vFW K8S examples mapping to AAI

Owned by Eric Multanen
Last updated: Sept 05, 2019
23 min read

This page will show info about a vFW instance running in a KUD cloud.  Then examples of what the AAI vserver information should look like.

POD Information

The vFW Pods are:

# kubectl get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE profile1-firewall-78f8578b79-clb8f 1/1 Running 0 99m 10.233.64.114 localhost <none> profile1-packetgen-6dc976cc4-f9c9k 1/1 Running 0 99m 10.233.64.113 localhost <none> profile1-sink-d76f67b9f-l2xvl 2/2 Running 0 99m 10.233.64.115 localhost <none>

Packet Generator Pod Details

# kubectl get pod profile1-packetgen-6dc976cc4-f9c9k -o yaml apiVersion: v1 kind: Pod metadata: annotations: VirtletCloudInitUserData: | ssh_pwauth: True users: - name: admin gecos: User primary-group: admin groups: users sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" runcmd: - export demo_artifacts_version=1.5.0 - export vfw_private_ip_0=192.168.10.3 - export vsn_private_ip_0=192.168.20.3 - export protected_net_cidr=192.168.20.0/24 - export dcae_collector_ip=1.2.3.4 - export dcae_collector_port=4321 - export protected_net_gw=192.168.20.100/24 - export protected_private_net_cidr=192.168.10.0/24 - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/packetgen | sudo -E bash VirtletLibvirtCPUSetting: | mode: host-model VirtletRootVolumeSize: 5Gi app: packetgen k8s.v1.cni.cncf.io/networks: '[{"name": "ovn-networkobj", "namespace": "default"}]' k8s.v1.cni.cncf.io/networks-status: |- [{ "name": "", "interface": "virtlet-eth0", "ips": [ "10.233.64.113" ], "mac": "0a:58:0a:e9:40:71", "default": true, "dns": {} },{ "name": "ovn4nfv-k8s-plugin", "interface": "eth2", "ips": [ "192.168.10.2", "10.0.100.2" ], "mac": "00:00:00:eb:5f:e8", "dns": {} }] kubernetes.io/target-runtime: virtlet.cloud ovnIfaceList: '[{"ip_address":"192.168.10.2/24", "mac_address":"00:00:00:2b:ec:a1", "gateway_ip": "192.168.10.1","defaultGateway":"false","interface":"eth1"},{"ip_address":"10.0.100.2/16", "mac_address":"00:00:00:eb:5f:e8", "gateway_ip": "10.10.0.1","defaultGateway":"false","interface":"eth2"}]' ovnNetwork: '[ { "name": "unprotected-private-net", "ipAddress": "192.168.10.2", "interface": "eth1" , "defaultGateway": "false"}, { "name": "onap-private-net", "ipAddress": "10.0.100.2", "interface": "eth2" , "defaultGateway": "false"} ]' release: profile1 creationTimestamp: 2019-09-04T17:36:02Z generateName: profile1-packetgen-6dc976cc4- labels: app: packetgen pod-template-hash: 6dc976cc4 release: profile1 name: profile1-packetgen-6dc976cc4-f9c9k namespace: default ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: profile1-packetgen-6dc976cc4 uid: 773e0ab1-cf3a-11e9-bbfb-fa163efecba4 resourceVersion: "9973889" selfLink: /api/v1/namespaces/default/pods/profile1-packetgen-6dc976cc4-f9c9k uid: 773f8f5d-cf3a-11e9-bbfb-fa163efecba4 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: extraRuntime operator: In values: - virtlet containers: - image: virtlet.cloud/ubuntu/16.04:latest imagePullPolicy: IfNotPresent name: packetgen resources: limits: memory: 4Gi requests: memory: 4Gi stdin: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File tty: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-dz9jp readOnly: true dnsPolicy: ClusterFirst nodeName: localhost priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-dz9jp secret: defaultMode: 420 secretName: default-token-dz9jp status: conditions: - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:02Z status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:12Z status: "True" type: Ready - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:12Z status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:02Z status: "True" type: PodScheduled containerStatuses: - containerID: docker://virtlet.cloud__c219055c-de9e-5bf4-72f2-f307efaf826c image: virtlet.cloud/sha256:2430a510ebda4e13b566f39b99981a2bfafb58aae15b999676d01ca215cc1f77 imageID: sha256:2430a510ebda4e13b566f39b99981a2bfafb58aae15b999676d01ca215cc1f77 lastState: {} name: packetgen ready: true restartCount: 0 state: running: startedAt: 2019-09-04T17:36:11Z hostIP: 10.12.17.12 phase: Running podIP: 10.233.64.113 qosClass: Burstable startTime: 2019-09-04T17:36:02Z



