Create sid-no-certh.yml

docs/guide/k8s/sancus/sid-no-certh.yml

@@ -0,0 +1,57 @@
+# 1. deployment
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sid-probe
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sid-probe
+  template:
+    metadata:
+      labels:
+        app: sid-probe
+    spec:
+      volumes:
+      - name: share-disk
+        emptyDir: {}
+      containers:
+      # MI probe
+      - name: mmt-probe
+        image: ghcr.io/montimage/mmt-probe:v1.5.12-ncu-10
+        imagePullPolicy: Always
+        env:
+        - name: "MMT_SEC_5G_DOS_NGAP_INITIALUEMESSAGE_MS_LIMIT"
+          value: "100" #allow max 100 InitialUEMessage during 1 millisecond
+        - name: "MMT_SEC_5G_DOS_HTTP2_MS_LIMIT"
+          value: "80"  #allow max 80 http2 requests having method == 131 or 130, or type == 8
+        args: 
+        - "-ieth0"
+        - "-Xprobe-id=5"
+        - "-Xkafka-output.enable=true"
+        - "-Xkafka-output.hostname=kafka" #you can replace "kafka" within its IP address
+        - "-Xkafka-output.port=9092"
+        - "-Xkafka-output.topic=sid-reports"
+        - "-Xsession-report.output-channel=kafka"
+        - "-Xsecurity.enable=true"
+        - "-Xsecurity.ignore-remain-flow=false"
+        - "-Xsecurity.exclude-rules=0-99,108"
+        - "-Xsecurity.output-channel=kafka"
+        - "-Xdump-pcap.enable=true" #dump pcap to files
+        - "-Xdump-pcap.protocols=ip" #dump any IP packets
+        - "-Xdump-pcap.period=5"
+        - "-Xdump-pcap.retain-files=10"
+        - "-Xdump-pcap.output-dir=/opt/mmt/probe/pcaps/"
+         - "-Xoutput.format=json"
+
+        securityContext:
+          privileged: true
+        resources:
+          requests:
+            memory: "512Mi"
+            cpu: "500m"
+        volumeMounts:
+        - mountPath: /opt/mmt/probe/pcaps/
+          name: share-disk
+