | spec: 9 | replicas: 3 10 | selector: 11 | matchLabels: 12 | sfc: tail 13 | template: 14 | metadata: 15 | labels: 16 | sfc: tail 17 | 18 | spec: 19 | containers: 20 | - name: nginx 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | ports: 26 | - containerPort: 80 27 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/sdewan-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: sdewan 5 | labels: 6 | app: sdewan 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: sdewan 12 | template: 13 | metadata: 14 | labels: 15 | app: sdewan 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "virtual-net2", "interface": "net2", "defaultGateway": "false"}, { "name": "dync-net2", "interface": "net3", "defaultGateway": "false"}, { "name": "right-pnetwork", "interface": "net4", "defaultGateway": "false"}]}' 22 | 23 | spec: 24 | containers: 25 | - name: sdewan 26 | image: rkamudhan/netshoot:v1.0 27 | imagePullPolicy: IfNotPresent 28 | stdin: true 29 | tty: true 30 | nodeSelector: 31 | kubernetes.io/hostname: minion01 32 | --- 33 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/sfc-virtual-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: Network 3 | metadata: 4 | name: virtual-net1 5 | labels: 6 | net: virtual-net1 7 | spec: 8 | cniType : ovn4nfv 9 | ipv4Subnets: 10 | - subnet: 172.30.11.0/24 11 | name: subnet1 12 | gateway: 172.30.11.1/24 13 | excludeIps: 172.30.11.2 14 | 15 | --- 16 | 17 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 18 | kind: Network 19 | metadata: 20 | name: virtual-net2 21 | labels: 22 | net: virtual-net2 23 | spec: 24 | cniType : ovn4nfv 25 | ipv4Subnets: 26 | - subnet: 172.30.22.0/24 27 | name: subnet2 28 | gateway: 172.30.22.1/ 29 | excludeIps: 172.30.22.2 30 | 31 | --- 32 | 33 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 34 | kind: Network 35 | metadata: 36 | name: dync-net1 37 | labels: 38 | net: dync-net1 39 | spec: 40 | cniType : ovn4nfv 41 | ipv4Subnets: 42 | - subnet: 172.30.33.0/24 43 | name: subnet3 44 | gateway: 172.30.33.1/24 45 | 46 | --- 47 | 48 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 49 | kind: Network 50 | metadata: 51 | name: dync-net2 52 | labels: 53 | net: dync-net2 54 | spec: 55 | cniType : ovn4nfv 56 | ipv4Subnets: 57 | - subnet: 172.30.44.0/24 58 | name: subnet4 59 | gateway: 172.30.44.1/24 60 | 61 | --- 62 | 63 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 64 | kind: ProviderNetwork 65 | metadata: 66 | name: left-pnetwork 67 | spec: 68 | cniType: ovn4nfv 69 | ipv4Subnets: 70 | - subnet: 172.30.10.0/24 71 | name: subnet1 72 | gateway: 172.30.10.1/24 73 | excludeIps: 172.30.10.2 74 | providerNetType: VLAN 75 | vlan: 76 | vlanId: "100" 77 | providerInterfaceName: eth1 78 | logicalInterfaceName: eth1.100 79 | vlanNodeSelector: specific 80 | nodeLabelList: 81 | - kubernetes.io/os=linux 82 | 83 | --- 84 | 85 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 86 | kind: ProviderNetwork 87 | metadata: 88 | name: right-pnetwork 89 | spec: 90 | cniType: ovn4nfv 91 | ipv4Subnets: 92 | - subnet: 172.30.20.0/24 93 | name: subnet1 94 | gateway: 172.30.20.1/24 95 | excludeIps: 172.30.20.2 96 | providerNetType: VLAN 97 | vlan: 98 | vlanId: "200" 99 | providerInterfaceName: eth1 100 | logicalInterfaceName: eth1.200 101 | vlanNodeSelector: specific 102 | nodeLabelList: 103 | - kubernetes.io/os=linux 104 | 105 | --- 106 | 107 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 108 | kind: ProviderNetwork 109 | metadata: 110 | name: left2-pnetwork 111 | spec: 112 | cniType: ovn4nfv 113 | ipv4Subnets: 114 | - subnet: 172.30.50.0/24 115 | name: subnet1 116 | gateway: 172.30.50.1/24 117 | excludeIps: 172.30.50.2 118 | providerNetType: VLAN 119 | vlan: 120 | vlanId: "300" 121 | providerInterfaceName: eth1 122 | logicalInterfaceName: eth1.300 123 | vlanNodeSelector: specific 124 | nodeLabelList: 125 | - kubernetes.io/os=linux 126 | 127 | --- 128 | 129 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 130 | kind: ProviderNetwork 131 | metadata: 132 | name: right2-pnetwork 133 | spec: 134 | cniType: ovn4nfv 135 | ipv4Subnets: 136 | - subnet: 172.30.60.0/24 137 | name: subnet1 138 | gateway: 172.30.60.1/24 139 | excludeIps: 172.30.60.2 140 | providerNetType: VLAN 141 | vlan: 142 | vlanId: "400" 143 | providerInterfaceName: eth1 144 | logicalInterfaceName: eth1.400 145 | vlanNodeSelector: specific 146 | nodeLabelList: 147 | - kubernetes.io/os=linux 148 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/sfc-with-virtual-and-provider-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: NetworkChaining 3 | metadata: 4 | name: example-networkchaining 5 | spec: 6 | # Add fields here 7 | chainType: "Routing" 8 | routingSpec: 9 | namespace: "default" 10 | networkChain: "net=virtual-net1,app=slb,net=dync-net1,app=ngfw,net=dync-net2,app=sdewan,net=virtual-net2" 11 | left: 12 | - networkName: "left-pnetwork" 13 | gatewayIp: "172.30.10.2" 14 | subnet: "172.30.10.0/24" 15 | podSelector: 16 | matchLabels: 17 | sfc: head 18 | namespaceSelector: 19 | matchLabels: 20 | sfc: head 21 | right: 22 | - networkName: "right-pnetwork" 23 | gatewayIp: "172.30.20.2" 24 | subnet: "172.30.20.0/24" 25 | podSelector: 26 | matchLabels: 27 | sfc: tail 28 | namespaceSelector: 29 | matchLabels: 30 | sfc: tail 31 | -------------------------------------------------------------------------------- /demo/calico-nodus-secondary-sfc-setup/deploy/slb-multiple-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: slb 5 | labels: 6 | app: slb 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: slb 12 | template: 13 | metadata: 14 | labels: 15 | app: slb 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "virtual-net1", "interface": "net2", "defaultGateway": "false"}, {"name": "left-pnetwork", "interface": "net3", "defaultGateway": "false"}, { "name": "dync-net1", "interface": "net4", "defaultGateway": "false"}]}' 22 | spec: 23 | containers: 24 | - name: slb 25 | image: rkamudhan/netshoot:v1.0 26 | imagePullPolicy: IfNotPresent 27 | stdin: true 28 | tty: true 29 | nodeSelector: 30 | kubernetes.io/hostname: minion01 31 | --- 32 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/config/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | - name: "master" 12 | ip: "10.10.10.13" 13 | memory: 16384 14 | cpus: 16 15 | - name: "minion01" 16 | ip: "10.10.10.14" 17 | memory: 18432 18 | cpus: 16 19 | - name: "minion02" 20 | ip: "10.10.10.15" 21 | memory: 18432 22 | cpus: 16 23 | - name: "tm1-node" 24 | ip: "10.10.10.16" 25 | memory: 512 26 | cpus: 2 27 | - name: "tm2-node" 28 | ip: "10.10.10.17" 29 | memory: 512 30 | cpus: 2 31 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/demo-traffic-test.yml: -------------------------------------------------------------------------------- 1 | - when: ping_xfail is defined 2 | name: "Ping google.com : XFAIL" 3 | shell: "{{ prefix }} ping -c 1 google.com" 4 | register: ping_result 5 | changed_when: false 6 | failed_when: ping_result.rc == 0 7 | 8 | - when: ping_xfail is undefined 9 | name: "Ping google.com : PASS" 10 | shell: "{{ prefix }} ping -c 1 google.com" 11 | changed_when: false 12 | 13 | - when: curl_xfail is defined 14 | name: "Curl example.com : XFAIL" 15 | shell: "{{ prefix }} curl --max-time 5 example.com" 16 | register: curl_result 17 | changed_when: false 18 | failed_when: curl_result.rc == 0 19 | 20 | - when: curl_xfail is undefined 21 | name: "Curl example.com : PASS" 22 | shell: "{{ prefix }} curl --max-time 5 example.com" 23 | changed_when: false 24 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/firewall-dyn-net-2.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.sdewan.akraino.org/v1alpha1 2 | kind: FirewallZone 3 | metadata: 4 | name: dynnet2 5 | namespace: default 6 | labels: 7 | sdewanPurpose: cnf1 8 | 9 | spec: 10 | network: 11 | - dync-net2 12 | input: ACCEPT 13 | output: ACCEPT 14 | forward: ACCEPT 15 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/firewall-right-pnetwork.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.sdewan.akraino.org/v1alpha1 2 | kind: FirewallZone 3 | metadata: 4 | name: rpnetwork 5 | namespace: default 6 | labels: 7 | sdewanPurpose: cnf1 8 | 9 | spec: 10 | network: 11 | - right-pnetwork 12 | input: ACCEPT 13 | output: ACCEPT 14 | forward: ACCEPT 15 | masq: "0" 16 | mtu_fix: "1" 17 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/firewall-rule-reject-icmp-right-pnetwork.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: batch.sdewan.akraino.org/v1alpha1 2 | kind: FirewallRule 3 | metadata: 4 | name: firewallrule-icmp-right-pnetwork 5 | namespace: default 6 | labels: 7 | sdewanPurpose: cnf1 8 | 9 | spec: 10 | src: dynnet2 11 | dest: rpnetwork 12 | proto: icmp 13 | target: REJECT 14 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/ms1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ms1 5 | labels: 6 | app: ms1 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: ms1 12 | template: 13 | metadata: 14 | labels: 15 | app: ms1 16 | annotations: 17 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "left-pnetwork", "interface": "net0", "defaultgateway": "true", "gwipaddress": "172.30.10.3" }]}' 18 | 19 | spec: 20 | containers: 21 | - name: ms1 22 | image: rkamudhan/netshoot:v1.0 23 | imagePullPolicy: IfNotPresent 24 | stdin: true 25 | tty: true 26 | securityContext: 27 | privileged: true 28 | capabilities: 29 | add: ["NET_ADMIN"] 30 | dnsPolicy: "None" 31 | dnsConfig: 32 | nameservers: 33 | - 8.8.8.8 34 | searches: 35 | - default.svc.cluster.local 36 | - svc.cluster.local 37 | - cluster.local 38 | options: 39 | - name: ndots 40 | value: "5" 41 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/sfc-virtual-network.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: Network 3 | metadata: 4 | name: virtual-net1 5 | labels: 6 | net: virtual-net1 7 | spec: 8 | cniType : ovn4nfv 9 | ipv4Subnets: 10 | - subnet: 172.30.11.0/24 11 | name: subnet1 12 | gateway: 172.30.11.1/24 13 | excludeIps: 172.30.11.2 14 | 15 | --- 16 | 17 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 18 | kind: Network 19 | metadata: 20 | name: virtual-net2 21 | labels: 22 | net: virtual-net2 23 | spec: 24 | cniType : ovn4nfv 25 | ipv4Subnets: 26 | - subnet: 172.30.22.0/24 27 | name: subnet2 28 | gateway: 172.30.22.1/ 29 | excludeIps: 172.30.22.2 30 | 31 | --- 32 | 33 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 34 | kind: Network 35 | metadata: 36 | name: dync-net1 37 | labels: 38 | net: dync-net1 39 | spec: 40 | cniType : ovn4nfv 41 | ipv4Subnets: 42 | - subnet: 172.30.33.0/24 43 | name: subnet3 44 | gateway: 172.30.33.1/24 45 | 46 | --- 47 | 48 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 49 | kind: Network 50 | metadata: 51 | name: dync-net2 52 | labels: 53 | net: dync-net2 54 | spec: 55 | cniType : ovn4nfv 56 | ipv4Subnets: 57 | - subnet: 172.30.44.0/24 58 | name: subnet4 59 | gateway: 172.30.44.1/24 60 | 61 | --- 62 | 63 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 64 | kind: ProviderNetwork 65 | metadata: 66 | name: left-pnetwork 67 | spec: 68 | cniType: ovn4nfv 69 | ipv4Subnets: 70 | - subnet: 172.30.10.0/24 71 | name: subnet1 72 | gateway: 172.30.10.1/24 73 | excludeIps: 172.30.10.2 74 | providerNetType: VLAN 75 | vlan: 76 | vlanId: "100" 77 | providerInterfaceName: eth1 78 | logicalInterfaceName: eth1.100 79 | vlanNodeSelector: specific 80 | nodeLabelList: 81 | - kubernetes.io/os=linux 82 | 83 | --- 84 | 85 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 86 | kind: ProviderNetwork 87 | metadata: 88 | name: right-pnetwork 89 | spec: 90 | cniType: ovn4nfv 91 | ipv4Subnets: 92 | - subnet: 172.30.20.0/24 93 | name: subnet1 94 | gateway: 172.30.20.1/24 95 | excludeIps: 172.30.20.2 96 | providerNetType: VLAN 97 | vlan: 98 | vlanId: "200" 99 | providerInterfaceName: eth1 100 | logicalInterfaceName: eth1.200 101 | vlanNodeSelector: specific 102 | nodeLabelList: 103 | - kubernetes.io/os=linux 104 | 105 | --- 106 | 107 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 108 | kind: ProviderNetwork 109 | metadata: 110 | name: left2-pnetwork 111 | spec: 112 | cniType: ovn4nfv 113 | ipv4Subnets: 114 | - subnet: 172.30.50.0/24 115 | name: subnet1 116 | gateway: 172.30.50.1/24 117 | excludeIps: 172.30.50.2 118 | providerNetType: VLAN 119 | vlan: 120 | vlanId: "300" 121 | providerInterfaceName: eth1 122 | logicalInterfaceName: eth1.300 123 | vlanNodeSelector: specific 124 | nodeLabelList: 125 | - kubernetes.io/os=linux 126 | 127 | --- 128 | 129 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 130 | kind: ProviderNetwork 131 | metadata: 132 | name: right2-pnetwork 133 | spec: 134 | cniType: ovn4nfv 135 | ipv4Subnets: 136 | - subnet: 172.30.60.0/24 137 | name: subnet1 138 | gateway: 172.30.60.1/24 139 | excludeIps: 172.30.60.2 140 | providerNetType: VLAN 141 | vlan: 142 | vlanId: "400" 143 | providerInterfaceName: eth1 144 | logicalInterfaceName: eth1.400 145 | vlanNodeSelector: specific 146 | nodeLabelList: 147 | - kubernetes.io/os=linux 148 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/deploy/sfc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: NetworkChaining 3 | metadata: 4 | name: example-networkchaining 5 | spec: 6 | # Add fields here 7 | chainType: "Routing" 8 | routingSpec: 9 | namespace: "default" 10 | networkChain: "app=slb,net=dync-net1,app=ngfw,net=dync-net2,app=sdwan" 11 | left: 12 | - networkName: "left-pnetwork" 13 | gatewayIp: "172.30.10.2" 14 | subnet: "172.30.10.0/24" 15 | podSelector: 16 | matchLabels: 17 | sfc: head 18 | namespaceSelector: 19 | matchLabels: 20 | sfc: head 21 | right: 22 | - networkName: "right-pnetwork" 23 | gatewayIp: "172.30.20.2" 24 | subnet: "172.30.20.0/24" 25 | podSelector: 26 | matchLabels: 27 | sfc: tail 28 | namespaceSelector: 29 | matchLabels: 30 | sfc: tail 31 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/insecure_keys/key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI 3 | w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP 4 | kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 5 | hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO 6 | Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW 7 | yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd 8 | ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 9 | Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf 10 | TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK 11 | iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A 12 | sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf 13 | 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP 14 | cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk 15 | EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN 16 | CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX 17 | 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG 18 | YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj 19 | 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ 20 | dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz 21 | 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC 22 | P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF 23 | llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ 24 | kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH 25 | +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ 26 | NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/insecure_keys/key.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key 2 | -------------------------------------------------------------------------------- /demo/nodus-primary-sfc-setup/node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o nounset 12 | set -o pipefail 13 | 14 | # usage() - Prints the usage of the program 15 | function usage { 16 | cat <> /etc/fstab 35 | } 36 | 37 | while getopts "h?v:" opt; do 38 | case $opt in 39 | v) 40 | dict_volumes="$OPTARG" 41 | ;; 42 | h|\?) 43 | usage 44 | exit 45 | ;; 46 | esac 47 | done 48 | 49 | swapoff -a 50 | if [[ -n "${dict_volumes+x}" ]]; then 51 | for kv in ${dict_volumes//,/ } ;do 52 | mount_external_partition ${kv%=*} ${kv#*=} 53 | done 54 | fi 55 | 56 | vendor_id=$(lscpu|grep "Vendor ID") 57 | if [[ $vendor_id == *GenuineIntel* ]]; then 58 | kvm_ok=$(cat /sys/module/kvm_intel/parameters/nested) 59 | if [[ $kvm_ok == 'N' ]]; then 60 | echo "Enable Intel Nested-Virtualization" 61 | rmmod kvm-intel 62 | echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf 63 | modprobe kvm-intel 64 | echo kvm-intel >> /etc/modules 65 | fi 66 | else 67 | kvm_ok=$(cat /sys/module/kvm_amd/parameters/nested) 68 | if [[ $kvm_ok == '0' ]]; then 69 | echo "Enable AMD Nested-Virtualization" 70 | rmmod kvm-amd 71 | sh -c "echo 'options kvm-amd nested=1' >> /etc/modprobe.d/dist.conf" 72 | modprobe kvm-amd 73 | echo kvm-amd >> /etc/modules 74 | fi 75 | fi 76 | modprobe vhost_net 77 | echo vhost_net >> /etc/modules 78 | source /etc/os-release || source /usr/lib/os-release 79 | case ${ID,,} in 80 | *suse) 81 | ;; 82 | ubuntu|debian) 83 | apt-get install -y cpu-checker 84 | kvm-ok 85 | ;; 86 | rhel|centos|fedora) 87 | ;; 88 | esac 89 | -------------------------------------------------------------------------------- /demo/vm-setup/config/default.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | - name: "master" 12 | ip: "10.10.10.13" 13 | memory: 16384 14 | cpus: 16 15 | - name: "minion01" 16 | ip: "10.10.10.14" 17 | memory: 18432 18 | cpus: 16 19 | - name: "minion02" 20 | ip: "10.10.10.15" 21 | memory: 18432 22 | cpus: 16 23 | - name: "tm1-node" 24 | ip: "10.10.10.16" 25 | memory: 512 26 | cpus: 2 27 | - name: "tm2-node" 28 | ip: "10.10.10.17" 29 | memory: 512 30 | cpus: 2 31 | -------------------------------------------------------------------------------- /demo/vm-setup/insecure_keys/key: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI 3 | w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP 4 | kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2 5 | hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO 6 | Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW 7 | yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd 8 | ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1 9 | Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf 10 | TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK 11 | iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A 12 | sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf 13 | 4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP 14 | cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk 15 | EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN 16 | CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX 17 | 3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG 18 | YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj 19 | 3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+ 20 | dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz 21 | 6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC 22 | P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF 23 | llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ 24 | kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH 25 | +vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ 26 | NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s= 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /demo/vm-setup/insecure_keys/key.pub: -------------------------------------------------------------------------------- 1 | ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key 2 | -------------------------------------------------------------------------------- /demo/vm-setup/node.