M-CORD Release service charts

Change-Id: Ib6ea6b38abf802db15cabf3ed06fcfceae42cc05
diff --git a/mcord-release/mcord-setup/.helmignore b/mcord-release/mcord-setup/.helmignore
new file mode 100644
index 0000000..f0c1319
--- /dev/null
+++ b/mcord-release/mcord-setup/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/mcord-release/mcord-setup/Chart.yaml b/mcord-release/mcord-setup/Chart.yaml
new file mode 100644
index 0000000..ddbb3f3
--- /dev/null
+++ b/mcord-release/mcord-setup/Chart.yaml
@@ -0,0 +1,21 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+appVersion: "1.0"
+description: The prerequisite setup of M-CORD
+name: mcord-setup
+version: 0.1.0
diff --git a/mcord-release/mcord-setup/templates/NOTES.txt b/mcord-release/mcord-setup/templates/NOTES.txt
new file mode 100644
index 0000000..bc70b1d
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/NOTES.txt
@@ -0,0 +1,33 @@
+{{- /*
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/ -}}
+
+Congratulations! You have installed SR-IOV network device plugin into your Kubernetes cluster.
+
+Your configurations for SR-IOV network device plugin as following:
+
+    10-Gigabit NIC PCI address: {{ .Values.sriov.devicepci }}
+    SR-IOV device type: {{ .Values.sriov.devicetype }}
+
+You can run following command to check SR-IOV is working in Kubernetes cluster:
+
+    $ kubectl -n kube-system -l name=sriov-device-plugin -o wide get pods
+    $ kubectl get nodes -o json | jq -r '.items[] | "\(.metadata.name): \(.status.allocatable)"'
+
+    node1: {"cpu":"39800m","ephemeral-storage":"452697199891","hugepages-1Gi":"32Gi","intel.com/sriov":"63","memory":"31776336Ki","pods":"110"}
+    node2: {"cpu":"39800m","ephemeral-storage":"452697199891","hugepages-1Gi":"32Gi","intel.com/sriov":"63","memory":"31776336Ki","pods":"110"}
+
+The result should show "intel.com/sriov" resource is registered to cluster, and have some virtual function available here.
diff --git a/mcord-release/mcord-setup/templates/_helpers.tpl b/mcord-release/mcord-setup/templates/_helpers.tpl
new file mode 100644
index 0000000..aabdc98
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+{{- /*
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/ -}}
+
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "mcord-setup.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "mcord-setup.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "mcord-setup.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
new file mode 100644
index 0000000..135e769
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
@@ -0,0 +1,234 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  # name must match the spec fields below, and be in the form: <plural>.<group>
+  name: network-attachment-definitions.k8s.cni.cncf.io
+  annotations:
+    "helm.sh/hook": "crd-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+spec:
+  # group name to use for REST API: /apis/<group>/<version>
+  group: k8s.cni.cncf.io
+  # version name to use for REST API: /apis/<group>/<version>
+  version: v1
+  # either Namespaced or Cluster
+  scope: Namespaced
+  names:
+    # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+    plural: network-attachment-definitions
+    # singular name to be used as an alias on the CLI and for display
+    singular: network-attachment-definition
+    # kind is normally the CamelCased singular type. Your resource manifests use this.
+    kind: NetworkAttachmentDefinition
+    # shortNames allow shorter string to match your resource on the CLI
+    shortNames:
+    - net-attach-def
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: multus-sa
+  namespace: kube-system
+  annotations:
+    "helm.sh/hook": "pre-install"
+    "helm.sh/hook-delete-policy": "before-hook-creation"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: multus-sa-secret
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: multus-sa
+type: kubernetes.io/service-account-token
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus-pod-networks-lister
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods/status"]
+  verbs: ["update"]
+- apiGroups: ["k8s.cni.cncf.io"]
+  resources: ["*"]
+  verbs: ["get"]
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: multus-scripts
+  namespace: kube-system
+data:
+  install-certs.sh: |
+    # Copied from Calico
+    # https://github.com/projectcalico/cni-plugin/blob/master/k8s-install/scripts/install-cni.sh
+    touch /host/etc/cni/net.d/multus-kubeconfig
+    chmod 600 /host/etc/cni/net.d/multus-kubeconfig
+    SERVICE_ACCOUNT_PATH=/var/run/secrets/multus/serviceaccount
+    KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
+    TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
+    SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
+    cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+    # Kubeconfig file for Multus CNI plugin.
