Merge pull request #18 from arista-netdevops-community/k8s-file

howto: add k8s example

Author: ankudinov

README.md

@@ -111,6 +111,22 @@ Use following `devcontainer.json` to start:
 Unfortunately `devcontainer.json` is not yet supported with VScode Remote-SSH plugin. You can track recent development [here](https://github.com/microsoft/vscode-remote-release/issues/2994).
 The easiest way to use avd-all-in-one container with remote SSH is creating a simple alias: `alias avd="sudo docker run --rm -it -v $(pwd):/home/avd/projects/ avdteam/avd-all-in-one"`
 
+
+### run avd-all-in-one in k8s
+
+[k8s-avd-cvp.yml](k8s-avd-cvp.yml) is an example pod definition for running avd-all-in-one on CloudVision (CentOS), however
+it should work on other linux distributions (the CVP env vars won't be needed in that case).
+
+The below example is for running the pod on one specific node (set by the `nodeName: $PRIMARY_HOSTNAME` node selection in the spec)
+
+1. Download the docker image: `docker pull avdteam/avd-all-in-one`
+2. Create avd group and user: `groupadd -g 1000 avd && useradd avd -u 1000 -g 1000`
+3. Create projects in `/home/avd`
+4. Deploy the k8s pod: `envsubst < /cvpi/conf/kubernetes/avd.yml | kubectl apply -f -`
+
+> Note that the pod can be also deployed on any node by removing the `nodeName` field from the spec, however that would also require
+> pulling the image onto all nodes and synchronozing the project files between all nodes.
+
 ## Known Caveats
 
 ### Curly Brackets May Not Work as Expected

k8s-avd-cvp.yml

@@ -0,0 +1,101 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: avd
+  labels:
+    app: avd
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: avd
+  template:
+    metadata:
+      labels:
+        app: avd
+    spec:
+      node: $PRIMARY_HOSTNAME
+      hostNetwork: false
+      securityContext:
+        runAsUser: 1000
+      dnsPolicy: ClusterFirst
+      containers:
+      - name: avd
+        image: avdteam/avd-all-in-one:latest
+        imagePullPolicy: Never
+        securityContext:
+          allowPrivilegeEscalation: true
+          capabilities:
+            drop:
+              - all
+          readOnlyRootFilesystem: false
+        env:
+          - name: CVP_MODE
+            value: $CVP_MODE
+          - name: CVP_VERSION
+            value: $CVP_VERSION
+          - name: PRIMARY_DEVICE_INTF_IP
+            value: $PRIMARY_DEVICE_INTF_IP
+          - name: SECONDARY_DEVICE_INTF_IP
+            value: $SECONDARY_DEVICE_INTF_IP
+          - name: TERTIARY_DEVICE_INTF_IP
+            value: $TERTIARY_DEVICE_INTF_IP
+          - name: PRIMARY_HOST_IP
+            value: $PRIMARY_HOST_IP
+          - name: SECONDARY_HOST_IP
+            value: $SECONDARY_HOST_IP
+          - name: TERTIARY_HOST_IP
+            value: $TERTIARY_HOST_IP
+          - name: PRIMARY_HOSTNAME
+            value: $PRIMARY_HOSTNAME
+          - name: SECONDARY_HOSTNAME
+            value: $SECONDARY_HOSTNAME
+          - name: TERTIARY_HOSTNAME
+            value: $TERTIARY_HOSTNAME
+          - name: AERIS_INGEST_KEY
+            value: '$AERIS_INGEST_KEY'
+          - name: CURRENT_NODE_IP
+            valueFrom:
+              fieldRef:
+                fieldPath: status.hostIP
+        command:
+        - zsh
+        - -c
+        - --
+        args:
+        - while true;
+        - do sleep 3000;
+        - done;
+        volumeMounts:
+        - name: tmpfs
+          mountPath: /tmp
+        - name: certs-dir
+          mountPath: /usr/share/nginx/images
+          readOnly: true
+        - name: lib64
+          mountPath: /usr/lib64
+          readOnly: true
+        - name: home-avd
+          mountPath: /projects
+          readOnly: false
+        resources:
+          limits:
+            cpu: "3"
+            memory: "4Gi"
+          requests:
+            cpu: "100m"
+            memory: "100Mi"
+      terminationGracePeriodSeconds: 10
+      volumes:
+      - name: tmpfs
+        hostPath:
+          path: /tmp
+      - name: certs-dir
+        hostPath:
+          path: /usr/share/nginx/certs
+      - name: lib64
+        hostPath:
+          path: /usr/lib64
+      - name: home-avd
+        hostPath:
+          path: /home/avd