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # SPDX-license-identifier: Apache-2.0 3 | ############################################################################## 4 | # Copyright (c) 2018 5 | # All rights reserved. This program and the accompanying materials 6 | # are made available under the terms of the Apache License, Version 2.0 7 | # which accompanies this distribution, and is available at 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | ############################################################################## 10 | 11 | set -o nounset 12 | set -o pipefail 13 | 14 | # usage() - Prints the usage of the program 15 | function usage { 16 | cat <> /etc/fstab 35 | } 36 | 37 | while getopts "h?v:" opt; do 38 | case $opt in 39 | v) 40 | dict_volumes="$OPTARG" 41 | ;; 42 | h|\?) 43 | usage 44 | exit 45 | ;; 46 | esac 47 | done 48 | 49 | swapoff -a 50 | if [[ -n "${dict_volumes+x}" ]]; then 51 | for kv in ${dict_volumes//,/ } ;do 52 | mount_external_partition ${kv%=*} ${kv#*=} 53 | done 54 | fi 55 | 56 | vendor_id=$(lscpu|grep "Vendor ID") 57 | if [[ $vendor_id == *GenuineIntel* ]]; then 58 | kvm_ok=$(cat /sys/module/kvm_intel/parameters/nested) 59 | if [[ $kvm_ok == 'N' ]]; then 60 | echo "Enable Intel Nested-Virtualization" 61 | rmmod kvm-intel 62 | echo 'options kvm-intel nested=y' >> /etc/modprobe.d/dist.conf 63 | modprobe kvm-intel 64 | echo kvm-intel >> /etc/modules 65 | fi 66 | else 67 | kvm_ok=$(cat /sys/module/kvm_amd/parameters/nested) 68 | if [[ $kvm_ok == '0' ]]; then 69 | echo "Enable AMD Nested-Virtualization" 70 | rmmod kvm-amd 71 | sh -c "echo 'options kvm-amd nested=1' >> /etc/modprobe.d/dist.conf" 72 | modprobe kvm-amd 73 | echo kvm-amd >> /etc/modules 74 | fi 75 | fi 76 | modprobe vhost_net 77 | echo vhost_net >> /etc/modules 78 | source /etc/os-release || source /usr/lib/os-release 79 | case ${ID,,} in 80 | *suse) 81 | ;; 82 | ubuntu|debian) 83 | apt-get install -y cpu-checker 84 | kvm-ok 85 | ;; 86 | rhel|centos|fedora) 87 | ;; 88 | esac 89 | -------------------------------------------------------------------------------- /deploy/cert-manager/cert-manager-kustomize.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: cert-manager-cainjector 5 | namespace: "cert-manager" 6 | spec: 7 | template: 8 | spec: 9 | tolerations: 10 | - key: "node.kubernetes.io/not-ready" 11 | operator: "Exists" 12 | effect: "NoSchedule" 13 | hostNetwork: true 14 | 15 | --- 16 | apiVersion: apps/v1 17 | kind: Deployment 18 | metadata: 19 | name: cert-manager 20 | namespace: "cert-manager" 21 | spec: 22 | template: 23 | spec: 24 | tolerations: 25 | - key: "node.kubernetes.io/not-ready" 26 | operator: "Exists" 27 | effect: "NoSchedule" 28 | hostNetwork: true 29 | 30 | --- 31 | apiVersion: apps/v1 32 | kind: Deployment 33 | metadata: 34 | name: cert-manager-webhook 35 | namespace: "cert-manager" 36 | spec: 37 | template: 38 | spec: 39 | tolerations: 40 | - key: "node.kubernetes.io/not-ready" 41 | operator: "Exists" 42 | effect: "NoSchedule" 43 | hostNetwork: true 44 | containers: 45 | - name: cert-manager 46 | args: 47 | - --v=2 48 | - --secure-port=10260 49 | - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) 50 | - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca 51 | - --dynamic-serving-dns-names=cert-manager-webhook,cert-manager-webhook.cert-manager,cert-manager-webhook.cert-manager.svc 52 | ports: 53 | - name: https 54 | protocol: TCP 55 | containerPort: 10250 56 | $patch: delete 57 | - name: https 58 | protocol: TCP 59 | containerPort: 10260 60 | -------------------------------------------------------------------------------- /deploy/cert-manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cert-manager.yaml 3 | patchesStrategicMerge: 4 | - cert-manager-kustomize.yaml 5 | -------------------------------------------------------------------------------- /deploy/crds/k8s.plugin.opnfv.org_networkchainings_crd.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apiextensions.k8s.io/v1 2 | kind: CustomResourceDefinition 3 | metadata: 4 | name: networkchainings.k8s.plugin.opnfv.org 5 | spec: 6 | group: k8s.plugin.opnfv.org 7 | names: 8 | kind: NetworkChaining 9 | listKind: NetworkChainingList 10 | plural: networkchainings 11 | singular: networkchaining 12 | scope: Namespaced 13 | versions: 14 | - name: v1alpha1 15 | schema: 16 | openAPIV3Schema: 17 | description: NetworkChaining is the Schema for the networkchainings API 18 | properties: 19 | apiVersion: 20 | description: 21 | "APIVersion defines the versioned schema of this representation 22 | of an object. Servers should convert recognized schemas to the latest 23 | internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources" 24 | type: string 25 | kind: 26 | description: 27 | "Kind is a string value representing the REST resource this 28 | object represents. Servers may infer this from the endpoint the client 29 | submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds" 30 | type: string 31 | metadata: 32 | type: object 33 | spec: 34 | description: NetworkChainingSpec defines the desired state of NetworkChaining 35 | properties: 36 | chainType: 37 | type: string 38 | routingSpec: 39 | properties: 40 | leftNetwork: 41 | items: 42 | properties: 43 | gatewayIp: 44 | type: string 45 | networkName: 46 | type: string 47 | required: 48 | - gatewayIp 49 | - networkName 50 | type: object 51 | type: array 52 | namespace: 53 | type: string 54 | networkChain: 55 | type: string 56 | rightNetwork: 57 | items: 58 | properties: 59 | gatewayIp: 60 | type: string 61 | networkName: 62 | type: string 63 | required: 64 | - gatewayIp 65 | - networkName 66 | type: object 67 | type: array 68 | required: 69 | - left 70 | - namespace 71 | - networkChain 72 | - right 73 | type: object 74 | required: 75 | - chainType 76 | - routingSpec 77 | type: object 78 | status: 79 | description: NetworkChainingStatus defines the observed state of NetworkChaining 80 | properties: 81 | state: 82 | type: string 83 | required: 84 | - state 85 | type: object 86 | type: object 87 | served: true 88 | storage: true 89 | subresources: 90 | status: {} 91 | -------------------------------------------------------------------------------- /deploy/crds/k8s_v1alpha1_network_cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: Network 3 | metadata: 4 | name: example-network 5 | spec: 6 | # Add fields here 7 | cniType: ovn4nfv 8 | ipv4Subnets: 9 | - subnet: 172.16.33.0/24 10 | name: subnet1 11 | gateway: 172.16.33.1/24 12 | excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10 13 | 14 | -------------------------------------------------------------------------------- /deploy/crds/k8s_v1alpha1_networkchaining_cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: NetworkChaining 3 | metadata: 4 | name: example-networkchaining 5 | spec: 6 | # Add fields here 7 | chainType: "Routing" 8 | routingSpec: 9 | namespace: "default" 10 | networkChain: "app=slb,dync-net1,app=ngfw,dync-net2,app=sdwan" 11 | leftNetwork: 12 | - networkName: "pnet1" 13 | gatewayIp: "172.30.10.2" 14 | subnet: "172.30.10.0/24" 15 | rightNetwork: 16 | - networkName: "pnet2" 17 | gatewayIp: "172.30.20.2" 18 | subnet: "172.30.20.0/24" 19 | 20 | -------------------------------------------------------------------------------- /deploy/crds/k8s_v1alpha1_providernetwork_cr.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: ProviderNetwork 3 | metadata: 4 | name: pnetwork 5 | spec: 6 | cniType: ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.16.33.0/24 9 | name: subnet1 10 | gateway: 172.16.33.1/24 11 | excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10 12 | providerNetType: VLAN 13 | vlan: 14 | vlanId: "100" 15 | providerInterfaceName: eth1 16 | logicalInterfaceName: eth1.100 17 | vlanNodeSelector: specific 18 | nodeLabelList: 19 | - kubernetes.io/hostname=testnode1 20 | -------------------------------------------------------------------------------- /doc/configuration.md: -------------------------------------------------------------------------------- 1 | # Nodus Configuration Reference 2 | 3 | ovn4nfv is not having any cni configuration. All the configuration are encapsulated within ovn4nfv-cni - `build/bin/entrypoint` 4 | 5 | ovn4nfv-cni daemonset creates following cni configuration file `/etc/cni/net.d/20-network.conf` in each node 6 | ``` 7 | { 8 | "name": "ovn4nfv-k8s-plugin", 9 | "type": "ovn4nfvk8s-cni", 10 | "cniVersion": "0.3.1" 11 | } 12 | ``` 13 | ovn4nfv cni-server use incluster-communication and cni shim uses the out-of-cluster 14 | communication using the auto generated kubeconfig in each node. 15 | 16 | ### logging 17 | 18 | Log is enabled by default and log file - `/var/log/openvswitch/ovn4k8s.log` 19 | 20 | ovn log and openvswitch log can be find in the `/var/log/openvswitch` & `/var/log/ovn` 21 | -------------------------------------------------------------------------------- /doc/development.md: -------------------------------------------------------------------------------- 1 | # Developer Information 2 | 3 | ## How to build the Nodus? 4 | 5 | Nodus is maintained in icn gerrit repositry - [https://gerrit.akraino.org/r/admin/repos/icn/nodus](https://gerrit.akraino.org/r/admin/repos/icn/nodus) 6 | 7 | The github page [https://github.com/akraino-edge-stack/icn-nodus/](https://github.com/akraino-edge-stack/icn-nodus/) 8 | is github mirror repository for the user. 9 | 10 | Contributor login with Linux Foundation ID into [https://gerrit.akraino.org/r/admin/repos/icn/nodus](https://gerrit.akraino.org/r/admin/repos/icn/nodus) 11 | and add their ssh key or use the LF username and password 12 | 13 | ### How to build Nodus entity? 14 | 15 | Before packaging the Nodus images, please make sure your feature request or 16 | modification are compilable as follows: 17 | 18 | ``` 19 | # git clone https://github.com/akraino-edge-stack/icn-nodus.git 20 | # make all 21 | ``` 22 | 23 | you can use gerrit anonymous https clone or clone with commit-msg hook. Above example show the clone with github 24 | 25 | There are 3 components within the nodus - `nfn-operator`, `ovn4nfvk8s-cni` & `nfn-agent`. 26 | 27 | All these components can be modified and build separately using the commands - `make nfn-operator`, `make ovn4nfvk8s-cni` & 28 | `make nfn-agent` 29 | 30 | All the components can be cleaned with `make clean` 31 | 32 | ### How to run the CI tests? 33 | 34 | Nodus has go unit test for all golang package. For CNI testing is based on ginkgo framework. 35 | The following command run the unit tests and it is intergrated with opnfv gerrit review to give +1 36 | 37 | ``` 38 | # make test 39 | ``` 40 | 41 | ### How to build docker images? 42 | 43 | The nodus project has 2 major docker images for ovn/ovs operations and network 44 | controller. The nodus currently support and tested in ubuntu and centos distro. 45 | In this documentation, developer get the information regarding how to build and 46 | package the docker images 47 | 48 | - ovn dockerfile is maintained for centos and ubuntu package in the `utilities/docker` folder 49 | - nodus k8s plugin dockerfile is maintained for centos and ubuntu in the `build` folder 50 | 51 | #### ubuntu distro 52 | Build the ovn-images 53 | ``` 54 | pushd utilities/docker && \ 55 | docker build --no-cache --rm -t integratedcloudnative/ovn-images:master . -f debian/Dockerfile && \ 56 | popd 57 | ``` 58 | Build the nodus images 59 | ``` 60 | docker build --no-cache --rm -t integratedcloudnative/ovn4nfv-k8s-plugin:master . -f build/Dockerfile && \ 61 | ``` 62 | 63 | docker images are tagged with intergratedcloudnative dockerhub. 64 | For development purpose use your private dockerhub, if planning to test k8s deployment is more than one node. 65 | 66 | #### centos distro 67 | Build the ovn-images 68 | ``` 69 | pushd utilities/docker && \ 70 | docker build --no-cache --rm -t integratedcloudnative/ovn-images:master . -f centos/Dockerfile && \ 71 | popd 72 | ``` 73 | Build the nodus images 74 | ``` 75 | docker build --no-cache --rm -t integratedcloudnative/ovn4nfv-k8s-plugin:master . -f build/Dockerfile.centos && \ 76 | ``` 77 | 78 | ### How to deploy the compiled nodus docker images in k8s cluster? 79 | 80 | K8s yaml files in the `deploy` folder use that stable release of the ovn-images and ovn4nfv-k8s-plugin. 81 | Please change the images in the yaml, if you deploying your compiled nodus images 82 | 83 | Please follow the steps - [quickstart-installation-guide](https://github.com/akraino-edge-stack/icn-nodus#quickstart-installation-guide) 84 | 85 | For the kubespray change the ansible variable - `ovn4nfv_ovn_image_version`, `ovn4nfv_k8s_plugin_image_version`, 86 | `ovn4nfv_ovn_image_repo`, `ovn4nfv_k8s_plugin_image_repo` in the kubespray `roles/download/defaults/main.yml` 87 | 88 | ### How to test the compiled nodus docker images in k8s cluster? 89 | 90 | Please follow the steps -[doc/how-to-use.md#network-testing](https://github.com/akraino-edge-stack/icn-nodus/blob/master/doc/how-to-use.md#network-testing) 91 | -------------------------------------------------------------------------------- /example/defaut-gateway-pod-with-multus-and-nodus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dg 5 | labels: 6 | app: dg 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: dg 12 | template: 13 | metadata: 14 | labels: 15 | app: dg 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "ovn-port-net", "interface": "net2", "defaultGateway": "false"}, {"name": "ovn-priv-net", "interface": "net3", "defaultGateway": "true", "gwipaddress": "172.16.44.201"}]}' 22 | spec: 23 | containers: 24 | - name: dg 25 | image: rkamudhan/netshoot:v1.0 26 | imagePullPolicy: IfNotPresent 27 | stdin: true 28 | tty: true 29 | --- 30 | -------------------------------------------------------------------------------- /example/defaut-gateway-pod-with-nodus.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: dg 5 | labels: 6 | app: dg 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: dg 12 | template: 13 | metadata: 14 | labels: 15 | app: dg 16 | annotations: 17 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{"name": "ovn-port-net", "interface": "net2", "defaultGateway": "false"}, {"name": "ovn-priv-net", "interface": "net3", "defaultGateway": "true", "gwipaddress": "172.16.44.201"}]}' 18 | spec: 19 | containers: 20 | - name: dg 21 | image: rkamudhan/netshoot:v1.0 22 | imagePullPolicy: IfNotPresent 23 | stdin: true 24 | tty: true 25 | --- 26 | -------------------------------------------------------------------------------- /example/multus-net-attach-def-cr.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: "k8s.cni.cncf.io/v1" 3 | kind: NetworkAttachmentDefinition 4 | metadata: 5 | name: ovn4nfv-k8s-plugin 6 | spec: 7 | config: '{ 8 | "cniVersion": "0.3.1", 9 | "type": "ovn4nfvk8s-cni" 10 | }' 11 | -------------------------------------------------------------------------------- /example/ovn-port-net.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: Network 3 | metadata: 4 | name: ovn-port-net 5 | spec: 6 | cniType : ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.16.33.0/24 9 | name: subnet1 10 | gateway: 172.16.33.1/24 11 | -------------------------------------------------------------------------------- /example/ovn-priv-net.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: Network 3 | metadata: 4 | name: ovn-priv-net 5 | spec: 6 | cniType : ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.16.44.0/24 9 | name: subnet1 10 | gateway: 172.16.44.1/24 11 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-hostnames-svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | labels: 5 | app: hostnames 6 | name: hostnames 7 | spec: 8 | selector: 9 | app: hostnames 10 | ports: 11 | - name: default 12 | protocol: TCP 13 | port: 80 14 | targetPort: 9376 15 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-noannotation-hostnames.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | labels: 5 | app: hostnames 6 | name: hostnames 7 | spec: 8 | selector: 9 | matchLabels: 10 | app: hostnames 11 | replicas: 3 12 | template: 13 | metadata: 14 | labels: 15 | app: hostnames 16 | spec: 17 | containers: 18 | - name: hostnames 19 | image: rkamudhan/serve-hostname-amd64:1.2 20 | securityContext: 21 | capabilities: 22 | add: ["NET_ADMIN"] 23 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-noannotation-sandbox.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ovn4nfv-deployment-noannotation-sandbox 5 | labels: 6 | app: ovn4nfv-noannotation-sandbox 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: ovn4nfv-noannotation-sandbox 12 | template: 13 | metadata: 14 | labels: 15 | app: ovn4nfv-noannotation-sandbox 16 | spec: 17 | containers: 18 | - name: ovn4nfv-deployment-noannotation-sandbox 19 | image: "busybox" 20 | command: ["top"] 21 | stdin: true 22 | tty: true 23 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-replica-2-noannotation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ovn4nfv-deployment-noannotation 5 | labels: 6 | app: ovn4nfv-noannotation 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: ovn4nfv-noannotation 12 | template: 13 | metadata: 14 | labels: 15 | app: ovn4nfv-noannotation 16 | spec: 17 | containers: 18 | - name: ovn4nfv-deployment-noannotation 19 | image: "busybox" 20 | command: ["top"] 21 | stdin: true 22 | tty: true 23 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-replica-2-with-multus-ovn4nfv-annotations.