+    apiVersion: v1
+    kind: Config
+    clusters:
+    - name: local
+      cluster:
+        server: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}
+        $TLS_CFG
+    users:
+    - name: multus
+      user:
+        token: "${SERVICEACCOUNT_TOKEN}"
+    contexts:
+    - name: multus-context
+      context:
+        cluster: local
+        user: multus
+    current-context: multus-context
+    EOF
+  install-multus-conf.sh: |
+    # copied from https://github.com/intel/multus-cni/blob/master/images/entrypoint.sh
+    rm -f /host/etc/cni/net.d/00-multus.conf
+    MASTER_PLUGIN="$(ls /host/etc/cni/net.d | grep -E '\.conf(list)?$' | head -1)"
+    MASTER_PLUGIN_JSON="$(cat /host/etc/cni/net.d/$MASTER_PLUGIN)"
+    cat > /host/etc/cni/net.d/00-multus.conf <<EOF
+    {
+      "name": "multus-cni-network",
+      "type": "multus",
+      "logFile": "/var/log/multus.log",
+      "logLevel": "debug",
+      "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+      "delegates": [
+                    $MASTER_PLUGIN_JSON
+       ]
+    }
+    EOF
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: multus-pod-networks-lister
+subjects:
+- kind: ServiceAccount
+  name: multus-sa
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: sriov-device-plugin
+  namespace: kube-system
+spec:
+  selector:
+      matchLabels:
+        name: sriov-device-plugin
+  template:
+    metadata:
+      labels:
+        name: sriov-device-plugin
+    spec:
+      initContainers:
+      - name: init-sriovds
+        image: {{ .Values.sriovds.initimage }}
+        command: [ "bash", "-c" ]
+        args:
+        - cp /tmp/cni/bin/{multus,sriov,vfioveth,centralip,jq} /host/opt/cni/bin/;
+          /tmp/multus/install-multus-conf.sh;
+          /tmp/multus/install-certs.sh;
+          systemctl stop kubelet;
+          echo "Restarting crio/containerd, kubelet";
+          systemctl restart containerd;
+          systemctl restart crio;
+          systemctl restart kubelet;
+        volumeMounts:
+        - name: usr-bin
+          mountPath: /host/usr/bin
+        - name: cni-bin
+          mountPath: /host/opt/cni/bin
+        - name: multus-sa
+          mountPath: /var/run/secrets/multus/serviceaccount
+        - name: multus-scripts
+          mountPath: /tmp/multus
+        - name: cni-conf
+          mountPath: /host/etc/cni/net.d
+        - name: dbus
+          mountPath: /var/run/dbus
+        - name: systemd
+          mountPath: /run/systemd
+      containers:
+      - name: sriovds
+        image: {{ .Values.sriovds.image }}
+        command: [ "sh", "-c" ]
+        args:
+        - /usr/bin/sriovdp --logtostderr -v 10;
+          sleep infinity;
+        volumeMounts:
+        - name: net
+          mountPath: /sys/class/net
+          readOnly: true
+        - name: dp-sock
+          mountPath: /var/lib/kubelet/device-plugins/
+          readOnly: false
+        - mountPath: /etc/pcidp
+          name: sriov-config
+          readOnly: false
+      volumes:
+      - name: sriov-config
+        configMap:
+          name: sriov-config
+      - name: usr-bin
+        hostPath:
+          path: /usr/bin
+      - name: cni-bin
+        hostPath:
+          path: /opt/cni/bin
+      - name: multus-sa
+        secret:
+          secretName: multus-sa-secret
+      - name: multus-scripts
+        configMap:
+          defaultMode: 511
+          name: multus-scripts
+      - name: cni-conf
+        hostPath:
+          path: /etc/cni/net.d
+      - name: dbus
+        hostPath:
+          path: /var/run/dbus
+      - name: systemd
+        hostPath:
+          path: /run/systemd
+      - name: net
+        hostPath:
+          path: /sys/class/net
+      - name: dp-sock
+        hostPath:
+          path: /var/lib/kubelet/device-plugins/
+      hostNetwork: true
+      hostPID: true
diff --git a/mcord-release/mcord-setup/templates/sriov-conf.yaml b/mcord-release/mcord-setup/templates/sriov-conf.yaml
new file mode 100644
index 0000000..963beb6
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/sriov-conf.yaml
@@ -0,0 +1,34 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: sriov-config
+  namespace: kube-system
+data:
+  config.json: |
+    {
+      "resourceList":
+      [
+        {
+          "resourceName": {{ .Values.sriov.name | quote }},
+          "rootDevices": [{{ .Values.sriov.devicepci | quote }}],
+          "sriovMode": true,
+          "deviceType": "vfio"
+        }
+      ]
+    }
diff --git a/mcord-release/mcord-setup/values.yaml b/mcord-release/mcord-setup/values.yaml
new file mode 100644
index 0000000..d9f8be4
--- /dev/null
+++ b/mcord-release/mcord-setup/values.yaml
@@ -0,0 +1,24 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+sriovds:
+  initimage: aweimeow/multus-sriov
+  image: aweimeow/multus-sriov
+
+sriov:
+  name: sriov
+  devicepci: 04:00.0
+  devicetype: vfio