AETHER-280 Remove privileged from bess daemon container
Also move the additional routings from post-start hook to init
container and run routectl after bessd to avoid crashing during
the initialization.
Change-Id: Ibdce3e7ca7af5764b6f1aef53f210339958e1517
diff --git a/omec/omec-user-plane/Chart.yaml b/omec/omec-user-plane/Chart.yaml
index ae17c65..59b50bc 100644
--- a/omec/omec-user-plane/Chart.yaml
+++ b/omec/omec-user-plane/Chart.yaml
@@ -7,4 +7,4 @@
name: omec-user-plane
icon: https://guide.opencord.org/logos/cord.svg
-version: 0.1.3
+version: 0.1.4
diff --git a/omec/omec-user-plane/templates/bin/_bessd-poststart.sh.tpl b/omec/omec-user-plane/templates/bin/_bessd-poststart.sh.tpl
index df6041c..d073f81 100644
--- a/omec/omec-user-plane/templates/bin/_bessd-poststart.sh.tpl
+++ b/omec/omec-user-plane/templates/bin/_bessd-poststart.sh.tpl
@@ -9,8 +9,3 @@
until bessctl run /opt/bess/bessctl/conf/spgwu; do
sleep 2;
done;
-
-# Add route to eNB
-ip route add {{ .Values.networks.enb.subnet }} via {{ .Values.networks.s1u.gateway }}
-# Add default gw to SGI gateway
-ip route add default via {{ .Values.networks.sgi.gateway }} metric 110
diff --git a/omec/omec-user-plane/templates/statefulset-spgwu.yaml b/omec/omec-user-plane/templates/statefulset-spgwu.yaml
index bcd5846..57fc312 100644
--- a/omec/omec-user-plane/templates/statefulset-spgwu.yaml
+++ b/omec/omec-user-plane/templates/statefulset-spgwu.yaml
@@ -40,30 +40,26 @@
nodeSelector:
{{ .Values.nodeSelectors.spgwu.label }}: {{ .Values.nodeSelectors.spgwu.value }}
{{- end }}
+ initContainers:
+ - name: bess-init
+ image: {{ .Values.images.tags.bess | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
+ command: ["sh", "-xec"]
+ args:
+ - ip route add {{ .Values.networks.enb.subnet }} via {{ .Values.networks.s1u.gateway }};
+ ip route add default via {{ .Values.networks.sgi.gateway }} metric 110;
+ securityContext:
+ capabilities:
+ add:
+ - NET_ADMIN
{{- if .Values.config.coreDump.enabled }}
{{ tuple "spgwu" . | include "omec-user-plane.coredump_init" | indent 8 }}
{{- end }}
containers:
- - name: routectl
- image: {{ .Values.images.tags.bess | quote }}
- imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
- env:
- - name: PYTHONUNBUFFERED
- value: "1"
- command: ["/opt/bess/bessctl/conf/route_control.py"]
- args:
- - -i
- - {{ .Values.config.spgwu.s1u.device }}
- - {{ .Values.config.spgwu.sgi.device }}
- {{- if .Values.resources.enabled }}
- resources:
-{{ toYaml .Values.resources.routectl | indent 10 }}
- {{- end }}
- name: bessd
image: {{ .Values.images.tags.bess | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
securityContext:
- privileged: true
capabilities:
add:
- IPC_LOCK
@@ -109,6 +105,21 @@
- name: coredump
mountPath: /tmp/coredump
{{- end }}
+ - name: routectl
+ image: {{ .Values.images.tags.bess | quote }}
+ imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
+ env:
+ - name: PYTHONUNBUFFERED
+ value: "1"
+ command: ["/opt/bess/bessctl/conf/route_control.py"]
+ args:
+ - -i
+ - {{ .Values.config.spgwu.s1u.device }}
+ - {{ .Values.config.spgwu.sgi.device }}
+ {{- if .Values.resources.enabled }}
+ resources:
+{{ toYaml .Values.resources.routectl | indent 10 }}
+ {{- end }}
- name: web
image: {{ .Values.images.tags.bess | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}