aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBin Yang <bin.yang@windriver.com>2020-02-24 12:42:24 +0800
committerBin Yang <bin.yang@windriver.com>2020-02-24 12:42:24 +0800
commit219a7eab4129b3e500bcaf6c62819011580895ba (patch)
treed9f2eff458c8e1cd6ef36c250983a876a8322448
parent6547e45fd9f60437811ef35b9d101cdaef494542 (diff)
Add nodeaffinity for cFW pods
Change-Id: I31077bbaff99f7ffc2c13abd5899afd05cf560f9 Issue-ID: MULTICLOUD-999 Signed-off-by: Bin Yang <bin.yang@windriver.com>
-rw-r--r--starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml19
-rw-r--r--starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml19
-rw-r--r--starlingx/demo/firewall-host-netdevice/templates/deployment.yaml19
-rw-r--r--starlingx/demo/firewall-host-netdevice/values.yaml18
-rw-r--r--starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml17
-rw-r--r--starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml17
-rw-r--r--starlingx/demo/firewall-sriov/templates/deployment.yaml17
-rw-r--r--starlingx/demo/firewall-sriov/values.yaml13
8 files changed, 119 insertions, 20 deletions
diff --git a/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml
index 4e48937e..276b3df8 100644
--- a/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml
+++ b/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml
@@ -23,6 +23,19 @@ spec:
"interface": "veth11" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -32,12 +45,10 @@ spec:
env:
- name: unprotectedNetCidr
value: "{{.Values.global.unprotectedNetCidr}}"
- - name: unprotectedNetGw
- value: "{{.Values.global.unprotectedNetGw}}"
+ - name: unprotectedNetGwIp
+ value: "{{.Values.global.unprotectedNetGwIp}}"
- name: protectedNetCidr
value: "{{.Values.global.protectedNetCidr}}"
- - name: protectedNetGw
- value: "{{.Values.global.protectedNetGw}}"
- name: protectedNetGwIp
value: "{{.Values.global.protectedNetGwIp}}"
- name: dcaeCollectorIp
diff --git a/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml
index fe3d03fe..eaa928ae 100644
--- a/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml
+++ b/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml
@@ -23,6 +23,19 @@ spec:
"interface": "veth22" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -32,12 +45,10 @@ spec:
env:
- name: unprotectedNetCidr
value: "{{.Values.global.unprotectedNetCidr}}"
- - name: unprotectedNetGw
- value: "{{.Values.global.unprotectedNetGw}}"
+ - name: unprotectedNetGwIp
+ value: "{{.Values.global.unprotectedNetGwIp}}"
- name: protectedNetCidr
value: "{{.Values.global.protectedNetCidr}}"
- - name: protectedNetGw
- value: "{{.Values.global.protectedNetGw}}"
- name: protectedNetGwIp
value: "{{.Values.global.protectedNetGwIp}}"
- name: dcaeCollectorIp
diff --git a/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml
index be0af964..e93e9da2 100644
--- a/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml
+++ b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml
@@ -25,6 +25,19 @@ spec:
"interface": "veth21" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -34,12 +47,10 @@ spec:
env:
- name: unprotectedNetCidr
value: "{{.Values.global.unprotectedNetCidr}}"
- - name: unprotectedNetGw
- value: "{{.Values.global.unprotectedNetGw}}"
+ - name: unprotectedNetGwIp
+ value: "{{.Values.global.unprotectedNetGwIp}}"
- name: protectedNetCidr
value: "{{.Values.global.protectedNetCidr}}"
- - name: protectedNetGw
- value: "{{.Values.global.protectedNetGw}}"
- name: protectedNetGwIp
value: "{{.Values.global.protectedNetGwIp}}"
- name: dcaeCollectorIp
diff --git a/starlingx/demo/firewall-host-netdevice/values.yaml b/starlingx/demo/firewall-host-netdevice/values.yaml
index 199551c1..0e044c1a 100644
--- a/starlingx/demo/firewall-host-netdevice/values.yaml
+++ b/starlingx/demo/firewall-host-netdevice/values.yaml
@@ -22,9 +22,16 @@ resources:
global:
nodeAffinity:
- key: nodeName
- values: worker-0
- op: In
+ - label:
+ labelkey: sriovdp
+ op: In
+ labelvalues:
+ - enabled
+ - label:
+ labelkey: kube-cpu-mgr-policy
+ op: In
+ labelvalues:
+ - static
#Networks
#unprotectedNetworkName: unprotected-private-net
@@ -34,7 +41,8 @@ global:
unprotectedNetPortVpg: veth11
unprotectedNetPortVfw: veth12
unprotectedNetCidr: 10.10.1.0/24
- unprotectedNetGw: 10.10.1.1/24
+ #unprotectedNetGw: 10.10.1.1/24
+ unprotectedNetGwIp: 10.10.1.1
#onapPrivateNetworkName: onap-private-net
#onapPrivateNetCidr: 10.10.0.0/16
@@ -48,7 +56,7 @@ global:
protectedNetPortVsn: veth22
protectedNetCidr: 10.10.2.0/24
protectedNetGwIp: 10.10.2.1
- protectedNetGw: 10.10.2.1/24
+ #protectedNetGw: 10.10.2.1/24
#vFirewall container
#vfwPrivateIp0: 192.168.10.3
diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml
index 6c7000a7..53c306fc 100644
--- a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml
+++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml
@@ -23,6 +23,19 @@ spec:
"interface": "veth11" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -46,6 +59,10 @@ spec:
value: "{{.Values.global.unprotectedNetProviderDriver}}"
- name: protectedNetProviderDriver
value: "{{.Values.global.protectedNetProviderDriver}}"
+ - name: unprotectedNetProviderVlan
+ value: "{{.Values.global.unprotectedNetProviderVlan}}"
+ - name: protectedNetProviderVlan
+ value: "{{.Values.global.protectedNetProviderVlan}}"
command: ["/bin/bash", "/opt/vpg_start.sh"]
securityContext:
privileged: true
diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml
index f3c29f05..45b3ecb1 100644
--- a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml
+++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml
@@ -23,6 +23,19 @@ spec:
"interface": "veth22" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -46,6 +59,10 @@ spec:
value: "{{.Values.global.unprotectedNetProviderDriver}}"
- name: protectedNetProviderDriver
value: "{{.Values.global.protectedNetProviderDriver}}"
+ - name: unprotectedNetProviderVlan
+ value: "{{.Values.global.unprotectedNetProviderVlan}}"
+ - name: protectedNetProviderVlan
+ value: "{{.Values.global.protectedNetProviderVlan}}"
command: ["/bin/bash", "/opt/vsn_start.sh"]
securityContext:
privileged: true
diff --git a/starlingx/demo/firewall-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/templates/deployment.yaml
index 90677163..d4b59573 100644
--- a/starlingx/demo/firewall-sriov/templates/deployment.yaml
+++ b/starlingx/demo/firewall-sriov/templates/deployment.yaml
@@ -25,6 +25,19 @@ spec:
"interface": "veth21" }
]'
spec:
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ {{- range .Values.global.nodeAffinity }}
+ - key: {{ .label.labelkey }}
+ operator: {{ .label.op }}
+ values:
+ {{- range .label.labelvalues }}
+ - {{ . }}
+ {{- end }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -48,6 +61,10 @@ spec:
value: "{{.Values.global.unprotectedNetProviderDriver}}"
- name: protectedNetProviderDriver
value: "{{.Values.global.protectedNetProviderDriver}}"
+ - name: unprotectedNetProviderVlan
+ value: "{{.Values.global.unprotectedNetProviderVlan}}"
+ - name: protectedNetProviderVlan
+ value: "{{.Values.global.protectedNetProviderVlan}}"
command: ["/bin/bash", "/opt/vfw_start.sh"]
securityContext:
privileged: true
diff --git a/starlingx/demo/firewall-sriov/values.yaml b/starlingx/demo/firewall-sriov/values.yaml
index 53aa9de1..94a858cc 100644
--- a/starlingx/demo/firewall-sriov/values.yaml
+++ b/starlingx/demo/firewall-sriov/values.yaml
@@ -21,9 +21,16 @@ resources:
global:
nodeAffinity:
- key: nodeName
- values: worker-0
- op: In
+ - label:
+ labelkey: sriovdp
+ op: In
+ labelvalues:
+ - enabled
+ - label:
+ labelkey: kube-cpu-mgr-policy
+ op: In
+ labelvalues:
+ - static
#Networks
#unprotectedNetworkName: unprotected-private-net