1 # service to expose the ovnkube-db pod
6 namespace: ovn-kubernetes
25 # starts ovn NB/SB ovsdb daemons, each in a separate container
26 # it is running on master for now, but does not need to be the case
31 # namespace set up by install
32 namespace: ovn-kubernetes
34 kubernetes.io/description: |
35 This daemonset launches the OVN NB/SB ovsdb service components.
37 progressDeadlineSeconds: 600
39 revisionHistoryLimit: 10
54 kubernetes.io/os: "linux"
56 scheduler.alpha.kubernetes.io/critical-pod: ''
58 # Requires fairly broad permissions - ability to read all services and network functions as well
60 serviceAccountName: ovn
63 # firewall rules for ovn - assumed to be setup
64 # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT
65 # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT
69 image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
70 imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
72 command: ["/root/ovnkube.sh", "nb-ovsdb"]
79 terminationMessagePolicy: FallbackToLogsOnError
81 # ovn db is stored in the pod in /etc/openvswitch
82 # (or in /etc/ovn if OVN from new repository is used)
83 # and on the host in /var/lib/openvswitch/
84 - mountPath: /etc/openvswitch/
85 name: host-var-lib-ovs
86 - mountPath: /etc/ovn/
87 name: host-var-lib-ovs
88 - mountPath: /var/log/openvswitch/
89 name: host-var-log-ovs
90 - mountPath: /var/log/ovn/
91 name: host-var-log-ovs
92 # for the iptables wrapper
96 - mountPath: /ovn-cert
105 - name: OVN_DAEMONSET_VERSION
107 - name: OVN_LOGLEVEL_NB
108 value: "{{ ovn_loglevel_nb }}"
109 - name: K8S_APISERVER
114 - name: OVN_KUBERNETES_NAMESPACE
117 fieldPath: metadata.namespace
121 fieldPath: status.hostIP
122 - name: OVN_SSL_ENABLE
123 value: "{{ ovn_ssl_en }}"
126 command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db"]
127 initialDelaySeconds: 30
134 image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
135 imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
137 command: ["/root/ovnkube.sh", "sb-ovsdb"]
144 terminationMessagePolicy: FallbackToLogsOnError
146 # ovn db is stored in the pod in /etc/openvswitch
147 # (or in /etc/ovn if OVN from new repository is used)
148 # and on the host in /var/lib/openvswitch/
149 - mountPath: /etc/openvswitch/
150 name: host-var-lib-ovs
151 - mountPath: /etc/ovn/
152 name: host-var-lib-ovs
153 - mountPath: /var/log/openvswitch/
154 name: host-var-log-ovs
155 - mountPath: /var/log/ovn/
156 name: host-var-log-ovs
157 # for the iptables wrapper
161 - mountPath: /ovn-cert
170 - name: OVN_DAEMONSET_VERSION
172 - name: OVN_LOGLEVEL_SB
173 value: "{{ ovn_loglevel_sb }}"
174 - name: K8S_APISERVER
179 - name: OVN_KUBERNETES_NAMESPACE
182 fieldPath: metadata.namespace
186 fieldPath: status.hostIP
187 - name: OVN_SSL_ENABLE
188 value: "{{ ovn_ssl_en }}"
191 command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db"]
192 initialDelaySeconds: 30
199 node-role.kubernetes.io/master: ""
200 kubernetes.io/os: "linux"
202 - name: host-var-lib-ovs
204 path: /var/lib/openvswitch
205 - name: host-var-log-ovs
207 path: /var/log/openvswitch
211 - name: host-ovn-cert
214 type: DirectoryOrCreate