VOL-1423: Single-node k8s environment does not support EAPOL testing with PONSIM
Change-Id: I0b58819dd93e6adb083e931fe1142bd9d4b5415c
diff --git a/k8s/operator/etcd/operator.yml b/k8s/operator/etcd/operator.yml
index 63f48fb..7df622a 100644
--- a/k8s/operator/etcd/operator.yml
+++ b/k8s/operator/etcd/operator.yml
@@ -22,10 +22,12 @@
metadata:
labels:
name: etcd-operator
+ annotations:
+ cni: "calico"
spec:
containers:
- name: etcd-operator
- image: quay.io/coreos/etcd-operator:v0.7.2
+ image: quay.io/coreos/etcd-operator:v0.9.2
command:
- etcd-operator
env:
diff --git a/k8s/single-node/etcd_cluster.yml b/k8s/single-node/etcd_cluster.yml
index 70d1d59..61a35fa 100644
--- a/k8s/single-node/etcd_cluster.yml
+++ b/k8s/single-node/etcd_cluster.yml
@@ -18,5 +18,8 @@
namespace: voltha
spec:
size: 1
- version: "3.2.9"
+ version: "3.2.18"
+ pod:
+ annotations:
+ cni: "calico"
diff --git a/k8s/single-node/freeradius-config.yml b/k8s/single-node/freeradius-config.yml
new file mode 100644
index 0000000..3379149
--- /dev/null
+++ b/k8s/single-node/freeradius-config.yml
@@ -0,0 +1,26 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+data:
+ clients.conf: |
+ client 192.168.0.0/16 {
+ secret = SECRET
+ }
+ users: |
+ user Cleartext-Password := "password", MS-CHAP-Use-NTLM-Auth := 0
+
+kind: ConfigMap
+metadata:
+ name: freeradius-config
+ namespace: voltha
diff --git a/k8s/single-node/freeradius.yml b/k8s/single-node/freeradius.yml
new file mode 100644
index 0000000..7bfb39c
--- /dev/null
+++ b/k8s/single-node/freeradius.yml
@@ -0,0 +1,84 @@
+# Copyright 2019-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Service
+metadata:
+ name: freeradius
+ namespace: voltha
+ labels:
+ name: freeradius
+spec:
+ clusterIP: None
+ ports:
+ - name: radius-auth
+ protocol: UDP
+ port: 1812
+ targetPort: 1812
+ - name: radius-acc
+ protocol: UDP
+ port: 1813
+ targetPort: 1813
+ - name: radius
+ port: 18120
+ targetPort: 18120
+ selector:
+ app: freeradius
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: freeradius
+ namespace: voltha
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: freeradius
+ annotations:
+ cni: "calico"
+ spec:
+ containers:
+ - name: freeradius
+ image: "tpdock/freeradius"
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: RADIUS_LISTEN_IP
+ value: "*"
+ - name: USERS_FILE
+ value: "/etc/raddb/users"
+ - name: RADIUS_CLIENTS
+ value: "SECRET@192.168.0.0/16"
+ ports:
+ - containerPort: 1812
+ name: radauth-port
+ - containerPort: 1813
+ name: radacc-port
+ - containerPort: 18120
+ name: radius-port
+ volumeMounts:
+ - name: freeradius-config
+ mountPath: /etc/raddb/users
+ subPath: users
+ volumes:
+ - name: freeradius-config
+ configMap:
+ name: freeradius-config
diff --git a/k8s/single-node/genie-cni-plugin-1.8.yml b/k8s/single-node/genie-cni-plugin-1.8.yml
new file mode 100644
index 0000000..e2b0f36
--- /dev/null
+++ b/k8s/single-node/genie-cni-plugin-1.8.yml
@@ -0,0 +1,223 @@
+# Copyright 2019-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: genie-plugin
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - "alpha.network.k8s.io"
+ resources:
+ - logicalnetworks
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - "alpha.network.k8s.io"
+ resources:
+ - physicalnetworks
+ verbs:
+ - get
+ - update
+ - patch
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - apiGroups:
+ - "admissionregistration.k8s.io"
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - get
+ - update
+ - create
+ - delete
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: genie-plugin
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: genie-plugin
+subjects:
+- kind: ServiceAccount
+ name: genie-plugin
+ namespace: kube-system
+- kind: Group
+ name: system:authenticated
+ apiGroup: rbac.authorization.k8s.io
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: genie-plugin
+ namespace: kube-system
+
+---
+# This ConfigMap can be used to configure a self-hosted CNI-Genie installation.
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: genie-config
+ namespace: kube-system
+data:
+ # The CNI network configuration to install on each node.
+ cni_genie_network_config: |-
+ {
+ "name": "k8s-pod-network",
+ "type": "genie",
+ "log_level": "info",
+ "datastore_type": "kubernetes",
+ "hostname": "__KUBERNETES_NODE_NAME__",
+ "policy": {
+ "type": "k8s",
+ "k8s_auth_token": "__SERVICEACCOUNT_TOKEN__"
+ },
+ "kubernetes": {
+ "k8s_api_root": "https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__",
+ "kubeconfig": "/etc/cni/net.d/genie-kubeconfig"
+ },
+ "romana_root": "http://__ROMANA_SERVICE_HOST__:__ROMANA_SERVICE_PORT__",
+ "segment_label_name": "romanaSegment"
+ }
+
+---
+# Install CNI-Genie plugin on each slave node.
