Split out CNI resources from ponsimv2 chart

Change-Id: Ia9b78c325f0258a87ee9cab665e063a37513a6c8
diff --git a/ponnet/Chart.yaml b/ponnet/Chart.yaml
new file mode 100644
index 0000000..d9ee22f
--- /dev/null
+++ b/ponnet/Chart.yaml
@@ -0,0 +1,17 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: ponnet
+version: 1.0.0
diff --git a/ponnet/templates/_helpers.tpl b/ponnet/templates/_helpers.tpl
new file mode 100644
index 0000000..7ce70d5
--- /dev/null
+++ b/ponnet/templates/_helpers.tpl
@@ -0,0 +1,25 @@
+
+{{- /* 
+ Copyright 2017-present Open Networking Foundation 
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License. 
+ */ -}}
+
+{{- define "ponnet.release_labels" }}
+app: {{ printf "%s-%s" .Release.Name .Chart.Name | trunc 63 }}
+version: {{ .Chart.Version }}
+release: {{ .Release.Name }}
+{{- end }}
+{{- define "ponnet.full_name" -}}
+{{- printf "%s-%s" .Release.Name .Chart.Name | trunc 63 -}}
+{{- end -}}
diff --git a/ponnet/templates/genie-cni-1.8.yml b/ponnet/templates/genie-cni-1.8.yml
new file mode 100644
index 0000000..0fbf50a
--- /dev/null
+++ b/ponnet/templates/genie-cni-1.8.yml
@@ -0,0 +1,328 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: genie-plugin
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "alpha.network.k8s.io"
+    resources:
+      - logicalnetworks
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "alpha.network.k8s.io"
+    resources:
+      - physicalnetworks
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+  - apiGroups:
+      - "admissionregistration.k8s.io"
+    resources:
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+      - create
+      - delete
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: genie-policy
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - networkpolicies
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+    verbs:
+      - get
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: genie-plugin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: genie-plugin
+subjects:
+- kind: ServiceAccount
+  name: genie-plugin
+  namespace: kube-system
+- kind: ServiceAccount
+  name: genie-policy
+  namespace: kube-system
+- kind: Group
+  name: system:authenticated
+  apiGroup: rbac.authorization.k8s.io
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: genie-policy
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: genie-policy
+subjects:
+- kind: ServiceAccount
+  name: genie-policy
+  namespace: kube-system
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: genie-plugin
+  namespace: kube-system
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: genie-policy
+  namespace: kube-system
+
+---
+# This ConfigMap can be used to configure a self-hosted CNI-Genie installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: genie-config
+  namespace: kube-system
+data:
+  # The CNI network configuration to install on each node.
+  cni_genie_network_config: |-
+    {
+        "name": "k8s-pod-network",
+        "type": "genie",
+        "log_level": "info",
+        "datastore_type": "kubernetes",
+        "default_plugin": "calico",
+        "hostname": "__KUBERNETES_NODE_NAME__",
+        "policy": {
+            "type": "k8s",
+            "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
+        },
+        "kubernetes": {
+            "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
+            "kubeconfig": "/etc/cni/net.d/genie-kubeconfig"
+        },
+        "romana_root": "http://__ROMANA_SERVICE_HOST__:__ROMANA_SERVICE_PORT__",
+        "segment_label_name": "romanaSegment"
+    }
+
+---
+# Install CNI-Genie plugin on each slave node.
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+  name: genie-plugin
+  namespace: kube-system
+  labels:
+    k8s-app: genie
+spec:
+  selector:
+    matchLabels:
+      k8s-app: genie
+  template:
+    metadata:
+      labels:
+        k8s-app: genie
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        scheduler.alpha.kubernetes.io/tolerations: |
+          [
+            {
+              "key": "dedicated",
+              "value": "master",
+              "effect": "NoSchedule"
+            },
+            {
+              "key": "CriticalAddonsOnly",
+              "operator": "Exists"
+            }
+          ]
+    spec:
+      hostNetwork: true
+      hostPID: true
+      serviceAccountName: genie-plugin
+      containers:
+        # Create a container with install.sh that
+        # Installs required 00-genie.conf and genie binary
+        # on slave node.
