Add cnf for firewall with network of sriov

sriov driver can be either netdevice or vfio
start scripts support netdevice only yet

Change-Id: Ifa1e9acc558387d38245bd99669225fbf5fb8d05
Issue-ID: MULTICLOUD-999
Signed-off-by: Bin Yang <bin.yang@windriver.com>

1 files changed, 29 insertions, 0 deletions

diff --git a/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml b/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml
new file mode 100644
index 00000000..f30e9c52
--- /dev/null
+++ b/starlingx/demo/firewall-sriov/templates/protected-private-net.yaml
@@ -0,0 +1,29 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: sriov-device-{{ .Values.global.protectedNetName }}
+  annotations:
+    k8s.v1.cni.cncf.io/resourceName: intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}
+{{- if eq .Values.global.protectedNetProviderDriver "netdevice" }}
+spec:
+  config: '{
+    "type": "sriov",
+    "name": "sriov-device",
+    "vlan": {{ .Values.global.protectedNetProviderVlan }},
+    "ipam": {
+      "type": "host-local",
+      "subnet": "{{ .Values.global.protectedNetCidr }}",
+      "routes": [{
+        "dst": "0.0.0.0/0"
+      }],
+      "gateway": "{{ .Values.global.protectedNetGwIp }}"
+    }
+  }'
+{{- else }}
+spec:
+  config: '{
+    "type": "sriov",
+    "name": "sriov-device",
+    "vlan": {{ .Values.global.protectedNetProviderVlan }}
+  }'
+{{ end -}}
\ No newline at end of file