M-CORD Release service charts
Change-Id: Ib6ea6b38abf802db15cabf3ed06fcfceae42cc05
diff --git a/mcord-release/mcord-setup/.helmignore b/mcord-release/mcord-setup/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/mcord-release/mcord-setup/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/mcord-release/mcord-setup/Chart.yaml b/mcord-release/mcord-setup/Chart.yaml
new file mode 100644
index 0000000..ddbb3f3
--- /dev/null
+++ b/mcord-release/mcord-setup/Chart.yaml
@@ -0,0 +1,21 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: The prerequisite setup of M-CORD
+name: mcord-setup
+version: 0.1.0
diff --git a/mcord-release/mcord-setup/templates/NOTES.txt b/mcord-release/mcord-setup/templates/NOTES.txt
new file mode 100644
index 0000000..bc70b1d
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/NOTES.txt
@@ -0,0 +1,33 @@
+{{- /*
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/ -}}
+
+Congratulations! You have installed SR-IOV network device plugin into your Kubernetes cluster.
+
+Your configurations for SR-IOV network device plugin as following:
+
+ 10-Gigabit NIC PCI address: {{ .Values.sriov.devicepci }}
+ SR-IOV device type: {{ .Values.sriov.devicetype }}
+
+You can run following command to check SR-IOV is working in Kubernetes cluster:
+
+ $ kubectl -n kube-system -l name=sriov-device-plugin -o wide get pods
+ $ kubectl get nodes -o json | jq -r '.items[] | "\(.metadata.name): \(.status.allocatable)"'
+
+ node1: {"cpu":"39800m","ephemeral-storage":"452697199891","hugepages-1Gi":"32Gi","intel.com/sriov":"63","memory":"31776336Ki","pods":"110"}
+ node2: {"cpu":"39800m","ephemeral-storage":"452697199891","hugepages-1Gi":"32Gi","intel.com/sriov":"63","memory":"31776336Ki","pods":"110"}
+
+The result should show "intel.com/sriov" resource is registered to cluster, and have some virtual function available here.
diff --git a/mcord-release/mcord-setup/templates/_helpers.tpl b/mcord-release/mcord-setup/templates/_helpers.tpl
new file mode 100644
index 0000000..aabdc98
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{- /*
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/ -}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mcord-setup.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mcord-setup.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mcord-setup.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
new file mode 100644
index 0000000..135e769
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
@@ -0,0 +1,234 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ # name must match the spec fields below, and be in the form: <plural>.<group>
+ name: network-attachment-definitions.k8s.cni.cncf.io
+ annotations:
+ "helm.sh/hook": "crd-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+spec:
+ # group name to use for REST API: /apis/<group>/<version>
+ group: k8s.cni.cncf.io
+ # version name to use for REST API: /apis/<group>/<version>
+ version: v1
+ # either Namespaced or Cluster
+ scope: Namespaced
+ names:
+ # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+ plural: network-attachment-definitions
+ # singular name to be used as an alias on the CLI and for display
+ singular: network-attachment-definition
+ # kind is normally the CamelCased singular type. Your resource manifests use this.
+ kind: NetworkAttachmentDefinition
+ # shortNames allow shorter string to match your resource on the CLI
+ shortNames:
+ - net-attach-def
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: multus-sa
+ namespace: kube-system
+ annotations:
+ "helm.sh/hook": "pre-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: multus-sa-secret
+ namespace: kube-system
+ annotations:
+ kubernetes.io/service-account.name: multus-sa
+type: kubernetes.io/service-account-token
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus-pod-networks-lister
+rules:
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["pods/status"]
+ verbs: ["update"]
+- apiGroups: ["k8s.cni.cncf.io"]
+ resources: ["*"]
+ verbs: ["get"]
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: multus-scripts
+ namespace: kube-system
+data:
+ install-certs.sh: |
+ # Copied from Calico
+ # https://github.com/projectcalico/cni-plugin/blob/master/k8s-install/scripts/install-cni.sh
+ touch /host/etc/cni/net.d/multus-kubeconfig
+ chmod 600 /host/etc/cni/net.d/multus-kubeconfig
+ SERVICE_ACCOUNT_PATH=/var/run/secrets/multus/serviceaccount
+ KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
+ TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
+ SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
+ cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+ # Kubeconfig file for Multus CNI plugin.
