blob: 6b4f845150b091beba22760bce45cf0b7d93ea9f [file] [log] [blame]
{{/*
Copyright 2018-present Open Networking Foundation
Copyright 2018 Intel Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: spgwu
labels:
{{ tuple "spgwu" . | include "mcord-services.metadata_labels" | indent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{ tuple "spgwu" . | include "mcord-services.metadata_labels" | indent 6 }}
serviceName: spgwu
template:
metadata:
labels:
{{ tuple "spgwu" . | include "mcord-services.metadata_labels" | indent 8 }}
annotations:
k8s.v1.cni.cncf.io/networks: '[
{ "name": "s1u-net", "interface": "s1u-net" },
{ "name": "sgi-net", "interface": "sgi-net" }
]'
spec:
{{- if .Values.nodeSelectors.enabled }}
nodeSelector:
{{ .Values.nodeSelectors.spgwu.label }}: {{ .Values.nodeSelectors.spgwu.value }}
{{- end }}
{{- if not .Values.networks.sriov.enabled }}
initContainers:
- name: spgwu-iptables-init
image: {{ .Values.images.tags.init | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
command: [ "sh", "-xec"]
securityContext:
capabilities:
add:
- NET_ADMIN
args:
- iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
- name: spgwu-af-iface-init
image: {{ .Values.images.tags.init | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
securityContext:
capabilities:
add:
- NET_ADMIN
command:
- /opt/dp/scripts/setup-af-iface.sh
volumeMounts:
- name: dp-script
mountPath: /opt/dp/scripts/setup-af-iface.sh
subPath: setup-af-iface.sh
{{- end }}
containers:
- name: spgwu
image: {{ .Values.images.tags.spgwu | quote }}
imagePullPolicy: {{ .Values.images.pullPolicy | quote }}
stdin: true
tty: true
env:
- name: MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: spgwu
resource: limits.memory
divisor: 1Mi
- name: S1U_DEVNAME
{{- if .Values.networks.sriov.enabled }}
value: s1u-net
{{- else }}
value: {{ .Values.config.spgwu.dp.s1uAfDev | quote }}
{{- end }}
- name: SGI_DEVNAME
{{- if .Values.networks.sriov.enabled }}
value: sgi-net
{{- else }}
value: {{ .Values.config.spgwu.dp.sgiAfDev | quote }}
{{- end }}
- name: DEVICES
value: {{ .Values.config.spgwu.dp.devices | quote }}
- name: CP_ADDR
value: spgwc-0.spgwc
- name: DP_ADDR
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: RTR_SGI_IP
value: {{ .Values.config.spgwu.dp.rtrSgiIp | quote }}
- name: SGI_MASK
value: {{ .Values.config.spgwu.dp.sgiMask | quote }}
command: ["bash", "-xc"]
args:
- ip a;
/opt/dp/scripts/run.sh;
volumeMounts:
- name: dp-script
mountPath: /opt/dp/scripts/run.sh
subPath: run.sh
- name: dp-config
mountPath: /etc/dp/config
resources:
requests:
{{- if .Values.resources.enabled }}
{{ toYaml .Values.resources.spgwu.requests | indent 12 }}
{{- end }}
{{- if .Values.networks.sriov.enabled }}
intel.com/sriov_vfio: 2
{{- end }}
limits:
{{- if .Values.resources.enabled }}
{{ toYaml .Values.resources.spgwu.limits | indent 12 }}
{{- end }}
{{- if .Values.networks.sriov.enabled }}
intel.com/sriov_vfio: 2
{{- end }}
securityContext:
capabilities:
add:
- IPC_LOCK
volumes:
- name: dp-script
configMap:
name: spgwu
defaultMode: 493
- name: dp-config
configMap:
name: spgwu
defaultMode: 420