10-frr-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  name: ext-gw
  namespace: frr
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
        {
          "name": "external-net", 
          "interface": "external", 
          "ips": [ "198.18.112.99/24" ], 
          "default-route": [ "198.18.112.254" ]
        },
        {
          "name": "internal-net",
          "interface": "internal", 
          "ips": [ "198.18.111.99/24" ]
        }
      ]'
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "frr/external-net",
          "interface": "external",
          "ips": [
              "198.18.112.99"
          ],
          "dns": {}
      },{
          "name": "frr/internal-net",
          "interface": "internal",
          "ips": [
              "198.18.111.99"
          ],
          "dns": {}
      }]           
    k8s.ovn.org/routing-namespaces: "foo,bar"
    k8s.ovn.org/bfd-enabled: ""
    k8s.ovn.org/routing-network: "frr/internal-net"
spec:
  # hostNetwork: true
  # serviceAccountName: ext-gw-sa
  # serviceAccount: ext-gw-sa
  containers:
  - name: frr
    image: quay.io/wcaban/frr
    # command:
    #   - sleep
    #   - infinity
    command: ["/bin/sh","-c"]
    args: ["/usr/libexec/frr/frrinit.sh start && tail -f /tmp/frr.log "]
    ports:
    - name: bfd
      containerPort: 3784
      protocol: UDP
    - name: bgp
      containerPort: 179
      protocol: TCP
    - name: rip
      containerPort: 520
      protocol: UDP
    - name: ripng
      containerPort: 521
      protocol: UDP
    - name: stats
      containerPort: 9000
      protocol: TCP
    # ServiceAccount requires "privileged" SCC
    # oc adm policy add-scc-to-user privileged -z default
    securityContext:
      privileged: true
      # capabilities:
      #   add:
      #     - NET_RAW
      #     - NET_ADMIN
    volumeMounts:
    - name: config-volume
      mountPath: /etc/frr
  volumes:
    - name: config-volume
      configMap:
        name: frr-configs
  nodeSelector:
    kubernetes.io/hostname: w1