update
This commit is contained in:
havelight-ee
@@ -0,0 +1,4 @@
|
||||
# See the OWNERS docs at https://go.k8s.io/owners
|
||||
|
||||
emeritus_approvers:
|
||||
- oilbeater
|
||||
@@ -0,0 +1,98 @@
|
||||
---
|
||||
kube_ovn_db_cpu_request: 500m
|
||||
kube_ovn_db_memory_request: 200Mi
|
||||
kube_ovn_db_cpu_limit: 3000m
|
||||
kube_ovn_db_memory_limit: 3000Mi
|
||||
kube_ovn_node_cpu_request: 200m
|
||||
kube_ovn_node_memory_request: 200Mi
|
||||
kube_ovn_node_cpu_limit: 1000m
|
||||
kube_ovn_node_memory_limit: 800Mi
|
||||
kube_ovn_cni_server_cpu_request: 200m
|
||||
kube_ovn_cni_server_memory_request: 200Mi
|
||||
kube_ovn_cni_server_cpu_limit: 1000m
|
||||
kube_ovn_cni_server_memory_limit: 1Gi
|
||||
kube_ovn_controller_cpu_request: 200m
|
||||
kube_ovn_controller_memory_request: 200Mi
|
||||
kube_ovn_controller_cpu_limit: 1000m
|
||||
kube_ovn_controller_memory_limit: 1Gi
|
||||
kube_ovn_pinger_cpu_request: 100m
|
||||
kube_ovn_pinger_memory_request: 200Mi
|
||||
kube_ovn_pinger_cpu_limit: 200m
|
||||
kube_ovn_pinger_memory_limit: 400Mi
|
||||
kube_ovn_monitor_memory_request: 200Mi
|
||||
kube_ovn_monitor_cpu_request: 200m
|
||||
kube_ovn_monitor_memory_limit: 200Mi
|
||||
kube_ovn_monitor_cpu_limit: 200m
|
||||
kube_ovn_dpdk_node_cpu_request: 1000m
|
||||
kube_ovn_dpdk_node_memory_request: 2Gi
|
||||
kube_ovn_dpdk_node_cpu_limit: 1000m
|
||||
kube_ovn_dpdk_node_memory_limit: 2Gi
|
||||
|
||||
kube_ovn_central_replics: 1
|
||||
kube_ovn_controller_replics: 1
|
||||
|
||||
# geneve or vlan
|
||||
kube_ovn_network_type: geneve
|
||||
|
||||
# geneve, vxlan or stt. ATTENTION: some networkpolicy cannot take effect when using vxlan and stt need custom compile ovs kernel module
|
||||
kube_ovn_tunnel_type: geneve
|
||||
|
||||
## The nic to support container network can be a nic name or a group of regex separated by comma e.g: 'enp6s0f0,eth.*', if empty will use the nic that the default route use.
|
||||
# kube_ovn_iface: eth1
|
||||
## The MTU used by pod iface in overlay networks (default iface MTU - 100)
|
||||
# kube_ovn_mtu: 1333
|
||||
|
||||
## Enable hw-offload, disable traffic mirror and set the iface to the physical port. Make sure that there is an IP address bind to the physical port.
