Code Review / multicloud / k8s.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add cnf for firewall with network of sriov
[multicloud/k8s.git] / starlingx / demo / firewall-sriov / charts / pktgen-sriov / templates / deployment.yaml
1 apiVersion: apps/v1
2 kind: Deployment
3 metadata:
4   name: {{ include "packetgen.fullname" . }}
5   labels:
6     release: {{ .Release.Name }}
7     app: {{ include "packetgen.name" . }}
8     chart: {{ .Chart.Name }}
9 spec:
10   replicas: {{ .Values.replicaCount }}
11   selector:
12     matchLabels:
13       app: {{ include "packetgen.name" .}}
14       release: {{ .Release.Name }}
15   template:
16     metadata:
17       labels:
18         app: {{ include "packetgen.name" .}}
19         release: {{ .Release.Name }}
20       annotations:
21         k8s.v1.cni.cncf.io/networks: '[
22           { "name": "sriov-device-{{ .Values.global.unprotectedNetName }}",
23             "interface": "veth11" }
24           ]'
25     spec:
26       containers:
27       - name: {{ .Chart.Name }}
28         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
29         imagePullPolicy: {{ .Values.image.pullPolicy }}
30         tty: true
31         stdin: true
32         env:
33           - name: unprotectedNetCidr
34             value: "{{.Values.global.unprotectedNetCidr}}"
35           - name: unprotectedNetGwIp
36             value: "{{.Values.global.unprotectedNetGwIp}}"
37           - name: protectedNetCidr
38             value: "{{.Values.global.protectedNetCidr}}"
39           - name: protectedNetGwIp
40             value: "{{.Values.global.protectedNetGwIp}}"
41           - name: dcaeCollectorIp
42             value: "{{.Values.global.dcaeCollectorIp}}"
43           - name: dcaeCollectorPort
44             value: "{{.Values.global.dcaeCollectorPort}}"
45           - name: unprotectedNetProviderDriver
46             value: "{{.Values.global.unprotectedNetProviderDriver}}"
47           - name: protectedNetProviderDriver
48             value: "{{.Values.global.protectedNetProviderDriver}}"
49         command: ["/bin/bash", "/opt/vpg_start.sh"]
50         securityContext:
51             privileged: true
52             capabilities:
53                 add:
54                 - CAP_SYS_ADMIN
55         volumeMounts:
56           - mountPath: /hugepages
57             name: hugepage
58           - name: lib-modules
59             mountPath: /lib/modules
60           - name: src
61             mountPath: /usr/src
62           - name: scripts
63             mountPath: /opt
64         resources:
65           requests:
66             cpu: {{ .Values.resources.cpu }}
67             memory: {{ .Values.resources.memory }}
68             hugepages-2Mi: {{ .Values.resources.hugepage }}
69             intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1'
70           limits:
71             cpu: {{ .Values.resources.cpu }}
72             memory: {{ .Values.resources.memory }}
73             hugepages-2Mi: {{ .Values.resources.hugepage }}
74             intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1'
75       volumes:
76         - name: hugepage
77           emptyDir:
78             medium: HugePages
79         - name: lib-modules
80           hostPath:
81             path: /lib/modules
82         - name: src
83           hostPath:
84             path: /usr/src
85         - name: scripts
86           configMap:
87             name: {{ .Chart.Name }}-scripts-configmap
88       imagePullSecrets:
89       - name: admin-registry-secret
To contain a POC for Kubernetes plugin