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ovn4nfv-deployment-2-annotation 5 | labels: 6 | app: ovn4nfv-2-annotation 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: ovn4nfv-2-annotation 12 | template: 13 | metadata: 14 | labels: 15 | app: ovn4nfv-2-annotation 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: '[ 18 | { "name": "ovn4nfv-k8s-plugin", 19 | "interface": "net1" 20 | }]' 21 | k8s.v1.cni.cncf.io/networks: ovn4nfv-k8s-plugin 22 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "ovn-port-net", "interface": "net2" , "defaultGateway": "false"}, 23 | { "name": "ovn-priv-net", "interface": "net3" , "defaultGateway": "false"}]}' 24 | spec: 25 | containers: 26 | - name: ovn4nfv-deployment-2-annotation 27 | image: "busybox" 28 | command: ["top"] 29 | stdin: true 30 | tty: true 31 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-replica-2-withannotation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ovn4nfv-deployment-2-annotation 5 | labels: 6 | app: ovn4nfv-2-annotation 7 | spec: 8 | replicas: 2 9 | selector: 10 | matchLabels: 11 | app: ovn4nfv-2-annotation 12 | template: 13 | metadata: 14 | labels: 15 | app: ovn4nfv-2-annotation 16 | annotations: 17 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "ovn-port-net", "interface": "net0" , "defaultGateway": "false"}, 18 | { "name": "ovn-priv-net", "interface": "net1" , "defaultGateway": "false"}]}' 19 | spec: 20 | containers: 21 | - name: ovn4nfv-deployment-2-annotation 22 | image: "busybox" 23 | command: ["top"] 24 | stdin: true 25 | tty: true 26 | -------------------------------------------------------------------------------- /example/ovn4nfv-deployment-with-multus-annotation-sandbox.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ovn4nfv-deployment-with-multus-annotation-sandbox 5 | labels: 6 | app: ovn4nfv-with-multus-annotation-sandbox 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: ovn4nfv-with-multus-annotation-sandbox 12 | template: 13 | metadata: 14 | labels: 15 | app: ovn4nfv-with-multus-annotation-sandbox 16 | annotations: 17 | k8s.v1.cni.cncf.io/networks: ovn4nfv-k8s-plugin 18 | spec: 19 | containers: 20 | - name: ovn4nfv-deployment-with-multus-annotation-sandbox 21 | image: "busybox" 22 | command: ["top"] 23 | stdin: true 24 | tty: true 25 | -------------------------------------------------------------------------------- /example/ovn4nfv_direct_pn.yml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: ProviderNetwork 3 | metadata: 4 | name: directpnetwork 5 | spec: 6 | cniType: ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.16.34.0/24 9 | name: subnet2 10 | gateway: 172.16.34.1/24 11 | excludeIps: 172.16.34.2 172.16.34.5..172.16.34.10 12 | providerNetType: DIRECT 13 | direct: 14 | providerInterfaceName: eth0.101 15 | directNodeSelector: specific 16 | nodeLabelList: 17 | - kubernetes.io/hostname=ubuntu18 18 | 19 | --- 20 | 21 | apiVersion: apps/v1 22 | kind: Deployment 23 | metadata: 24 | name: pnw-original-direct-1 25 | labels: 26 | app: pnw-original-direct-1 27 | spec: 28 | replicas: 1 29 | selector: 30 | matchLabels: 31 | app: pnw-original-direct-1 32 | template: 33 | metadata: 34 | labels: 35 | app: pnw-original-direct-1 36 | annotations: 37 | k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]' 38 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "directpnetwork", "interface": "net0" }]}' 39 | 40 | spec: 41 | containers: 42 | - name: pnw-original-direct-1 43 | image: "busybox" 44 | imagePullPolicy: Always 45 | stdin: true 46 | tty: true 47 | securityContext: 48 | privileged: true 49 | 50 | --- 51 | 52 | apiVersion: apps/v1 53 | kind: Deployment 54 | metadata: 55 | name: pnw-original-direct-2 56 | labels: 57 | app: pnw-original-direct-2 58 | spec: 59 | replicas: 1 60 | selector: 61 | matchLabels: 62 | app: pnw-original-direct-2 63 | template: 64 | metadata: 65 | labels: 66 | app: pnw-original-direct-2 67 | annotations: 68 | k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]' 69 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "directpnetwork", "interface": "net0" }]}' 70 | 71 | spec: 72 | containers: 73 | - name: pnw-original-direct-2 74 | image: "busybox" 75 | imagePullPolicy: Always 76 | stdin: true 77 | tty: true 78 | securityContext: 79 | privileged: true 80 | -------------------------------------------------------------------------------- /example/ovn4nfv_vlan_pn.yml: -------------------------------------------------------------------------------- 1 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 2 | kind: ProviderNetwork 3 | metadata: 4 | name: pnetwork 5 | spec: 6 | cniType: ovn4nfv 7 | ipv4Subnets: 8 | - subnet: 172.16.33.0/24 9 | name: subnet1 10 | gateway: 172.16.33.1/24 11 | excludeIps: 172.16.33.2 172.16.33.5..172.16.33.10 12 | providerNetType: VLAN 13 | vlan: 14 | vlanId: "100" 15 | providerInterfaceName: eth0 16 | logicalInterfaceName: eth0.100 17 | vlanNodeSelector: specific 18 | nodeLabelList: 19 | - kubernetes.io/hostname=ubuntu18 20 | 21 | --- 22 | 23 | apiVersion: apps/v1 24 | kind: Deployment 25 | metadata: 26 | name: pnw-original-vlan-1 27 | labels: 28 | app: pnw-original-vlan-1 29 | spec: 30 | replicas: 1 31 | selector: 32 | matchLabels: 33 | app: pnw-original-vlan-1 34 | template: 35 | metadata: 36 | labels: 37 | app: pnw-original-vlan-1 38 | annotations: 39 | k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]' 40 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "pnetwork", "interface": "net0" }]}' 41 | 42 | spec: 43 | containers: 44 | - name: pnw-original-vlan-1 45 | image: "busybox" 46 | imagePullPolicy: Always 47 | stdin: true 48 | tty: true 49 | securityContext: 50 | privileged: true 51 | 52 | --- 53 | 54 | apiVersion: apps/v1 55 | kind: Deployment 56 | metadata: 57 | name: pnw-original-vlan-2 58 | labels: 59 | app: pnw-original-vlan-2 60 | spec: 61 | replicas: 1 62 | selector: 63 | matchLabels: 64 | app: pnw-original-vlan-2 65 | template: 66 | metadata: 67 | labels: 68 | app: pnw-original-vlan-2 69 | annotations: 70 | k8s.v1.cni.cncf.io/networks: '[{ "name": "ovn-networkobj"}]' 71 | k8s.plugin.opnfv.org/nfn-network: '{ "type": "ovn4nfv", "interface": [{ "name": "pnetwork", "interface": "net0" }]}' 72 | 73 | spec: 74 | containers: 75 | - name: pnw-original-vlan-2 76 | image: "busybox" 77 | imagePullPolicy: Always 78 | stdin: true 79 | tty: true 80 | securityContext: 81 | privileged: true 82 | 83 | -------------------------------------------------------------------------------- /images/direct-provider-networking.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/direct-provider-networking.png -------------------------------------------------------------------------------- /images/logo/license_details.md: -------------------------------------------------------------------------------- 1 | ## credit 2 | 3 | - The logo is adapt from the Savoy knot from the wikimedia. 4 | - The description is about Savoy knot, heraldic knot - url https://commons.wikimedia.org/wiki/File:Savoy_knot.svg 5 | - For licensing details - Wikimandia, CC BY-SA 4.0 , via Wikimedia Commons 6 | -------------------------------------------------------------------------------- /images/logo/nodus_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/logo/nodus_logo.png -------------------------------------------------------------------------------- /images/ovn4nfv-k8s-arch-block.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/ovn4nfv-k8s-arch-block.png -------------------------------------------------------------------------------- /images/ovn4nfv-network-traffic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/ovn4nfv-network-traffic.png -------------------------------------------------------------------------------- /images/sfc-test-scenario-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-test-scenario-diagram.png -------------------------------------------------------------------------------- /images/sfc-test-scenario-ms1-icmp-blocked.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-test-scenario-ms1-icmp-blocked.png -------------------------------------------------------------------------------- /images/sfc-test-scenario-ms1-to-internet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-test-scenario-ms1-to-internet.png -------------------------------------------------------------------------------- /images/sfc-test-scenario-tm1-icmp-blocked.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-test-scenario-tm1-icmp-blocked.png -------------------------------------------------------------------------------- /images/sfc-test-scenario-tm1-to-internet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-test-scenario-tm1-to-internet.png -------------------------------------------------------------------------------- /images/sfc-virtual-and-provider-network-setup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-virtual-and-provider-network-setup.png -------------------------------------------------------------------------------- /images/sfc-with-sdewan.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/sfc-with-sdewan.png -------------------------------------------------------------------------------- /images/vlan-tagging.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/akraino-edge-stack/icn-nodus/1280acabce0b43ca1a46c16da83eb48fd23797f0/images/vlan-tagging.png -------------------------------------------------------------------------------- /internal/pkg/cnishim/cnishim.go: -------------------------------------------------------------------------------- 1 | package cni 2 | 3 | import ( 4 | "bytes" 5 | "encoding/json" 6 | "fmt" 7 | "io/ioutil" 8 | "net" 9 | "net/http" 10 | "os" 11 | "strings" 12 | 13 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/auth" 14 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/cniserver" 15 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/config" 16 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/kube" 17 | 18 | "github.com/containernetworking/cni/pkg/skel" 19 | "github.com/containernetworking/cni/pkg/types" 20 | "github.com/containernetworking/cni/pkg/types/current" 21 | "github.com/sirupsen/logrus" 22 | ) 23 | 24 | const CNIEndpointURLReq string = "https://dummy/" 25 | 26 | type Endpoint struct { 27 | cniServerSocketPath string 28 | } 29 | 30 | func CNIEndpoint(cniServerSocketPath string) *Endpoint { 31 | if len(cniServerSocketPath) == 0 { 32 | cniServerSocketPath = cniserver.CNIServerSocketPath 33 | } 34 | return &Endpoint{cniServerSocketPath: cniServerSocketPath} 35 | } 36 | 37 | func cniEndpointRequest(args *skel.CmdArgs) *cniserver.CNIEndpointRequest { 38 | osEnvMap := make(map[string]string) 39 | for _, item := range os.Environ() { 40 | idx := strings.Index(item, "=") 41 | if idx > 0 { 42 | osEnvMap[strings.TrimSpace(item[:idx])] = item[idx+1:] 43 | } 44 | } 45 | 46 | return &cniserver.CNIEndpointRequest{ 47 | ArgEnv: osEnvMap, 48 | NetConfig: args.StdinData, 49 | } 50 | } 51 | 52 | func (ep *Endpoint) sendCNIServerReq(req *cniserver.CNIEndpointRequest) ([]byte, error) { 53 | cnireqdata, err := json.Marshal(req) 54 | if err != nil { 55 | return nil, fmt.Errorf("sendCNIServerReq: failed to Marshal CNIShim Req %v:%v", req, err) 56 | } 57 | 58 | // load kubeconfig from file 59 | client, err := kube.GetKubeConfigfromFile() 60 | if err != nil { 61 | return nil, fmt.Errorf("sendCNIServerReq: error getting kubernetes config: %v", err) 62 | } 63 | 64 | // get certificate secret 65 | kubecli := &kube.Kube{KClient: client} 66 | sec, err := kubecli.GetSecret(config.Namespace, auth.DefaultCniCert) 67 | if err != nil { 68 | return nil, fmt.Errorf("sendCNIServerReq: unable to get CNI secret: %v", err) 69 | } 70 | 71 | // create TLS config from secret 72 | tlsconfig, err := auth.CreateClientTLSConfig(sec) 73 | if err != nil { 74 | return nil, fmt.Errorf("sendCNIServerReq: error loading certificates: %v", err) 75 | } 76 | 77 | httpc := http.Client{ 78 | Transport: &http.Transport{ 79 | Dial: func(proto, addr string) (net.Conn, error) { 80 | return net.Dial("unix", ep.cniServerSocketPath) 81 | }, 82 | DialTLS: func(proto, addr string) (net.Conn, error) { 83 | return net.Dial("unix", ep.cniServerSocketPath) 84 | }, 85 | TLSClientConfig: tlsconfig, 86 | }, 87 | } 88 | 89 | reponse, err := httpc.Post(CNIEndpointURLReq, "application/json", bytes.NewReader(cnireqdata)) 90 | if err != nil { 91 | return nil, fmt.Errorf("Failed to send CNIServer request: %v", err) 92 | } 93 | defer reponse.Body.Close() 94 | 95 | rbody, err := ioutil.ReadAll(reponse.Body) 96 | if err != nil { 97 | return nil, fmt.Errorf("Failed to read the CNI Server reponse:%v", err) 98 | } 99 | 100 | if reponse.StatusCode != 200 { 101 | return nil, fmt.Errorf("CNI Server request is failed with reponse status %v and reponse body %s", reponse.StatusCode, string(rbody)) 102 | } 103 | 104 | return rbody, nil 105 | } 106 | 107 | func (ep *Endpoint) CmdAdd(args *skel.CmdArgs) error { 108 | logrus.Infof("ovn4nfvk8s-cni: cmdAdd ") 109 | conf, err := config.ConfigureNetConf(args.StdinData) 110 | if err != nil { 111 | return fmt.Errorf("invalid stdin args") 112 | } 113 | logrus.Infof("ovn4nfvk8s-cni: cmdAdd configure net conf details -%+v", conf) 114 | req := cniEndpointRequest(args) 115 | logrus.Infof("ovn4nfvk8s-cni: cmdAdd CNIEndpoint Request:%+v", req) 116 | reponsebody, err := ep.sendCNIServerReq(req) 117 | if err != nil { 118 | return err 119 | } 120 | result, err := current.NewResult(reponsebody) 121 | if err != nil { 122 | return fmt.Errorf("failed to unmarshall CNIServer Result reponse %v - err:%v", string(reponsebody), err) 123 | } 124 | 125 | return types.PrintResult(result, conf.CNIVersion) 126 | } 127 | 128 | func (ep *Endpoint) CmdCheck(args *skel.CmdArgs) error { 129 | return nil 130 | } 131 | 132 | func (ep *Endpoint) CmdDel(args *skel.CmdArgs) error { 133 | logrus.Infof("ovn4nfvk8s-cni: cmdDel ") 134 | req := cniEndpointRequest(args) 135 | _, err := ep.sendCNIServerReq(req) 136 | return err 137 | } 138 | -------------------------------------------------------------------------------- /internal/pkg/containerd/containerd.go: -------------------------------------------------------------------------------- 1 | package containerd 2 | 3 | import ( 4 | "context" 5 | "strings" 6 | 7 | ctd "github.com/google/cadvisor/container/containerd" 8 | "github.com/google/cadvisor/container/containerd/namespaces" 9 | ) 10 | 11 | const ( 12 | defaultContainerdSocket = "/var/run/containerd/containerd.sock" 13 | kubernetesNamespace = "k8s.io" 14 | 15 | separator = "://" 16 | ) 17 | 18 | // Client is a client for contanierd that implements our common CRI interface 19 | type Client struct { 20 | cli ctd.ContainerdClient 21 | ctx context.Context 22 | } 23 | 24 | // GetPidForContainer returns PID for provided container (ID) 25 | func (c *Client) GetPidForContainer(id string) (int, error) { 26 | if strings.Contains(id, separator) { 27 | id = strings.Split(id, separator)[1] 28 | } 29 | pid, err := c.cli.TaskPid(c.ctx, id) 30 | if err != nil { 31 | return -1, err 32 | } 33 | return int(pid), nil 34 | } 35 | 36 | // NewClient returns new containerd client 37 | func NewClient() (*Client, error) { 38 | cc, err := ctd.Client(defaultContainerdSocket, kubernetesNamespace) 39 | if err != nil { 40 | return nil, err 41 | } 42 | return &Client{ 43 | cli: cc, 44 | ctx: namespaces.WithNamespace(context.TODO(), kubernetesNamespace), 45 | }, nil 46 | } 47 | -------------------------------------------------------------------------------- /internal/pkg/criclient/criclient.go: -------------------------------------------------------------------------------- 1 | package criclient 2 | 3 | import ( 4 | "fmt" 5 | "strings" 6 | 7 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/containerd" 8 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/crio" 9 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/docker" 10 | 11 | kapi "k8s.io/api/core/v1" 12 | ) 13 | 14 | const ( 15 | criDocker = "docker" 16 | criContainerd = "containerd" 17 | criCrio = "cri-o" 18 | 19 | separator = ":" 20 | ) 21 | 22 | // CRIClient is common interface for various CRI clients (containerd, CRI-O, Docker) 23 | type CRIClient interface { 24 | GetPidForContainer(string) (int, error) 25 | } 26 | 27 | // NewCRIClient returns new CRIClient for specified Node 28 | func NewCRIClient(node *kapi.Node) (CRIClient, error) { 29 | critype := strings.Split(node.Status.NodeInfo.ContainerRuntimeVersion, separator)[0] 30 | 31 | switch critype { 32 | case criDocker: 33 | return docker.NewClient() 34 | case criContainerd: 35 | return containerd.NewClient() 36 | case criCrio: 37 | return crio.NewClient() 38 | } 39 | 40 | return nil, fmt.Errorf("Unsupported CRI type: %s", critype) 41 | } 42 | -------------------------------------------------------------------------------- /internal/pkg/crio/crio.go: -------------------------------------------------------------------------------- 1 | package crio 2 | 3 | import ( 4 | "strings" 5 | 6 | cacrio "github.com/google/cadvisor/container/crio" 7 | ) 8 | 9 | 10 | const ( 11 | separator = "://" 12 | ) 13 | 14 | // Client is a client for contanierd that implements our common CRI interface 15 | type Client struct { 16 | cli cacrio.CrioClient 17 | } 18 | 19 | // GetPidForContainer returns PID for provided container (ID) 20 | func (c *Client) GetPidForContainer(id string) (int, error) { 21 | if strings.Contains(id, separator) { 22 | id = strings.Split(id, separator)[1] 23 | } 24 | ci, err := c.cli.ContainerInfo(id) 25 | if err != nil { 26 | return 0, err 27 | } 28 | return ci.Pid, nil 29 | } 30 | 31 | // NewClient returns new containerd client 32 | func NewClient() (*Client, error) { 33 | cc, err := cacrio.Client() 34 | if err != nil { 35 | return nil, err 36 | } 37 | return &Client{ 38 | cli: cc, 39 | }, nil 40 | } 41 | -------------------------------------------------------------------------------- /internal/pkg/docker/docker.go: -------------------------------------------------------------------------------- 1 | package docker 2 | 3 | import ( 4 | "context" 5 | "fmt" 6 | 7 | "github.com/docker/docker/client" 8 | ) 9 | 10 | // Client is a client for docker that implements our common CRI interface 11 | type Client struct { 12 | cli *client.Client 13 | } 14 | 15 | // GetPidForContainer returns PID for provided container (ID) 