|
||||
kube_ovn_hw_offload: false
|
||||
# traffic mirror
|
||||
kube_ovn_traffic_mirror: false
|
||||
|
||||
# kube_ovn_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
|
||||
# kube_ovn_default_interface_name: eth0
|
||||
|
||||
kube_ovn_external_address: 8.8.8.8
|
||||
kube_ovn_external_address_ipv6: 2400:3200::1
|
||||
kube_ovn_external_dns: alauda.cn
|
||||
|
||||
# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
|
||||
kube_ovn_default_gateway_check: true
|
||||
kube_ovn_default_logical_gateway: false
|
||||
# kube_ovn_default_exclude_ips: 10.16.0.1
|
||||
kube_ovn_node_switch_cidr: 100.64.0.0/16
|
||||
kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
|
||||
|
||||
## vlan config, set default interface name and vlan id
|
||||
# kube_ovn_default_interface_name: eth0
|
||||
kube_ovn_default_vlan_id: 100
|
||||
kube_ovn_vlan_name: product
|
||||
|
||||
## pod nic type, support: veth-pair or internal-port
|
||||
kube_ovn_pod_nic_type: veth_pair
|
||||
|
||||
## Enable load balancer
|
||||
kube_ovn_enable_lb: true
|
||||
|
||||
## Enable network policy support
|
||||
kube_ovn_enable_np: true
|
||||
|
||||
## Enable external vpc support
|
||||
kube_ovn_enable_external_vpc: true
|
||||
|
||||
## Enable checksum
|
||||
kube_ovn_encap_checksum: true
|
||||
|
||||
## enable ssl
|
||||
kube_ovn_enable_ssl: false
|
||||
|
||||
## dpdk
|
||||
kube_ovn_dpdk_enabled: false
|
||||
kube_ovn_dpdk_tunnel_iface: br-phy
|
||||
|
||||
## eip snat
|
||||
kube_ovn_eip_snat_enabled: true
|
||||
|
||||
## keep vm ip
|
||||
kube_ovn_keep_vm_ip: true
|
||||
|
||||
## cni config priority, default: 01
|
||||
kube_ovn_cni_config_priority: 01
|
||||
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Kube-OVN | Label ovn-db node
|
||||
command: >-
|
||||
{{ kubectl }} label --overwrite node {{ groups['kube_control_plane'] | first }} kube-ovn/role=master
|
||||
when:
|
||||
- inventory_hostname == groups['kube_control_plane'][0]
|
||||
|
||||
- name: Kube-OVN | Create Kube-OVN manifests
|
||||
template:
|
||||
src: "{{ item.file }}.j2"
|
||||
dest: "{{ kube_config_dir }}/{{ item.file }}"
|
||||
mode: 0644
|
||||
with_items:
|
||||
- {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
|
||||
- {name: ovn, file: cni-ovn.yml}
|
||||
- {name: kube-ovn, file: cni-kube-ovn.yml}
|
||||
register: kube_ovn_node_manifests
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,610 @@
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: kube-ovn-controller
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
kube-ovn controller
|
||||
spec:
|
||||
replicas: {{ kube_ovn_controller_replics }}
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kube-ovn-controller
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 0%
|
||||
maxUnavailable: 100%
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-ovn-controller
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: kube-ovn-controller
|
||||
topologyKey: kubernetes.io/hostname
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: ovn
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-ovn-controller
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command:
|
||||
- /kube-ovn/start-controller.sh
|
||||
args:
|
||||
- --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{''}}
|
||||
- --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{''}}
|
||||
- --default-gateway-check={{ kube_ovn_default_gateway_check|string }}
|
||||
- --default-logical-gateway={{ kube_ovn_default_logical_gateway|string }}
|
||||
- --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{''}}
|
||||
- --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{''}}
|
||||
- --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
|
||||
- --network-type={{ kube_ovn_network_type }}
|
||||
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
||||
- --default-vlan-id={{ kube_ovn_default_vlan_id }}
|
||||
- --pod-nic-type={{ kube_ovn_pod_nic_type }}
|
||||
- --enable-lb={{ kube_ovn_enable_lb|string }}
|
||||
- --enable-np={{ kube_ovn_enable_np|string }}
|
||||
- --enable-eip-snat={{ kube_ovn_eip_snat_enabled }}
|
||||
- --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }}
|
||||
- --logtostderr=false
|
||||
- --alsologtostderr=true
|
||||
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
|
||||
- --log_file_max_size=0
|
||||
- --keep-vm-ip={{ kube_ovn_keep_vm_ip }}
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: KUBE_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
- name: KUBE_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /var/log/kube-ovn
|
||||
name: kube-ovn-log
|
||||
- mountPath: /var/run/tls
|
||||
name: kube-ovn-tls
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /kube-ovn/kube-ovn-controller-healthcheck
|
||||
periodSeconds: 3
|
||||
timeoutSeconds: 45
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- /kube-ovn/kube-ovn-controller-healthcheck
|
||||
initialDelaySeconds: 300
|
||||
periodSeconds: 7
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 45
|
||||
resources:
|
||||
requests:
|
||||
cpu: {{ kube_ovn_controller_cpu_request }}
|
||||
memory: {{ kube_ovn_controller_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_controller_cpu_limit }}
|
||||
memory: {{ kube_ovn_controller_memory_limit }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: kube-ovn-log
|
||||
hostPath:
|
||||
path: /var/log/kube-ovn
|
||||
- name: kube-ovn-tls
|
||||
secret:
|
||||
optional: true
|
||||
secretName: kube-ovn-tls
|
||||
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: kube-ovn-cni
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
This daemon set launches the kube-ovn cni daemon.
