Add ONOS-PCI chart (#251)

* Add ONOS-PCI chart * Fix service.yaml file to have app type pci * Update indent for pci configmap
onosproject · Feb 25, 2021 · 5c21bb8 · 5c21bb8
1 parent ee5e39b
commit 5c21bb8
Show file tree

Hide file tree

Showing 14 changed files with 469 additions and 0 deletions.
diff --git a/onos-pci/.helmignore b/onos-pci/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/onos-pci/Chart.yaml b/onos-pci/Chart.yaml
@@ -0,0 +1,19 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-1.0
+
+apiVersion: v2
+name: onos-pci
+description: ONOS PCI xAPP
+kubeVersion: ">=1.17.0"
+type: application
+version: 0.6.0
+appVersion: v0.1.0
+keywords:
+  - onos
+  - sdn
+  - ric
+home: https://onosproject.org
+maintainers:
+  - name: ONOS Support
+    email: support@opennetworking.org
diff --git a/onos-pci/README.md b/onos-pci/README.md
@@ -0,0 +1,4 @@
+## ONOS PCI
+
+Provides a [Helm] chart for deploying µONOS PCI xApp on [Kubernetes].
+See the [documentation](https://docs.onosproject.org/onos-ran/docs/deployment/) for more info.
diff --git a/onos-pci/files/certs/README.md b/onos-pci/files/certs/README.md
@@ -0,0 +1,20 @@
+This folder contains self-signed certificates for use in testing. _DO NOT USE THESE
+CERTIFICATES IN PRODUCTION!_
+
+The certificates were generated with the
+https://github.com/onosproject/simulators/blob/master/pkg/certs/generate_certs.sh 
+script as
+```bash
+generate-certs.sh onos-e2t.opennetworking.org
+```
+
+In this folder they **must** be (re)named
+* tls.cacrt
+* tls.crt
+* tls.key
+
+Use
+```bash
+openssl x509 -in deployments/helm/onos-e2t/files/certs/tls.crt -text -noout
+```
+to verify the contents (especially the subject).
diff --git a/onos-pci/files/certs/tls.cacrt b/onos-pci/files/certs/tls.cacrt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDYDCCAkgCCQDe99fSN9qxSTANBgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJV
+UzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCU1lbmxvUGFyazEMMAoGA1UECgwDT05G
+MRQwEgYDVQQLDAtFbmdpbmVlcmluZzEeMBwGA1UEAwwVY2Eub3Blbm5ldHdvcmtp
+bmcub3JnMB4XDTE5MDQxMTA5MDYxM1oXDTI5MDQwODA5MDYxM1owcjELMAkGA1UE
+BhMCVVMxCzAJBgNVBAgMAkNBMRIwEAYDVQQHDAlNZW5sb1BhcmsxDDAKBgNVBAoM
+A09ORjEUMBIGA1UECwwLRW5naW5lZXJpbmcxHjAcBgNVBAMMFWNhLm9wZW5uZXR3
+b3JraW5nLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMEg7CZR
+X8Y+syKHaQCh6mNIL1D065trwX8RnuKM2kBwSu034zefQAPloWugSoJgJnf5fe0j
+nUD8gN3Sm8XRhCkvf67pzfabgw4n8eJmHScyL/ugyExB6Kahwzn37bt3oT3gSqhr
+6PUznWJ8fvfVuCHZZkv/HPRp4eyAcGzbJ4TuB0go4s6VE0WU5OCxCSlAiK3lvpVr
+3DOLdYLVoCa5q8Ctl3wXDrfTLw5/Bpfrg9fF9ED2/YKIdV8KZ2ki/gwEOQqWcKp8
+0LkTlfOWsdGjp4opPuPT7njMBGXMJzJ8/J1e1aJvIsoB7n8XrfvkNiWL5U3fM4N7
+UZN9jfcl7ULmm7cCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAIh6FjkQuTfXddmZY
