src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db.yaml.j2

   1 # ovnkube-db
   2 # daemonset version 3
   3 # starts ovn NB/SB ovsdb daemons, each in a separate container
   4 # it is running on master node for now, but does not need to be the case
   5 kind: Deployment
   6 apiVersion: apps/v1
   7 metadata:
   8   name: ovnkube-db
   9   # namespace set up by install
  10   namespace: ovn-kubernetes
  11   annotations:
  12     kubernetes.io/description: |
  13       This daemonset launches the OVN NB/SB ovsdb service components.
  14 spec:
  15   progressDeadlineSeconds: 600
  16   replicas: 1
  17   revisionHistoryLimit: 10
  18   selector:
  19     matchLabels:
  20       name: ovnkube-db
  21   strategy:
  22     rollingUpdate:
  23       maxSurge: 25%
  24       maxUnavailable: 25%
  25     type: RollingUpdate
  26   template:
  27     metadata:
  28       labels:
  29         name: ovnkube-db
  30         component: network
  31         type: infra
  32         openshift.io/component: network
  33         beta.kubernetes.io/os: "linux"
  34       annotations:
  35         scheduler.alpha.kubernetes.io/critical-pod: ''
  36     spec:
  37       # Requires fairly broad permissions - ability to read all services and network functions as well
  38       # as all pods.
  39       serviceAccountName: ovn
  40       hostNetwork: true
  41       containers:
  42       # firewall rules for ovn - assumed to be setup
  43       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT
  44       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT
  45
  46       # nb-ovsdb - v3
  47       - name: nb-ovsdb
  48         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
  49         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  50
  51         command: ["/root/ovnkube.sh", "nb-ovsdb"]
  52
  53         securityContext:
  54           runAsUser: 0
  55           capabilities:
  56             add: ["NET_ADMIN"]
  57
  58         volumeMounts:
  59         # ovn db is stored in the pod in /etc/openvswitch
  60         # and on the host in /var/lib/openvswitch/
  61         - mountPath: /etc/openvswitch/
  62           name: host-var-lib-ovs
  63         - mountPath: /var/log/openvswitch/
  64           name: host-var-log-ovs
  65
  66         resources:
  67           requests:
  68             cpu: 100m
  69             memory: 300Mi
  70         env:
  71         - name: OVN_DAEMONSET_VERSION
  72           value: "3"
  73         - name: OVN_LOG_NB
  74           value: "-vconsole:info -vfile:info"
  75         - name: K8S_APISERVER
  76           valueFrom:
  77             configMapKeyRef:
  78               name: ovn-config
  79               key: k8s_apiserver
  80         - name: OVN_KUBERNETES_NAMESPACE
  81           valueFrom:
  82             fieldRef:
  83               fieldPath: metadata.namespace
  84         ports:
  85         - name: healthz
  86           containerPort: 10256
  87         # TODO: Temporarily disabled until we determine how to wait for clean default
  88         # config
  89         # livenessProbe:
  90         #   initialDelaySeconds: 10
  91         #   httpGet:
  92         #     path: /healthz
  93         #     port: 10256
  94         #     scheme: HTTP
  95         lifecycle:
  96       # end of container
  97
  98       # sb-ovsdb - v3
  99       - name: sb-ovsdb
 100         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 101         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 102
 103         command: ["/root/ovnkube.sh", "sb-ovsdb"]
 104
 105         securityContext:
 106           runAsUser: 0
 107           capabilities:
 108             add: ["NET_ADMIN"]
 109
 110         volumeMounts:
 111         # ovn db is stored in the pod in /etc/openvswitch
 112         # and on the host in /var/lib/openvswitch/
 113         - mountPath: /etc/openvswitch/
 114           name: host-var-lib-ovs
 115         - mountPath: /var/log/openvswitch/
 116           name: host-var-log-ovs
 117
 118         resources:
 119           requests:
 120             cpu: 100m
 121             memory: 300Mi
 122         env:
 123         - name: OVN_DAEMONSET_VERSION
 124           value: "3"
 125         - name: OVN_LOG_SB
 126           value: "-vconsole:info -vfile:info"
 127         - name: K8S_APISERVER
 128           valueFrom:
 129             configMapKeyRef:
 130               name: ovn-config
 131               key: k8s_apiserver
 132         - name: OVN_KUBERNETES_NAMESPACE
 133           valueFrom:
 134             fieldRef:
 135               fieldPath: metadata.namespace
 136         ports:
 137         - name: healthz
 138           containerPort: 10255
 139         # TODO: Temporarily disabled until we determine how to wait for clean default
 140         # config
 141         # livenessProbe:
 142         #   initialDelaySeconds: 10
 143         #   httpGet:
 144         #     path: /healthz
 145         #     port: 10255
 146         #     scheme: HTTP
 147         lifecycle:
 148       # end of container
 149
 150       nodeSelector:
 151         node-role.kubernetes.io/master: ""
 152         beta.kubernetes.io/os: "linux"
 153       volumes:
 154       - name: host-var-lib-ovs
 155         hostPath:
 156           path: /var/lib/openvswitch
 157       - name: host-var-log-ovs
 158         hostPath:
 159           path: /var/log/openvswitch
 160       tolerations:
 161       - operator: "Exists"