+ apiVersion: v1
+ kind: Config
+ clusters:
+ - name: local
+ cluster:
+ server: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}
+ $TLS_CFG
+ users:
+ - name: multus
+ user:
+ token: "${SERVICEACCOUNT_TOKEN}"
+ contexts:
+ - name: multus-context
+ context:
+ cluster: local
+ user: multus
+ current-context: multus-context
+ EOF
+ install-multus-conf.sh: |
+ # copied from https://github.com/intel/multus-cni/blob/master/images/entrypoint.sh
+ rm -f /host/etc/cni/net.d/00-multus.conf
+ MASTER_PLUGIN="$(ls /host/etc/cni/net.d | grep -E '\.conf(list)?$' | head -1)"
+ MASTER_PLUGIN_JSON="$(cat /host/etc/cni/net.d/$MASTER_PLUGIN)"
+ cat > /host/etc/cni/net.d/00-multus.conf <<EOF
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "logFile": "/var/log/multus.log",
+ "logLevel": "debug",
+ "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+ "delegates": [
+ $MASTER_PLUGIN_JSON
+ ]
+ }
+ EOF
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus-rb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: multus-pod-networks-lister
+subjects:
+- kind: ServiceAccount
+ name: multus-sa
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: sriov-device-plugin
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: sriov-device-plugin
+ template:
+ metadata:
+ labels:
+ name: sriov-device-plugin
+ spec:
+ initContainers:
+ - name: init-sriovds
+ image: {{ .Values.sriovds.initimage }}
+ command: [ "bash", "-c" ]
+ args:
+ - cp /tmp/cni/bin/{multus,sriov,vfioveth,centralip,jq} /host/opt/cni/bin/;
+ /tmp/multus/install-multus-conf.sh;
+ /tmp/multus/install-certs.sh;
+ systemctl stop kubelet;
+ echo "Restarting crio/containerd, kubelet";
+ systemctl restart containerd;
+ systemctl restart crio;
+ systemctl restart kubelet;
+ volumeMounts:
+ - name: usr-bin
+ mountPath: /host/usr/bin
+ - name: cni-bin
+ mountPath: /host/opt/cni/bin
+ - name: multus-sa
+ mountPath: /var/run/secrets/multus/serviceaccount
+ - name: multus-scripts
+ mountPath: /tmp/multus
+ - name: cni-conf
+ mountPath: /host/etc/cni/net.d
+ - name: dbus
+ mountPath: /var/run/dbus
+ - name: systemd
+ mountPath: /run/systemd
+ containers:
+ - name: sriovds
+ image: {{ .Values.sriovds.image }}
+ command: [ "sh", "-c" ]
+ args:
+ - /usr/bin/sriovdp --logtostderr -v 10;
+ sleep infinity;
+ volumeMounts:
+ - name: net
+ mountPath: /sys/class/net
+ readOnly: true
+ - name: dp-sock
+ mountPath: /var/lib/kubelet/device-plugins/
+ readOnly: false
+ - mountPath: /etc/pcidp
+ name: sriov-config
+ readOnly: false
+ volumes:
+ - name: sriov-config
+ configMap:
+ name: sriov-config
+ - name: usr-bin
+ hostPath:
+ path: /usr/bin
+ - name: cni-bin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-sa
+ secret:
+ secretName: multus-sa-secret
+ - name: multus-scripts
+ configMap:
+ defaultMode: 511
+ name: multus-scripts
+ - name: cni-conf
+ hostPath:
+ path: /etc/cni/net.d
+ - name: dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: systemd
+ hostPath:
+ path: /run/systemd
+ - name: net
+ hostPath:
+ path: /sys/class/net
+ - name: dp-sock
+ hostPath:
+ path: /var/lib/kubelet/device-plugins/
+ hostNetwork: true
+ hostPID: true
diff --git a/mcord-release/mcord-setup/templates/sriov-conf.yaml b/mcord-release/mcord-setup/templates/sriov-conf.yaml
new file mode 100644
index 0000000..963beb6
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/sriov-conf.yaml
@@ -0,0 +1,34 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: sriov-config
+ namespace: kube-system
+data:
+ config.json: |
+ {
+ "resourceList":
+ [
+ {
+ "resourceName": {{ .Values.sriov.name | quote }},
+ "rootDevices": [{{ .Values.sriov.devicepci | quote }}],
+ "sriovMode": true,
+ "deviceType": "vfio"
+ }
+ ]
+ }
diff --git a/mcord-release/mcord-setup/values.yaml b/mcord-release/mcord-setup/values.yaml
new file mode 100644
index 0000000..d9f8be4
--- /dev/null
+++ b/mcord-release/mcord-setup/values.yaml
@@ -0,0 +1,24 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+sriovds:
+ initimage: aweimeow/multus-sriov
+ image: aweimeow/multus-sriov
+
+sriov:
+ name: sriov
+ devicepci: 04:00.0
+ devicetype: vfio