16 | func (dc *Client) GetPidForContainer(id string) (int, error) { 17 | dc.cli.NegotiateAPIVersion(context.Background()) 18 | cj, err := dc.cli.ContainerInspect(context.Background(), id) 19 | if err != nil { 20 | fmt.Println("Unable to Inspect docker container") 21 | return -1, err 22 | } 23 | if cj.State.Pid == 0 { 24 | return -1, fmt.Errorf("Container not found %s", id) 25 | } 26 | return cj.State.Pid, nil 27 | } 28 | 29 | // NewClient returns new Docker client 30 | func NewClient() (*Client, error) { 31 | cli, err := client.NewEnvClient() 32 | if err != nil { 33 | return nil, err 34 | } 35 | 36 | return &Client{ 37 | cli: cli, 38 | }, nil 39 | } 40 | -------------------------------------------------------------------------------- /internal/pkg/network/iface.go: -------------------------------------------------------------------------------- 1 | package network 2 | 3 | import ( 4 | "errors" 5 | "fmt" 6 | "net" 7 | "syscall" 8 | 9 | "github.com/vishvananda/netlink" 10 | ) 11 | 12 | //GetGatewayInterface return gw string for a given dst route 13 | func GetGatewayInterface(dst string) (string, error) { 14 | routes, err := netlink.RouteList(nil, syscall.AF_INET) 15 | if err != nil { 16 | return "", err 17 | } 18 | 19 | for _, route := range routes { 20 | if route.Dst != nil { 21 | if route.Dst.String() == dst { 22 | if route.Gw.To4() == nil { 23 | return "", errors.New("Found dst route but could not determine gateway") 24 | } 25 | return route.Gw.To4().String(), nil 26 | } 27 | } 28 | } 29 | 30 | return "", fmt.Errorf("Unable to find gw for route dst -%s", dst) 31 | } 32 | 33 | //IsRouteExist return true for gw string for a given dst route 34 | func IsRouteExist(dst string, gw string) (bool, error) { 35 | routes, err := netlink.RouteList(nil, syscall.AF_INET) 36 | if err != nil { 37 | return false, err 38 | } 39 | 40 | for _, route := range routes { 41 | if route.Dst != nil { 42 | if route.Dst.String() == dst { 43 | if route.Gw.To4() == nil { 44 | return false, nil 45 | } 46 | if route.Gw.String() == gw { 47 | return true, nil 48 | } 49 | } 50 | } 51 | } 52 | 53 | return false, nil 54 | } 55 | 56 | //GetDefaultGateway return default gateway of the network namespace 57 | func GetDefaultGateway() (string, error) { 58 | routes, err := netlink.RouteList(nil, syscall.AF_INET) 59 | if err != nil { 60 | return "", err 61 | } 62 | 63 | for _, route := range routes { 64 | if route.Dst == nil || route.Dst.String() == "0.0.0.0/0" { 65 | if route.Gw.To4() == nil { 66 | return "", errors.New("Found default route but could not determine gateway") 67 | } 68 | return route.Gw.To4().String(), nil 69 | } 70 | } 71 | 72 | return "", errors.New("Unable to find default route") 73 | } 74 | 75 | //CheckRoute return bool isPresent 76 | func CheckRoute(dst, gw string) (bool, error) { 77 | var isPresent bool 78 | routes, err := netlink.RouteList(nil, syscall.AF_INET) 79 | if err != nil { 80 | return isPresent, err 81 | } 82 | 83 | for _, route := range routes { 84 | if route.Dst.String() == dst && route.Gw.To4().String() == gw { 85 | isPresent = true 86 | } 87 | } 88 | 89 | return isPresent, nil 90 | 91 | } 92 | 93 | // GetDefaultGatewayInterface return default gateway interface link 94 | func GetDefaultGatewayInterface() (*net.Interface, error) { 95 | routes, err := netlink.RouteList(nil, syscall.AF_INET) 96 | if err != nil { 97 | return nil, err 98 | } 99 | 100 | for _, route := range routes { 101 | if route.Dst == nil || route.Dst.String() == "0.0.0.0/0" { 102 | if route.LinkIndex <= 0 { 103 | return nil, errors.New("Found default route but could not determine interface") 104 | } 105 | return net.InterfaceByIndex(route.LinkIndex) 106 | } 107 | } 108 | 109 | return nil, errors.New("Unable to find default route") 110 | } 111 | 112 | func getIfaceAddrs(iface *net.Interface) ([]netlink.Addr, error) { 113 | 114 | link := &netlink.Device{ 115 | netlink.LinkAttrs{ 116 | Index: iface.Index, 117 | }, 118 | } 119 | 120 | return netlink.AddrList(link, syscall.AF_INET) 121 | } 122 | 123 | //GetInterfaceIP4Addr return IP4addr of a interface 124 | func GetInterfaceIP4Addr(iface *net.Interface) (netlink.Addr, error) { 125 | addrs, err := getIfaceAddrs(iface) 126 | if err != nil { 127 | return netlink.Addr{}, err 128 | } 129 | 130 | // prefer non link-local addr 131 | var ll netlink.Addr 132 | 133 | for _, addr := range addrs { 134 | if addr.IP.To4() == nil { 135 | continue 136 | } 137 | 138 | if addr.IP.IsGlobalUnicast() { 139 | return addr, nil 140 | } 141 | 142 | if addr.IP.IsLinkLocalUnicast() { 143 | ll = addr 144 | } 145 | } 146 | 147 | if ll.IP.To4() != nil { 148 | // didn't find global but found link-local. it'll do. 149 | return ll, nil 150 | } 151 | 152 | return netlink.Addr{}, errors.New("No IPv4 address found for given interface") 153 | } 154 | 155 | //GetHostNetwork return default gateway interface network 156 | func GetHostNetwork() (string, error) { 157 | 158 | iface, err := GetDefaultGatewayInterface() 159 | if err != nil { 160 | log.Error(err, "error in gettting default gateway interface") 161 | return "", err 162 | } 163 | 164 | ipv4addr, err := GetInterfaceIP4Addr(iface) 165 | if err != nil { 166 | log.Error(err, "error in gettting default gateway interface IPv4 address") 167 | return "", err 168 | } 169 | 170 | _, ipv4Net, err := net.ParseCIDR(ipv4addr.IPNet.String()) 171 | if err != nil { 172 | log.Error(err, "error in gettting default gateway interface network") 173 | return "", err 174 | } 175 | 176 | return ipv4Net.String(), nil 177 | } 178 | -------------------------------------------------------------------------------- /internal/pkg/nfnNotify/proto/nfn.proto: -------------------------------------------------------------------------------- 1 | // 2 | // nfn.proto 3 | // 4 | // Example that implements push notification from grpc server to client 5 | // 6 | syntax = "proto3"; 7 | 8 | option go_package="github.com/akraino-edge-stack/icn-nodus/internal/pkg/nfn"; 9 | 10 | service nfnNotify { 11 | rpc Subscribe (SubscribeContext) returns (stream Notification); 12 | } 13 | 14 | message SubscribeContext { 15 | string node_name = 1; 16 | } 17 | 18 | message Notification { 19 | string cni_type = 1; 20 | oneof payload { 21 | InSync in_sync = 2; 22 | ProviderNetworkCreate provider_nw_create = 3; 23 | ProviderNetworkRemove provider_nw_remove = 4; 24 | ContainerRouteInsert containter_rt_insert = 5; 25 | ContainerRouteRemove containter_rt_remove = 6; 26 | PodAddNetwork pod_add_network = 7; 27 | PodDelNetwork pod_del_network = 8; 28 | } 29 | } 30 | 31 | message ProviderNetworkCreate { 32 | string provider_nw_name = 1; 33 | VlanInfo vlan = 2; 34 | DirectInfo direct =3; 35 | // Add other types supported here beyond vlan 36 | } 37 | 38 | message ProviderNetworkRemove { 39 | string provider_nw_name = 1; 40 | string vlan_logical_intf = 2; 41 | string direct_provider_intf = 3; 42 | // Add other types supported here 43 | } 44 | 45 | message VlanInfo { 46 | string vlan_id = 1; 47 | string provider_intf = 2; 48 | string logical_intf = 3; 49 | } 50 | 51 | message DirectInfo { 52 | string provider_intf = 1; 53 | } 54 | 55 | message RouteData { 56 | string dst = 2; 57 | string gw = 3; 58 | } 59 | 60 | message ContainerRouteInsert { 61 | string container_id = 1; 62 | repeated RouteData route = 2; 63 | } 64 | 65 | message ContainerRouteRemove { 66 | string container_id = 1; 67 | repeated RouteData route = 2; 68 | } 69 | 70 | message PodInfo { 71 | string namespace = 1; 72 | string name = 2; 73 | } 74 | 75 | message NetConf { 76 | string data =1; 77 | } 78 | 79 | message PodAddNetwork { 80 | string container_id = 1; 81 | PodInfo pod = 2; 82 | NetConf net = 3; 83 | repeated RouteData route = 4; 84 | } 85 | 86 | message PodDelNetwork { 87 | string container_id = 1; 88 | PodInfo pod = 2; 89 | NetConf net = 3; 90 | repeated RouteData route = 4; 91 | } 92 | 93 | message InSync { 94 | string node_intf_ip_address = 1; 95 | string node_intf_mac_address = 2; 96 | string node_intf_ipv6_address = 3; 97 | } 98 | -------------------------------------------------------------------------------- /internal/pkg/nfnNotify/proto/nfn_grpc.pb.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-go-grpc. DO NOT EDIT. 2 | // versions: 3 | // - protoc-gen-go-grpc v1.2.0 4 | // - protoc v3.12.3 5 | // source: internal/pkg/nfnNotify/proto/nfn.proto 6 | 7 | package nfn 8 | 9 | import ( 10 | context "context" 11 | grpc "google.golang.org/grpc" 12 | codes "google.golang.org/grpc/codes" 13 | status "google.golang.org/grpc/status" 14 | ) 15 | 16 | // This is a compile-time assertion to ensure that this generated file 17 | // is compatible with the grpc package it is being compiled against. 18 | // Requires gRPC-Go v1.32.0 or later. 19 | const _ = grpc.SupportPackageIsVersion7 20 | 21 | // NfnNotifyClient is the client API for NfnNotify service. 22 | // 23 | // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. 24 | type NfnNotifyClient interface { 25 | Subscribe(ctx context.Context, in *SubscribeContext, opts ...grpc.CallOption) (NfnNotify_SubscribeClient, error) 26 | } 27 | 28 | type nfnNotifyClient struct { 29 | cc grpc.ClientConnInterface 30 | } 31 | 32 | func NewNfnNotifyClient(cc grpc.ClientConnInterface) NfnNotifyClient { 33 | return &nfnNotifyClient{cc} 34 | } 35 | 36 | func (c *nfnNotifyClient) Subscribe(ctx context.Context, in *SubscribeContext, opts ...grpc.CallOption) (NfnNotify_SubscribeClient, error) { 37 | stream, err := c.cc.NewStream(ctx, &NfnNotify_ServiceDesc.Streams[0], "/nfnNotify/Subscribe", opts...) 38 | if err != nil { 39 | return nil, err 40 | } 41 | x := &nfnNotifySubscribeClient{stream} 42 | if err := x.ClientStream.SendMsg(in); err != nil { 43 | return nil, err 44 | } 45 | if err := x.ClientStream.CloseSend(); err != nil { 46 | return nil, err 47 | } 48 | return x, nil 49 | } 50 | 51 | type NfnNotify_SubscribeClient interface { 52 | Recv() (*Notification, error) 53 | grpc.ClientStream 54 | } 55 | 56 | type nfnNotifySubscribeClient struct { 57 | grpc.ClientStream 58 | } 59 | 60 | func (x *nfnNotifySubscribeClient) Recv() (*Notification, error) { 61 | m := new(Notification) 62 | if err := x.ClientStream.RecvMsg(m); err != nil { 63 | return nil, err 64 | } 65 | return m, nil 66 | } 67 | 68 | // NfnNotifyServer is the server API for NfnNotify service. 69 | // All implementations must embed UnimplementedNfnNotifyServer 70 | // for forward compatibility 71 | type NfnNotifyServer interface { 72 | Subscribe(*SubscribeContext, NfnNotify_SubscribeServer) error 73 | mustEmbedUnimplementedNfnNotifyServer() 74 | } 75 | 76 | // UnimplementedNfnNotifyServer must be embedded to have forward compatible implementations. 77 | type UnimplementedNfnNotifyServer struct { 78 | } 79 | 80 | func (UnimplementedNfnNotifyServer) Subscribe(*SubscribeContext, NfnNotify_SubscribeServer) error { 81 | return status.Errorf(codes.Unimplemented, "method Subscribe not implemented") 82 | } 83 | func (UnimplementedNfnNotifyServer) mustEmbedUnimplementedNfnNotifyServer() {} 84 | 85 | // UnsafeNfnNotifyServer may be embedded to opt out of forward compatibility for this service. 86 | // Use of this interface is not recommended, as added methods to NfnNotifyServer will 87 | // result in compilation errors. 88 | type UnsafeNfnNotifyServer interface { 89 | mustEmbedUnimplementedNfnNotifyServer() 90 | } 91 | 92 | func RegisterNfnNotifyServer(s grpc.ServiceRegistrar, srv NfnNotifyServer) { 93 | s.RegisterService(&NfnNotify_ServiceDesc, srv) 94 | } 95 | 96 | func _NfnNotify_Subscribe_Handler(srv interface{}, stream grpc.ServerStream) error { 97 | m := new(SubscribeContext) 98 | if err := stream.RecvMsg(m); err != nil { 99 | return err 100 | } 101 | return srv.(NfnNotifyServer).Subscribe(m, &nfnNotifySubscribeServer{stream}) 102 | } 103 | 104 | type NfnNotify_SubscribeServer interface { 105 | Send(*Notification) error 106 | grpc.ServerStream 107 | } 108 | 109 | type nfnNotifySubscribeServer struct { 110 | grpc.ServerStream 111 | } 112 | 113 | func (x *nfnNotifySubscribeServer) Send(m *Notification) error { 114 | return x.ServerStream.SendMsg(m) 115 | } 116 | 117 | // NfnNotify_ServiceDesc is the grpc.ServiceDesc for NfnNotify service. 118 | // It's only intended for direct use with grpc.RegisterService, 119 | // and not to be introspected or modified (even as a copy) 120 | var NfnNotify_ServiceDesc = grpc.ServiceDesc{ 121 | ServiceName: "nfnNotify", 122 | HandlerType: (*NfnNotifyServer)(nil), 123 | Methods: []grpc.MethodDesc{}, 124 | Streams: []grpc.StreamDesc{ 125 | { 126 | StreamName: "Subscribe", 127 | Handler: _NfnNotify_Subscribe_Handler, 128 | ServerStreams: true, 129 | }, 130 | }, 131 | Metadata: "internal/pkg/nfnNotify/proto/nfn.proto", 132 | } 133 | -------------------------------------------------------------------------------- /internal/pkg/node/node.go: -------------------------------------------------------------------------------- 1 | package node 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/internal/pkg/ovn" 5 | 6 | logf "sigs.k8s.io/controller-runtime/pkg/log" 7 | ) 8 | 9 | var log = logf.Log.WithName("node") 10 | 11 | //AddNodeLogicalPorts return nodeIntfMacAddr and nodeIntfIPAddr 12 | func AddNodeLogicalPorts(node string) (nodeIntfMacAddr, nodeIntfIPAddr, nodeIntfIPv6Addr string, err error) { 13 | ovnCtl, err := ovn.GetOvnController() 14 | if err != nil { 15 | return "", "", "", err 16 | } 17 | 18 | log.Info("Calling CreateNodeLogicalPorts") 19 | nodeIntfIPAddr, nodeIntfIPv6Addr, nodeIntfMacAddr, err = ovnCtl.AddNodeLogicalPorts(node) 20 | if err != nil { 21 | return "", "", "", err 22 | } 23 | return nodeIntfMacAddr, nodeIntfIPAddr, nodeIntfIPv6Addr, nil 24 | } 25 | 26 | //DeleteNodeLogicalPorts return nil 27 | func DeleteNodeLogicalPorts(name, namesapce string) error { 28 | // Run delete for all controllers; 29 | // Todo 30 | return nil 31 | } 32 | -------------------------------------------------------------------------------- /internal/pkg/ovn/acl.go: -------------------------------------------------------------------------------- 1 | package ovn 2 | 3 | import ( 4 | "fmt" 5 | "strconv" 6 | "strings" 7 | "regexp" 8 | ) 9 | 10 | // ACL defines structure that holds ACL rule 11 | type ACL struct { 12 | Entity string 13 | Direction PolicyDirection 14 | Priority int16 15 | Match string 16 | Verdict string 17 | } 18 | 19 | // PolicyDirection can be Ingress or Egress 20 | type PolicyDirection string 21 | 22 | const ( 23 | // Ingress - incoming traffic 24 | Ingress PolicyDirection = "to-lport" 25 | // Egress - outcoming traffic 26 | Egress PolicyDirection = "from-lport" 27 | ) 28 | 29 | // ACLList will run ovn-nbctl acl-list command 30 | func ACLList(entity, entityType string) (string, []ACL, error) { 31 | var args []string 32 | 33 | if entityType != "" { 34 | args = append(args, fmt.Sprintf("--type=%sd", entityType)) 35 | } 36 | 37 | args = append(args, "acl-list") 38 | 39 | args = append(args, entity) 40 | 41 | stdout, _, err := RunOVNNbctl(args...) 42 | if err != nil { 43 | return stdout, nil, err 44 | } 45 | 46 | stdoutLines := strings.Split(stdout,"\n") 47 | 48 | var rules []ACL 49 | for _, line := range(stdoutLines) { 50 | var rule ACL 51 | rule.Entity = entity 52 | err = rule.fromString(line) 53 | if err != nil { 54 | return stdout, nil, err 55 | } 56 | rules = append(rules, rule) 57 | } 58 | 59 | return stdout, rules, nil 60 | } 61 | 62 | // ACLAdd will run ovn-nbctl acl-add command 63 | func ACLAdd(rule ACL, entityType, meter, severity, name string, mayExist, enLog bool) (string, error) { 64 | var args []string 65 | 66 | if entityType != "" { 67 | args = append(args, fmt.Sprintf("--type=%s", entityType)) 68 | } 69 | 70 | if enLog { 71 | args = append(args, "--log") 72 | } 73 | 74 | if meter != "" { 75 | args = append(args, fmt.Sprintf("--meter=%s", meter)) 76 | } 77 | 78 | if name != "" { 79 | args = append(args, fmt.Sprintf("--name=%s", name)) 80 | } 81 | 82 | if mayExist { 83 | args = append(args, "--may-exist") 84 | } 85 | 86 | args = append(args, "acl-add", rule.Entity, string(rule.Direction), fmt.Sprint(rule.Priority), rule.Match, rule.Verdict) 87 | 88 | stdout, stderr, err := RunOVNNbctl(args...) 89 | if err != nil { 90 | log.Error(err, "Failed to add ACL", "stdout", stdout, "stderr", stderr) 91 | return "", err 92 | } 93 | 94 | return stdout, nil 95 | } 96 | 97 | // ACLDel will run ovn-nbctl acl-del command 98 | func ACLDel(rule ACL, entityType string) (string, error) { 99 | var args []string 100 | 101 | if entityType != "" { 102 | args = append(args, fmt.Sprintf("--type=%sd", entityType)) 103 | } 104 | 105 | args = append(args, "acl-del", rule.Entity, string(rule.Direction), fmt.Sprint(rule.Priority), rule.Match) 106 | 107 | stdout, stderr, err := RunOVNNbctl(args...) 108 | if err != nil { 109 | log.Error(err, "Failed to add ACL", "stdout", stdout, "stderr", stderr) 110 | return "", err 111 | } 112 | return stdout, err 113 | } 114 | 115 | // ACLDelEntity will run ovn-nbctl acl-del command for entity 116 | func ACLDelEntity(entity, entityType string) (string, error) { 117 | var args []string 118 | 119 | if entityType != "" { 120 | args = append(args, fmt.Sprintf("--type=%sd", entityType)) 121 | } 122 | 123 | args = append(args, "acl-del", entity) 124 | 125 | stdout, stderr, err := RunOVNNbctl(args...) 126 | if err != nil { 127 | log.Error(err, "Failed to add ACL", "stdout", stdout, "stderr", stderr) 128 | return "", err 129 | } 130 | return stdout, err 131 | } 132 | 133 | func (rule *ACL) fromString(line string) error { 134 | // remove redundant spaces 135 | leadSpace := regexp.MustCompile(`^\s+`) 136 | line = leadSpace.ReplaceAllString(line, "") 137 | space := regexp.MustCompile(`\s+`) 138 | line = space.ReplaceAllString(line, " ") 139 | 140 | // find 'match' value 141 | parentheses := regexp.MustCompile("\\(.