apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "firewall.fullname" . }} labels: release: {{ .Release.Name }} app: {{ include "firewall.name" . }} chart: {{ .Chart.Name }} spec: replicas: {{ .Values.replicaCount }} selector: matchLabels: app: {{ include "firewall.name" . }} release: {{ .Release.Name }} template: metadata: labels: app: {{ include "firewall.name" . }} release: {{ .Release.Name }} annotations: k8s.v1.cni.cncf.io/networks: '[ { "name": "sriov-device-{{ .Values.global.unprotectedNetName }}", "interface": "veth12" }, { "name": "sriov-device-{{ .Values.global.protectedNetName }}", "interface": "veth21" } ]' spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} tty: true stdin: true env: - name: unprotectedNetCidr value: "{{.Values.global.unprotectedNetCidr}}" - name: unprotectedNetGwIp value: "{{.Values.global.unprotectedNetGwIp}}" - name: protectedNetCidr value: "{{.Values.global.protectedNetCidr}}" - name: protectedNetGwIp value: "{{.Values.global.protectedNetGwIp}}" - name: dcaeCollectorIp value: "{{.Values.global.dcaeCollectorIp}}" - name: dcaeCollectorPort value: "{{.Values.global.dcaeCollectorPort}}" - name: unprotectedNetProviderDriver value: "{{.Values.global.unprotectedNetProviderDriver}}" - name: protectedNetProviderDriver value: "{{.Values.global.protectedNetProviderDriver}}" command: ["/bin/bash", "/opt/vfw_start.sh"] securityContext: privileged: true capabilities: add: - CAP_SYS_ADMIN volumeMounts: - mountPath: /hugepages name: hugepage - name: lib-modules mountPath: /lib/modules - name: src mountPath: /usr/src - name: scripts mountPath: /opt resources: requests: cpu: {{ .Values.resources.cpu }} memory: {{ .Values.resources.memory }} hugepages-2Mi: {{ .Values.resources.hugepage }} {{- if eq .Values.global.protectedNetProviderName .Values.global.unprotectedNetProviderName }} intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '2' {{- else }} intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1' intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1' {{ end }} limits: cpu: {{ .Values.resources.cpu }} memory: {{ .Values.resources.memory }} hugepages-2Mi: {{ .Values.resources.hugepage }} {{- if eq .Values.global.protectedNetProviderName .Values.global.unprotectedNetProviderName }} intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '2' {{- else }} intel.com/pci_sriov_net_{{ .Values.global.protectedNetProviderName }}: '1' intel.com/pci_sriov_net_{{ .Values.global.unprotectedNetProviderName }}: '1' {{ end }} volumes: - name: hugepage emptyDir: medium: HugePages - name: lib-modules hostPath: path: /lib/modules - name: src hostPath: path: /usr/src - name: scripts configMap: name: {{ .Chart.Name }}-scripts-configmap imagePullSecrets: - name: admin-registry-secret