src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db-vip.yaml.j2

   1 # service to expose the ovnkube-db pod
   2 apiVersion: v1
   3 kind: Service
   4 metadata:
   5   name: ovnkube-db
   6   namespace: ovn-kubernetes
   7 spec:
   8   ports:
   9   - name: north
  10     port: 6641
  11     protocol: TCP
  12     targetPort: 6641
  13   - name: south
  14     port: 6642
  15     protocol: TCP
  16     targetPort: 6642
  17   sessionAffinity: None
  18   clusterIP: None
  19   type: ClusterIP
  20
  21 ---
  22
  23 # ovnkube-db HA using Corosync/Pacemaker
  24 # daemonset version 3
  25 # starts ovn NB/SB ovsdb daemons in a single container
  26 kind: Deployment
  27 apiVersion: apps/v1
  28 metadata:
  29   name: ovnkube-db
  30   # namespace set up by install
  31   namespace: ovn-kubernetes
  32   annotations:
  33     kubernetes.io/description: |
  34       This daemonset launches the OVN NB/SB DB server in a single container.
  35 spec:
  36   progressDeadlineSeconds: 600
  37   replicas: {{ ovn_db_replicas | default(3) }}
  38   revisionHistoryLimit: 10
  39   selector:
  40     matchLabels:
  41       name: ovnkube-db
  42   strategy:
  43     rollingUpdate:
  44       maxSurge: 25%
  45       maxUnavailable: 25%
  46     type: RollingUpdate
  47   template:
  48     metadata:
  49       labels:
  50         name: ovnkube-db
  51         component: network
  52         type: infra
  53         kubernetes.io/os: "linux"
  54       annotations:
  55         scheduler.alpha.kubernetes.io/critical-pod: ''
  56     spec:
  57       # Requires fairly broad permissions - ability to read all services and network functions as well
  58       # as all pods.
  59       serviceAccountName: ovn
  60       hostNetwork: true
  61       # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can
  62       # only have one instance per node
  63       affinity:
  64         nodeAffinity:
  65           requiredDuringSchedulingIgnoredDuringExecution:
  66             nodeSelectorTerms:
  67             - matchExpressions:
  68               - key: openvswitch.org/ovnkube-db
  69                 operator: In
  70                 values:
  71                 - "true"
  72         podAntiAffinity:
  73           requiredDuringSchedulingIgnoredDuringExecution:
  74           - labelSelector:
  75               matchExpressions:
  76               - key: name
  77                 operator: In
  78                 values:
  79                 - ovnkube-db
  80             topologyKey: kubernetes.io/hostname
  81
  82       containers:
  83       # ovsdb with corosync in one container - v3
  84       - name: ovsdb
  85         image: "{{ ovn_db_vip_image | default('docker.io/ovnkube/ovndb-vip-u:latest') }}"
  86         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  87         command: ["/root/ovndb-vip.sh", "run-ovndb"]
  88
  89         securityContext:
  90           runAsUser: 0
  91           capabilities:
  92             add: ["NET_ADMIN"]
  93
  94         terminationMessagePolicy: FallbackToLogsOnError
  95         volumeMounts:
  96         # ovn db is stored in the pod in /etc/openvswitch
  97         # (or in /etc/ovn if OVN from new repository is used)
  98         # and on the host in /var/lib/openvswitch/
  99         - mountPath: /etc/openvswitch/
 100           name: host-var-lib-ovs
 101         - mountPath: /etc/ovn/
 102           name: host-var-lib-ovs
 103         - mountPath: /var/log/openvswitch/
 104           name: host-var-log-ovs
 105         - mountPath: /var/log/ovn/
 106           name: host-var-log-ovs
 107         - mountPath: /etc/corosync
 108           name: host-etc-corosync
 109         - mountPath: /var/log/corosync
 110           name: host-var-log-corosync
 111         - mountPath: /dev/shm
 112           name: dshm
 113
 114         resources:
 115           requests:
 116             cpu: 100m
 117             memory: 1024Mi
 118         env:
 119         - name: OVN_DAEMONSET_VERSION
 120           value: "3"
 121         - name: OVN_LOGLEVEL_NB
 122           value: "{{ ovn_loglevel_nb }}"
 123         - name: K8S_APISERVER
 124           valueFrom:
 125             configMapKeyRef:
 126               name: ovn-config
 127               key: k8s_apiserver
 128         - name: OVN_KUBERNETES_NAMESPACE
 129           valueFrom:
 130             fieldRef:
 131               fieldPath: metadata.namespace
 132         - name: K8S_NODE_IP
 133           valueFrom:
 134             fieldRef:
 135               fieldPath: status.hostIP
 136         - name: OVN_DB_VIP
 137           value: "{{ ovn_db_vip }}"
 138       # end of container
 139
 140       volumes:
 141       - name: host-var-lib-ovs
 142         hostPath:
 143           path: /var/lib/openvswitch
 144       - name: host-var-log-ovs
 145         hostPath:
 146           path: /var/log/openvswitch
 147       - name: host-var-log-corosync
 148         hostPath:
 149           path: /var/log/corosync
 150       - name: host-etc-corosync
 151         hostPath:
 152           path: /etc/corosync
 153       - name: dshm
 154         emptyDir:
 155           medium: Memory
 156
 157       tolerations:
 158       - operator: "Exists"