+kind: DaemonSet
+apiVersion: extensions/v1beta1
+metadata:
+ name: genie-plugin
+ namespace: kube-system
+ labels:
+ k8s-app: genie
+spec:
+ selector:
+ matchLabels:
+ k8s-app: genie
+ template:
+ metadata:
+ labels:
+ k8s-app: genie
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: |
+ [
+ {
+ "key": "dedicated",
+ "value": "master",
+ "effect": "NoSchedule"
+ },
+ {
+ "key": "CriticalAddonsOnly",
+ "operator": "Exists"
+ }
+ ]
+ spec:
+ hostNetwork: true
+ hostPID: true
+ serviceAccountName: genie-plugin
+ containers:
+ # Create a container with install.sh that
+ # Installs required 00-genie.conf and genie binary
+ # on slave node.
+ - name: install-cni
+ image: quay.io/huawei-cni-genie/genie-plugin:latest
+ imagePullPolicy: Always
+ command: ["/launch.sh"]
+ env:
+ - name: CNI_NETWORK_CONFIG
+ valueFrom:
+ configMapKeyRef:
+ name: genie-config
+ key: cni_genie_network_config
+ - name: KUBERNETES_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - mountPath: /host/opt/cni/bin
+ name: cni-bin-dir
+ - mountPath: /host/etc/cni/net.d
+ name: cni-net-dir
+ volumes:
+ - name: cni-bin-dir
+ hostPath:
+ path: /opt/cni/bin
+ - name: cni-net-dir
+ hostPath:
+ path: /etc/cni/net.d
+
+---
+# Genie network admission controller daemonset configuration
+# Genie network admission controller pods will run only in master nodes
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+ name: genie-network-admission-controller
+ namespace: kube-system
+spec:
+ template:
+ metadata:
+ labels:
+ role: genie-network-admission-controller
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ spec:
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ effect: NoSchedule
+ - key: CriticalAddonsOnly
+ operator: Exists
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ hostNetwork: true
+ serviceAccountName: genie-plugin
+ containers:
+ - name: genie-network-admission-controller
+ image: quay.io/huawei-cni-genie/genie-admission-controller:latest
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8000
+---
+# Genie network admission controller service
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ role: genie-network-admission-controller
+ name: genie-network-admission-controller
+ namespace: kube-system
+spec:
+ ports:
+ - port: 443
+ targetPort: 8000
+ selector:
+ role: genie-network-admission-controller
diff --git a/k8s/single-node/olt.yml b/k8s/single-node/olt.yml
new file mode 100644
index 0000000..9580c32
--- /dev/null
+++ b/k8s/single-node/olt.yml
@@ -0,0 +1,74 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Service
+metadata:
+ name: olt
+ namespace: voltha
+ labels:
+ name: olt
+spec:
+ ports:
+ - name: grpc
+ port: 50060
+ targetPort: 50060
+ selector:
+ app: olt
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: olt
+ namespace: voltha
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: olt
+ annotations:
+ cni: "calico"
+ spec:
+ containers:
+ - name: olt
+ image: "voltha-ponsim:latest"
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+
+ args:
+ - "/app/ponsim"
+ - "-device_type"
+ - "OLT"
+ - "-onus"
+ - "1"
+ - "-internal_if"
+ - "eth0"
+ - "-external_if"
+ - "eth0"
+ - "-vcore_endpoint"
+ - "vcore"
+ - "-promiscuous"
+ - "-verbose"
+ ports:
+ - containerPort: 50060
+ name: grpc-port
+
+ imagePullPolicy: Never
diff --git a/k8s/single-node/onu.yml b/k8s/single-node/onu.yml
new file mode 100644
index 0000000..38e6cc6
--- /dev/null
+++ b/k8s/single-node/onu.yml
@@ -0,0 +1,74 @@
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+apiVersion: v1
+kind: Service
+metadata:
+ name: onu
+ namespace: voltha
+ labels:
+ name: onu
+spec:
+ ports:
+ - name: grpc
+ port: 50061
+ targetPort: 50061
+ selector:
+ app: onu
+---
+apiVersion: apps/v1beta1
+kind: Deployment
+metadata:
+ name: onu
+ namespace: voltha
+spec:
+ replicas: 1
+ template:
+ metadata:
+ labels:
+ app: onu
+ annotations:
+ cni: "calico,pon0"
+ spec:
+ containers:
+ - name: onu
+ image: "voltha-ponsim:latest"
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+
+ args:
+ - "/app/ponsim"
+ - "-device_type"
+ - "ONU"
+ - "-parent_addr"
+ - "olt"
+ - "-grpc_port"
+ - "50061"
+ - "-internal_if"
+ - "eth0"
+ - "-external_if"
+ - "eth1"
+ - "-promiscuous"
+ - "-verbose"
+ ports:
+ - containerPort: 50061
+ name: grpc-port
+
+ imagePullPolicy: Never