+FYpoTen/VD5iu2Xxc1TexwmKeH+YtaKp1Zk8PTgbCtMEwEiyslfeHTMtODfnpUIk
+DwvtB4W0PAnreRsqh9MBzdU6YZmzGyZ92vSUB3yukkHaYzyjeKM0AwgVl9yRNEZw
+Y/OM070hJXXzJh3eJpLl9dlUbMKzaoAh2bZx6y3ZJIZFs/zrpGfg4lvBAvfO/59i
+mxJ9bQBSN3U2Hwp6ioOQzP0LpllfXtx9N5LanWpB0cu/HN9vAgtp3kRTBZD0M1XI
+Ctit8bXV7Mz+1iGqoyUhfCYcCSjuWTgAxzir+hrdn7uO67Hv4ndCoSj4SQaGka3W
+eEfVeA==
+-----END CERTIFICATE-----
diff --git a/onos-pci/files/certs/tls.crt b/onos-pci/files/certs/tls.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDcTCCAlkCFErBGzsXHo1l8bmZRmDkF+h2bsdVMA0GCSqGSIb3DQEBCwUAMHIx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTESMBAGA1UEBwwJTWVubG9QYXJrMQww
+CgYDVQQKDANPTkYxFDASBgNVBAsMC0VuZ2luZWVyaW5nMR4wHAYDVQQDDBVjYS5v
+cGVubmV0d29ya2luZy5vcmcwHhcNMjAwOTAxMDYwNTI2WhcNMzAwODMwMDYwNTI2
+WjB4MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExEjAQBgNVBAcMCU1lbmxvUGFy
+azEMMAoGA1UECgwDT05GMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEkMCIGA1UEAwwb
+b25vcy1lMnQub3Blbm5ldHdvcmtpbmcub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAuNm6b+CvdyNUDUhqU8VNuldAVJtvtXInm7+WCCjpXJtYBw+2
+Amsa1S20Y5h6HnHIxXEsmB8wehQ9jl03CU8Z3YgXI7MJNjFEAHS7AKNfKz7SS92x
+oA46wukV3njmN4xk/JZfFrbaUJ4HcE5PVi5dJyyQxg6mPcpdbiYHQ4+uDN4cKU8m
+CRWdj4gNUaC+m8+qHqt3V3Vfa8iBMdpskTwT+1jBQcDGt+Ay2iinCAmf5m0pgEka
+VghtXIKLUjG/a17FAkgy/sTWJ7J4waD0iRQsEBeQ+4r2MCIttLRk/mTTdBLOkGUi
+unzjeh+1EiFslNUwXxu0qfhhJB3KNfwe0bF+LQIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQCAron90Id5rzqn73M7FcCN9pFtu1MZ/WYNBxPmrcRc/yZ80PecZoHgTnJh
+mBDTLwpoRLPimxTL4OzrnA6Go0kD/CPAThehGb8BBZ+aiSJ17I0/EL1HDmXStgRk
+WuqP2DxenckWHaNmPVE0PbB6BCsd5HP0tCC4vGBbGYbJmAhhjzhzEmEypqskt+Np
+eFe1DgDyfVrroIHmDLPCEu2ny9Syr/LslDmndGses8/QSVDDyAK/LFFMukCJRWsQ
+uIUJM/aDEAqbZUs4bb60hVfcZTU1HVPcp2xuOmVUFKUvHyCpt/n65Y/5XKQYQpTr
+1qa1krCQOnuwSstIpqBCnX+TecP7
+-----END CERTIFICATE-----
diff --git a/onos-pci/files/certs/tls.key b/onos-pci/files/certs/tls.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC42bpv4K93I1QN
+SGpTxU26V0BUm2+1ciebv5YIKOlcm1gHD7YCaxrVLbRjmHoeccjFcSyYHzB6FD2O
+XTcJTxndiBcjswk2MUQAdLsAo18rPtJL3bGgDjrC6RXeeOY3jGT8ll8WttpQngdw
+Tk9WLl0nLJDGDqY9yl1uJgdDj64M3hwpTyYJFZ2PiA1RoL6bz6oeq3dXdV9ryIEx
+2myRPBP7WMFBwMa34DLaKKcICZ/mbSmASRpWCG1cgotSMb9rXsUCSDL+xNYnsnjB
+oPSJFCwQF5D7ivYwIi20tGT+ZNN0Es6QZSK6fON6H7USIWyU1TBfG7Sp+GEkHco1
+/B7RsX4tAgMBAAECggEBAIvky0HsKx7g77V1vnJTebWyXo8pa2tIT02BusvGGoXp
+Ur9VVouR/yaihkhxlsn/ltBGDFe8EvXw530ccpBq+so7OjfcQPZwZmRp8zRSb63M
+x15/EvRskG/98n0Bxkj3yV2Xd7M7AxHL5xlJSqWQRRNmmNIrOAi/Y+H+ibTJwhEd
+pV6pULHmvu4mU2YdkX/6RLOS89aAxOzXgs6nUzp826/ugb4X34izp/WwMzCs+QJd
+QVvjA/zuLnzIqspqt9bNJ3bCs+/ovqpdYlDBYbYHA0kLEMYOQsAkrWjJWPoLoDyD
+HLZZgG9jkQzkxdUzquku4UahsZZi8317jyT5b/GX0AECgYEA43jvJk887exwc04q
+s2/ef0spPD4JGVmblyD1upWdiWNgyRxxNbOkqaR1Gp5TqcdCmNRaraP3ZKbpngmp
+QKvKGLf/RH7H1b9/NuAlLAI8rSiP6h1MDyTbO1wwdSU4f1HO/3pVyRJfXd2h8+eD