*\\)") 142 | match := parentheses.FindString(line) 143 | match = strings.Trim(match,"(") 144 | match = strings.Trim(match,")") 145 | rule.Match = match 146 | 147 | // get 'direction', 'prioroty' and 'verdict' values 148 | bySpace := strings.Split(line, " ") 149 | if len(bySpace) < 2 { 150 | return fmt.Errorf("Unable to parse ACL") 151 | } 152 | rule.Direction = PolicyDirection(bySpace[0]) 153 | p, err := strconv.ParseInt(bySpace[1], 10, 16) 154 | if err != nil { 155 | return err 156 | } 157 | rule.Priority = int16(p) 158 | rule.Verdict = bySpace[len(bySpace) - 1] 159 | 160 | return nil 161 | } 162 | 163 | // ToString converts ACL to string for debug purpose 164 | func (rule ACL) ToString() string { 165 | return fmt.Sprintf("Entity: %s, Direction: %s, Priority: %d, Match: %s, Verdict: %s", 166 | rule.Entity, string(rule.Direction), rule.Priority, rule.Match, rule.Verdict) 167 | } 168 | -------------------------------------------------------------------------------- /internal/pkg/ovn/port_group.go: -------------------------------------------------------------------------------- 1 | package ovn 2 | 3 | // PortGroup defines OVN port group struct 4 | type PortGroup struct { 5 | Name string 6 | Ports []string 7 | } 8 | 9 | // PGAddWithPorts creates port group and adds ports to this port group 10 | func PGAddWithPorts(group string, ports []string) (string, error) { 11 | args := preparePGArgs("pg-add", group, ports) 12 | stdout, stderr, err := RunOVNNbctl(args...) 13 | if err != nil { 14 | log.Error(err, "Failed to add port group", "stdout", stdout, "stderr", stderr) 15 | return "", err 16 | } 17 | return stdout, err 18 | } 19 | 20 | // PGAdd creates port group 21 | func PGAdd(group string) (string, error) { 22 | return PGAddWithPorts(group, []string{}) 23 | } 24 | 25 | // PGSetPorts adds ports to portg roup 26 | func PGSetPorts(group string, ports []string) (string, error) { 27 | args := preparePGArgs("pg-set-ports", group, ports) 28 | stdout, stderr, err := RunOVNNbctl(args...) 29 | if err != nil { 30 | log.Error(err, "Failed to set port group's ports", "stdout", stdout, "stderr", stderr) 31 | return "", err 32 | } 33 | return stdout, err 34 | } 35 | 36 | // PGDel deletes port group 37 | func PGDel(group string) (string, error) { 38 | stdout, stderr, err := RunOVNNbctl("pg-del", group) 39 | if err != nil { 40 | log.Error(err, "Failed to delete port group", "stdout", stdout, "stderr", stderr) 41 | return "", err 42 | } 43 | return stdout, err 44 | } 45 | 46 | func preparePGArgs(command, group string, ports []string) []string { 47 | var args []string 48 | args = append(args, command, group) 49 | args = append(args, ports...) 50 | return args 51 | } 52 | 53 | // AddDenyPG creates PG that denies all ingress/egress access 54 | func AddDenyPG(pgName string, isIngressPolicy, isEgressPolicy bool) error { 55 | _, existingACLs, err := ACLList(pgName, "") 56 | 57 | if err != nil { 58 | PGAdd(pgName) 59 | } 60 | 61 | if len(existingACLs) < 4 { 62 | if isIngressPolicy { 63 | err = addDenyRule(pgName, Ingress) 64 | if err != nil { 65 | log.Error(err, "Failed to add general deny all ingress ACL") 66 | return err 67 | } 68 | } 69 | if isEgressPolicy { 70 | err = addDenyRule(pgName, Egress) 71 | if err != nil { 72 | log.Error(err, "Failed to add general deny all ingress ACL") 73 | return err 74 | } 75 | } 76 | } 77 | 78 | return nil 79 | } 80 | 81 | func addDenyRule(pgName string, direction PolicyDirection) error { 82 | 83 | matchPort := "inport" 84 | if direction == Ingress { 85 | matchPort = "outport" 86 | } 87 | 88 | matchPort += " == " + "@" +pgName 89 | 90 | // rule drop all packets 91 | ruleDeny := ACL{Entity: pgName, 92 | Direction: direction, 93 | Priority: 0, 94 | Match: matchPort + " && (tcp || udp || icmp || sctp)", 95 | Verdict: "drop", 96 | } 97 | 98 | stdout, err := ACLAdd(ruleDeny, "", "", "", "GeneralDenyACL", true, false) 99 | if err != nil { 100 | log.Error(err, "Failed to add general deny all ACL", "stdout", stdout) 101 | return err 102 | } 103 | 104 | // rule to allow arp packets specifically 105 | ruleAllowARP := ACL{Entity: pgName, 106 | Direction: direction, 107 | Priority: 1, 108 | Match: matchPort + " && arp", 109 | Verdict: "allow", 110 | } 111 | 112 | stdout, err = ACLAdd(ruleAllowARP, "", "", "", "ArpAllowACL", true, false) 113 | if err != nil { 114 | log.Error(err, "Failed to add general ARP allow ACL", "stdout", stdout) 115 | return err 116 | } 117 | 118 | return nil 119 | } 120 | -------------------------------------------------------------------------------- /internal/pkg/testing/testing.go: -------------------------------------------------------------------------------- 1 | package testing 2 | 3 | import ( 4 | "strings" 5 | 6 | kexec "k8s.io/utils/exec" 7 | fakeexec "k8s.io/utils/exec/testing" 8 | 9 | "github.com/onsi/gomega" 10 | ) 11 | 12 | // ExpectedCmd contains properties that the testcase expects a called command 13 | // to have as well as the output that the fake command should return 14 | type ExpectedCmd struct { 15 | // Cmd should be the command-line string of the executable name and all arguments it is expected to be called with 16 | Cmd string 17 | // Output is any stdout output which Cmd should produce 18 | Output string 19 | // Stderr is any stderr output which Cmd should produce 20 | Stderr string 21 | // Err is any error that should be returned for the invocation of Cmd 22 | Err error 23 | } 24 | 25 | // AddFakeCmd takes the ExpectedCmd and appends its runner function to 26 | // a fake command action list 27 | func AddFakeCmd(fakeCmds []fakeexec.FakeCommandAction, expected *ExpectedCmd) []fakeexec.FakeCommandAction { 28 | return append(fakeCmds, func(cmd string, args ...string) kexec.Cmd { 29 | parts := strings.Split(expected.Cmd, " ") 30 | gomega.Expect(cmd).To(gomega.Equal("/fake-bin/" + parts[0])) 31 | gomega.Expect(strings.Join(args, " ")).To(gomega.Equal(strings.Join(parts[1:], " "))) 32 | return &fakeexec.FakeCmd{ 33 | Argv: parts[1:], 34 | CombinedOutputScript: []fakeexec.FakeCombinedOutputAction{ 35 | func() ([]byte, error) { 36 | return []byte(expected.Output), expected.Err 37 | }, 38 | }, 39 | RunScript: []fakeexec.FakeRunAction{ 40 | func() ([]byte, []byte, error) { 41 | return []byte(expected.Output), []byte(expected.Stderr), expected.Err 42 | }, 43 | }, 44 | } 45 | }) 46 | } 47 | 48 | // AddFakeCmdsNoOutputNoError takes a list of commands and appends those commands 49 | // to the expected command set. The command cannot return any output or error. 50 | func AddFakeCmdsNoOutputNoError(fakeCmds []fakeexec.FakeCommandAction, commands []string) []fakeexec.FakeCommandAction { 51 | for _, cmd := range commands { 52 | fakeCmds = AddFakeCmd(fakeCmds, &ExpectedCmd{Cmd: cmd}) 53 | } 54 | return fakeCmds 55 | } 56 | -------------------------------------------------------------------------------- /pkg/apis/addtoscheme_k8s_v1alpha1.go: -------------------------------------------------------------------------------- 1 | package apis 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 5 | ) 6 | 7 | func init() { 8 | // Register the types with the Scheme so the components can map objects to GroupVersionKinds and back 9 | AddToSchemes = append(AddToSchemes, v1alpha1.SchemeBuilder.AddToScheme) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/apis/apis.go: -------------------------------------------------------------------------------- 1 | package apis 2 | 3 | import ( 4 | "k8s.io/apimachinery/pkg/runtime" 5 | ) 6 | 7 | // AddToSchemes may be used to add all resources defined in the project to a Scheme 8 | var AddToSchemes runtime.SchemeBuilder 9 | 10 | // AddToScheme adds all Resources to the Scheme 11 | func AddToScheme(s *runtime.Scheme) error { 12 | return AddToSchemes.AddToScheme(s) 13 | } 14 | -------------------------------------------------------------------------------- /pkg/apis/k8s/group.go: -------------------------------------------------------------------------------- 1 | // Package k8s contains k8s API versions. 2 | // 3 | // This file ensures Go source parsers acknowledge the k8s package 4 | // and any child packages. It can be removed if any other Go source files are 5 | // added to this package. 6 | package k8s 7 | -------------------------------------------------------------------------------- /pkg/apis/k8s/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | // Package v1alpha1 contains API Schema definitions for the k8s v1alpha1 API group 2 | // +k8s:deepcopy-gen=package,register 3 | // +groupName=k8s.plugin.opnfv.org 4 | package v1alpha1 5 | -------------------------------------------------------------------------------- /pkg/apis/k8s/v1alpha1/network_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | "reflect" 5 | 6 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 7 | ) 8 | 9 | // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! 10 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 11 | 12 | // NetworkSpec defines the desired state of Network 13 | // +k8s:openapi-gen=true 14 | type NetworkSpec struct { 15 | // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster 16 | // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file 17 | // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html 18 | CniType string `json:"cniType"` 19 | Ipv4Subnets []IpSubnet `json:"ipv4Subnets"` 20 | Ipv6Subnets []IpSubnet `json:"ipv6Subnets,omitempty"` 21 | DNS DnsSpec `json:"dns,omitempty"` 22 | Routes []Route `json:"routes,omitempty"` 23 | } 24 | 25 | type IpSubnet struct { 26 | Name string `json:"name"` 27 | Subnet string `json:"subnet"` 28 | Gateway string `json:"gateway,omitempty"` 29 | ExcludeIps string `json:"excludeIps,omitempty"` 30 | } 31 | 32 | type NetworkPool struct { 33 | PoolNr int `json:"poolnumber"` 34 | Network IpSubnet `json:"network"` 35 | Available bool `json:"available"` 36 | } 37 | 38 | type Route struct { 39 | Dst string `json:"dst"` 40 | GW string `json:"gw,omitempty"` 41 | } 42 | 43 | type DnsSpec struct { 44 | Nameservers []string `json:"nameservers,omitempty"` 45 | Domain string `json:"domain,omitempty"` 46 | Search []string `json:"search,omitempty"` 47 | Options []string `json:"options,omitempty"` 48 | } 49 | 50 | const ( 51 | //Created indicates the status of success 52 | Created = "Created" 53 | //Pending indicates the sfc status is pending 54 | Pending = "Pending" 55 | //Creating indicates the sfc status is Creating 56 | Creating = "Creating" 57 | //CreateInternalError indicates create internal irrecoverable Error 58 | CreateInternalError = "CreateInternalError" 59 | //DeleteInternalError indicates delete internal irrecoverable Error 60 | DeleteInternalError = "DeleteInternalError" 61 | //Deleted indicated the sfc is deleted 62 | Deleted = "Deleted" 63 | //Virtual mode 64 | VirtualMode = "VirtualMode" 65 | //Provider mode 66 | ProviderMode = "ProviderMode" 67 | //Virtual and Provider mode 68 | VirtualProviderMode = "VirtualProviderMode" 69 | ) 70 | 71 | // NetworkStatus defines the observed state of Network 72 | // +k8s:openapi-gen=true 73 | type NetworkStatus struct { 74 | // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster 75 | // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file 76 | // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html 77 | State string `json:"state"` // Indicates if Network is in "created" state 78 | } 79 | 80 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 81 | // +genclient 82 | // Network is the Schema for the networks API 83 | // +k8s:openapi-gen=true 84 | // +kubebuilder:subresource:status 85 | type Network struct { 86 | metav1.TypeMeta `json:",inline"` 87 | metav1.ObjectMeta `json:"metadata,omitempty"` 88 | 89 | Spec NetworkSpec `json:"spec,omitempty"` 90 | Status NetworkStatus `json:"status,omitempty"` 91 | } 92 | 93 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 94 | 95 | // NetworkList contains a list of Network 96 | type NetworkList struct { 97 | metav1.TypeMeta `json:",inline"` 98 | metav1.ListMeta `json:"metadata,omitempty"` 99 | Items []Network `json:"items"` 100 | } 101 | 102 | func init() { 103 | SchemeBuilder.Register(&Network{}, &NetworkList{}) 104 | } 105 | 106 | func (r Route) IsEmpty() bool { 107 | return reflect.DeepEqual(r, Route{}) 108 | } 109 | -------------------------------------------------------------------------------- /pkg/apis/k8s/v1alpha1/networkchaining_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! 8 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 9 | 10 | // NetworkChainingSpec defines the desired state of NetworkChaining 11 | // +k8s:openapi-gen=true 12 | type NetworkChainingSpec struct { 13 | ChainType string `json:"chainType"` // Currently only Routing type is supported 14 | RoutingSpec RouteSpec `json:"routingSpec"` // Spec for Routing type 15 | // Add other Chanining mechanisms here 16 | } 17 | 18 | type RouteSpec struct { 19 | LeftNetwork []RoutingNetwork `json:"left"` // Info on Network on the left side 20 | RightNetwork []RoutingNetwork `json:"right"` // Info on Network on the right side 21 | NetworkChain string `json:"networkChain"` // NetworkChain is a comma seprated list with format DeploymentName, middle Network Name, DeploymentName, ... 22 | Namespace string `json:"namespace"` // Kubernetes namespace 23 | } 24 | 25 | type RoutingNetwork struct { 26 | NetworkName string `json:"networkName"` // Name of the network 27 | GatewayIP string `json:"gatewayIp"` // Gateway IP Address 28 | Subnet string `json:"subnet"` // Subnet 29 | PodSelector metav1.LabelSelector `json:"podSelector"` 30 | NamespaceSelector metav1.LabelSelector `json:"namespaceSelector"` 31 | } 32 | 33 | // NetworkChainingStatus defines the observed state of NetworkChaining 34 | // +k8s:openapi-gen=true 35 | type NetworkChainingStatus struct { 36 | State string `json:"state"` // Indicates if Network Chain is in "created" state 37 | } 38 | 39 | // NetworkChaining is the Schema for the networkchainings API 40 | // +k8s:openapi-gen=true 41 | // +kubebuilder:subresource:status 42 | // +kubebuilder:resource:path=networkchainings,scope=Namespaced 43 | // +genclient 44 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 45 | type NetworkChaining struct { 46 | metav1.TypeMeta `json:",inline"` 47 | metav1.ObjectMeta `json:"metadata,omitempty"` 48 | 49 | Spec NetworkChainingSpec `json:"spec,omitempty"` 50 | Status NetworkChainingStatus `json:"status,omitempty"` 51 | } 52 | 53 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 54 | 55 | // NetworkChainingList contains a list of NetworkChaining 56 | type NetworkChainingList struct { 57 | metav1.TypeMeta `json:",inline"` 58 | metav1.ListMeta `json:"metadata,omitempty"` 59 | Items []NetworkChaining `json:"items"` 60 | } 61 | 62 | func init() { 63 | SchemeBuilder.Register(&NetworkChaining{}, &NetworkChainingList{}) 64 | } 65 | -------------------------------------------------------------------------------- /pkg/apis/k8s/v1alpha1/providernetwork_types.go: -------------------------------------------------------------------------------- 1 | package v1alpha1 2 | 3 | import ( 4 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 5 | ) 6 | 7 | // EDIT THIS FILE! THIS IS SCAFFOLDING FOR YOU TO OWN! 8 | // NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized. 9 | 10 | // ProviderNetworkSpec defines the desired state of ProviderNetwork 11 | // +k8s:openapi-gen=true 12 | type ProviderNetworkSpec struct { 13 | // INSERT ADDITIONAL SPEC FIELDS - desired state of cluster 14 | // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file 15 | // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html 16 | CniType string `json:"cniType"` 17 | Ipv4Subnets []IpSubnet `json:"ipv4Subnets"` 18 | Ipv6Subnets []IpSubnet `json:"ipv6Subnets,omitempty"` 19 | DNS DnsSpec `json:"dns,omitempty"` 20 | Routes []Route `json:"routes,omitempty"` 21 | ProviderNetType string `json:"providerNetType"` 22 | Vlan VlanSpec `json:"vlan,omitempty"` // For now VLAN & Direct only supported type 23 | Direct DirectSpec `json:"direct,omitempty"` 24 | } 25 | 26 | type VlanSpec struct { 27 | VlanId string `json:"vlanId"` 28 | VlanNodeSelector string `json:"vlanNodeSelector"` // "all"/"any"(in which case a node will be randomly selected)/"specific"(see below) 29 | NodeLabelList []string `json:"nodeLabelList,omitempty"` // if VlanNodeSelector is value "specific" then this array provides a list of nodes labels 30 | ProviderInterfaceName string `json:"providerInterfaceName"` 31 | LogicalInterfaceName string `json:"logicalInterfaceName,omitempty"` 32 | } 33 | 34 | type DirectSpec struct { 35 | DirectNodeSelector string `json:"directNodeSelector"` // "all"/"any"(in which case a node will be randomly selected)/"specific"(see below) 36 | NodeLabelList []string `json:"nodeLabelList,omitempty"` // if DirectNodeSelector is value "specific" then this array provides a list of nodes labels 37 | ProviderInterfaceName string `json:"providerInterfaceName"` 38 | } 39 | 40 | // ProviderNetworkStatus defines the observed state of ProviderNetwork 41 | // +k8s:openapi-gen=true 42 | type ProviderNetworkStatus struct { 43 | // INSERT ADDITIONAL STATUS FIELD - define observed state of cluster 44 | // Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file 45 | // Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html 46 | State string `json:"state"` // Indicates if ProviderNetwork is in "created" state 47 | } 48 | 49 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 50 | 51 | // ProviderNetwork is the Schema for the providernetworks API 52 | // +k8s:openapi-gen=true 53 | // +kubebuilder:subresource:status 54 | // +genclient 55 | type ProviderNetwork struct { 56 | metav1.TypeMeta `json:",inline"` 57 | metav1.ObjectMeta `json:"metadata,omitempty"` 58 | 59 | Spec ProviderNetworkSpec `json:"spec,omitempty"` 60 | Status ProviderNetworkStatus `json:"status,omitempty"` 61 | } 62 | 63 | // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object 64 | 65 | // ProviderNetworkList contains a list of ProviderNetwork 66 | type ProviderNetworkList struct { 67 | metav1.TypeMeta `json:",inline"` 68 | metav1.ListMeta `json:"metadata,omitempty"` 69 | Items []ProviderNetwork `json:"items"` 70 | } 71 | 72 | func init() { 73 | SchemeBuilder.Register(&ProviderNetwork{}, &ProviderNetworkList{}) 74 | } 75 | -------------------------------------------------------------------------------- /pkg/apis/k8s/v1alpha1/register.go: -------------------------------------------------------------------------------- 1 | // NOTE: Boilerplate only. Ignore this file. 2 | 3 | // Package v1alpha1 contains API Schema definitions for the k8s v1alpha1 API group 4 | // +k8s:deepcopy-gen=package,register 5 | // +groupName=k8s.plugin.opnfv.org 6 | package v1alpha1 7 | 8 | import ( 9 | "k8s.io/apimachinery/pkg/runtime/schema" 10 | "sigs.k8s.io/controller-runtime/pkg/scheme" 11 | ) 12 | 13 | var ( 14 | // SchemeGroupVersion is group version used to register these objects 15 | SchemeGroupVersion = schema.GroupVersion{Group: "k8s.plugin.opnfv.org", Version: "v1alpha1"} 16 | 17 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 18 | SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} 19 | 20 | // AddToScheme is a global function variable that registers this API 21 | AddToScheme = SchemeBuilder.AddToScheme 22 | ) 23 | 24 | // Resource takes an unqualified resource and returns a Group qualified GroupResource 25 | func Resource(resource string) schema.GroupResource { 26 | return SchemeGroupVersion.WithResource(resource).GroupResource() 27 | } 28 | -------------------------------------------------------------------------------- /pkg/controller/add_network.