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kube-ovn-cni
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-ovn-cni
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: ovn
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
initContainers:
|
||||
- name: install-cni
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command: ["/kube-ovn/install-cni.sh"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
volumeMounts:
|
||||
- mountPath: /opt/cni/bin
|
||||
name: cni-bin
|
||||
containers:
|
||||
- name: cni-server
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command:
|
||||
- bash
|
||||
- /kube-ovn/start-cniserver.sh
|
||||
args:
|
||||
- --enable-mirror={{ kube_ovn_traffic_mirror | lower }}
|
||||
- --encap-checksum={{ kube_ovn_encap_checksum | lower }}
|
||||
- --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
|
||||
- --iface={{ kube_ovn_iface|default('') }}
|
||||
- --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
|
||||
- --network-type={{ kube_ovn_network_type }}
|
||||
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
||||
{% if kube_ovn_mtu is defined %}
|
||||
- --mtu={{ kube_ovn_mtu }}
|
||||
{% endif %}
|
||||
- --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist
|
||||
- --logtostderr=false
|
||||
- --alsologtostderr=true
|
||||
- --log_file=/var/log/kube-ovn/kube-ovn-cni.log
|
||||
- --log_file_max_size=0
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
env:
|
||||
- name: kube_ovn_enable_ssl
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: KUBE_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: MODULES
|
||||
value: kube_ovn_fastpath.ko
|
||||
- name: RPMS
|
||||
value: openvswitch-kmod
|
||||
volumeMounts:
|
||||
- name: host-modules
|
||||
mountPath: /lib/modules
|
||||
readOnly: true
|
||||
- name: shared-dir
|
||||
mountPath: /var/lib/kubelet/pods
|
||||
- mountPath: /etc/openvswitch
|
||||
name: systemid
|
||||
- mountPath: /etc/cni/net.d
|
||||
name: cni-conf
|
||||
- mountPath: /run/openvswitch
|
||||
name: host-run-ovs
|
||||
mountPropagation: Bidirectional
|
||||
- mountPath: /run/ovn
|
||||
name: host-run-ovn
|
||||
- mountPath: /var/run/netns
|
||||
name: host-ns
|
||||
mountPropagation: HostToContainer
|
||||
- mountPath: /var/log/kube-ovn
|
||||
name: kube-ovn-log
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-log-ovs
|
||||
- mountPath: /var/log/ovn
|
||||
name: host-log-ovn
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 7
|
||||
successThreshold: 1
|
||||
tcpSocket:
|
||||
port: 10665
|
||||
timeoutSeconds: 3
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 7
|
||||
successThreshold: 1
|
||||
tcpSocket:
|
||||
port: 10665
|
||||
timeoutSeconds: 3
|
||||
resources:
|
||||
requests:
|
||||
cpu: {{ kube_ovn_cni_server_cpu_request }}
|
||||
memory: {{ kube_ovn_cni_server_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_cni_server_cpu_limit }}
|
||||
memory: {{ kube_ovn_cni_server_memory_limit }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
- name: host-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
- name: shared-dir
|
||||
hostPath:
|
||||
path: /var/lib/kubelet/pods
|
||||
- name: systemid
|
||||
hostPath:
|
||||
path: /etc/origin/openvswitch
|
||||
- name: host-run-ovs
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: host-run-ovn
|
||||
hostPath:
|
||||
path: /run/ovn
|
||||
- name: cni-conf