+        - name: install-cni
+          image: quay.io/huawei-cni-genie/genie-plugin:latest 
+          imagePullPolicy: Always 
+          command: ["/launch.sh"]
+          env:
+            - name: CNI_NETWORK_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: genie-config
+                  key: cni_genie_network_config
+            - name: KUBERNETES_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - mountPath: /host/opt/cni/bin
+              name: cni-bin-dir
+            - mountPath: /host/etc/cni/net.d
+              name: cni-net-dir
+      volumes:
+        - name: cni-bin-dir
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni-net-dir
+          hostPath:
+            path: /etc/cni/net.d
+
+---
+# Genie network admission controller daemonset configuration
+# Genie network admission controller pods will run only in master nodes
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: genie-network-admission-controller
+  namespace: kube-system
+spec:
+  template:
+    metadata:
+      labels:
+        role: genie-network-admission-controller
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+    spec:
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
+      - key: CriticalAddonsOnly
+        operator: Exists
+      nodeSelector:
+        node-role.kubernetes.io/master: ""
+      hostNetwork: true
+      serviceAccountName: genie-plugin
+      containers:
+        - name: genie-network-admission-controller
+          image: quay.io/huawei-cni-genie/genie-admission-controller:latest
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8000
+---
+# Genie network admission controller service
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    role: genie-network-admission-controller
+  name: genie-network-admission-controller
+  namespace: kube-system
+spec:
+  ports:
+    - port: 443
+      targetPort: 8000
+  selector:
+    role: genie-network-admission-controller
+
+---
+# Daemonset configuration for geine network policy
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+  name: genie-policy-controller
+  namespace: kube-system
+  labels:
+    k8s-app: genie-policy
+spec:
+  selector:
+    matchLabels:
+      k8s-app: genie-policy
+  template:
+    metadata:
+      labels:
+        k8s-app: genie-policy
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        scheduler.alpha.kubernetes.io/tolerations: |
+          [
+            {
+              "key": "dedicated",
+              "value": "master",
+              "effect": "NoSchedule"
+            },
+            {
+              "key": "CriticalAddonsOnly",
+              "operator": "Exists"
+            }
+          ]
+    spec:
+      hostNetwork: true
+      hostPID: true
+      serviceAccountName: genie-policy
+      containers:
+        - name: policy-engine
+          env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+          image: quay.io/huawei-cni-genie/genie-policy-controller:latest
+          imagePullPolicy: Always
+          command:
+          - /genie-policy
+          args:
+          - -kubeconfig=/etc/kubernetes/admin.conf
+          - -logtostderr=true
+          securityContext:
+            privileged: true
+          volumeMounts:
+          - name: etc-kubernetes
+            mountPath: /etc/kubernetes
+            readOnly: true
+      volumes:
+      - name: etc-kubernetes
+        hostPath:
+          path: /etc/kubernetes
\ No newline at end of file
diff --git a/ponnet/templates/pon0-cni.yaml b/ponnet/templates/pon0-cni.yaml
new file mode 100644
index 0000000..b35815b
--- /dev/null
+++ b/ponnet/templates/pon0-cni.yaml
@@ -0,0 +1,203 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: pon0-plugin
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "alpha.network.k8s.io"
+    resources:
+      - logicalnetworks
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - "alpha.network.k8s.io"
+    resources:
+      - physicalnetworks
+    verbs:
+      - get
+      - update
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+  - apiGroups:
+      - "admissionregistration.k8s.io"
+    resources:
+      - validatingwebhookconfigurations
+    verbs:
+      - get
+      - update
+      - create
+      - delete
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: pon0-plugin
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: pon0-plugin
+subjects:
+- kind: ServiceAccount
+  name: pon0-plugin
+  namespace: kube-system
+- kind: Group
+  name: system:authenticated
+  apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pon0-plugin
+  namespace: kube-system
+
+---
+# This ConfigMap can be used to configure a self-hosted Pon0 installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: pon0-config
+  namespace: kube-system
+data:
+  # The CNI network configuration to install on each node.
+  cni_pon0_network_config: |-
+    {
+        "name": "pon0",
+        "type": "bridge",
+        "bridge": "pon0",
+        "isGateway": true,
+        "ipMask": true,
+        "ipam": {
+        "type": "host-local",
+        "subnet": "10.22.0.0/16",
+        "routes": [
+            { "dst": "0.0.0.0/0" }
+        ]
+      }
+    }
+
+---
+# This ConfigMap can be used to configure a self-hosted Pon0 installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: pon1-config
+  namespace: kube-system
+data:
+  # The CNI network configuration to install on each node.
+  cni_pon1_network_config: |-
+    {
+        "name": "pon1",
+        "type": "bridge",
+        "bridge": "pon1",
+        "isGateway": true,
+        "ipMask": true,
+        "ipam": {
+        "type": "host-local",
+        "subnet": "10.23.0.0/16",
+        "routes": [
+            { "dst": "0.0.0.0/0" }
+        ]
+      }
+    }
+
+---
+# Install Pon0 CNI conf on each slave node.
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+  name: pon0-plugin
+  namespace: kube-system
+  labels:
+    k8s-app: pon0
+spec:
+  selector:
+    matchLabels:
+      k8s-app: pon0
+  template:
+    metadata:
+      labels:
+        k8s-app: pon0
+      annotations:
+        scheduler.alpha.kubernetes.io/critical-pod: ''
+        scheduler.alpha.kubernetes.io/tolerations: |
+          [
+            {
+              "key": "dedicated",
+              "value": "master",
+              "effect": "NoSchedule"
+            },
+            {
+              "key": "CriticalAddonsOnly",
+              "operator": "Exists"
+            }
+          ]
+    spec:
+      hostNetwork: true
+      hostPID: true
+      serviceAccountName: pon0-plugin
+      containers:
+        # Create a container with place_conf.sh that
+        # Installs required 20-pon0.conf on slave node.
+        - name: install-cni
+          image: {{ .Values.pull_docker_registry }}{{ .Values.images.pon0.repository }}:{{ .Values.images.pon0.tag }} 
+          imagePullPolicy: {{ .Values.images.pon0.pullPolicy }} 
+          command: ["/place_conf.sh"]
+          env:
+            - name: CNI_NETWORK_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: pon0-config
+                  key: cni_pon0_network_config
+            - name: CNI_PON1_NETWORK_CONFIG
+              valueFrom:
+                configMapKeyRef:
+                  name: pon1-config
+                  key: cni_pon1_network_config
+            - name: KUBERNETES_NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          volumeMounts:
+            - mountPath: /host/opt/cni/bin
+              name: cni-bin-dir
+            - mountPath: /host/etc/cni/net.d
+              name: cni-net-dir
+      volumes:
+        - name: cni-bin-dir
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni-net-dir
+          hostPath:
+            path: /etc/cni/net.d
diff --git a/ponnet/values.yaml b/ponnet/values.yaml
new file mode 100644
index 0000000..402fb1f
--- /dev/null
+++ b/ponnet/values.yaml
@@ -0,0 +1,25 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+pull_docker_registry:
+
+images:
+  pon0:
+    repository: gopinatht/pon0-network
+    tag: 'latest'
+    pullPolicy: 'Always'
+  
+global:
+  namespace: voltha