blob: 5518f2dfc298cfae3d8bbbe9042378a3a03284f5 [file] [log] [blame]
{{/*
# Copyright 2018-present Open Networking Foundation
# Copyright 2018 Intel Corporation
# SPDX-License-Identifier: Apache-2.0
# SPDX-License-Identifier: LicenseRef-ONF-Member-Only-1.0
*/}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: spgwu
serviceName: spgwu-headless
labels:
{{ tuple "spgwu" . | include "omec-data-plane.metadata_labels" | indent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{ tuple "spgwu" . | include "omec-data-plane.metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple "spgwu" . | include "omec-data-plane.metadata_labels" | indent 8 }}
annotations:
k8s.v1.cni.cncf.io/networks: '[
{
"name": "s1u-net",
"interface": {{ .Values.config.spgwu.s1u.device | quote }},
"ips": {{ .Values.config.spgwu.s1u.ip | quote }}
},
{
"name": "sgi-net",
"interface": {{ .Values.config.spgwu.sgi.device | quote }},
"ips": {{ .Values.config.spgwu.sgi.ip | quote }}
}
]'
spec:
{{- if .Values.nodeSelectors.enabled }}
nodeSelector:
{{ .Values.nodeSelectors.spgwu.label }}: {{ .Values.nodeSelectors.spgwu.value }}
{{- end }}
{{- if not .Values.config.sriov.enabled }}
initContainers:
- name: spgwu-iptables-init
image: {{ .Values.images.tags.init | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
command: [ "sh", "-xec"]
securityContext:
capabilities:
add:
- NET_ADMIN
args:
- iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
- name: spgwu-af-iface-init
image: {{ .Values.images.tags.init | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
securityContext:
capabilities:
add:
- NET_ADMIN
command:
- /opt/dp/scripts/setup-af-iface.sh
volumeMounts:
- name: dp-script
mountPath: /opt/dp/scripts/setup-af-iface.sh
subPath: setup-af-iface.sh
{{- end }}
{{- if .Values.config.coreDump.enabled }}
{{ tuple "spgwc" . | include "omec-data-plane.coredump_init" | indent 8 }}
{{- end }}
containers:
- name: spgwu
image: {{ .Values.images.tags.spgwu | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
securityContext:
{{- if .Values.config.coreDump.enabled }}
privileged: true
runAsUser: 0
{{- end }}
capabilities:
add:
- IPC_LOCK
stdin: true
tty: true
env:
- name: MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: spgwu
resource: limits.memory
divisor: 1Mi
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DP_NAME
value: "{{ .Values.config.spgwu.dpName }}"
command: ["bash", "-xc"]
args:
- ip a;
/opt/dp/scripts/run.sh;
volumeMounts:
- name: dp-script
mountPath: /opt/dp/scripts/run.sh
subPath: run.sh
- name: dp-config
mountPath: /etc/dp/config
{{- if .Values.config.coreDump.enabled }}
- name: coredump
mountPath: /tmp/coredump
{{- end }}
resources:
requests:
{{- if .Values.resources.enabled }}
{{ toYaml .Values.resources.spgwu.requests | indent 12 }}
{{- end }}
{{- if .Values.config.sriov.enabled }}
intel.com/sriov_vfio_s1u_net: 1
intel.com/sriov_vfio_sgi_net: 1
{{- end }}
limits:
{{- if .Values.resources.enabled }}
{{ toYaml .Values.resources.spgwu.limits | indent 12 }}
{{- end }}
{{- if .Values.config.sriov.enabled }}
intel.com/sriov_vfio_s1u_net: 1
intel.com/sriov_vfio_sgi_net: 1
{{- end }}
volumes:
- name: dp-script
configMap:
name: spgwu
defaultMode: 493
- name: dp-config
configMap:
name: spgwu
defaultMode: 420
{{- if .Values.config.coreDump.enabled }}
- name: host-rootfs
hostPath:
path: /
- name: coredump
hostPath:
path: {{ .Values.config.coreDump.path }}
{{- end }}