src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2

   1 # ovnkube-master
   2 # daemonset version 3
   3 # starts master daemons, each in a separate container
   4 # it is run on the master node(s)
   5 kind: Deployment
   6 apiVersion: apps/v1
   7 metadata:
   8   name: ovnkube-master
   9   # namespace set up by install
  10   namespace: ovn-kubernetes
  11   annotations:
  12     kubernetes.io/description: |
  13       This daemonset launches the ovn-kubernetes networking components.
  14 spec:
  15   progressDeadlineSeconds: 600
  16   replicas: 1
  17   revisionHistoryLimit: 10
  18   selector:
  19     matchLabels:
  20       name: ovnkube-master
  21   strategy:
  22     rollingUpdate:
  23       maxSurge: 25%
  24       maxUnavailable: 25%
  25     type: RollingUpdate
  26   template:
  27     metadata:
  28       labels:
  29         name: ovnkube-master
  30         component: network
  31         type: infra
  32         openshift.io/component: network
  33         beta.kubernetes.io/os: "linux"
  34       annotations:
  35         scheduler.alpha.kubernetes.io/critical-pod: ''
  36     spec:
  37       # Requires fairly broad permissions - ability to read all services and network functions as well
  38       # as all pods.
  39       serviceAccountName: ovn
  40       hostNetwork: true
  41
  42       containers:
  43
  44       # run-ovn-northd - v3
  45       - name: run-ovn-northd
  46         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
  47         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  48
  49         command: ["/root/ovnkube.sh", "run-ovn-northd"]
  50
  51         securityContext:
  52           runAsUser: 0
  53           capabilities:
  54             add: ["SYS_NICE"]
  55
  56         volumeMounts:
  57         # Run directories where we need to be able to access sockets
  58         - mountPath: /var/run/dbus/
  59           name: host-var-run-dbus
  60           readOnly: true
  61         - mountPath: /var/log/openvswitch/
  62           name: host-var-log-ovs
  63         - mountPath: /var/run/openvswitch/
  64           name: host-var-run-ovs
  65
  66         resources:
  67           requests:
  68             cpu: 100m
  69             memory: 300Mi
  70         env:
  71         - name: OVN_DAEMONSET_VERSION
  72           value: "3"
  73         - name: OVN_LOG_NORTHD
  74           value: "-vconsole:info"
  75         - name: OVN_NET_CIDR
  76           valueFrom:
  77             configMapKeyRef:
  78               name: ovn-config
  79               key: net_cidr
  80         - name: OVN_SVC_CIDR
  81           valueFrom:
  82             configMapKeyRef:
  83               name: ovn-config
  84               key: svc_cidr
  85         - name: K8S_APISERVER
  86           valueFrom:
  87             configMapKeyRef:
  88               name: ovn-config
  89               key: k8s_apiserver
  90         - name: K8S_NODE
  91           valueFrom:
  92             fieldRef:
  93               fieldPath: spec.nodeName
  94         - name: OVN_KUBERNETES_NAMESPACE
  95           valueFrom:
  96             fieldRef:
  97               fieldPath: metadata.namespace
  98         ports:
  99         - name: healthz
 100           containerPort: 10257
 101         # TODO: Temporarily disabled until we determine how to wait for clean default
 102         # config
 103         # livenessProbe:
 104         #   initialDelaySeconds: 10
 105         #   httpGet:
 106         #     path: /healthz
 107         #     port: 10257
 108         #     scheme: HTTP
 109         lifecycle:
 110       # end of container
 111
 112       - name: run-nbctld
 113         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 114         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 115
 116         command: ["/root/ovnkube.sh", "run-nbctld"]
 117
 118         securityContext:
 119           runAsUser: 0
 120
 121         volumeMounts:
 122         - mountPath: /var/log/openvswitch/
 123           name: host-var-log-ovs
 124         - mountPath: /var/run/openvswitch/
 125           name: host-var-run-ovs
 126
 127         resources:
 128           requests:
 129             cpu: 100m
 130             memory: 300Mi
 131         env:
 132         - name: OVN_DAEMONSET_VERSION
 133           value: "3"
 134         - name: K8S_APISERVER
 135           valueFrom:
 136             configMapKeyRef:
 137               name: ovn-config
 138               key: k8s_apiserver
 139
 140         ports:
 141         - name: healthz
 142           containerPort: 10260
 143         # TODO: Temporarily disabled until we determine how to wait for clean default
 144         # config
 145         # livenessProbe:
 146         #   initialDelaySeconds: 10
 147         #   httpGet:
 148         #     path: /healthz
 149         #     port: 10258
 150         #     scheme: HTTP
 151         lifecycle:
 152
 153       - name: ovnkube-master
 154         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 155         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 156
 157         command: ["/root/ovnkube.sh", "ovn-master"]
 158
 159         securityContext:
 160           runAsUser: 0
 161
 162         volumeMounts:
 163         # Run directories where we need to be able to access sockets
 164         - mountPath: /var/run/dbus/
 165           name: host-var-run-dbus
 166           readOnly: true
 167         - mountPath: /var/log/ovn-kubernetes/
 168           name: host-var-log-ovnkube
 169         - mountPath: /var/run/openvswitch/
 170           name: host-var-run-ovs
 171
 172         resources:
 173           requests:
 174             cpu: 100m
 175             memory: 300Mi
 176         env:
 177         - name: OVN_DAEMONSET_VERSION
 178           value: "3"
 179         - name: OVNKUBE_LOGLEVEL
 180           value: "4"
 181         - name: OVN_NET_CIDR
 182           valueFrom:
 183             configMapKeyRef:
 184               name: ovn-config
 185               key: net_cidr
 186         - name: OVN_SVC_CIDR
 187           valueFrom:
 188             configMapKeyRef:
 189               name: ovn-config
 190               key: svc_cidr
 191         - name: K8S_APISERVER
 192           valueFrom:
 193             configMapKeyRef:
 194               name: ovn-config
 195               key: k8s_apiserver
 196         - name: K8S_NODE
 197           valueFrom:
 198             fieldRef:
 199               fieldPath: spec.nodeName
 200         - name: OVN_KUBERNETES_NAMESPACE
 201           valueFrom:
 202             fieldRef:
 203               fieldPath: metadata.namespace
 204         ports:
 205         - name: healthz
 206           containerPort: 10254
 207         # TODO: Temporarily disabled until we determine how to wait for clean default
 208         # config
 209         # livenessProbe:
 210         #   initialDelaySeconds: 10
 211         #   httpGet:
 212         #     path: /healthz
 213         #     port: 10254
 214         #     scheme: HTTP
 215         lifecycle:
 216       # end of container
 217
 218       nodeSelector:
 219         node-role.kubernetes.io/master: ""
 220         beta.kubernetes.io/os: "linux"
 221       volumes:
 222       # TODO: Need to check why we need this?
 223       - name: host-var-run-dbus
 224         hostPath:
 225           path: /var/run/dbus
 226       - name: host-var-log-ovs
 227         hostPath:
 228           path: /var/log/openvswitch
 229       - name: host-var-log-ovnkube
 230         hostPath:
 231           path: /var/log/ovn-kubernetes
 232       - name: host-var-run-ovs
 233         hostPath:
 234           path: /var/run/openvswitch
 235       tolerations:
 236       - operator: "Exists"