forked from networkservicemesh/networkservicemesh
-
Notifications
You must be signed in to change notification settings - Fork 12
/
vppagent_forwarder.go
120 lines (111 loc) · 2.93 KB
/
vppagent_forwarder.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
//nolint
package pods
import (
v1 "k8s.io/api/core/v1"
v12 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func VPPForwarderPod(name string, node *v1.Node) *v1.Pod {
return createVPPForwarderPod(name, node, nil, nil, nil)
}
func VPPForwarderPodConfig(name string, node *v1.Node, variables map[string]string) *v1.Pod {
return createVPPForwarderPod(name, node, nil, nil, variables)
}
func VPPForwarderPodLiveCheck(name string, node *v1.Node) *v1.Pod {
return createVPPForwarderPod(name, node, createProbe("/liveness"), createProbe("/readiness"), nil)
}
func createVPPForwarderPod(name string, node *v1.Node, liveness, readiness *v1.Probe, variables map[string]string) *v1.Pod {
ht := new(v1.HostPathType)
*ht = v1.HostPathDirectoryOrCreate
priv := true
mode := v1.MountPropagationBidirectional
pod := &v1.Pod{
ObjectMeta: v12.ObjectMeta{
Name: name,
},
TypeMeta: v12.TypeMeta{
Kind: "Deployment",
},
Spec: v1.PodSpec{
ServiceAccountName: ForwardPlaneServiceAccount,
HostPID: true,
HostNetwork: true,
Volumes: []v1.Volume{
{
Name: "workspace",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Type: ht,
Path: "/var/lib/networkservicemesh",
},
},
},
{
Name: "postmortem",
VolumeSource: v1.VolumeSource{
HostPath: &v1.HostPathVolumeSource{
Type: ht,
Path: "/var/tmp/nsm-postmortem",
},
},
},
spireVolume(),
},
Containers: []v1.Container{
containerMod(&v1.Container{
Name: "vppagent-forwarder",
Image: "networkservicemesh/vppagent-forwarder:latest",
ImagePullPolicy: v1.PullIfNotPresent,
VolumeMounts: []v1.VolumeMount{
{
Name: "workspace",
MountPath: "/var/lib/networkservicemesh/",
MountPropagation: &mode,
},
{
Name: "postmortem",
MountPath: "/var/tmp/nsm-postmortem/",
MountPropagation: &mode,
},
spireVolumeMount(),
},
Env: []v1.EnvVar{
{
Name: "NSM_FORWARDER_SRC_IP",
ValueFrom: &v1.EnvVarSource{
FieldRef: &v1.ObjectFieldSelector{
FieldPath: "status.podIP",
},
},
},
{
Name: "INITIAL_LOGLVL",
Value: "debug",
},
},
SecurityContext: &v1.SecurityContext{
Privileged: &priv,
},
LivenessProbe: liveness,
ReadinessProbe: readiness,
Resources: createDefaultForwarderResources(),
}),
},
TerminationGracePeriodSeconds: &ZeroGraceTimeout,
},
}
variables = setInsecureEnvIfExist(variables)
if len(variables) > 0 {
for k, v := range variables {
pod.Spec.Containers[0].Env = append(pod.Spec.Containers[0].Env, v1.EnvVar{
Name: k,
Value: v,
})
}
}
if node != nil {
pod.Spec.NodeSelector = map[string]string{
"kubernetes.io/hostname": node.Labels["kubernetes.io/hostname"],
}
}
return pod
}