src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db-vip.yaml.j2

   1 # ovnkube-db HA using Corosync/Pacemaker
   2 # daemonset version 3
   3 # starts ovn NB/SB ovsdb daemons in a single container
   4 kind: Deployment
   5 apiVersion: apps/v1
   6 metadata:
   7   name: ovnkube-db
   8   # namespace set up by install
   9   namespace: ovn-kubernetes
  10   annotations:
  11     kubernetes.io/description: |
  12       This daemonset launches the OVN NB/SB DB server in a single container.
  13 spec:
  14   progressDeadlineSeconds: 600
  15   replicas: {{ ovn_db_replicas | default(3) }}
  16   revisionHistoryLimit: 10
  17   selector:
  18     matchLabels:
  19       name: ovnkube-db
  20   strategy:
  21     rollingUpdate:
  22       maxSurge: 25%
  23       maxUnavailable: 25%
  24     type: RollingUpdate
  25   template:
  26     metadata:
  27       labels:
  28         name: ovnkube-db
  29         component: network
  30         type: infra
  31         openshift.io/component: network
  32         beta.kubernetes.io/os: "linux"
  33       annotations:
  34         scheduler.alpha.kubernetes.io/critical-pod: ''
  35     spec:
  36       # Requires fairly broad permissions - ability to read all services and network functions as well
  37       # as all pods.
  38       serviceAccountName: ovn
  39       hostNetwork: true
  40       # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can
  41       # only have one instance per node
  42       affinity:
  43         nodeAffinity:
  44           requiredDuringSchedulingIgnoredDuringExecution:
  45             nodeSelectorTerms:
  46             - matchExpressions:
  47               - key: openvswitch.org/ovnkube-db
  48                 operator: In
  49                 values:
  50                 - "true"
  51         podAntiAffinity:
  52           requiredDuringSchedulingIgnoredDuringExecution:
  53           - labelSelector:
  54               matchExpressions:
  55               - key: name
  56                 operator: In
  57                 values:
  58                 - ovnkube-db
  59             topologyKey: kubernetes.io/hostname
  60
  61       containers:
  62       # ovsdb with corosync in one container - v3
  63       - name: ovsdb
  64         image: "{{ ovn_db_vip_image | default('docker.io/ovnkube/ovndb-vip-u:latest') }}"
  65         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  66         command: ["/root/ovndb-vip.sh", "run-ovndb"]
  67
  68         securityContext:
  69           runAsUser: 0
  70           capabilities:
  71             add: ["NET_ADMIN"]
  72
  73         volumeMounts:
  74         # ovn db is stored in the pod in /etc/openvswitch
  75         # and on the host in /var/lib/openvswitch/
  76         - mountPath: /etc/openvswitch/
  77           name: host-var-lib-ovs
  78         - mountPath: /var/log/openvswitch/
  79           name: host-var-log-ovs
  80         - mountPath: /etc/corosync
  81           name: host-etc-corosync
  82         - mountPath: /var/log/corosync
  83           name: host-var-log-corosync
  84         - mountPath: /dev/shm
  85           name: dshm
  86
  87         resources:
  88           requests:
  89             cpu: 100m
  90             memory: 1024Mi
  91         env:
  92         - name: OVN_DAEMONSET_VERSION
  93           value: "3"
  94         - name: OVN_LOG_NB
  95           value: "-vconsole:info -vfile:info"
  96         - name: K8S_APISERVER
  97           valueFrom:
  98             configMapKeyRef:
  99               name: ovn-config
 100               key: k8s_apiserver
 101         - name: OVN_KUBERNETES_NAMESPACE
 102           valueFrom:
 103             fieldRef:
 104               fieldPath: metadata.namespace
 105         - name: OVN_DB_VIP
 106           value: "{{ ovn_db_vip }}"
 107         ports:
 108         - name: healthz
 109           containerPort: 10256
 110         # TODO: Temporarily disabled until we determine how to wait for clean default
 111         # config
 112         # livenessProbe:
 113         #   initialDelaySeconds: 10
 114         #   httpGet:
 115         #     path: /healthz
 116         #     port: 10256
 117         #     scheme: HTTP
 118         lifecycle:
 119       # end of container
 120
 121       volumes:
 122       - name: host-var-lib-ovs
 123         hostPath:
 124           path: /var/lib/openvswitch
 125       - name: host-var-log-ovs
 126         hostPath:
 127           path: /var/log/openvswitch
 128       - name: host-var-log-corosync
 129         hostPath:
 130           path: /var/log/corosync
 131       - name: host-etc-corosync
 132         hostPath:
 133           path: /etc/corosync
 134       - name: dshm
 135         emptyDir:
 136           medium: Memory
 137
 138       tolerations:
 139       - operator: "Exists"