app-net-interface · iosetek · Apr 9, 2024 · Apr 11, 2024 · Apr 18, 2024
@@ -1,2 +1,3 @@
+bin/
 out/
 **/__pycache__/
@@ -1,3 +1,3 @@
 [submodule "kube-awi"]
 	path = kube-awi
-	url = git@wwwin-github.cisco.com:ausm/kube-awi.git
+	url = https://github.com/app-net-interface/kube-awi.git
@@ -0,0 +1,4 @@
+.PHONY: init-submodules
+init-submodules:
+	git submodule update --init --recursive
+
@@ -4,53 +4,192 @@ The AWI Install repository was created to simplify the process of installing AWI
 AWI can be easily installed on any k8s cluster - either local one created with minikube,
 kind or k3d or the ones such as EKS or GKE.
 
-In the future, there will be also available a docker compose file for installing AWI
-without the need for k8s at all.
+# Prerequisites
 
-## Prerequisites
+Installing App Net Interface requires:
 
-In order to install AWI, the following things needs to be installed:
-
-* Python3
-* Python3 dependencies - the script requires installed dependencies from
-    `requirements.txt`
-* AWS CLI - for authenticating cluster with private registry, where our
-    images are stored - it needs to be configured with access key
-* kubectl - for interacting with our cluster, where AWI will be installed
 * k8s cluster - it can be either local cluster installed with minikube or any
     other tool or external cluster from AWS/GCP etc. which you will have access
     with your kubectl
-* go compiler - for initializing kubernetes operator (if needed)
-* access to `app-net-interface` repositories
 
-You need to install python3 dependencies for your project. You can do it by running
+* credentials - depending on the details of controller in use, several secrets
+    may be required. More about them [here](#creating-secrets)
+
+* kubectl - for creating k8s secrets
+
+* helm - for deploying App-Net-Interface on a cluster
+
+# Running App Net Interface
+
+Installing App Net Interface on your cluster involves a few steps
+
+1. Creating necessary secrets in your k8s cluster
+1. Setting up private registry if required
+1. Deploying App-Net-Interface using Helm
+
+## Creating Secrets
+
+Before deploying App Net Interface, the administrator should create all
+necessary secrets first. App Net Interface manifests are prepared to
+expect certain secrets so if those are not provided, the k8s pods will
+fail to initialize.
+
+**Each secret value needs to be base64 encoded.**
+
+For instance, a secret `catalyst-sdwan-credentials` which requires username and
+password set to admin/password123 will look like this:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: catalyst-sdwan-credentials
+type: Opaque
+data:
+  username: "YWRtaW4K"
+  password: "cGFzc3dvcmQxMjMK"
+```
+
+Such secret can be later deployed running
+
+```
+kubectl apply -f YAML_FILE -n NAMESPACE
+```
+
+**Secrets needs to be stored in the same namespace where App Net Interface**
+**will be deployed!**
+
+Current App Net Interface defines following secrets.
+
+* catalyst sdwan credentials
+* cloud provider's credentials
+* ui credentials
+* kubernetes context
+
+Currently, there are no mandatory credentials. Depending on the App Net
+Interface configuration, some of them are required and some not.
+
+### Python script
+
+To not create all scripts manually, there is a python script
+`generate_secrets.py` which can be used to automatically render and
+deploy necessary secrets.
+
+```
+AWI_GCP_CREDENTIALS_FILE="PATH_TO_JSON_FILE" python3 generate_secrets.py
+```
+
+To view the list of available arguments run:
+
+```
+python3 generate_secrets.py --help
+```
+
+Currently, script names are not customizable, they are expected to be
+named as described below.
+
+### Catalyst SDWAN Credentials
+
+The AWI application requires the same secrets as one described in
+[this README](kube-awi/README.md).
+
+If the domain connector is set to AWI, the Catalyst SDWAN Controller
+credentials may be left empty, but provider specific credentials are
+necessary.
+
+### UI Credentials
 
-```sh
-pip3 install -r requirements.txt
+Installing AWI introduces another set of credentials for AWI-UI.
+
+Currently, UI credentials are completely optional even if UI
+is spawned. The UI expects:
+
+* GOOGLE_MAPS_API_KEY
+* IP2LOCATION_API_KEY
+
+for geographic data purposes but these are not mandatory and not
+required for the UI to work with App Net Interface
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: awi-ui-keys
+type: Opaque
+data:
+  google_maps_api_key: "{GOOGLE_MAPS_API_KEY}"
+  ip2_location_api_key: "{IP2LOCATION_API_KEY}"
 ```
 
-It is suggested to use `virtualenv` for that
+## Setting up Private Registry
 
-## Deployment
+This step is required if App Net Interface will use a private
+registry to pull images.
 
-To run the deployment simply run:
+To use private registry it is important to override default
+values to explicitely mention that private registry is in use
+and what is the name of such registry.
 
-```sh
-python3 deploy.py
+Creating your own registry rather than using registries such
+as gcr.io etc. may require additional steps.
+
+### Example command for creating AWS Registry
+
+```bash
+kubectl create secret docker-registry ausm-private-registry \
+    -n NAMESPACE \
+    --docker-server=REGISTRY.dkr.ecr.us-west-2.amazonaws.com \
+    --docker-username=AWS \
+    --docker-password="$(aws ecr get-login-password --region us-west-2)"
 ```
 
-To learn how to provide proper secrets to the project check the script helper
+### Example command for creating GHCR Registry
 
-```sh
-python3 deploy.py -h
+```bash
+kubectl create secret docker-registry ausm-private-registry \
+  -n NAMESPACE \
+  --docker-server=ghcr.io \
+  --docker-username=GITHUB_USERNAME \
+  --docker-password=GHCR_PAT \
+  --docker-email=your-email@example.com
 ```
 
-## Contributing
+## Deploying App Net Interface using Helm
+
+After you've created necessary secrets and optional private registry
+secret, you can install awi on your cluster using helm.
+
+To install it from local repository, go to `awi-install/helm` directory
+and type:
+
+```
+helm install awi . --namespace awi-system
+```
+
+# Building chart
+
+## Chart overview
+
+The AWI project consists of two charts:
+
+1. operator chart - the chart used for deploying `kube-awi` chart which spawns AWI
+    Catalyst SDWAN Controller along with the k8s operator
+
+1. awi chart - the chart containing manifests for additional components, namely:
+
+    * AWI Infra Guard - component responsible for visibility, required by CLI and UI
+
+    * AWI UI - the front-end for the application
+
+    * Envoy Proxy - a proxy image for forwarding requests to proper targets and handling
+        WebGRPC protocol used by the UI
+
+# Contributing
 
 Thank you for interest in contributing! Please refer to our
 [contributing guide](CONTRIBUTING.md).
 
-## License
+# License
 
 awi-install is free and open-source software licensed under the *Apache 2.0*
 License.

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: awi-operator
+description: A Helm chart for Kubernetes
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "awi-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "awi-operator.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "awi-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "awi-operator.labels" -}}
+helm.sh/chart: {{ include "awi-operator.chart" . }}
+{{ include "awi-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "awi-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "awi-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "awi-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "awi-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}