Gitiles
Code Review Sign In
gerrit.opencord.org / aether-in-a-box / cbdac111d7dd687a17b49507a5af2635d751bbb1 / . / resources / router.yaml
blob: dfba7083a85e62332c279c4c904ee90323cb6ba7 [file] [log] [blame]
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]1# Copyright 2019-present Open Networking Foundation
2#
Andy Bavier2c427732022-02-03 15:16:46 -0700[diff] [blame]3# SPDX-License-Identifier: Apache-2.0
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]4
5---
6apiVersion: "k8s.cni.cncf.io/v1"
7kind: NetworkAttachmentDefinition
8metadata:
Hyunsun Mooncbdac112022-03-19 22:01:27 -0600[diff] [blame^]9 name: router-net
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]10spec:
11 config: '{
Hyunsun84f0f172020-09-23 15:40:08 -0500[diff] [blame]12 "cniVersion": "0.3.1",
Hyunsun Mooncbdac112022-03-19 22:01:27 -0600[diff] [blame^]13 "type": "macvlan",
14 "master": "${DATA_IFACE}",
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]15 "ipam": {
16 "type": "static"
17 }
18 }'
19---
20apiVersion: v1
21kind: Pod
22metadata:
23 name: router
24 labels:
25 app: router
26 annotations:
27 k8s.v1.cni.cncf.io/networks: '[
Hyunsun Mooncbdac112022-03-19 22:01:27 -0600[diff] [blame^]28 { "name": "router-net", "interface": "core-gw", "ips": ["192.168.250.1/24"] },
29 { "name": "router-net", "interface": "ran-gw", "ips": ["192.168.251.1/24"] },
30 { "name": "router-net", "interface": "access-gw", "ips": ["192.168.252.1/24"] }
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]31 ]'
32spec:
33 containers:
Hyunsun Mooncbdac112022-03-19 22:01:27 -0600[diff] [blame^]34 - name: router
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]35 command: ["/bin/bash", "-c"]
36 args:
37 - >
38 sysctl -w net.ipv4.ip_forward=1;
39 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
Hyunsun Mooncbdac112022-03-19 22:01:27 -0600[diff] [blame^]40 ip route add 172.250.0.0/16 via 192.168.250.3;
Jeremy Ronquillo6be909e2020-08-24 09:36:13 -0700[diff] [blame]41 trap : TERM INT; sleep infinity & wait
42 image: opencord/quagga
43 securityContext:
44 privileged: true
45 capabilities:
46 add:
47 - NET_ADMIN