--- /dev/null
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "firewall.fullname" . }}
+ labels:
+ release: {{ .Release.Name }}
+ app: {{ include "firewall.name" . }}
+ chart: {{ .Chart.Name }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "firewall.name" . }}
+ release: {{ .Release.Name }}
+ annotations:
+ k8s.v1.cni.cncf.io/networks: '[
+ { "name": "sriov-device-{{ .Values.global.unprotectedNetName }}",
+ "interface": "veth12" },
+ { "name": "sriov-device-{{ .Values.global.protectedNetName }}",
+ "interface": "veth21" }
+ ]'
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ tty: true
+ stdin: true
+ env:
+ - name: unprotectedNetCidr
+ value: "{{.Values.global.unprotectedNetCidr}}"
+ - name: unprotectedNetGwIp
+ value: "{{.Values.global.unprotectedNetGwIp}}"
+ - name: protectedNetCidr
+ value: "{{.Values.global.protectedNetCidr}}"
+ - name: protectedNetGwIp
+ value: "{{.Values.global.protectedNetGwIp}}"
+ - name: dcaeCollectorIp
+ value: "{{.Values.global.dcaeCollectorIp}}"
+ - name: dcaeCollectorPort
+ value: "{{.Values.global.dcaeCollectorPort}}"
+ - name: unprotectedNetProviderDriver
+ value: "{{.Values.global.unprotectedNetProviderDriver}}"
+ - name: protectedNetProviderDriver
+ value: "{{.Values.global.protectedNetProviderDriver}}"
+ command: ["/bin/bash", "/opt/vfw_start.sh"]
+ securityContext:
+ privileged: true
+ capabilities:
+ add:
+ - CAP_SYS_ADMIN
+ volumeMounts:
+ - mountPath: /hugepages
+ name: hugepage
+ - name: lib-modules
+ mountPath: /lib/modules
+ - name: src
+ mountPath: /usr/src
+ - name: scripts
+ mountPath: /opt
+ resources:
+ requests:
+ cpu: {{ .Values.resources.cpu }}
+ memory: {{ .Values.resources.memory }}
+ hugepages-2Mi: {{ .Values.resources.hugepage }}
+ {{- if eq .Values.global.protectedNetProviderName .Values.global.unprotectedNetProviderName }}
+ intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '2'
+ {{- else }}
+ intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1'
+ intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1'
+ {{ end }}
+ limits:
+ cpu: {{ .Values.resources.cpu }}
+ memory: {{ .Values.resources.memory }}
+ hugepages-2Mi: {{ .Values.resources.hugepage }}
+ {{- if eq .Values.global.protectedNetProviderName .Values.global.unprotectedNetProviderName }}
+ intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '2'
+ {{- else }}
+ intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1'
+ intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1'
+ {{ end }}
+ volumes:
+ - name: hugepage
+ emptyDir:
+ medium: HugePages
+ - name: lib-modules
+ hostPath:
+ path: /lib/modules
+ - name: src
+ hostPath:
+ path: /usr/src
+ - name: scripts
+ configMap:
+ name: {{ .Chart.Name }}-scripts-configmap
+ imagePullSecrets:
+ - name: admin-registry-secret
Code Review / multicloud / k8s.git / blobdiff