Add cnf for firewall with network of sriov

[multicloud/k8s.git] / starlingx / demo / firewall-sriov / templates / protected-private-net.yaml

diff --git a/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml b/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml
new file mode 100644 (file)
index 0000000..f30e9c5
--- /dev/null
+++ b/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml
@@ -0,0 +1,29 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: sriov-device-{{ .Values.global.protectedNetName }}
+  annotations:
+    k8s.v1.cni.cncf.io/resourceName: intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}
+{{- if eq .Values.global.protectedNetProviderDriver "netdevice" }}
+spec:
+  config: '{
+    "type": "sriov",
+    "name": "sriov-device",
+    "vlan": {{ .Values.global.protectedNetProviderVlan }},
+    "ipam": {
+      "type": "host-local",
+      "subnet": "{{ .Values.global.protectedNetCidr }}",
+      "routes": [{
+        "dst": "0.0.0.0/0"
+      }],
+      "gateway": "{{ .Values.global.protectedNetGwIp }}"
+    }
+  }'
+{{- else }}
+spec:
+  config: '{
+    "type": "sriov",
+    "name": "sriov-device",
+    "vlan": {{ .Values.global.protectedNetProviderVlan }}
+  }'
+{{ end -}}
\ No newline at end of file