| --- |
| # Copyright 2018-present Open Networking Foundation |
| # Copyright 2018 Intel Corporation |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: ngic-dp |
| spec: |
| selector: |
| app: ngic-dp |
| clusterIP: None |
| ports: |
| - name: sx |
| port: {{ .Values.ngic_dp.ports.sx }} |
| protocol: UDP |
| --- |
| apiVersion: apps/v1 |
| kind: StatefulSet |
| metadata: |
| name: ngic-dp |
| labels: |
| app: ngic-dp |
| spec: |
| replicas: {{ .Values.ngic_dp.replicas }} |
| selector: |
| matchLabels: |
| app: ngic-dp |
| serviceName: "ngic-dp" |
| template: |
| metadata: |
| labels: |
| app: ngic-dp |
| annotations: |
| k8s.v1.cni.cncf.io/networks: '[ |
| { "name": "s1u-net", "interface": "s1u-net", "namespace": "default" }, |
| { "name": "sgi-net", "interface": "sgi-net", "namespace": "default" } |
| ]' |
| spec: |
| initContainers: |
| - name: init-iptables |
| image: {{ .Values.ngic_dp.images.init }} |
| command: [ "sh", "-c"] |
| securityContext: |
| capabilities: |
| add: |
| - NET_ADMIN |
| args: |
| - iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP; |
| terminationGracePeriodSeconds: 1 |
| containers: |
| - name: ngic |
| image: {{ .Values.ngic_dp.images.dp }} |
| imagePullPolicy: IfNotPresent |
| stdin: true |
| tty: true |
| env: |
| - name: RTR_SGI_IP |
| value: {{ .Values.ngic_dp.config.rtr_sgi_ip }} |
| - name: SGI_MASK |
| value: {{ .Values.ngic_dp.config.sgi_mask }} |
| - name: MEM_LIMIT |
| valueFrom: |
| resourceFieldRef: |
| containerName: ngic |
| resource: limits.memory |
| divisor: 1Mi |
| command: [ "bash", "-xc"] |
| args: |
| - ifconfig -a; |
| ifconfig lo down; |
| . /opt/ngic/config/dp_config.cfg; |
| ./ngic_dataplane $EAL_ARGS -- $APP_ARGS |
| volumeMounts: |
| - name: config-volume |
| mountPath: /opt/ngic/config |
| {{- if .Values.ngic_dp.config.hugepage_enabled}} |
| - name: hugepage |
| mountPath: /dev/hugepages |
| {{- end}} |
| - name: shared-data |
| mountPath: /opt/ngic/config/shared |
| {{- if .Values.ngic_dp.config.dpdk_enabled}} |
| - name: sriov-volume |
| mountPath: /sriov-cni |
| - name: vfio-volume |
| mountPath: /dev/vfio |
| {{- end}} |
| resources: |
| limits: |
| hugepages-1Gi: {{ .Values.ngic_dp.resources.hugepage }} |
| cpu: {{ .Values.ngic_dp.resources.cpu }} |
| memory: {{ .Values.ngic_dp.resources.mem }} |
| intel.com/sriov: '2' |
| securityContext: |
| {{- if .Values.ngic_dp.config.dpdk_enabled}} |
| privileged: true |
| {{- else}} |
| capabilities: |
| add: |
| - NET_ADMIN |
| - IPC_LOCK |
| {{- end}} |
| volumes: |
| - name: config-volume |
| configMap: |
| name: ngicdp-config |
| {{- if .Values.ngic_dp.config.hugepage_enabled }} |
| - name: hugepage |
| emptyDir: |
| medium: HugePages |
| {{- end}} |
| - name: shared-data |
| emptyDir: {} |
| {{- if .Values.ngic_dp.config.dpdk_enabled}} |
| - name: sriov-volume |
| hostPath: |
| path: /var/lib/cni/sriov |
| type: Directory |
| - name: vfio-volume |
| hostPath: |
| path: /dev/vfio |
| type: Directory |
| {{- end}} |