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
- name: cni-bin
|
||||
hostPath:
|
||||
path: /opt/cni/bin
|
||||
- name: host-ns
|
||||
hostPath:
|
||||
path: /var/run/netns
|
||||
- name: host-log-ovs
|
||||
hostPath:
|
||||
path: /var/log/openvswitch
|
||||
- name: kube-ovn-log
|
||||
hostPath:
|
||||
path: /var/log/kube-ovn
|
||||
- name: host-log-ovn
|
||||
hostPath:
|
||||
path: /var/log/ovn
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: tmp
|
||||
hostPath:
|
||||
path: /tmp
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: kube-ovn-pinger
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
This daemon set launches the openvswitch daemon.
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kube-ovn-pinger
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-ovn-pinger
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
serviceAccountName: ovn
|
||||
hostPID: true
|
||||
containers:
|
||||
- name: pinger
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command:
|
||||
- /kube-ovn/kube-ovn-pinger
|
||||
args:
|
||||
- --external-address={{ kube_ovn_external_address }}{% if enable_dual_stack_networks %},{{ kube_ovn_external_address_ipv6 }}{% endif %}{{''}}
|
||||
- --external-dns={{ kube_ovn_external_dns }}
|
||||
- --logtostderr=false
|
||||
- --alsologtostderr=true
|
||||
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
|
||||
- --log_file_max_size=0
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: false
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: HOST_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.hostIP
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- mountPath: /lib/modules
|
||||
name: host-modules
|
||||
readOnly: true
|
||||
- mountPath: /run/openvswitch
|
||||
name: host-run-ovs
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-run-ovs
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
readOnly: true
|
||||
- mountPath: /etc/openvswitch
|
||||
name: host-config-openvswitch
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-log-ovs
|
||||
- mountPath: /var/log/ovn
|
||||
name: host-log-ovn
|
||||
- mountPath: /var/log/kube-ovn
|
||||
name: kube-ovn-log
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /var/run/tls
|
||||
name: kube-ovn-tls
|
||||
resources:
|
||||
requests:
|
||||
cpu: {{ kube_ovn_pinger_cpu_request }}
|
||||
memory: {{ kube_ovn_pinger_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_pinger_cpu_limit }}
|
||||
memory: {{ kube_ovn_pinger_memory_limit }}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
volumes:
|
||||
- name: host-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
- name: host-run-ovs
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: host-run-ovn
|
||||
hostPath:
|
||||
path: /run/ovn
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: host-config-openvswitch
|
||||
hostPath:
|
||||
path: /etc/origin/openvswitch
|
||||
- name: host-log-ovs
|
||||
hostPath:
|
||||
path: /var/log/openvswitch
|
||||
- name: kube-ovn-log
|
||||
hostPath:
|
||||
path: /var/log/kube-ovn
|
||||
- name: host-log-ovn
|
||||
hostPath:
|
||||
path: /var/log/ovn
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: kube-ovn-tls
|
||||
secret:
|
||||
optional: true
|
||||
secretName: kube-ovn-tls
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: kube-ovn-monitor
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
Metrics for OVN components: northd, nb and sb.
