Add new PLC simulator definition

Author: dominicbetts

samples/quickstarts/opc-plc-tutorial-deployment.yaml

@@ -0,0 +1,206 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opc-plc-000000
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: opcplc-000000
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: opcplc-000000
+    spec:
+      containers:
+      - name: opc-plc
+        image: mcr.microsoft.com/iotedge/opc-plc:latest
+        args:
+          - "--plchostname=opcplc-000000"
+          - "--portnum=50000"
+          - "--certdnsnames=opcplc-000000"
+          - "--unsecuretransport"
+          - "--showpnjsonph"
+          - "--slownodes=5"
+          - "--slowrate=10"
+          - "--fastnodes=10"
+          - "--fasttypelowerbound=212"
+          - "--fasttypeupperbound=273"
+          - "--fasttyperandomization=True"
+          - "--veryfastrate=1000"
+          - "--guidnodes=1"
+          - "--appcertstoretype=FlatDirectory"
+          - "--dontrejectunknownrevocationstatus"
+          - "--disableanonymousauth"
+          - "--defaultuser=contosouser"
+          - "--defaultpassword=contosouserpassword"
+        ports:
+        - containerPort: 50000
+        volumeMounts:
+          - name: opc-plc-default-application-cert
+            mountPath: /app/pki/own
+          - name: opc-plc-trust-list
+            mountPath: /app/pki/trusted
+      volumes:
+        - name: opc-plc-default-application-cert
+          secret:
+            secretName: opc-plc-default-application-cert
+        - name: opc-plc-trust-list
+          secret:
+            secretName: opc-plc-trust-list
+      serviceAccountName: opcplc-000000-service-account
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: opcplc-000000
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/component: opcplc-000000
+  ports:
+    - port: 50000
+      protocol: TCP
+      targetPort: 50000
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: opc-plc-self-signed-issuer
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: opc-plc-default-application-cert
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+spec:
+  secretName: opc-plc-default-application-cert
+  duration: 2160h # 90d
+  renewBefore: 360h # 15d
+  issuerRef:
+    name: opc-plc-self-signed-issuer
+    kind: Issuer
+  commonName: OpcPlc
+  dnsNames:
+    - opcplc-000000
+    - opcplc-000000.azure-iot-operations.svc.cluster.local
+    - opcplc-000000.azure-iot-operations
+  uris:
+    - urn:OpcPlc:opcplc-000000
+  usages:
+    - digital signature
+    - key encipherment
+    - data encipherment
+    - server auth
+    - client auth
+  privateKey:
+    algorithm: RSA
+    size: 2048
+  encodeUsagesInRequest: true
+  isCA: false
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: opc-plc-trust-list
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+data: {}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: opcplc-000000-execute-mutual-trust
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      containers:
+      - name: kubectl
+        image: mcr.microsoft.com/oss/kubernetes/kubectl:v1.27.1
+        imagePullPolicy: Always
+        command: ["/bin/sh"]
+        args: ["/scripts/execute-commands.sh"]
+        volumeMounts:
+        - name: scripts
+          mountPath: /scripts
+          readOnly: true
+      restartPolicy: Never
+      serviceAccountName: opcplc-000000-service-account
+      volumes:
+      - name: scripts
+        configMap:
+          name: opcplc-000000-execute-commands-script
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: opcplc-000000-execute-commands-script
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+data:
+  execute-commands.sh: |
+    #!/bin/sh
+
+    # wait 20 seconds for the resources to be created
+    sleep 20
+
+    # Extract the OPC UA connector application instance certificate and add it to the OPC PLC trust list
+    cert=$(kubectl -n azure-iot-operations get secret aio-opc-opcuabroker-default-application-cert -o jsonpath='{.data.tls\.crt}' | base64 -d)
+    data=$(kubectl create secret generic temp --from-literal=opcuabroker.crt="$cert" --dry-run=client -o jsonpath='{.data}')
+    kubectl patch secret opc-plc-trust-list -n azure-iot-operations -p "{\"data\": $data}"
+
+    # Extract the OPC PLC application instance certificate and add it to the OPC UA connector trust list
+    cert=$(kubectl -n azure-iot-operations get secret opc-plc-default-application-cert -o jsonpath='{.data.tls\.crt}' | base64 -d)
+    data=$(kubectl create secret generic temp --from-literal=opcplc-000000.crt="$cert" --dry-run=client -o jsonpath='{.data}')
+    kubectl patch secret aio-opc-ua-broker-trust-list -n azure-iot-operations -p "{\"data\": $data}"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: opcplc-000000-service-account
+  namespace: azure-iot-operations
+  labels:
+    app.kubernetes.io/component: opcplc-000000
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: opc-plc-000000-secret-access-role
+  namespace: azure-iot-operations
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: opc-plc-000000-secret-access-rolebinding
+  namespace: azure-iot-operations
+subjects:
+- kind: ServiceAccount
+  name: opcplc-000000-service-account
+  namespace: azure-iot-operations
+roleRef:
+  kind: Role
+  name: opc-plc-000000-secret-access-role
+  apiGroup: rbac.authorization.k8s.io