Firewall Pod Details

# kubectl get pod profile1-firewall-78f8578b79-clb8f -o yaml apiVersion: v1 kind: Pod metadata: annotations: VirtletCloudInitUserData: | ssh_pwauth: True users: - name: admin gecos: User primary-group: admin groups: users sudo: ALL=(ALL) NOPASSWD:ALL lock_passwd: false passwd: "$6$rounds=4096$QA5OCKHTE41$jRACivoPMJcOjLRgxl3t.AMfU7LhCFwOWv2z66CQX.TSxBy50JoYtycJXSPr2JceG.8Tq/82QN9QYt3euYEZW/" runcmd: - export demo_artifacts_version=1.5.0 - export vfw_private_ip_0=192.168.10.3 - export vsn_private_ip_0=192.168.20.3 - export protected_net_cidr=192.168.20.0/24 - export dcae_collector_ip=1.2.3.4 - export dcae_collector_port=4321 - export protected_net_gw=192.168.20.100/24 - export protected_private_net_cidr=192.168.10.0/24 - wget -O - https://git.onap.org/multicloud/k8s/plain/kud/tests/vFW/firewall | sudo -E bash VirtletLibvirtCPUSetting: | mode: host-model VirtletRootVolumeSize: 5Gi k8s.v1.cni.cncf.io/networks: '[{"name": "ovn-networkobj", "namespace": "default"}]' k8s.v1.cni.cncf.io/networks-status: |- [{ "name": "", "interface": "virtlet-eth0", "ips": [ "10.233.64.114" ], "mac": "0a:58:0a:e9:40:72", "default": true, "dns": {} },{ "name": "ovn4nfv-k8s-plugin", "interface": "eth3", "ips": [ "192.168.10.3", "192.168.20.2", "10.10.100.3" ], "mac": "00:00:00:17:2e:4c", "dns": {} }] kubernetes.io/target-runtime: virtlet.cloud ovnIfaceList: '[{"ip_address":"192.168.10.3/24", "mac_address":"00:00:00:26:58:73", "gateway_ip": "192.168.10.1","defaultGateway":"false","interface":"eth1"},{"ip_address":"192.168.20.2/24", "mac_address":"00:00:00:d1:f4:5e", "gateway_ip": "192.168.20.100","defaultGateway":"false","interface":"eth2"},{"ip_address":"10.10.100.3/16", "mac_address":"00:00:00:17:2e:4c", "gateway_ip": "10.10.0.1","defaultGateway":"false","interface":"eth3"}]' ovnNetwork: '[ { "name": "unprotected-private-net", "ipAddress": "192.168.10.3", "interface": "eth1" , "defaultGateway": "false"}, { "name": "protected-private-net", "ipAddress": "192.168.20.2", "interface": "eth2", "defaultGateway": "false" }, { "name": "onap-private-net", "ipAddress": "10.10.100.3", "interface": "eth3" , "defaultGateway": "false"} ]' creationTimestamp: 2019-09-04T17:36:02Z generateName: profile1-firewall-78f8578b79- labels: app: firewall pod-template-hash: 78f8578b79 release: profile1 name: profile1-firewall-78f8578b79-clb8f namespace: default ownerReferences: - apiVersion: apps/v1 blockOwnerDeletion: true controller: true kind: ReplicaSet name: profile1-firewall-78f8578b79 uid: 773fc485-cf3a-11e9-bbfb-fa163efecba4 resourceVersion: "9973893" selfLink: /api/v1/namespaces/default/pods/profile1-firewall-78f8578b79-clb8f uid: 77404908-cf3a-11e9-bbfb-fa163efecba4 spec: affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: extraRuntime operator: In values: - virtlet containers: - image: virtlet.cloud/ubuntu/16.04:latest imagePullPolicy: IfNotPresent name: firewall resources: limits: memory: 4Gi requests: memory: 4Gi stdin: true terminationMessagePath: /dev/termination-log terminationMessagePolicy: File tty: true volumeMounts: - mountPath: /var/run/secrets/kubernetes.io/serviceaccount name: default-token-dz9jp readOnly: true dnsPolicy: ClusterFirst nodeName: localhost priority: 0 restartPolicy: Always schedulerName: default-scheduler securityContext: {} serviceAccount: default serviceAccountName: default terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute key: node.kubernetes.io/not-ready operator: Exists tolerationSeconds: 300 - effect: NoExecute key: node.kubernetes.io/unreachable operator: Exists tolerationSeconds: 300 volumes: - name: default-token-dz9jp secret: defaultMode: 420 secretName: default-token-dz9jp status: conditions: - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:02Z status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:12Z status: "True" type: Ready - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:12Z status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: 2019-09-04T17:36:02Z status: "True" type: PodScheduled containerStatuses: - containerID: docker://virtlet.cloud__bc7f334c-a2c3-5bcb-406c-1c14c4a5e5e4 image: virtlet.cloud/sha256:2430a510ebda4e13b566f39b99981a2bfafb58aae15b999676d01ca215cc1f77 imageID: sha256:2430a510ebda4e13b566f39b99981a2bfafb58aae15b999676d01ca215cc1f77 lastState: {} name: firewall ready: true restartCount: 0 state: running: startedAt: 2019-09-04T17:36:12Z hostIP: 10.12.17.12 phase: Running podIP: 10.233.64.114 qosClass: Burstable startTime: 2019-09-04T17:36:02Z

Sink Pod Details

Service Information

The vFW Services are

Packet Generator Service Details

Sink Service Details

Deployment Information

Deployments for the vFW are:

Packet Generator Deployment Details



Firewall Deployment Details

Sink Deployment Details



AAI Mapping Examples

TBD

Packet Generator



Firewall

Sink