Code Review / iec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Upgrade ovn-kubernetes CNI to latest release
[iec.git] / src / foundation / scripts / cni / ovn-kubernetes / templates / ovnkube-db-raft.yaml.j2
1 # service to expose the ovnkube-db pod
2 apiVersion: v1
3 kind: Service
4 metadata:
5   name: ovnkube-db
6   namespace: ovn-kubernetes
7 spec:
8   ports:
9   - name: north
10     port: 6641
11     protocol: TCP
12     targetPort: 6641
13   - name: south
14     port: 6642
15     protocol: TCP
16     targetPort: 6642
17   sessionAffinity: None
18   clusterIP: None
19   type: ClusterIP
20
21 ---
22
23 # ovndb-raft PodDisruptBudget to prevent majority of ovnkube raft cluster
24 # nodes from disruption
25 apiVersion: policy/v1beta1
26 kind: PodDisruptionBudget
27 metadata:
28   name: ovndb-raft-pdb
29   namespace: ovn-kubernetes
30 spec:
31   minAvailable: {{ ovn_db_minAvailable | default(2) }}
32   selector:
33     matchLabels:
34       name: ovnkube-db
35
36 ---
37
38 # ovnkube-db raft statefulset
39 # daemonset version 3
40 # starts ovn NB/SB ovsdb daemons, each in a separate container
41 #
42 kind: StatefulSet
43 apiVersion: apps/v1
44 metadata:
45   name: ovnkube-db
46   namespace: ovn-kubernetes
47   annotations:
48     kubernetes.io/description: |
49       This statefulset launches the OVN Northbound/Southbound Database raft clusters.
50 spec:
51   serviceName: ovnkube-db
52   podManagementPolicy: "Parallel"
53   replicas: {{ ovn_db_replicas | default(3) }}
54   revisionHistoryLimit: 10
55   selector:
56     matchLabels:
57       name: ovnkube-db
58   template:
59     metadata:
60       labels:
61         name: ovnkube-db
62         component: network
63         type: infra
64         kubernetes.io/os: "linux"
65       annotations:
66         scheduler.alpha.kubernetes.io/critical-pod: ''
67     spec:
68       terminationGracePeriodSeconds: 30
69       imagePullSecrets:
70         - name: registry-credentials
71       serviceAccountName: ovn
72       hostNetwork: true
73
74       # required to be scheduled on node with k8s.ovn.org/ovnkube-db=true label but can
75       # only have one instance per node
76       affinity:
77         nodeAffinity:
78           requiredDuringSchedulingIgnoredDuringExecution:
79             nodeSelectorTerms:
80             - matchExpressions:
81               - key: k8s.ovn.org/ovnkube-db
82                 operator: In
83                 values:
84                 - "true"
85         podAntiAffinity:
86           requiredDuringSchedulingIgnoredDuringExecution:
87           - labelSelector:
88               matchExpressions:
89               - key: name
90                 operator: In
91                 values:
92                 - ovnkube-db
93             topologyKey: kubernetes.io/hostname
94
95       containers:
96       # nb-ovsdb - v3
97       - name: nb-ovsdb
98         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
99         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
100         command: ["/root/ovnkube.sh", "nb-ovsdb-raft"]
101
102         readinessProbe:
103           exec:
104             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db-raft"]
105           initialDelaySeconds: 30
106           timeoutSeconds: 30
107           periodSeconds: 60
108
109         securityContext:
110           runAsUser: 0
111           capabilities:
112             add: ["NET_ADMIN"]
113
114         terminationMessagePolicy: FallbackToLogsOnError
115         volumeMounts:
116         # ovn db is stored in the pod in /etc/openvswitch
117         # (or in /etc/ovn if OVN from new repository is used)
118         # and on the host in /var/lib/openvswitch/
119         - mountPath: /etc/openvswitch/
120           name: host-var-lib-ovs
121         - mountPath: /etc/ovn/
122           name: host-var-lib-ovs
123         - mountPath: /var/log/openvswitch/
124           name: host-var-log-ovs
125         - mountPath: /var/log/ovn/
126           name: host-var-log-ovs
127         - mountPath: /var/run/openvswitch/
128           name: host-var-run-ovs
129         - mountPath: /var/run/ovn/
130           name: host-var-run-ovs
131         - mountPath: /ovn-cert
132           name: host-ovn-cert
133           readOnly: true
134
135         resources:
136           requests:
137             cpu: 100m
138             memory: 300Mi
139         env:
140         - name: OVN_DAEMONSET_VERSION
141           value: "3"
142         - name: OVN_LOGLEVEL_NB
143           value: "{{ ovn_loglevel_nb }}"
144         - name: K8S_APISERVER
145           valueFrom:
146             configMapKeyRef:
147               name: ovn-config
148               key: k8s_apiserver
149         - name: OVN_KUBERNETES_NAMESPACE
150           valueFrom:
151             fieldRef:
152               fieldPath: metadata.namespace
153         - name: POD_NAME
154           valueFrom:
155             fieldRef:
156               fieldPath: metadata.name
157         - name: K8S_NODE_IP
158           valueFrom:
159             fieldRef:
160               fieldPath: status.hostIP
161         - name: OVN_SSL_ENABLE
162           value: "{{ ovn_ssl_en }}"
163       # end of container
164
165       # sb-ovsdb - v3
166       - name: sb-ovsdb
167         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
168         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
169         command: ["/root/ovnkube.sh", "sb-ovsdb-raft"]
170
171         readinessProbe:
172           exec:
173             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db-raft"]
174           initialDelaySeconds: 30
175           timeoutSeconds: 30
176           periodSeconds: 60
177
178         securityContext:
179           runAsUser: 0
180           capabilities:
181             add: ["NET_ADMIN"]
182
183         terminationMessagePolicy: FallbackToLogsOnError
184         volumeMounts:
185         # ovn db is stored in the pod in /etc/openvswitch
186         # (or in /etc/ovn if OVN from new repository is used)
187         # and on the host in /var/lib/openvswitch/
188         - mountPath: /etc/openvswitch/
189           name: host-var-lib-ovs
190         - mountPath: /etc/ovn/
191           name: host-var-lib-ovs
192         - mountPath: /var/log/openvswitch/
193           name: host-var-log-ovs
194         - mountPath: /var/log/ovn/
195           name: host-var-log-ovs
196         - mountPath: /var/run/openvswitch/
197           name: host-var-run-ovs
198         - mountPath: /var/run/ovn/
199           name: host-var-run-ovs
200         - mountPath: /ovn-cert
201           name: host-ovn-cert
202           readOnly: true
203
204         resources:
205           requests:
206             cpu: 100m
207             memory: 300Mi
208         env:
209         - name: OVN_DAEMONSET_VERSION
210           value: "3"
211         - name: OVN_LOGLEVEL_SB
212           value: "{{ ovn_loglevel_sb }}"
213         - name: K8S_APISERVER
214           valueFrom:
215             configMapKeyRef:
216               name: ovn-config
217               key: k8s_apiserver
218         - name: OVN_KUBERNETES_NAMESPACE
219           valueFrom:
220             fieldRef:
221               fieldPath: metadata.namespace
222         - name: POD_NAME
223           valueFrom:
224             fieldRef:
225               fieldPath: metadata.name
226         - name: K8S_NODE_IP
227           valueFrom:
228             fieldRef:
229               fieldPath: status.hostIP
230         - name: OVN_SSL_ENABLE
231           value: "{{ ovn_ssl_en }}"
232       # end of container
233
234       # db-metrics-exporter - v3
235       - name: db-metrics-exporter
236         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
237         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
238         command: ["/root/ovnkube.sh", "db-raft-metrics"]
239
240         securityContext:
241           runAsUser: 0
242           capabilities:
243             add: ["NET_ADMIN"]
244
245         terminationMessagePolicy: FallbackToLogsOnError
246         volumeMounts:
247           # ovn db is stored in the pod in /etc/openvswitch
248           # (or in /etc/ovn if OVN from new repository is used)
249           # and on the host in /var/lib/openvswitch/
250           - mountPath: /etc/openvswitch/
251             name: host-var-lib-ovs
252           - mountPath: /etc/ovn/
253             name: host-var-lib-ovs
254           - mountPath: /var/run/openvswitch/
255             name: host-var-run-ovs
256           - mountPath: /var/run/ovn/
257             name: host-var-run-ovs
258           - mountPath: /ovn-cert
259             name: host-ovn-cert
260             readOnly: true
261
262         resources:
263           requests:
264             cpu: 100m
265             memory: 300Mi
266         env:
267           - name: OVN_DAEMONSET_VERSION
268             value: "3"
269           - name: K8S_APISERVER
270             valueFrom:
271               configMapKeyRef:
272                 name: ovn-config
273                 key: k8s_apiserver
274           - name: OVN_KUBERNETES_NAMESPACE
275             valueFrom:
276               fieldRef:
277                 fieldPath: metadata.namespace
278           - name: OVN_SSL_ENABLE
279             value: "{{ ovn_ssl_en }}"
280       # end of container
281
282       volumes:
283       - name: host-var-log-ovs
284         hostPath:
285           path: /var/log/openvswitch
286       - name: host-var-lib-ovs
287         hostPath:
288           path: /var/lib/openvswitch
289       - name: host-var-run-ovs
290         hostPath:
291           path: /var/run/openvswitch
292       - name: host-ovn-cert
293         hostPath:
294           path: /etc/ovn
295           type: DirectoryOrCreate
296       tolerations:
297       - operator: "Exists"