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller/network" 5 | ) 6 | 7 | func init() { 8 | // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. 9 | AddToManagerFuncs = append(AddToManagerFuncs, network.Add) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/controller/add_networkchaining.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 Intel Corporation, Inc 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | package controller 18 | 19 | import ( 20 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller/networkchaining" 21 | ) 22 | 23 | func init() { 24 | // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. 25 | AddToManagerFuncs = append(AddToManagerFuncs, networkchaining.Add) 26 | } 27 | -------------------------------------------------------------------------------- /pkg/controller/add_networkpolicy.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller/networkpolicy" 5 | ) 6 | 7 | func init() { 8 | // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. 9 | AddToManagerFuncs = append(AddToManagerFuncs, networkpolicy.Add) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/controller/add_pod.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller/pod" 5 | ) 6 | 7 | func init() { 8 | // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. 9 | AddToManagerFuncs = append(AddToManagerFuncs, pod.Add) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/controller/add_providernetwork.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "github.com/akraino-edge-stack/icn-nodus/pkg/controller/providernetwork" 5 | ) 6 | 7 | func init() { 8 | // AddToManagerFuncs is a list of functions to create controllers and add them to a manager. 9 | AddToManagerFuncs = append(AddToManagerFuncs, providernetwork.Add) 10 | } 11 | -------------------------------------------------------------------------------- /pkg/controller/controller.go: -------------------------------------------------------------------------------- 1 | package controller 2 | 3 | import ( 4 | "sigs.k8s.io/controller-runtime/pkg/manager" 5 | ) 6 | 7 | // AddToManagerFuncs is a list of functions to add all Controllers to the Manager 8 | var AddToManagerFuncs []func(manager.Manager) error 9 | 10 | // AddToManager adds all Controllers to the Manager 11 | func AddToManager(m manager.Manager) error { 12 | for _, f := range AddToManagerFuncs { 13 | if err := f(m); err != nil { 14 | return err 15 | } 16 | } 17 | return nil 18 | } 19 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/clientset.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package versioned 20 | 21 | import ( 22 | "fmt" 23 | 24 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned/typed/k8s/v1alpha1" 25 | discovery "k8s.io/client-go/discovery" 26 | rest "k8s.io/client-go/rest" 27 | flowcontrol "k8s.io/client-go/util/flowcontrol" 28 | ) 29 | 30 | type Interface interface { 31 | Discovery() discovery.DiscoveryInterface 32 | K8sV1alpha1() k8sv1alpha1.K8sV1alpha1Interface 33 | } 34 | 35 | // Clientset contains the clients for groups. Each group has exactly one 36 | // version included in a Clientset. 37 | type Clientset struct { 38 | *discovery.DiscoveryClient 39 | k8sV1alpha1 *k8sv1alpha1.K8sV1alpha1Client 40 | } 41 | 42 | // K8sV1alpha1 retrieves the K8sV1alpha1Client 43 | func (c *Clientset) K8sV1alpha1() k8sv1alpha1.K8sV1alpha1Interface { 44 | return c.k8sV1alpha1 45 | } 46 | 47 | // Discovery retrieves the DiscoveryClient 48 | func (c *Clientset) Discovery() discovery.DiscoveryInterface { 49 | if c == nil { 50 | return nil 51 | } 52 | return c.DiscoveryClient 53 | } 54 | 55 | // NewForConfig creates a new Clientset for the given config. 56 | // If config's RateLimiter is not set and QPS and Burst are acceptable, 57 | // NewForConfig will generate a rate-limiter in configShallowCopy. 58 | func NewForConfig(c *rest.Config) (*Clientset, error) { 59 | configShallowCopy := *c 60 | if configShallowCopy.RateLimiter == nil && configShallowCopy.QPS > 0 { 61 | if configShallowCopy.Burst <= 0 { 62 | return nil, fmt.Errorf("burst is required to be greater than 0 when RateLimiter is not set and QPS is set to greater than 0") 63 | } 64 | configShallowCopy.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(configShallowCopy.QPS, configShallowCopy.Burst) 65 | } 66 | var cs Clientset 67 | var err error 68 | cs.k8sV1alpha1, err = k8sv1alpha1.NewForConfig(&configShallowCopy) 69 | if err != nil { 70 | return nil, err 71 | } 72 | 73 | cs.DiscoveryClient, err = discovery.NewDiscoveryClientForConfig(&configShallowCopy) 74 | if err != nil { 75 | return nil, err 76 | } 77 | return &cs, nil 78 | } 79 | 80 | // NewForConfigOrDie creates a new Clientset for the given config and 81 | // panics if there is an error in the config. 82 | func NewForConfigOrDie(c *rest.Config) *Clientset { 83 | var cs Clientset 84 | cs.k8sV1alpha1 = k8sv1alpha1.NewForConfigOrDie(c) 85 | 86 | cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) 87 | return &cs 88 | } 89 | 90 | // New creates a new Clientset for the given RESTClient. 91 | func New(c rest.Interface) *Clientset { 92 | var cs Clientset 93 | cs.k8sV1alpha1 = k8sv1alpha1.New(c) 94 | 95 | cs.DiscoveryClient = discovery.NewDiscoveryClient(c) 96 | return &cs 97 | } 98 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated clientset. 20 | package versioned 21 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/fake/clientset_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | clientset "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned" 23 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned/typed/k8s/v1alpha1" 24 | fakek8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned/typed/k8s/v1alpha1/fake" 25 | "k8s.io/apimachinery/pkg/runtime" 26 | "k8s.io/apimachinery/pkg/watch" 27 | "k8s.io/client-go/discovery" 28 | fakediscovery "k8s.io/client-go/discovery/fake" 29 | "k8s.io/client-go/testing" 30 | ) 31 | 32 | // NewSimpleClientset returns a clientset that will respond with the provided objects. 33 | // It's backed by a very simple object tracker that processes creates, updates and deletions as-is, 34 | // without applying any validations and/or defaults. It shouldn't be considered a replacement 35 | // for a real clientset and is mostly useful in simple unit tests. 36 | func NewSimpleClientset(objects ...runtime.Object) *Clientset { 37 | o := testing.NewObjectTracker(scheme, codecs.UniversalDecoder()) 38 | for _, obj := range objects { 39 | if err := o.Add(obj); err != nil { 40 | panic(err) 41 | } 42 | } 43 | 44 | cs := &Clientset{tracker: o} 45 | cs.discovery = &fakediscovery.FakeDiscovery{Fake: &cs.Fake} 46 | cs.AddReactor("*", "*", testing.ObjectReaction(o)) 47 | cs.AddWatchReactor("*", func(action testing.Action) (handled bool, ret watch.Interface, err error) { 48 | gvr := action.GetResource() 49 | ns := action.GetNamespace() 50 | watch, err := o.Watch(gvr, ns) 51 | if err != nil { 52 | return false, nil, err 53 | } 54 | return true, watch, nil 55 | }) 56 | 57 | return cs 58 | } 59 | 60 | // Clientset implements clientset.Interface. Meant to be embedded into a 61 | // struct to get a default implementation. This makes faking out just the method 62 | // you want to test easier. 63 | type Clientset struct { 64 | testing.Fake 65 | discovery *fakediscovery.FakeDiscovery 66 | tracker testing.ObjectTracker 67 | } 68 | 69 | func (c *Clientset) Discovery() discovery.DiscoveryInterface { 70 | return c.discovery 71 | } 72 | 73 | func (c *Clientset) Tracker() testing.ObjectTracker { 74 | return c.tracker 75 | } 76 | 77 | var _ clientset.Interface = &Clientset{} 78 | 79 | // K8sV1alpha1 retrieves the K8sV1alpha1Client 80 | func (c *Clientset) K8sV1alpha1() k8sv1alpha1.K8sV1alpha1Interface { 81 | return &fakek8sv1alpha1.FakeK8sV1alpha1{Fake: &c.Fake} 82 | } 83 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated fake clientset. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/fake/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | runtime "k8s.io/apimachinery/pkg/runtime" 25 | schema "k8s.io/apimachinery/pkg/runtime/schema" 26 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 27 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 28 | ) 29 | 30 | var scheme = runtime.NewScheme() 31 | var codecs = serializer.NewCodecFactory(scheme) 32 | 33 | var localSchemeBuilder = runtime.SchemeBuilder{ 34 | k8sv1alpha1.AddToScheme, 35 | } 36 | 37 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 38 | // of clientsets, like in: 39 | // 40 | // import ( 41 | // "k8s.io/client-go/kubernetes" 42 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 43 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 44 | // ) 45 | // 46 | // kclientset, _ := kubernetes.NewForConfig(c) 47 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 48 | // 49 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 50 | // correctly. 51 | var AddToScheme = localSchemeBuilder.AddToScheme 52 | 53 | func init() { 54 | v1.AddToGroupVersion(scheme, schema.GroupVersion{Version: "v1"}) 55 | utilruntime.Must(AddToScheme(scheme)) 56 | } 57 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/scheme/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package contains the scheme of the automatically generated clientset. 20 | package scheme 21 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/scheme/register.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package scheme 20 | 21 | import ( 22 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 24 | runtime "k8s.io/apimachinery/pkg/runtime" 25 | schema "k8s.io/apimachinery/pkg/runtime/schema" 26 | serializer "k8s.io/apimachinery/pkg/runtime/serializer" 27 | utilruntime "k8s.io/apimachinery/pkg/util/runtime" 28 | ) 29 | 30 | var Scheme = runtime.NewScheme() 31 | var Codecs = serializer.NewCodecFactory(Scheme) 32 | var ParameterCodec = runtime.NewParameterCodec(Scheme) 33 | var localSchemeBuilder = runtime.SchemeBuilder{ 34 | k8sv1alpha1.AddToScheme, 35 | } 36 | 37 | // AddToScheme adds all types of this clientset into the given scheme. This allows composition 38 | // of clientsets, like in: 39 | // 40 | // import ( 41 | // "k8s.io/client-go/kubernetes" 42 | // clientsetscheme "k8s.io/client-go/kubernetes/scheme" 43 | // aggregatorclientsetscheme "k8s.io/kube-aggregator/pkg/client/clientset_generated/clientset/scheme" 44 | // ) 45 | // 46 | // kclientset, _ := kubernetes.NewForConfig(c) 47 | // _ = aggregatorclientsetscheme.AddToScheme(clientsetscheme.Scheme) 48 | // 49 | // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types 50 | // correctly. 51 | var AddToScheme = localSchemeBuilder.AddToScheme 52 | 53 | func init() { 54 | v1.AddToGroupVersion(Scheme, schema.GroupVersion{Version: "v1"}) 55 | utilruntime.Must(AddToScheme(Scheme)) 56 | } 57 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/typed/k8s/v1alpha1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // This package has the automatically generated typed clients. 20 | package v1alpha1 21 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/typed/k8s/v1alpha1/fake/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | // Package fake has the automatically generated clients. 20 | package fake 21 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/typed/k8s/v1alpha1/fake/fake_k8s_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package fake 20 | 21 | import ( 22 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned/typed/k8s/v1alpha1" 23 | rest "k8s.io/client-go/rest" 24 | testing "k8s.io/client-go/testing" 25 | ) 26 | 27 | type FakeK8sV1alpha1 struct { 28 | *testing.Fake 29 | } 30 | 31 | func (c *FakeK8sV1alpha1) Networks(namespace string) v1alpha1.NetworkInterface { 32 | return &FakeNetworks{c, namespace} 33 | } 34 | 35 | func (c *FakeK8sV1alpha1) NetworkChainings(namespace string) v1alpha1.NetworkChainingInterface { 36 | return &FakeNetworkChainings{c, namespace} 37 | } 38 | 39 | func (c *FakeK8sV1alpha1) ProviderNetworks(namespace string) v1alpha1.ProviderNetworkInterface { 40 | return &FakeProviderNetworks{c, namespace} 41 | } 42 | 43 | // RESTClient returns a RESTClient that is used to communicate 44 | // with API server by this client implementation. 45 | func (c *FakeK8sV1alpha1) RESTClient() rest.Interface { 46 | var ret *rest.RESTClient 47 | return ret 48 | } 49 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/typed/k8s/v1alpha1/generated_expansion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | type NetworkExpansion interface{} 22 | 23 | type NetworkChainingExpansion interface{} 24 | 25 | type ProviderNetworkExpansion interface{} 26 | -------------------------------------------------------------------------------- /pkg/generated/clientset/versioned/typed/k8s/v1alpha1/k8s_client.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by client-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned/scheme" 24 | rest "k8s.io/client-go/rest" 25 | ) 26 | 27 | type K8sV1alpha1Interface interface { 28 | RESTClient() rest.Interface 29 | NetworksGetter 30 | NetworkChainingsGetter 31 | ProviderNetworksGetter 32 | } 33 | 34 | // K8sV1alpha1Client is used to interact with features provided by the k8s.plugin.opnfv.org group. 35 | type K8sV1alpha1Client struct { 36 | restClient rest.Interface 37 | } 38 | 39 | func (c *K8sV1alpha1Client) Networks(namespace string) NetworkInterface { 40 | return newNetworks(c, namespace) 41 | } 42 | 43 | func (c *K8sV1alpha1Client) NetworkChainings(namespace string) NetworkChainingInterface { 44 | return newNetworkChainings(c, namespace) 45 | } 46 | 47 | func (c *K8sV1alpha1Client) ProviderNetworks(namespace string) ProviderNetworkInterface { 48 | return newProviderNetworks(c, namespace) 49 | } 50 | 51 | // NewForConfig creates a new K8sV1alpha1Client for the given config. 52 | func NewForConfig(c *rest.Config) (*K8sV1alpha1Client, error) { 53 | config := *c 54 | if err := setConfigDefaults(&config); err != nil { 55 | return nil, err 56 | } 57 | client, err := rest.RESTClientFor(&config) 58 | if err != nil { 59 | return nil, err 60 | } 61 | return &K8sV1alpha1Client{client}, nil 62 | } 63 | 64 | // NewForConfigOrDie creates a new K8sV1alpha1Client for the given config and 65 | // panics if there is an error in the config. 66 | func NewForConfigOrDie(c *rest.Config) *K8sV1alpha1Client { 67 | client, err := NewForConfig(c) 68 | if err != nil { 69 | panic(err) 70 | } 71 | return client 72 | } 73 | 74 | // New creates a new K8sV1alpha1Client for the given RESTClient. 75 | func New(c rest.Interface) *K8sV1alpha1Client { 76 | return &K8sV1alpha1Client{c} 77 | } 78 | 79 | func setConfigDefaults(config *rest.Config) error { 80 | gv := v1alpha1.SchemeGroupVersion 81 | config.GroupVersion = &gv 82 | config.APIPath = "/apis" 83 | config.NegotiatedSerializer = scheme.Codecs.WithoutConversion() 84 | 85 | if config.UserAgent == "" { 86 | config.UserAgent = rest.DefaultKubernetesUserAgent() 87 | } 88 | 89 | return nil 90 | } 91 | 92 | // RESTClient returns a RESTClient that is used to communicate 93 | // with API server by this client implementation. 94 | func (c *K8sV1alpha1Client) RESTClient() rest.Interface { 95 | if c == nil { 96 | return nil 97 | } 98 | return c.restClient 99 | } 100 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/generic.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package externalversions 20 | 21 | import ( 22 | "fmt" 23 | 24 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 25 | schema "k8s.io/apimachinery/pkg/runtime/schema" 26 | cache "k8s.io/client-go/tools/cache" 27 | ) 28 | 29 | // GenericInformer is type of SharedIndexInformer which will locate and delegate to other 30 | // sharedInformers based on type 31 | type GenericInformer interface { 32 | Informer() cache.SharedIndexInformer 33 | Lister() cache.GenericLister 34 | } 35 | 36 | type genericInformer struct { 37 | informer cache.SharedIndexInformer 38 | resource schema.GroupResource 39 | } 40 | 41 | // Informer returns the SharedIndexInformer. 42 | func (f *genericInformer) Informer() cache.SharedIndexInformer { 43 | return f.informer 44 | } 45 | 46 | // Lister returns the GenericLister. 47 | func (f *genericInformer) Lister() cache.GenericLister { 48 | return cache.NewGenericLister(f.Informer().GetIndexer(), f.resource) 49 | } 50 | 51 | // ForResource gives generic access to a shared informer of the matching type 52 | // TODO extend this to unknown resources with a client pool 53 | func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { 54 | switch resource { 55 | // Group=k8s.plugin.opnfv.org, Version=v1alpha1 56 | case v1alpha1.SchemeGroupVersion.WithResource("networks"): 57 | return &genericInformer{resource: resource.GroupResource(), informer: f.K8s().V1alpha1().Networks().Informer()}, nil 58 | case v1alpha1.SchemeGroupVersion.WithResource("networkchainings"): 59 | return &genericInformer{resource: resource.GroupResource(), informer: f.K8s().V1alpha1().NetworkChainings().Informer()}, nil 60 | case v1alpha1.SchemeGroupVersion.WithResource("providernetworks"): 61 | return &genericInformer{resource: resource.GroupResource(), informer: f.K8s().V1alpha1().ProviderNetworks().Informer()}, nil 62 | 63 | } 64 | 65 | return nil, fmt.Errorf("no informer found for %v", resource) 66 | } 67 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/internalinterfaces/factory_interfaces.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package internalinterfaces 20 | 21 | import ( 22 | time "time" 23 | 24 | versioned "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned" 25 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 26 | runtime "k8s.io/apimachinery/pkg/runtime" 27 | cache "k8s.io/client-go/tools/cache" 28 | ) 29 | 30 | // NewInformerFunc takes versioned.Interface and time.Duration to return a SharedIndexInformer. 