blob: 71bcd47faa77f3f7c086f02505db779c5392c0ab [file] [log] [blame]
---
# Copyright 2018-present Open Networking Foundation
# Copyright 2018 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
---
apiVersion: v1
kind: Service
metadata:
name: ngic-dp
spec:
selector:
app: ngic-dp
clusterIP: None
ports:
- name: sx
port: {{ .Values.ngic_dp.ports.sx }}
protocol: UDP
---
apiVersion: v1
kind: Service
metadata:
name: ngic-dp-external
spec:
selector:
app: ngic-dp
type: NodePort
ports:
- port: {{ .Values.ngic_dp.ports.sx }}
nodePort: {{ .Values.ngic_dp.ports.sx_external }}
protocol: UDP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ngic-dp
labels:
app: ngic-dp
spec:
replicas: {{ .Values.ngic_dp.replicas }}
selector:
matchLabels:
app: ngic-dp
serviceName: "ngic-dp"
template:
metadata:
labels:
app: ngic-dp
annotations:
k8s.v1.cni.cncf.io/networks: '[
{ "name": "s1u-net", "interface": "s1u-net", "namespace": "default" },
{ "name": "sgi-net", "interface": "sgi-net", "namespace": "default" }
]'
spec:
initContainers:
- name: init-iptables
image: {{ .Values.ngic_dp.images.init }}
command: [ "sh", "-c"]
securityContext:
capabilities:
add:
- NET_ADMIN
args:
- iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
terminationGracePeriodSeconds: 1
containers:
- name: ngic
image: {{ .Values.ngic_dp.images.dp }}
imagePullPolicy: IfNotPresent
stdin: true
tty: true
env:
- name: RTR_SGI_IP
value: {{ .Values.ngic_dp.config.rtr_sgi_ip }}
- name: SGI_MASK
value: {{ .Values.ngic_dp.config.sgi_mask }}
- name: MEM_LIMIT
valueFrom:
resourceFieldRef:
containerName: ngic
resource: limits.memory
divisor: 1Mi
command: [ "bash", "-xc"]
args:
- ip addr show;
ifconfig;
. /opt/ngic/config/dp_config.cfg;
./ngic_dataplane $EAL_ARGS -- $APP_ARGS
volumeMounts:
- name: config-volume
mountPath: /opt/ngic/config
{{- if .Values.ngic_dp.config.hugepage_enabled}}
- name: hugepage
mountPath: /dev/hugepages
{{- end}}
- name: shared-data
mountPath: /opt/ngic/config/shared
{{- if .Values.ngic_dp.config.dpdk_enabled}}
- name: sriov-volume
mountPath: /sriov-cni
- name: vfio-volume
mountPath: /dev/vfio
{{- end}}
resources:
limits:
{{- if .Values.ngic_dp.config.hugepage_enabled}}
hugepages-1Gi: {{ .Values.ngic_dp.resources.hugepage }}
{{- end}}
cpu: {{ .Values.ngic_dp.resources.cpu }}
memory: {{ .Values.ngic_dp.resources.mem }}
intel.com/sriov: '2'
securityContext:
{{- if .Values.ngic_dp.config.dpdk_enabled}}
privileged: true
{{- else}}
capabilities:
add:
- NET_ADMIN
- IPC_LOCK
{{- end}}
volumes:
- name: config-volume
configMap:
name: ngicdp-config
{{- if .Values.ngic_dp.config.hugepage_enabled}}
- name: hugepage
emptyDir:
medium: HugePages
{{- end}}
- name: shared-data
emptyDir: {}
{{- if .Values.ngic_dp.config.dpdk_enabled}}
- name: sriov-volume
hostPath:
path: /var/lib/cni/sriov
type: Directory
- name: vfio-volume
hostPath:
path: /dev/vfio
type: Directory
{{- end}}