|
||||
spec:
|
||||
replicas: 1
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kube-ovn-monitor
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kube-ovn-monitor
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: kube-ovn-monitor
|
||||
topologyKey: kubernetes.io/hostname
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: ovn
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: kube-ovn-monitor
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command: ["/kube-ovn/start-ovn-monitor.sh"]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: false
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: KUBE_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
resources:
|
||||
requests:
|
||||
cpu: {{ kube_ovn_monitor_cpu_request }}
|
||||
memory: {{ kube_ovn_monitor_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_monitor_cpu_limit }}
|
||||
memory: {{ kube_ovn_monitor_memory_limit }}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-run-ovs
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
- mountPath: /etc/openvswitch
|
||||
name: host-config-openvswitch
|
||||
- mountPath: /etc/ovn
|
||||
name: host-config-ovn
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-log-ovs
|
||||
- mountPath: /var/log/ovn
|
||||
name: host-log-ovn
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /var/run/tls
|
||||
name: kube-ovn-tls
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- cat
|
||||
- /var/run/ovn/ovn-controller.pid
|
||||
periodSeconds: 10
|
||||
timeoutSeconds: 45
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- cat
|
||||
- /var/run/ovn/ovn-controller.pid
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 10
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 45
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
kube-ovn/role: "master"
|
||||
volumes:
|
||||
- name: host-run-ovs
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: host-run-ovn
|
||||
hostPath:
|
||||
path: /run/ovn
|
||||
- name: host-config-openvswitch
|
||||
hostPath:
|
||||
path: /etc/origin/openvswitch
|
||||
- name: host-config-ovn
|
||||
hostPath:
|
||||
path: /etc/origin/ovn
|
||||
- name: host-log-ovs
|
||||
hostPath:
|
||||
path: /var/log/openvswitch
|
||||
- name: host-log-ovn
|
||||
hostPath:
|
||||
path: /var/log/ovn
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: kube-ovn-tls
|
||||
secret:
|
||||
optional: true
|
||||
secretName: kube-ovn-tls
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-ovn-monitor
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: kube-ovn-monitor
|
||||
spec:
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 10661
|
||||
type: ClusterIP
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: kube-ovn-monitor
|
||||
sessionAffinity: None
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-ovn-pinger
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: kube-ovn-pinger
|
||||
spec:
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: kube-ovn-pinger
|
||||
ports:
|
||||
- port: 8080
|
||||
name: metrics
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-ovn-controller
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: kube-ovn-controller
|
||||
spec:
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: kube-ovn-controller
|
||||
ports:
|
||||
- port: 10660
|
||||
name: metrics
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kube-ovn-cni
|
||||
namespace: kube-system
|
||||
labels:
|
||||
app: kube-ovn-cni
|
||||
spec:
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: kube-ovn-cni
|
||||
ports:
|
||||
- port: 10665
|
||||
name: metrics
|
||||
@@ -0,0 +1,513 @@
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: ovn
