mcord/mcord-data-plane/templates/dp.yaml

---
# Copyright 2018-present Open Networking Foundation
# Copyright 2018 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

---
apiVersion: v1
kind: Service
metadata:
  name: ngic-dp
spec:
  selector:
    app: ngic-dp
  clusterIP: None
  ports:
  - name: sx
    port: {{ .Values.ngic_dp.ports.sx }}
    protocol: UDP
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: ngic-dp
  labels:
    app: ngic-dp
spec:
  replicas: {{ .Values.ngic_dp.replicas }}
  selector:
    matchLabels:
      app: ngic-dp
  serviceName: "ngic-dp"
  template:
    metadata:
      labels:
        app: ngic-dp
      annotations:
        k8s.v1.cni.cncf.io/networks: '[
            { "name": "s1u-net", "interface": "s1u-net", "namespace": "default" },
            { "name": "sgi-net", "interface": "sgi-net", "namespace": "default" }
        ]'
    spec:
      initContainers:
      - name: init-iptables
        image: {{ .Values.ngic_dp.images.init }}
        command: [ "sh", "-c"]
        securityContext:
          capabilities:
            add:
              - NET_ADMIN
        args:
        - iptables -I OUTPUT -p icmp --icmp-type destination-unreachable -j DROP;
      terminationGracePeriodSeconds: 1
      containers:
      - name: ngic
        image: {{ .Values.ngic_dp.images.dp }}
        imagePullPolicy: IfNotPresent
        stdin: true
        tty: true
        env:
        - name: RTR_SGI_IP
          value: {{ .Values.ngic_dp.config.rtr_sgi_ip }}
        - name: SGI_MASK
          value: {{ .Values.ngic_dp.config.sgi_mask }}
        - name: MEM_LIMIT
          valueFrom:
            resourceFieldRef:
              containerName: ngic
              resource: limits.memory
              divisor: 1Mi
        command: [ "bash",  "-xc"]
        args:
        - ifconfig -a; ifconfig lo down;
        - . /opt/ngic/config/dp_config.cfg;
        - ./ngic_dataplane $EAL_ARGS -- $APP_ARGS
        volumeMounts:
        - name: config-volume
          mountPath: /opt/ngic/config
        {{- if .Values.ngic_dp.config.hugepage_enabled}}
        - name: hugepage
          mountPath: /dev/hugepages
        {{- end}}
        - name: shared-data
          mountPath: /opt/ngic/config/shared
        {{- if .Values.ngic_dp.config.dpdk_enabled}}
        - name: sriov-volume
          mountPath: /sriov-cni
        - name: vfio-volume
          mountPath: /dev/vfio
        {{- end}}
        resources:
          limits:
            hugepages-1Gi: {{ .Values.ngic_dp.resources.hugepage }}
            cpu: {{ .Values.ngic_dp.resources.cpu }}
            memory: {{ .Values.ngic_dp.resources.mem }}
            intel.com/sriov: '2'
        securityContext:
          {{- if .Values.ngic_dp.config.dpdk_enabled}}
          privileged: true
          {{- else}}
          capabilities:
            add:
              - NET_ADMIN
              - IPC_LOCK
          {{- end}}
      volumes:
        - name: config-volume
          configMap:
            name: ngicdp-config
        {{- if .Values.ngic_dp.config.hugepage_enabled }}
        - name: hugepage
          emptyDir:
            medium: HugePages
        {{- end}}
        - name: shared-data
          emptyDir: {}
        {{- if .Values.ngic_dp.config.dpdk_enabled}}
        - name: sriov-volume
          hostPath:
            path: /var/lib/cni/sriov
            type: Directory
        - name: vfio-volume
          hostPath:
            path: /dev/vfio
            type: Directory
        {{- end}}