31 | type NewInformerFunc func(versioned.Interface, time.Duration) cache.SharedIndexInformer 32 | 33 | // SharedInformerFactory a small interface to allow for adding an informer without an import cycle 34 | type SharedInformerFactory interface { 35 | Start(stopCh <-chan struct{}) 36 | InformerFor(obj runtime.Object, newFunc NewInformerFunc) cache.SharedIndexInformer 37 | } 38 | 39 | // TweakListOptionsFunc is a function that transforms a v1.ListOptions. 40 | type TweakListOptionsFunc func(*v1.ListOptions) 41 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/k8s/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package k8s 20 | 21 | import ( 22 | internalinterfaces "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/internalinterfaces" 23 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/k8s/v1alpha1" 24 | ) 25 | 26 | // Interface provides access to each of this group's versions. 27 | type Interface interface { 28 | // V1alpha1 provides access to shared informers for resources in V1alpha1. 29 | V1alpha1() v1alpha1.Interface 30 | } 31 | 32 | type group struct { 33 | factory internalinterfaces.SharedInformerFactory 34 | namespace string 35 | tweakListOptions internalinterfaces.TweakListOptionsFunc 36 | } 37 | 38 | // New returns a new Interface. 39 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 40 | return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 41 | } 42 | 43 | // V1alpha1 returns a new v1alpha1.Interface. 44 | func (g *group) V1alpha1() v1alpha1.Interface { 45 | return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) 46 | } 47 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/k8s/v1alpha1/interface.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | internalinterfaces "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/internalinterfaces" 23 | ) 24 | 25 | // Interface provides access to all the informers in this group version. 26 | type Interface interface { 27 | // Networks returns a NetworkInformer. 28 | Networks() NetworkInformer 29 | // NetworkChainings returns a NetworkChainingInformer. 30 | NetworkChainings() NetworkChainingInformer 31 | // ProviderNetworks returns a ProviderNetworkInformer. 32 | ProviderNetworks() ProviderNetworkInformer 33 | } 34 | 35 | type version struct { 36 | factory internalinterfaces.SharedInformerFactory 37 | namespace string 38 | tweakListOptions internalinterfaces.TweakListOptionsFunc 39 | } 40 | 41 | // New returns a new Interface. 42 | func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { 43 | return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} 44 | } 45 | 46 | // Networks returns a NetworkInformer. 47 | func (v *version) Networks() NetworkInformer { 48 | return &networkInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 49 | } 50 | 51 | // NetworkChainings returns a NetworkChainingInformer. 52 | func (v *version) NetworkChainings() NetworkChainingInformer { 53 | return &networkChainingInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 54 | } 55 | 56 | // ProviderNetworks returns a ProviderNetworkInformer. 57 | func (v *version) ProviderNetworks() ProviderNetworkInformer { 58 | return &providerNetworkInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} 59 | } 60 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/k8s/v1alpha1/network.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | "context" 23 | time "time" 24 | 25 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 26 | versioned "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned" 27 | internalinterfaces "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/internalinterfaces" 28 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/listers/k8s/v1alpha1" 29 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 30 | runtime "k8s.io/apimachinery/pkg/runtime" 31 | watch "k8s.io/apimachinery/pkg/watch" 32 | cache "k8s.io/client-go/tools/cache" 33 | ) 34 | 35 | // NetworkInformer provides access to a shared informer and lister for 36 | // Networks. 37 | type NetworkInformer interface { 38 | Informer() cache.SharedIndexInformer 39 | Lister() v1alpha1.NetworkLister 40 | } 41 | 42 | type networkInformer struct { 43 | factory internalinterfaces.SharedInformerFactory 44 | tweakListOptions internalinterfaces.TweakListOptionsFunc 45 | namespace string 46 | } 47 | 48 | // NewNetworkInformer constructs a new informer for Network type. 49 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 50 | // one. This reduces memory footprint and number of connections to the server. 51 | func NewNetworkInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { 52 | return NewFilteredNetworkInformer(client, namespace, resyncPeriod, indexers, nil) 53 | } 54 | 55 | // NewFilteredNetworkInformer constructs a new informer for Network type. 56 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 57 | // one. This reduces memory footprint and number of connections to the server. 58 | func NewFilteredNetworkInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { 59 | return cache.NewSharedIndexInformer( 60 | &cache.ListWatch{ 61 | ListFunc: func(options v1.ListOptions) (runtime.Object, error) { 62 | if tweakListOptions != nil { 63 | tweakListOptions(&options) 64 | } 65 | return client.K8sV1alpha1().Networks(namespace).List(context.TODO(), options) 66 | }, 67 | WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { 68 | if tweakListOptions != nil { 69 | tweakListOptions(&options) 70 | } 71 | return client.K8sV1alpha1().Networks(namespace).Watch(context.TODO(), options) 72 | }, 73 | }, 74 | &k8sv1alpha1.Network{}, 75 | resyncPeriod, 76 | indexers, 77 | ) 78 | } 79 | 80 | func (f *networkInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { 81 | return NewFilteredNetworkInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) 82 | } 83 | 84 | func (f *networkInformer) Informer() cache.SharedIndexInformer { 85 | return f.factory.InformerFor(&k8sv1alpha1.Network{}, f.defaultInformer) 86 | } 87 | 88 | func (f *networkInformer) Lister() v1alpha1.NetworkLister { 89 | return v1alpha1.NewNetworkLister(f.Informer().GetIndexer()) 90 | } 91 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/k8s/v1alpha1/networkchaining.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | "context" 23 | time "time" 24 | 25 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 26 | versioned "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned" 27 | internalinterfaces "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/internalinterfaces" 28 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/listers/k8s/v1alpha1" 29 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 30 | runtime "k8s.io/apimachinery/pkg/runtime" 31 | watch "k8s.io/apimachinery/pkg/watch" 32 | cache "k8s.io/client-go/tools/cache" 33 | ) 34 | 35 | // NetworkChainingInformer provides access to a shared informer and lister for 36 | // NetworkChainings. 37 | type NetworkChainingInformer interface { 38 | Informer() cache.SharedIndexInformer 39 | Lister() v1alpha1.NetworkChainingLister 40 | } 41 | 42 | type networkChainingInformer struct { 43 | factory internalinterfaces.SharedInformerFactory 44 | tweakListOptions internalinterfaces.TweakListOptionsFunc 45 | namespace string 46 | } 47 | 48 | // NewNetworkChainingInformer constructs a new informer for NetworkChaining type. 49 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 50 | // one. This reduces memory footprint and number of connections to the server. 51 | func NewNetworkChainingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { 52 | return NewFilteredNetworkChainingInformer(client, namespace, resyncPeriod, indexers, nil) 53 | } 54 | 55 | // NewFilteredNetworkChainingInformer constructs a new informer for NetworkChaining type. 56 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 57 | // one. This reduces memory footprint and number of connections to the server. 58 | func NewFilteredNetworkChainingInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { 59 | return cache.NewSharedIndexInformer( 60 | &cache.ListWatch{ 61 | ListFunc: func(options v1.ListOptions) (runtime.Object, error) { 62 | if tweakListOptions != nil { 63 | tweakListOptions(&options) 64 | } 65 | return client.K8sV1alpha1().NetworkChainings(namespace).List(context.TODO(), options) 66 | }, 67 | WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { 68 | if tweakListOptions != nil { 69 | tweakListOptions(&options) 70 | } 71 | return client.K8sV1alpha1().NetworkChainings(namespace).Watch(context.TODO(), options) 72 | }, 73 | }, 74 | &k8sv1alpha1.NetworkChaining{}, 75 | resyncPeriod, 76 | indexers, 77 | ) 78 | } 79 | 80 | func (f *networkChainingInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { 81 | return NewFilteredNetworkChainingInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) 82 | } 83 | 84 | func (f *networkChainingInformer) Informer() cache.SharedIndexInformer { 85 | return f.factory.InformerFor(&k8sv1alpha1.NetworkChaining{}, f.defaultInformer) 86 | } 87 | 88 | func (f *networkChainingInformer) Lister() v1alpha1.NetworkChainingLister { 89 | return v1alpha1.NewNetworkChainingLister(f.Informer().GetIndexer()) 90 | } 91 | -------------------------------------------------------------------------------- /pkg/generated/informers/externalversions/k8s/v1alpha1/providernetwork.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by informer-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | "context" 23 | time "time" 24 | 25 | k8sv1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 26 | versioned "github.com/akraino-edge-stack/icn-nodus/pkg/generated/clientset/versioned" 27 | internalinterfaces "github.com/akraino-edge-stack/icn-nodus/pkg/generated/informers/externalversions/internalinterfaces" 28 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/generated/listers/k8s/v1alpha1" 29 | v1 "k8s.io/apimachinery/pkg/apis/meta/v1" 30 | runtime "k8s.io/apimachinery/pkg/runtime" 31 | watch "k8s.io/apimachinery/pkg/watch" 32 | cache "k8s.io/client-go/tools/cache" 33 | ) 34 | 35 | // ProviderNetworkInformer provides access to a shared informer and lister for 36 | // ProviderNetworks. 37 | type ProviderNetworkInformer interface { 38 | Informer() cache.SharedIndexInformer 39 | Lister() v1alpha1.ProviderNetworkLister 40 | } 41 | 42 | type providerNetworkInformer struct { 43 | factory internalinterfaces.SharedInformerFactory 44 | tweakListOptions internalinterfaces.TweakListOptionsFunc 45 | namespace string 46 | } 47 | 48 | // NewProviderNetworkInformer constructs a new informer for ProviderNetwork type. 49 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 50 | // one. This reduces memory footprint and number of connections to the server. 51 | func NewProviderNetworkInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { 52 | return NewFilteredProviderNetworkInformer(client, namespace, resyncPeriod, indexers, nil) 53 | } 54 | 55 | // NewFilteredProviderNetworkInformer constructs a new informer for ProviderNetwork type. 56 | // Always prefer using an informer factory to get a shared informer instead of getting an independent 57 | // one. This reduces memory footprint and number of connections to the server. 58 | func NewFilteredProviderNetworkInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { 59 | return cache.NewSharedIndexInformer( 60 | &cache.ListWatch{ 61 | ListFunc: func(options v1.ListOptions) (runtime.Object, error) { 62 | if tweakListOptions != nil { 63 | tweakListOptions(&options) 64 | } 65 | return client.K8sV1alpha1().ProviderNetworks(namespace).List(context.TODO(), options) 66 | }, 67 | WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { 68 | if tweakListOptions != nil { 69 | tweakListOptions(&options) 70 | } 71 | return client.K8sV1alpha1().ProviderNetworks(namespace).Watch(context.TODO(), options) 72 | }, 73 | }, 74 | &k8sv1alpha1.ProviderNetwork{}, 75 | resyncPeriod, 76 | indexers, 77 | ) 78 | } 79 | 80 | func (f *providerNetworkInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { 81 | return NewFilteredProviderNetworkInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) 82 | } 83 | 84 | func (f *providerNetworkInformer) Informer() cache.SharedIndexInformer { 85 | return f.factory.InformerFor(&k8sv1alpha1.ProviderNetwork{}, f.defaultInformer) 86 | } 87 | 88 | func (f *providerNetworkInformer) Lister() v1alpha1.ProviderNetworkLister { 89 | return v1alpha1.NewProviderNetworkLister(f.Informer().GetIndexer()) 90 | } 91 | -------------------------------------------------------------------------------- /pkg/generated/listers/k8s/v1alpha1/expansion_generated.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | // NetworkListerExpansion allows custom methods to be added to 22 | // NetworkLister. 23 | type NetworkListerExpansion interface{} 24 | 25 | // NetworkNamespaceListerExpansion allows custom methods to be added to 26 | // NetworkNamespaceLister. 27 | type NetworkNamespaceListerExpansion interface{} 28 | 29 | // NetworkChainingListerExpansion allows custom methods to be added to 30 | // NetworkChainingLister. 31 | type NetworkChainingListerExpansion interface{} 32 | 33 | // NetworkChainingNamespaceListerExpansion allows custom methods to be added to 34 | // NetworkChainingNamespaceLister. 35 | type NetworkChainingNamespaceListerExpansion interface{} 36 | 37 | // ProviderNetworkListerExpansion allows custom methods to be added to 38 | // ProviderNetworkLister. 39 | type ProviderNetworkListerExpansion interface{} 40 | 41 | // ProviderNetworkNamespaceListerExpansion allows custom methods to be added to 42 | // ProviderNetworkNamespaceLister. 43 | type ProviderNetworkNamespaceListerExpansion interface{} 44 | -------------------------------------------------------------------------------- /pkg/generated/listers/k8s/v1alpha1/network.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | "k8s.io/apimachinery/pkg/api/errors" 24 | "k8s.io/apimachinery/pkg/labels" 25 | "k8s.io/client-go/tools/cache" 26 | ) 27 | 28 | // NetworkLister helps list Networks. 29 | // All objects returned here must be treated as read-only. 30 | type NetworkLister interface { 31 | // List lists all Networks in the indexer. 32 | // Objects returned here must be treated as read-only. 33 | List(selector labels.Selector) (ret []*v1alpha1.Network, err error) 34 | // Networks returns an object that can list and get Networks. 35 | Networks(namespace string) NetworkNamespaceLister 36 | NetworkListerExpansion 37 | } 38 | 39 | // networkLister implements the NetworkLister interface. 40 | type networkLister struct { 41 | indexer cache.Indexer 42 | } 43 | 44 | // NewNetworkLister returns a new NetworkLister. 45 | func NewNetworkLister(indexer cache.Indexer) NetworkLister { 46 | return &networkLister{indexer: indexer} 47 | } 48 | 49 | // List lists all Networks in the indexer. 50 | func (s *networkLister) List(selector labels.Selector) (ret []*v1alpha1.Network, err error) { 51 | err = cache.ListAll(s.indexer, selector, func(m interface{}) { 52 | ret = append(ret, m.(*v1alpha1.Network)) 53 | }) 54 | return ret, err 55 | } 56 | 57 | // Networks returns an object that can list and get Networks. 58 | func (s *networkLister) Networks(namespace string) NetworkNamespaceLister { 59 | return networkNamespaceLister{indexer: s.indexer, namespace: namespace} 60 | } 61 | 62 | // NetworkNamespaceLister helps list and get Networks. 63 | // All objects returned here must be treated as read-only. 64 | type NetworkNamespaceLister interface { 65 | // List lists all Networks in the indexer for a given namespace. 66 | // Objects returned here must be treated as read-only. 67 | List(selector labels.Selector) (ret []*v1alpha1.Network, err error) 68 | // Get retrieves the Network from the indexer for a given namespace and name. 69 | // Objects returned here must be treated as read-only. 70 | Get(name string) (*v1alpha1.Network, error) 71 | NetworkNamespaceListerExpansion 72 | } 73 | 74 | // networkNamespaceLister implements the NetworkNamespaceLister 75 | // interface. 76 | type networkNamespaceLister struct { 77 | indexer cache.Indexer 78 | namespace string 79 | } 80 | 81 | // List lists all Networks in the indexer for a given namespace. 82 | func (s networkNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.Network, err error) { 83 | err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { 84 | ret = append(ret, m.(*v1alpha1.Network)) 85 | }) 86 | return ret, err 87 | } 88 | 89 | // Get retrieves the Network from the indexer for a given namespace and name. 90 | func (s networkNamespaceLister) Get(name string) (*v1alpha1.Network, error) { 91 | obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) 92 | if err != nil { 93 | return nil, err 94 | } 95 | if !exists { 96 | return nil, errors.NewNotFound(v1alpha1.Resource("network"), name) 97 | } 98 | return obj.(*v1alpha1.Network), nil 99 | } 100 | -------------------------------------------------------------------------------- /pkg/generated/listers/k8s/v1alpha1/networkchaining.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | "k8s.io/apimachinery/pkg/api/errors" 24 | "k8s.io/apimachinery/pkg/labels" 25 | "k8s.io/client-go/tools/cache" 26 | ) 27 | 28 | // NetworkChainingLister helps list NetworkChainings. 29 | // All objects returned here must be treated as read-only. 30 | type NetworkChainingLister interface { 31 | // List lists all NetworkChainings in the indexer. 32 | // Objects returned here must be treated as read-only. 33 | List(selector labels.Selector) (ret []*v1alpha1.NetworkChaining, err error) 34 | // NetworkChainings returns an object that can list and get NetworkChainings. 35 | NetworkChainings(namespace string) NetworkChainingNamespaceLister 36 | NetworkChainingListerExpansion 37 | } 38 | 39 | // networkChainingLister implements the NetworkChainingLister interface. 40 | type networkChainingLister struct { 41 | indexer cache.Indexer 42 | } 43 | 44 | // NewNetworkChainingLister returns a new NetworkChainingLister. 45 | func NewNetworkChainingLister(indexer cache.Indexer) NetworkChainingLister { 46 | return &networkChainingLister{indexer: indexer} 47 | } 48 | 49 | // List lists all NetworkChainings in the indexer. 50 | func (s *networkChainingLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkChaining, err error) { 51 | err = cache.ListAll(s.indexer, selector, func(m interface{}) { 52 | ret = append(ret, m.(*v1alpha1.NetworkChaining)) 53 | }) 54 | return ret, err 55 | } 56 | 57 | // NetworkChainings returns an object that can list and get NetworkChainings. 