|
||||
namespace: kube-system
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
annotations:
|
||||
rbac.authorization.k8s.io/system-only: "true"
|
||||
name: system:ovn
|
||||
rules:
|
||||
- apiGroups: ['policy']
|
||||
resources: ['podsecuritypolicies']
|
||||
verbs: ['use']
|
||||
resourceNames:
|
||||
- kube-ovn
|
||||
- apiGroups:
|
||||
- "kubeovn.io"
|
||||
resources:
|
||||
- vpcs
|
||||
- vpcs/status
|
||||
- vpc-nat-gateways
|
||||
- subnets
|
||||
- subnets/status
|
||||
- ips
|
||||
- vips
|
||||
- vips/status
|
||||
- vlans
|
||||
- vlans/status
|
||||
- provider-networks
|
||||
- provider-networks/status
|
||||
- security-groups
|
||||
- security-groups/status
|
||||
- htbqoses
|
||||
- iptables-eips
|
||||
- iptables-fip-rules
|
||||
- iptables-dnat-rules
|
||||
- iptables-snat-rules
|
||||
- iptables-eips/status
|
||||
- iptables-fip-rules/status
|
||||
- iptables-dnat-rules/status
|
||||
- iptables-snat-rules/status
|
||||
verbs:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- pods
|
||||
- pods/exec
|
||||
- namespaces
|
||||
- nodes
|
||||
- configmaps
|
||||
verbs:
|
||||
- create
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- "k8s.cni.cncf.io"
|
||||
resources:
|
||||
- network-attachment-definitions
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- apiGroups:
|
||||
- ""
|
||||
- networking.k8s.io
|
||||
- apps
|
||||
- extensions
|
||||
resources:
|
||||
- networkpolicies
|
||||
- services
|
||||
- endpoints
|
||||
- statefulsets
|
||||
- daemonsets
|
||||
- deployments
|
||||
- deployments/scale
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- update
|
||||
- patch
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
- update
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- "*"
|
||||
- apiGroups:
|
||||
- "k8s.cni.cncf.io"
|
||||
resources:
|
||||
- network-attachment-definitions
|
||||
verbs:
|
||||
- create
|
||||
- delete
|
||||
- get
|
||||
- list
|
||||
- update
|
||||
- apiGroups:
|
||||
- "kubevirt.io"
|
||||
resources:
|
||||
- virtualmachines
|
||||
- virtualmachineinstances
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: ovn
|
||||
roleRef:
|
||||
name: system:ovn
|
||||
kind: ClusterRole
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: ovn
|
||||
namespace: kube-system
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ovn-nb
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- name: ovn-nb
|
||||
protocol: TCP
|
||||
port: 6641
|
||||
targetPort: 6641
|
||||
type: ClusterIP
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: ovn-central
|
||||
ovn-nb-leader: "true"
|
||||
sessionAffinity: None
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ovn-sb
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- name: ovn-sb
|
||||
protocol: TCP
|
||||
port: 6642
|
||||
targetPort: 6642
|
||||
type: ClusterIP
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: ovn-central
|
||||
ovn-sb-leader: "true"
|
||||
sessionAffinity: None
|
||||
---
|
||||
kind: Service
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: ovn-northd
|
||||
namespace: kube-system
|
||||
spec:
|
||||
ports:
|
||||
- name: ovn-northd
|
||||
protocol: TCP
|
||||
port: 6643
|
||||
targetPort: 6643
|
||||
type: ClusterIP
|
||||
{% if enable_dual_stack_networks %}
|
||||
ipFamilyPolicy: PreferDualStack
|
||||
{% endif %}
|
||||
selector:
|
||||
app: ovn-central
|
||||
ovn-northd-leader: "true"
|
||||
sessionAffinity: None
|
||||
---
|
||||
kind: Deployment
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: ovn-central
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
OVN components: northd, nb and sb.
