| # SPDX-FileCopyrightText: {C) 2022 Intel Corporation |
| # |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| apiVersion: apps/v1 |
| kind: Deployment |
| metadata: |
| name: router |
| labels: |
| app: router |
| spec: |
| replicas: 1 |
| selector: |
| matchLabels: |
| app: router |
| template: |
| metadata: |
| labels: |
| app: router |
| annotations: |
| k8s.v1.cni.cncf.io/networks: '[ |
| {{- $first := true}} |
| {{- range .Values.config.router.interfaces }} |
| {{- if $first }} |
| {{- $first = false }} |
| {{- else }}, |
| {{- end }} |
| { "name": "router-net", "interface": {{ .name | quote }}, "ips": [{{.ip | quote }}] } |
| {{- end }} |
| ]' |
| spec: |
| containers: |
| - name: router |
| command: ["/bin/bash", "-c"] |
| args: |
| - > |
| sysctl -w net.ipv4.ip_forward=1; |
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; |
| {{- range .Values.config.router.routes }} |
| ip route add {{ .to }} via {{ .via }}; |
| {{- end }} |
| trap : TERM INT; sleep infinity & wait |
| image: {{ .Values.images.tags.router }} |
| securityContext: |
| privileged: true |
| runAsUser: 0 |
| capabilities: |
| add: |
| - NET_ADMIN |
| {{- if eq .Values.config.router.cni "sriov" }} |
| resources: |
| requests: |
| {{ .Values.config.router.resourceName }}: {{ len .Values.config.router.interfaces }} |
| limits: |
| {{ .Values.config.router.resourceName }}: {{ len .Values.config.router.interfaces }} |
| {{- end }} |