From 219a7eab4129b3e500bcaf6c62819011580895ba Mon Sep 17 00:00:00 2001 From: Bin Yang Date: Mon, 24 Feb 2020 12:42:24 +0800 Subject: Add nodeaffinity for cFW pods Change-Id: I31077bbaff99f7ffc2c13abd5899afd05cf560f9 Issue-ID: MULTICLOUD-999 Signed-off-by: Bin Yang --- .../pktgen-host-netdevice/templates/deployment.yaml | 19 +++++++++++++++---- .../sink-host-netdevice/templates/deployment.yaml | 19 +++++++++++++++---- .../firewall-host-netdevice/templates/deployment.yaml | 19 +++++++++++++++---- starlingx/demo/firewall-host-netdevice/values.yaml | 18 +++++++++++++----- .../charts/pktgen-sriov/templates/deployment.yaml | 17 +++++++++++++++++ .../charts/sink-sriov/templates/deployment.yaml | 17 +++++++++++++++++ .../demo/firewall-sriov/templates/deployment.yaml | 17 +++++++++++++++++ starlingx/demo/firewall-sriov/values.yaml | 13 ++++++++++--- 8 files changed, 119 insertions(+), 20 deletions(-) (limited to 'starlingx/demo') diff --git a/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml index 4e48937e..276b3df8 100644 --- a/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml +++ b/starlingx/demo/firewall-host-netdevice/charts/pktgen-host-netdevice/templates/deployment.yaml @@ -23,6 +23,19 @@ spec: "interface": "veth11" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -32,12 +45,10 @@ spec: env: - name: unprotectedNetCidr value: "{{.Values.global.unprotectedNetCidr}}" - - name: unprotectedNetGw - value: "{{.Values.global.unprotectedNetGw}}" + - name: unprotectedNetGwIp + value: "{{.Values.global.unprotectedNetGwIp}}" - name: protectedNetCidr value: "{{.Values.global.protectedNetCidr}}" - - name: protectedNetGw - value: "{{.Values.global.protectedNetGw}}" - name: protectedNetGwIp value: "{{.Values.global.protectedNetGwIp}}" - name: dcaeCollectorIp diff --git a/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml index fe3d03fe..eaa928ae 100644 --- a/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml +++ b/starlingx/demo/firewall-host-netdevice/charts/sink-host-netdevice/templates/deployment.yaml @@ -23,6 +23,19 @@ spec: "interface": "veth22" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -32,12 +45,10 @@ spec: env: - name: unprotectedNetCidr value: "{{.Values.global.unprotectedNetCidr}}" - - name: unprotectedNetGw - value: "{{.Values.global.unprotectedNetGw}}" + - name: unprotectedNetGwIp + value: "{{.Values.global.unprotectedNetGwIp}}" - name: protectedNetCidr value: "{{.Values.global.protectedNetCidr}}" - - name: protectedNetGw - value: "{{.Values.global.protectedNetGw}}" - name: protectedNetGwIp value: "{{.Values.global.protectedNetGwIp}}" - name: dcaeCollectorIp diff --git a/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml index be0af964..e93e9da2 100644 --- a/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml +++ b/starlingx/demo/firewall-host-netdevice/templates/deployment.yaml @@ -25,6 +25,19 @@ spec: "interface": "veth21" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -34,12 +47,10 @@ spec: env: - name: unprotectedNetCidr value: "{{.Values.global.unprotectedNetCidr}}" - - name: unprotectedNetGw - value: "{{.Values.global.unprotectedNetGw}}" + - name: unprotectedNetGwIp + value: "{{.Values.global.unprotectedNetGwIp}}" - name: protectedNetCidr value: "{{.Values.global.protectedNetCidr}}" - - name: protectedNetGw - value: "{{.Values.global.protectedNetGw}}" - name: protectedNetGwIp value: "{{.Values.global.protectedNetGwIp}}" - name: dcaeCollectorIp diff --git a/starlingx/demo/firewall-host-netdevice/values.yaml b/starlingx/demo/firewall-host-netdevice/values.yaml index 199551c1..0e044c1a 100644 --- a/starlingx/demo/firewall-host-netdevice/values.yaml +++ b/starlingx/demo/firewall-host-netdevice/values.yaml @@ -22,9 +22,16 @@ resources: global: nodeAffinity: - key: nodeName - values: worker-0 - op: In + - label: + labelkey: sriovdp + op: In + labelvalues: + - enabled + - label: + labelkey: kube-cpu-mgr-policy + op: In + labelvalues: + - static #Networks #unprotectedNetworkName: unprotected-private-net @@ -34,7 +41,8 @@ global: unprotectedNetPortVpg: veth11 unprotectedNetPortVfw: veth12 unprotectedNetCidr: 10.10.1.0/24 - unprotectedNetGw: 10.10.1.1/24 + #unprotectedNetGw: 10.10.1.1/24 + unprotectedNetGwIp: 10.10.1.1 #onapPrivateNetworkName: onap-private-net #onapPrivateNetCidr: 10.10.0.0/16 @@ -48,7 +56,7 @@ global: protectedNetPortVsn: veth22 protectedNetCidr: 10.10.2.0/24 protectedNetGwIp: 10.10.2.1 - protectedNetGw: 10.10.2.1/24 + #protectedNetGw: 10.10.2.1/24 #vFirewall container #vfwPrivateIp0: 192.168.10.3 diff --git a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml index 6c7000a7..53c306fc 100644 --- a/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml +++ b/starlingx/demo/firewall-sriov/charts/pktgen-sriov/templates/deployment.yaml @@ -23,6 +23,19 @@ spec: "interface": "veth11" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -46,6 +59,10 @@ spec: value: "{{.Values.global.unprotectedNetProviderDriver}}" - name: protectedNetProviderDriver value: "{{.Values.global.protectedNetProviderDriver}}" + - name: unprotectedNetProviderVlan + value: "{{.Values.global.unprotectedNetProviderVlan}}" + - name: protectedNetProviderVlan + value: "{{.Values.global.protectedNetProviderVlan}}" command: ["/bin/bash", "/opt/vpg_start.sh"] securityContext: privileged: true diff --git a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml index f3c29f05..45b3ecb1 100644 --- a/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml +++ b/starlingx/demo/firewall-sriov/charts/sink-sriov/templates/deployment.yaml @@ -23,6 +23,19 @@ spec: "interface": "veth22" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -46,6 +59,10 @@ spec: value: "{{.Values.global.unprotectedNetProviderDriver}}" - name: protectedNetProviderDriver value: "{{.Values.global.protectedNetProviderDriver}}" + - name: unprotectedNetProviderVlan + value: "{{.Values.global.unprotectedNetProviderVlan}}" + - name: protectedNetProviderVlan + value: "{{.Values.global.protectedNetProviderVlan}}" command: ["/bin/bash", "/opt/vsn_start.sh"] securityContext: privileged: true diff --git a/starlingx/demo/firewall-sriov/templates/deployment.yaml b/starlingx/demo/firewall-sriov/templates/deployment.yaml index 90677163..d4b59573 100644 --- a/starlingx/demo/firewall-sriov/templates/deployment.yaml +++ b/starlingx/demo/firewall-sriov/templates/deployment.yaml @@ -25,6 +25,19 @@ spec: "interface": "veth21" } ]' spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- range .Values.global.nodeAffinity }} + - key: {{ .label.labelkey }} + operator: {{ .label.op }} + values: + {{- range .label.labelvalues }} + - {{ . }} + {{- end }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -48,6 +61,10 @@ spec: value: "{{.Values.global.unprotectedNetProviderDriver}}" - name: protectedNetProviderDriver value: "{{.Values.global.protectedNetProviderDriver}}" + - name: unprotectedNetProviderVlan + value: "{{.Values.global.unprotectedNetProviderVlan}}" + - name: protectedNetProviderVlan + value: "{{.Values.global.protectedNetProviderVlan}}" command: ["/bin/bash", "/opt/vfw_start.sh"] securityContext: privileged: true diff --git a/starlingx/demo/firewall-sriov/values.yaml b/starlingx/demo/firewall-sriov/values.yaml index 53aa9de1..94a858cc 100644 --- a/starlingx/demo/firewall-sriov/values.yaml +++ b/starlingx/demo/firewall-sriov/values.yaml @@ -21,9 +21,16 @@ resources: global: nodeAffinity: - key: nodeName - values: worker-0 - op: In + - label: + labelkey: sriovdp + op: In + labelvalues: + - enabled + - label: + labelkey: kube-cpu-mgr-policy + op: In + labelvalues: + - static #Networks #unprotectedNetworkName: unprotected-private-net -- cgit 1.2.3-korg