|
||||
spec:
|
||||
replicas: {{ kube_ovn_central_replics }}
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 0
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ovn-central
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ovn-central
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchLabels:
|
||||
app: ovn-central
|
||||
topologyKey: kubernetes.io/hostname
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: ovn
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: ovn-central
|
||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command: ["/kube-ovn/start-db.sh"]
|
||||
securityContext:
|
||||
capabilities:
|
||||
add: ["SYS_NICE"]
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
- name: POD_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.namespace
|
||||
resources:
|
||||
requests:
|
||||
cpu: {{ kube_ovn_db_cpu_request }}
|
||||
memory: {{ kube_ovn_db_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_db_cpu_limit }}
|
||||
memory: {{ kube_ovn_db_memory_limit }}
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-run-ovs
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
readOnly: true
|
||||
- mountPath: /etc/openvswitch
|
||||
name: host-config-openvswitch
|
||||
- mountPath: /etc/ovn
|
||||
name: host-config-ovn
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-log-ovs
|
||||
- mountPath: /var/log/ovn
|
||||
name: host-log-ovn
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /var/run/tls
|
||||
name: kube-ovn-tls
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- /kube-ovn/ovn-healthcheck.sh
|
||||
periodSeconds: 15
|
||||
timeoutSeconds: 45
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
- /kube-ovn/ovn-healthcheck.sh
|
||||
initialDelaySeconds: 30
|
||||
periodSeconds: 15
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 45
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
kube-ovn/role: "master"
|
||||
volumes:
|
||||
- name: host-run-ovs
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: host-run-ovn
|
||||
hostPath:
|
||||
path: /run/ovn
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: host-config-openvswitch
|
||||
hostPath:
|
||||
path: /etc/origin/openvswitch
|
||||
- name: host-config-ovn
|
||||
hostPath:
|
||||
path: /etc/origin/ovn
|
||||
- name: host-log-ovs
|
||||
hostPath:
|
||||
path: /var/log/openvswitch
|
||||
- name: host-log-ovn
|
||||
hostPath:
|
||||
path: /var/log/ovn
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: kube-ovn-tls
|
||||
secret:
|
||||
optional: true
|
||||
secretName: kube-ovn-tls
|
||||
---
|
||||
kind: DaemonSet
|
||||
apiVersion: apps/v1
|
||||
metadata:
|
||||
name: ovs-ovn
|
||||
namespace: kube-system
|
||||
annotations:
|
||||
kubernetes.io/description: |
|
||||
This daemon set launches the openvswitch daemon.
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: ovs
|
||||
updateStrategy:
|
||||
type: OnDelete
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: ovs
|
||||
component: network
|
||||
type: infra
|
||||
spec:
|
||||
tolerations:
|
||||
- operator: Exists
|
||||
priorityClassName: system-cluster-critical
|
||||
serviceAccountName: ovn
|
||||
hostNetwork: true
|
||||
hostPID: true
|
||||
containers:
|
||||
- name: openvswitch
|
||||
image: {% if kube_ovn_dpdk_enabled %}{{ kube_ovn_dpdk_container_image_repo }}:{{ kube_ovn_dpdk_container_image_tag }}{% else %}{{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}{% endif %}
|
||||
|
||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||
command: [{% if kube_ovn_dpdk_enabled %}"/kube-ovn/start-ovs-dpdk.sh"{% else %}"/kube-ovn/start-ovs.sh"{% endif %}]
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
privileged: true
|
||||
env:
|
||||
- name: ENABLE_SSL
|
||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||