58 | func (s *networkChainingLister) NetworkChainings(namespace string) NetworkChainingNamespaceLister { 59 | return networkChainingNamespaceLister{indexer: s.indexer, namespace: namespace} 60 | } 61 | 62 | // NetworkChainingNamespaceLister helps list and get NetworkChainings. 63 | // All objects returned here must be treated as read-only. 64 | type NetworkChainingNamespaceLister interface { 65 | // List lists all NetworkChainings in the indexer for a given namespace. 66 | // Objects returned here must be treated as read-only. 67 | List(selector labels.Selector) (ret []*v1alpha1.NetworkChaining, err error) 68 | // Get retrieves the NetworkChaining from the indexer for a given namespace and name. 69 | // Objects returned here must be treated as read-only. 70 | Get(name string) (*v1alpha1.NetworkChaining, error) 71 | NetworkChainingNamespaceListerExpansion 72 | } 73 | 74 | // networkChainingNamespaceLister implements the NetworkChainingNamespaceLister 75 | // interface. 76 | type networkChainingNamespaceLister struct { 77 | indexer cache.Indexer 78 | namespace string 79 | } 80 | 81 | // List lists all NetworkChainings in the indexer for a given namespace. 82 | func (s networkChainingNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.NetworkChaining, err error) { 83 | err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { 84 | ret = append(ret, m.(*v1alpha1.NetworkChaining)) 85 | }) 86 | return ret, err 87 | } 88 | 89 | // Get retrieves the NetworkChaining from the indexer for a given namespace and name. 90 | func (s networkChainingNamespaceLister) Get(name string) (*v1alpha1.NetworkChaining, error) { 91 | obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) 92 | if err != nil { 93 | return nil, err 94 | } 95 | if !exists { 96 | return nil, errors.NewNotFound(v1alpha1.Resource("networkchaining"), name) 97 | } 98 | return obj.(*v1alpha1.NetworkChaining), nil 99 | } 100 | -------------------------------------------------------------------------------- /pkg/generated/listers/k8s/v1alpha1/providernetwork.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Code generated by lister-gen. DO NOT EDIT. 18 | 19 | package v1alpha1 20 | 21 | import ( 22 | v1alpha1 "github.com/akraino-edge-stack/icn-nodus/pkg/apis/k8s/v1alpha1" 23 | "k8s.io/apimachinery/pkg/api/errors" 24 | "k8s.io/apimachinery/pkg/labels" 25 | "k8s.io/client-go/tools/cache" 26 | ) 27 | 28 | // ProviderNetworkLister helps list ProviderNetworks. 29 | // All objects returned here must be treated as read-only. 30 | type ProviderNetworkLister interface { 31 | // List lists all ProviderNetworks in the indexer. 32 | // Objects returned here must be treated as read-only. 33 | List(selector labels.Selector) (ret []*v1alpha1.ProviderNetwork, err error) 34 | // ProviderNetworks returns an object that can list and get ProviderNetworks. 35 | ProviderNetworks(namespace string) ProviderNetworkNamespaceLister 36 | ProviderNetworkListerExpansion 37 | } 38 | 39 | // providerNetworkLister implements the ProviderNetworkLister interface. 40 | type providerNetworkLister struct { 41 | indexer cache.Indexer 42 | } 43 | 44 | // NewProviderNetworkLister returns a new ProviderNetworkLister. 45 | func NewProviderNetworkLister(indexer cache.Indexer) ProviderNetworkLister { 46 | return &providerNetworkLister{indexer: indexer} 47 | } 48 | 49 | // List lists all ProviderNetworks in the indexer. 50 | func (s *providerNetworkLister) List(selector labels.Selector) (ret []*v1alpha1.ProviderNetwork, err error) { 51 | err = cache.ListAll(s.indexer, selector, func(m interface{}) { 52 | ret = append(ret, m.(*v1alpha1.ProviderNetwork)) 53 | }) 54 | return ret, err 55 | } 56 | 57 | // ProviderNetworks returns an object that can list and get ProviderNetworks. 58 | func (s *providerNetworkLister) ProviderNetworks(namespace string) ProviderNetworkNamespaceLister { 59 | return providerNetworkNamespaceLister{indexer: s.indexer, namespace: namespace} 60 | } 61 | 62 | // ProviderNetworkNamespaceLister helps list and get ProviderNetworks. 63 | // All objects returned here must be treated as read-only. 64 | type ProviderNetworkNamespaceLister interface { 65 | // List lists all ProviderNetworks in the indexer for a given namespace. 66 | // Objects returned here must be treated as read-only. 67 | List(selector labels.Selector) (ret []*v1alpha1.ProviderNetwork, err error) 68 | // Get retrieves the ProviderNetwork from the indexer for a given namespace and name. 69 | // Objects returned here must be treated as read-only. 70 | Get(name string) (*v1alpha1.ProviderNetwork, error) 71 | ProviderNetworkNamespaceListerExpansion 72 | } 73 | 74 | // providerNetworkNamespaceLister implements the ProviderNetworkNamespaceLister 75 | // interface. 76 | type providerNetworkNamespaceLister struct { 77 | indexer cache.Indexer 78 | namespace string 79 | } 80 | 81 | // List lists all ProviderNetworks in the indexer for a given namespace. 82 | func (s providerNetworkNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.ProviderNetwork, err error) { 83 | err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { 84 | ret = append(ret, m.(*v1alpha1.ProviderNetwork)) 85 | }) 86 | return ret, err 87 | } 88 | 89 | // Get retrieves the ProviderNetwork from the indexer for a given namespace and name. 90 | func (s providerNetworkNamespaceLister) Get(name string) (*v1alpha1.ProviderNetwork, error) { 91 | obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) 92 | if err != nil { 93 | return nil, err 94 | } 95 | if !exists { 96 | return nil, errors.NewNotFound(v1alpha1.Resource("providernetwork"), name) 97 | } 98 | return obj.(*v1alpha1.ProviderNetwork), nil 99 | } 100 | -------------------------------------------------------------------------------- /pkg/utils/finalizer_utils.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | func Contains(slice []string, str string) bool { 4 | for _, item := range slice { 5 | if item == str { 6 | return true 7 | } 8 | } 9 | return false 10 | } 11 | 12 | func Remove(slice []string, str string) (result []string) { 13 | for _, item := range slice { 14 | if item == str { 15 | continue 16 | } 17 | result = append(result, item) 18 | } 19 | return result 20 | } 21 | -------------------------------------------------------------------------------- /testing/fuzzing/test.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | test_network () { 4 | name=$(fuzz_name "example-network") 5 | 6 | manifest=" 7 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 8 | kind: Network 9 | metadata: 10 | name: '$name' 11 | spec: 12 | cniType: ovn4nfv 13 | ipv4Subnets: 14 | - subnet: '$(fuzz "172.16.33.0/24")' 15 | name: '$(fuzz "subnet1")' 16 | gateway: '$(fuzz "172.16.33.1/24")' 17 | excludeIps: '$(fuzz "172.16.33.2 172.16.33.5..172.16.33.10")'" 18 | 19 | apply_and_delete "network" "$manifest" "$name" 20 | } 21 | 22 | test_provider_network () { 23 | name=$(fuzz_name "example-network") 24 | 25 | manifest=" 26 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 27 | kind: ProviderNetwork 28 | metadata: 29 | name: '$name' 30 | spec: 31 | cniType: ovn4nfv 32 | ipv4Subnets: 33 | - subnet: '$(fuzz "172.16.33.0/24")' 34 | name: '$(fuzz "subnet1")' 35 | gateway: '$(fuzz "172.16.33.1/24")' 36 | excludeIps: '$(fuzz "172.16.33.2 172.16.33.5..172.16.33.10")' 37 | providerNetType: '$(fuzz "VLAN")' 38 | vlan: 39 | vlanId: '$(fuzz "100")' 40 | providerInterfaceName: '$(fuzz "eth1")' 41 | logicalInterfaceName: '$(fuzz "eth1.100")' 42 | vlanNodeSelector: '$(fuzz "specific")' 43 | nodeLabelList: 44 | - '$(fuzz "kubernetes.io/hostname=testnode1")'" 45 | 46 | apply_and_delete "providernetwork" "$manifest" "$name" 47 | } 48 | 49 | test_network_chaining () { 50 | name=$(fuzz_name "example-network") 51 | 52 | manifest=" 53 | apiVersion: k8s.plugin.opnfv.org/v1alpha1 54 | kind: NetworkChaining 55 | metadata: 56 | name: '$name' 57 | spec: 58 | chainType: '$(fuzz "Routing")' 59 | routingSpec: 60 | namespace: '$(fuzz "default")' 61 | networkChain: '$(fuzz "app=slb,dync-net1,app=ngfw,dync-net2,app=sdwan")' 62 | left: 63 | - networkName: '$(fuzz "pnet1")' 64 | gatewayIp: '$(fuzz "172.30.10.2")' 65 | subnet: '$(fuzz "172.30.10.0/24")' 66 | right: 67 | - networkName: '$(fuzz "pnet2")' 68 | gatewayIp: '$(fuzz "172.30.20.2")' 69 | subnet: '$(fuzz "172.30.20.0/24")'" 70 | 71 | apply_and_delete "networkchaining" "$manifest" "$name" 72 | } 73 | 74 | fuzz_name () { 75 | input="$1" 76 | fuzzed="$(fuzz "$input" | cut -c1-253 | tr '[:upper:]' '[:lower:]' | tr -dc '[:alnum:]-')" 77 | [[ -n "$fuzzed" ]] && echo -n "$fuzzed" || echo -n "$input" 78 | } 79 | 80 | fuzz () { 81 | input="$1" 82 | echo -n "$input" | radamsa | tr -dc '[:print:]' | tr -d '\n' | sed -e "s/'/''/g" 83 | } 84 | 85 | apply_and_delete () { 86 | kind="$1" 87 | manifest="$2" 88 | network_name="$3" 89 | 90 | echo 91 | echo "----------------------------------------------------------------------------------------------------------" 92 | echo "Applying $kind" 93 | echo "----------------------------------------------------------------------------------------------------------" 94 | echo "$manifest" 95 | echo 96 | echo "$manifest" | kubectl apply -f - && \ 97 | echo && \ 98 | echo "----------------------------------------------------------------------------------------------------------" && \ 99 | echo "Deleting $kind $network_name" && \ 100 | echo "----------------------------------------------------------------------------------------------------------" && \ 101 | echo && \ 102 | kubectl delete "$kind" "$network_name" 103 | } 104 | 105 | print_help () { 106 | echo "This script performs fuzz testing against Nodus. A test scenario consists of:" 107 | echo "- applying and deleting generated Network custom resource" 108 | echo "- applying and deleting generated NetworkProvider custom resource" 109 | echo "- applying and deleting generated NetworkChaining custom resource" 110 | echo 111 | echo "The script requires radamsa tool installed. A procedure of installation is described here:" 112 | echo "https://wiki.ith.intel.com/pages/viewpage.action?pageId=2102835228" 113 | echo 114 | echo "Syntax: test.sh [-n |-h]" 115 | echo "options:" 116 | echo "n Perform the test scenario multiple times (by default 1)." 117 | echo "h Print this Help." 118 | echo 119 | } 120 | 121 | declare -i iterations_number=1 122 | 123 | while getopts ":n:h:" arg; do 124 | case $arg in 125 | n) iterations_number=$OPTARG;; 126 | h) print_help && exit 0;; 127 | *) print_help && exit 1;; 128 | esac 129 | done 130 | 131 | for i in $(seq "$iterations_number") 132 | do 133 | echo 134 | echo "==========================================================================================================" 135 | echo "Iteration $i/$iterations_number" 136 | echo "==========================================================================================================" 137 | 138 | test_network 139 | test_provider_network 140 | test_network_chaining 141 | done 142 | -------------------------------------------------------------------------------- /tox.ini: -------------------------------------------------------------------------------- 1 | # SPDX-license-identifier: Apache-2.0 2 | ############################################################################## 3 | # Copyright (c) 2018 4 | # All rights reserved. This program and the accompanying materials 5 | # are made available under the terms of the Apache License, Version 2.0 6 | # which accompanies this distribution, and is available at 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | ############################################################################## 9 | 10 | [tox] 11 | minversion = 1.6 12 | skipsdist = True 13 | envlist = checker 14 | 15 | [testenv] 16 | passenv = http_proxy HTTP_PROXY https_proxy HTTPS_PROXY no_proxy NO_PROXY 17 | usedevelop = False 18 | install_command = pip install {opts} {packages} 19 | 20 | [testenv:checker] 21 | deps = 22 | rstcheck 23 | whitelist_externals = bash 24 | commands = bash -c "find {toxinidir}/ \ 25 | -name \*.rst -type f -print0 | xargs -0 rstcheck --report warning" 26 | -------------------------------------------------------------------------------- /utilities/docker/Makefile: -------------------------------------------------------------------------------- 1 | IMAGE_REGISTRY ?= integratedcloudnative/ 2 | BUILD_VERSION ?= master 3 | 4 | export OVN_IMAGE_NAME ?= $(IMAGE_REGISTRY)ovn-images:$(BUILD_VERSION) 5 | 6 | DOCKERARGS?= 7 | ifdef HTTP_PROXY 8 | DOCKERARGS += --build-arg http_proxy=$(HTTP_PROXY) 9 | endif 10 | ifdef HTTPS_PROXY 11 | DOCKERARGS += --build-arg https_proxy=$(HTTPS_PROXY) 12 | endif 13 | 14 | docker-build: 15 | docker build -t $(OVN_IMAGE_NAME) $(DOCKERARGS) --no-cache --network host -f ./debian/Dockerfile . 16 | 17 | docker-push: 18 | docker push $(OVN_IMAGE_NAME) 19 | 20 | 21 | -------------------------------------------------------------------------------- /utilities/docker/centos/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:8 as base 2 | 3 | USER root 4 | RUN yum update -y && yum install -y iproute curl nc ipset iptables jq wget unbound unbound-devel 5 | 6 | RUN mkdir -p /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64 7 | RUN bash -xc "\ 8 | pushd /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64; \ 9 | wget -q -nv -O- https://api.github.com/repos/akraino-icn/ovs/releases/tags/v2.14.0 2>/dev/null | jq -r '.assets[] | select(.browser_download_url | contains("\""rpm"\"")) | .browser_download_url' | wget -i -; \ 10 | popd; \ 11 | " 12 | RUN rpm -ivh --nodeps /opt/ovn4nfv-k8s-plugin/ovs/rpm/rpmbuild/RPMS/x86_64/*.rpm 13 | 14 | RUN mkdir -p /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64 15 | RUN bash -xc "\ 16 | pushd /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64; \ 17 | wget -q -nv -O- https://api.github.com/repos/akraino-icn/ovn/releases/tags/v20.06.0 2>/dev/null | jq -r '.assets[] | select(.browser_download_url | contains("\""rpm"\"")) | .browser_download_url' | wget -i -; \ 18 | popd; \ 19 | " 20 | RUN rpm -ivh --nodeps /opt/ovn4nfv-k8s-plugin/ovn/rpm/rpmbuild/RPMS/x86_64/*.rpm 21 | 22 | RUN mkdir -p /var/run/openvswitch && \ 23 | mkdir -p /var/run/ovn 24 | 25 | WORKDIR /opt/ovn4nfv-k8s-plugin/utilities/docker/ 26 | COPY ./ ./ 27 | RUN cp /opt/ovn4nfv-k8s-plugin/utilities/docker/ovn4nfv-k8s.sh /usr/local/bin/ovn4nfv-k8s 28 | RUN echo $PATH 29 | ENTRYPOINT ["ovn4nfv-k8s"] 30 | -------------------------------------------------------------------------------- /utilities/docker/debian/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ubuntu:18.04 as base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | USER root 5 | 6 | COPY ovn4nfv-k8s.sh /usr/local/bin/ovn4nfv-k8s 7 | 8 | RUN apt-get update && apt-get upgrade -y && apt-get install -y iproute2 curl software-properties-common setpriv dpkg-dev netcat-openbsd jq wget && rm -rf /var/lib/apt/lists/* 9 | 10 | RUN mkdir -p /opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb 11 | RUN bash -xc "\ 12 | pushd /opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb; \ 13 | wget -q -nv -O- https://api.github.com/repos/akraino-icn/ovs/releases/tags/v2.12.0 2>/dev/null | jq -r '.assets[] | select(.browser_download_url | contains("\""deb"\"")) | .browser_download_url' | wget -i -; \ 14 | dpkg-scanpackages . | gzip -c9 > Packages.gz; \ 15 | popd; \ 16 | " 17 | RUN ls -lt /opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb 18 | RUN echo "deb [trusted=yes] file:///opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb ./" | tee -a /etc/apt/sources.list > /dev/null 19 | RUN apt-get update 20 | RUN apt-get install -y openvswitch-switch=2.12.0-1 openvswitch-common=2.12.0-1 ovn-central=2.12.0-1 ovn-common=2.12.0-1 ovn-host=2.12.0-1 21 | RUN mkdir -p /var/run/openvswitch && \ 22 | mkdir -p /var/run/ovn 23 | 24 | ENTRYPOINT ["ovn4nfv-k8s"] 25 | -------------------------------------------------------------------------------- /utilities/kernel/debian/install_kernel_modules.sh: -------------------------------------------------------------------------------- 1 | !#/bin/bash 2 | 3 | apt-get install apt-transport-https dpkg-dev -y 4 | 5 | mkdir -p /opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb 6 | pushd /opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb 7 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/libopenvswitch-dev_2.12.0-1_amd64.deb 8 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/libopenvswitch_2.12.0-1_amd64.deb 9 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-common_2.12.0-1_amd64.deb 10 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-datapath-dkms_2.12.0-1_all.deb 11 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-datapath-source_2.12.0-1_all.deb 12 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-dbg_2.12.0-1_amd64.deb 13 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-ipsec_2.12.0-1_amd64.deb 14 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-pki_2.12.0-1_all.deb 15 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-switch_2.12.0-1_amd64.deb 16 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-testcontroller_2.12.0-1_amd64.deb 17 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-test_2.12.0-1_all.deb 18 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/openvswitch-vtep_2.12.0-1_amd64.deb 19 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/ovn-central_2.12.0-1_amd64.deb 20 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/ovn-common_2.12.0-1_amd64.deb 21 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/ovn-controller-vtep_2.12.0-1_amd64.deb 22 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/ovn-docker_2.12.0-1_amd64.deb 23 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/ovn-host_2.12.0-1_amd64.deb 24 | curl --insecure --compressed -O -L https://github.com/akraino-icn/ovs/releases/download/v2.12.0/python-openvswitch_2.12.0-1_all.deb 25 | dpkg-scanpackages . | gzip -c9 > Packages.gz 26 | popd 27 | 28 | sudo apt-get install apt-transport-https 29 | echo "deb [trusted=yes] file:///opt/ovn4nfv-k8s-plugin/dist/ubuntu/deb ./" | tee -a /etc/apt/sources.list > /dev/null 30 | cp /etc/apt/sources.list /etc/apt/sources.list~ 31 | sed -Ei 's/^# deb-src /deb-src /' /etc/apt/sources.list 32 | apt-get update && apt-get build-dep dkms -y && apt-get install openvswitch-datapath-dkms=2.12.0-1 -y 33 | --------------------------------------------------------------------------------