blob: 464a02e98ac7b29f20e6b9368de7aa2a236e40fa [file] [log] [blame]
Hyunsun Moonf1c80e02022-11-04 20:08:50 -07001# SPDX-FileCopyrightText: {C) 2022 Intel Corporation
2#
3# SPDX-License-Identifier: Apache-2.0
4
5apiVersion: apps/v1
6kind: Deployment
7metadata:
8 name: router
9 labels:
10 app: router
11spec:
12 replicas: 1
13 selector:
14 matchLabels:
15 app: router
16 template:
17 metadata:
18 labels:
19 app: router
20 annotations:
21 k8s.v1.cni.cncf.io/networks: '[
22 {{- $first := true}}
23 {{- range .Values.config.router.interfaces }}
24 {{- if $first }}
25 {{- $first = false }}
26 {{- else }},
27 {{- end }}
28 { "name": "router-net", "interface": {{ .name | quote }}, "ips": [{{.ip | quote }}] }
29 {{- end }}
30 ]'
31 spec:
32 containers:
33 - name: router
34 command: ["/bin/bash", "-c"]
35 args:
36 - >
37 sysctl -w net.ipv4.ip_forward=1;
38 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
39 {{- range .Values.config.router.routes }}
40 ip route add {{ .to }} via {{ .via }};
41 {{- end }}
42 trap : TERM INT; sleep infinity & wait
43 image: {{ .Values.images.tags.router }}
44 securityContext:
Badhrinath Padmanabhanb8f42912022-11-16 13:58:04 -050045 privileged: true
46 runAsUser: 0
Hyunsun Moonf1c80e02022-11-04 20:08:50 -070047 capabilities:
48 add:
49 - NET_ADMIN
50 {{- if eq .Values.config.router.cni "sriov" }}
51 resources:
52 requests:
53 {{ .Values.config.router.resourceName }}: {{ len .Values.config.router.interfaces }}
54 limits:
55 {{ .Values.config.router.resourceName }}: {{ len .Values.config.router.interfaces }}
56 {{- end }}