- name: POD_IP
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: status.podIP
|
||||
{% if not kube_ovn_dpdk_enabled %}
|
||||
- name: HW_OFFLOAD
|
||||
value: "{{ kube_ovn_hw_offload | string | lower }}"
|
||||
- name: TUNNEL_TYPE
|
||||
value: "{{ kube_ovn_tunnel_type }}"
|
||||
{% endif %}
|
||||
- name: KUBE_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/netns
|
||||
name: host-ns
|
||||
mountPropagation: HostToContainer
|
||||
- mountPath: /lib/modules
|
||||
name: host-modules
|
||||
readOnly: true
|
||||
- mountPath: /var/run/openvswitch
|
||||
name: host-run-ovs
|
||||
- mountPath: /var/run/ovn
|
||||
name: host-run-ovn
|
||||
- mountPath: /sys
|
||||
name: host-sys
|
||||
readOnly: true
|
||||
- mountPath: /etc/cni/net.d
|
||||
name: cni-conf
|
||||
- mountPath: /etc/openvswitch
|
||||
name: host-config-openvswitch
|
||||
- mountPath: /etc/ovn
|
||||
name: host-config-ovn
|
||||
- mountPath: /var/log/openvswitch
|
||||
name: host-log-ovs
|
||||
- mountPath: /var/log/ovn
|
||||
name: host-log-ovn
|
||||
{% if kube_ovn_dpdk_enabled %}
|
||||
- mountPath: /opt/ovs-config
|
||||
name: host-config-ovs
|
||||
- mountPath: /dev/hugepages
|
||||
name: hugepage
|
||||
{% endif %}
|
||||
- mountPath: /etc/localtime
|
||||
name: localtime
|
||||
- mountPath: /var/run/tls
|
||||
name: kube-ovn-tls
|
||||
readinessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
{% if kube_ovn_dpdk_enabled %}
|
||||
- /kube-ovn/ovs-dpdk-healthcheck.sh
|
||||
{% else %}
|
||||
- /kube-ovn/ovs-healthcheck.sh
|
||||
{% endif %}
|
||||
periodSeconds: 5
|
||||
timeoutSeconds: 45
|
||||
livenessProbe:
|
||||
exec:
|
||||
command:
|
||||
- bash
|
||||
{% if kube_ovn_dpdk_enabled %}
|
||||
- /kube-ovn/ovs-dpdk-healthcheck.sh
|
||||
{% else %}
|
||||
- /kube-ovn/ovs-healthcheck.sh
|
||||
{% endif %}
|
||||
initialDelaySeconds: 10
|
||||
periodSeconds: 5
|
||||
failureThreshold: 5
|
||||
timeoutSeconds: 45
|
||||
resources:
|
||||
{% if kube_ovn_dpdk_enabled %}
|
||||
requests:
|
||||
cpu: {{ kube_ovn_dpdk_node_cpu_request }}
|
||||
memory: {{ kube_ovn_dpdk_node_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_dpdk_node_cpu_limit }}
|
||||
memory: {{ kube_ovn_dpdk_node_memory_limit }}
|
||||
hugepages-1Gi: 1Gi
|
||||
{% else %}
|
||||
requests:
|
||||
cpu: {{ kube_ovn_node_cpu_request }}
|
||||
memory: {{ kube_ovn_node_memory_request }}
|
||||
limits:
|
||||
cpu: {{ kube_ovn_node_cpu_limit }}
|
||||
memory: {{ kube_ovn_node_memory_limit }}
|
||||
{% endif %}
|
||||
nodeSelector:
|
||||
kubernetes.io/os: "linux"
|
||||
ovn.kubernetes.io/ovs_dp_type: "kernel"
|
||||
volumes:
|
||||
- name: host-modules
|
||||
hostPath:
|
||||
path: /lib/modules
|
||||
- name: host-run-ovs
|
||||
hostPath:
|
||||
path: /run/openvswitch
|
||||
- name: host-run-ovn
|
||||
hostPath:
|
||||
path: /run/ovn
|
||||
- name: host-sys
|
||||
hostPath:
|
||||
path: /sys
|
||||
- name: host-ns
|
||||
hostPath:
|
||||
path: /var/run/netns
|
||||
- name: cni-conf
|
||||
hostPath:
|
||||
path: /etc/cni/net.d
|
||||
- name: host-config-openvswitch
|
||||
hostPath:
|
||||
path: /etc/origin/openvswitch
|
||||
- name: host-config-ovn
|
||||
hostPath:
|
||||
path: /etc/origin/ovn
|
||||
- name: host-log-ovs
|
||||
hostPath:
|
||||
path: /var/log/openvswitch
|
||||
- name: host-log-ovn
|
||||
hostPath:
|
||||
path: /var/log/ovn
|
||||
{% if kube_ovn_dpdk_enabled %}
|
||||
- name: host-config-ovs
|
||||
hostPath:
|
||||
path: /opt/ovs-config
|
||||
type: DirectoryOrCreate
|
||||
- name: hugepage
|
||||
emptyDir:
|
||||
medium: HugePages
|
||||
{% endif %}
|
||||
- name: localtime
|
||||
hostPath:
|
||||
path: /etc/localtime
|
||||
- name: kube-ovn-tls
|
||||
secret:
|
||||
optional: true
|
||||
secretName: kube-ovn-tls
|
||||
Reference in New Issue
Block a user