apiVersion: v1
kind: Service
metadata:
  name: {{ .Release.Name }}-upf-svc
  labels:
    epc-mode: upf
spec:
  selector:
    epc-mode: upf
  ports:
    - protocol: UDP
      port: 8805
      targetPort: 8805    
---  
apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: {{ .Release.Name }}-upf-deployment
  labels:
    epc-mode: upf
spec:
  replicas: 1
  selector:
    matchLabels:
      epc-mode: upf
  template:
    metadata:
      annotations:
        linkerd.io/inject: disabled
        "cni.projectcalico.org/ipAddrs": "[\"{{ .Values.config.upfIP }}\"]" 
      labels:
        epc-mode: upf
    spec:   
      containers:
        - name: upf
          image: "{{ .Values.open5gs.image.repository }}:{{ .Values.open5gs.image.tag }}"
          imagePullPolicy: {{ .Values.open5gs.image.pullPolicy }}
          securityContext:
            privileged: true
          command: ["/bin/sh", "-c"]          
          args:
          - ip tuntap add name ogstun mode tun;
            ip addr add 10.45.0.1/16 dev ogstun;
            sysctl -w net.ipv6.conf.all.disable_ipv6=1;
            ip link set ogstun up;
            sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward";
            iptables -t nat -A POSTROUTING -s 10.45.0.0/16 ! -o ogstun -j MASQUERADE;
            /home/auto-reload-open5gs.sh;
          env:
          - name: CNF_NAME
            value: upf            
          volumeMounts:
          - name: {{ .Release.Name }}-upf-config
            mountPath: /open5gs/config-map/
          - mountPath: /dev/net/tun
            name: dev-net-tun            
      volumes:
        - name: {{ .Release.Name }}-upf-config
          configMap:
            name: {{ .Release.Name }}-upf-config
        - name: dev-net-tun
          hostPath:
            path: /dev/net/tun