+VfXe8rfXafWBBXWOeJ52JuDStC0CgYEA0Ahn7ikHKo8HM2FIJkrhm2Y4jwSL9TvO
+S6ikBbQPUbhcdyLbHVrOLlmiiBqNnuqe8AzaHrH+T6TeP312M5GGVT9CUkIb1Vq6
+fC8yVTDg4gPlSuz974xRSujWWLutX/6Hr8eAN8L/E78LD/Ojy+DISnIzmTC2B5lM
+o6WJ+BcmMgECgYAxrrY9Hc1nAd9Fr+rvqh1knBvzhnEiUkoDZjWFfSwdV9FJ26Z2
+Xjg2vS6+k5oeWOEY1DjB+DAOkc4wsFeBQoQvhfCBG1e2Pc8hQy+bPxnVkChur9tu
+61Pe0THcRDbkyA94CVY3RoYB0GiRBx3OZpc9WB36jJ6TfKuTeLjBoRUkOQKBgHl9
+Pzy9pxq6lojx+hGqz2BSbRtQm2+m8o4KuWc/RWcDFLTanT3iZuB4pkt3vlcdS56C
+0ur0JcFbVhOb8GijRuEH5XJmexy5NIkLgwhvWBWGEuUTzCSWPG9T1MHTMKgL3C/S
+gVWPQinE+u/g6DpLVozrbqi64sNDSpeTOCSzWDIBAoGAWBxIN1k+xQQYneI1+uvi
+d8NpUcLRilayIKQkaZFA+efXpyPOq8r0WtAh8tpTA3NFXunMiejJUF1wkzL4+NLt
+3ct4RY4eHoPQHtxOqZn7aMx+8/V4yz6IDKEsAsxK1p7AP6yt6GEWzj8OvrP7cm4Z
+NVQirzdY6fbkOULBISdVSWk=
+-----END PRIVATE KEY-----
diff --git a/onos-pci/files/configs/config.json b/onos-pci/files/configs/config.json
@@ -0,0 +1,5 @@
+{
+  "report_period": {
+    "interval": 30
+  }
+}
diff --git a/onos-pci/templates/_helpers.tpl b/onos-pci/templates/_helpers.tpl
@@ -0,0 +1,69 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "onos-pci.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "onos-pci.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "onos-pci.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "onos-pci.labels" -}}
+helm.sh/chart: {{ include "onos-pci.chart" . }}
+{{ include "onos-pci.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "onos-pci.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "onos-pci.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+onos-pci image name
+*/}}
+{{- define "onos-pci.imagename" -}}
+{{- if .Values.global.image.registry -}}
+{{- printf "%s/" .Values.global.image.registry -}}
+{{- else if .Values.image.registry -}}
+{{- printf "%s/" .Values.image.registry -}}
+{{- end -}}
+{{- printf "%s:" .Values.image.repository -}}
+{{- if .Values.global.image.tag -}}
+{{- .Values.global.image.tag -}}
+{{- else -}}
+{{- .Values.image.tag -}}
+{{- end -}}
+{{- end -}}
diff --git a/onos-pci/templates/configmap.yaml b/onos-pci/templates/configmap.yaml
@@ -0,0 +1,20 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-1.0
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "onos-pci.fullname" . }}-config
+  labels:
+    app: {{ template "onos-pci.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+data:
+  logging.yaml: |-
+{{- if .Values.logging }}
+{{ toYaml .Values.logging | indent 4 }}
+{{- end}}
+  config.json: |-
+{{ .Files.Get "files/configs/config.json" | indent 4}}
diff --git a/onos-pci/templates/deployment.yaml b/onos-pci/templates/deployment.yaml
@@ -0,0 +1,91 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-1.0
+
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "onos-pci.fullname" . }}
+  labels:
+  {{- include "onos-pci.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicaCount }}
+  selector:
+    matchLabels:
+      name: {{ template "onos-pci.fullname" . }}
+      app: onos
+      type: pci
+      resource: {{ template "onos-pci.fullname" . }}
+  {{- include "onos-pci.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        name: {{ template "onos-pci.fullname" . }}
+        app: onos
+        type: pci
+        resource: {{ template "onos-pci.fullname" . }}
+    {{- include "onos-pci.selectorLabels" . | nindent 8 }}
+    spec:
+      securityContext:
+      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          image: {{ include "onos-pci.imagename" . | quote }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          args:
+            - "-caPath=/etc/onos/certs/tls.cacrt"
+            - "-keyPath=/etc/onos/certs/tls.key"
+            - "-certPath=/etc/onos/certs/tls.crt"
+            - "-e2tEndpoint={{ .Values.config.pci.e2tEndpoint }}"
+          ports:
+            - name: grpc
+              containerPort: {{ .Values.service.grpc.port }}
+            - name: gnmi
+              containerPort: {{ .Values.service.gnmi.port}}
+          startupProbe:
+            tcpSocket:
+              port: 5150
+            periodSeconds: 5
+            failureThreshold: 60
+          readinessProbe:
+            tcpSocket:
+              port: 5150
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          livenessProbe:
+            tcpSocket:
+              port: 5150
+            initialDelaySeconds: 10
+            periodSeconds: 10
+          volumeMounts:
+            - name: secret
+              mountPath: /etc/onos/certs
+              readOnly: true
+            - name: config
+              mountPath: /etc/onos/config
+              readOnly: true
+          resources:
+      {{- toYaml .Values.resources | nindent 12 }}
+      volumes:
+        - name: secret
+          secret:
+            secretName: {{ template "onos-pci.fullname" . }}-secret
+        - name: config
+          configMap:
+            name: {{ template "onos-pci.fullname" . }}-config
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+  {{- toYaml . | nindent 8 }}
+  {{- end }}
diff --git a/onos-pci/templates/secret.yaml b/onos-pci/templates/secret.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2020-present Open Networking Foundation <info@opennetworking.org>
+#
+# SPDX-License-Identifier: LicenseRef-ONF-Member-1.0
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "onos-pci.fullname" . }}-secret
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+data:
+  {{ $root := . }}
+    {{ range $path, $bytes := .Files.Glob "files/certs/tls.*" }}
+    {{ base $path }}: '{{ $root.Files.Get $path | b64enc }}'
+  {{ end }}
+type: Opaque