Upgrade ovn-kubernetes CNI to latest release
[iec.git] / src / foundation / scripts / cni / ovn-kubernetes / templates / ovnkube-master.yaml.j2
1 # ovnkube-master
2 # daemonset version 3
3 # starts master daemons, each in a separate container
4 # it is run on the master(s)
5 kind: Deployment
6 apiVersion: apps/v1
7 metadata:
8   name: ovnkube-master
9   # namespace set up by install
10   namespace: ovn-kubernetes
11   annotations:
12     kubernetes.io/description: |
13       This Deployment launches the ovn-kubernetes master networking components.
14 spec:
15   progressDeadlineSeconds: 600
16   replicas: 1
17   revisionHistoryLimit: 10
18   selector:
19     matchLabels:
20       name: ovnkube-master
21   strategy:
22     rollingUpdate:
23       maxSurge: 25%
24       maxUnavailable: 25%
25     type: RollingUpdate
26   template:
27     metadata:
28       labels:
29         name: ovnkube-master
30         component: network
31         type: infra
32         kubernetes.io/os: "linux"
33       annotations:
34         scheduler.alpha.kubernetes.io/critical-pod: ''
35     spec:
36       # Requires fairly broad permissions - ability to read all services and network functions as well
37       # as all pods.
38       serviceAccountName: ovn
39       hostNetwork: true
40
41       # required to be scheduled on a linux node with node-role.kubernetes.io/master label and
42       # only one instance of ovnkube-master pod per node
43       affinity:
44         nodeAffinity:
45           requiredDuringSchedulingIgnoredDuringExecution:
46             nodeSelectorTerms:
47               - matchExpressions:
48                   - key: node-role.kubernetes.io/master
49                     operator: In
50                     values:
51                       - ""
52                   - key: kubernetes.io/os
53                     operator: In
54                     values:
55                       - "linux"
56         podAntiAffinity:
57           requiredDuringSchedulingIgnoredDuringExecution:
58             - labelSelector:
59                 matchExpressions:
60                   - key: name
61                     operator: In
62                     values:
63                       - ovnkube-master
64               topologyKey: kubernetes.io/hostname
65
66       containers:
67       # ovn-northd - v3
68       - name: ovn-northd
69         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
70         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
71
72         command: ["/root/ovnkube.sh", "run-ovn-northd"]
73
74         securityContext:
75           runAsUser: 0
76           capabilities:
77             add: ["SYS_NICE"]
78
79         terminationMessagePolicy: FallbackToLogsOnError
80         volumeMounts:
81         # Run directories where we need to be able to access sockets
82         - mountPath: /var/run/dbus/
83           name: host-var-run-dbus
84           readOnly: true
85         - mountPath: /var/log/openvswitch/
86           name: host-var-log-ovs
87         - mountPath: /var/log/ovn/
88           name: host-var-log-ovs
89         - mountPath: /var/run/openvswitch/
90           name: host-var-run-ovs
91         - mountPath: /var/run/ovn/
92           name: host-var-run-ovs
93         - mountPath: /ovn-cert
94           name: host-ovn-cert
95           readOnly: true
96
97         resources:
98           requests:
99             cpu: 100m
100             memory: 300Mi
101         env:
102         - name: OVN_DAEMONSET_VERSION
103           value: "3"
104         - name: OVN_LOGLEVEL_NORTHD
105           value: "{{ ovn_loglevel_northd }}"
106         - name: K8S_APISERVER
107           valueFrom:
108             configMapKeyRef:
109               name: ovn-config
110               key: k8s_apiserver
111         - name: OVN_KUBERNETES_NAMESPACE
112           valueFrom:
113             fieldRef:
114               fieldPath: metadata.namespace
115         - name: OVN_SSL_ENABLE
116           value: "{{ ovn_ssl_en }}"
117         readinessProbe:
118           exec:
119             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"]
120           initialDelaySeconds: 30
121           timeoutSeconds: 30
122           periodSeconds: 60
123       # end of container
124
125       - name: nbctl-daemon
126         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
127         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
128
129         command: ["/root/ovnkube.sh", "run-nbctld"]
130
131         securityContext:
132           runAsUser: 0
133
134         terminationMessagePolicy: FallbackToLogsOnError
135         volumeMounts:
136         - mountPath: /var/log/openvswitch/
137           name: host-var-log-ovs
138         - mountPath: /var/log/ovn/
139           name: host-var-log-ovs
140         - mountPath: /var/run/openvswitch/
141           name: host-var-run-ovs
142         - mountPath: /var/run/ovn/
143           name: host-var-run-ovs
144         - mountPath: /ovn-cert
145           name: host-ovn-cert
146           readOnly: true
147         resources:
148           requests:
149             cpu: 100m
150             memory: 300Mi
151         env:
152         - name: OVN_DAEMONSET_VERSION
153           value: "3"
154         - name: OVN_LOGLEVEL_NBCTLD
155           value: "{{ ovn_loglevel_nbctld }}"
156         - name: K8S_APISERVER
157           valueFrom:
158             configMapKeyRef:
159               name: ovn-config
160               key: k8s_apiserver
161         - name: OVN_SSL_ENABLE
162           value: "{{ ovn_ssl_en }}"
163
164         readinessProbe:
165           exec:
166             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"]
167           initialDelaySeconds: 30
168           timeoutSeconds: 30
169           periodSeconds: 60
170         # end of container
171
172       - name: ovnkube-master
173         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
174         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
175
176         command: ["/root/ovnkube.sh", "ovn-master"]
177
178         securityContext:
179           runAsUser: 0
180
181         terminationMessagePolicy: FallbackToLogsOnError
182         volumeMounts:
183         # Run directories where we need to be able to access sockets
184         - mountPath: /var/run/dbus/
185           name: host-var-run-dbus
186           readOnly: true
187         - mountPath: /var/log/ovn-kubernetes/
188           name: host-var-log-ovnkube
189         - mountPath: /var/run/openvswitch/
190           name: host-var-run-ovs
191         - mountPath: /var/run/ovn/
192           name: host-var-run-ovs
193         - mountPath: /ovn-cert
194           name: host-ovn-cert
195           readOnly: true
196
197         resources:
198           requests:
199             cpu: 100m
200             memory: 300Mi
201         env:
202         - name: OVN_DAEMONSET_VERSION
203           value: "3"
204         - name: OVNKUBE_LOGLEVEL
205           value: "{{ ovnkube_master_loglevel }}"
206         - name: OVN_NET_CIDR
207           valueFrom:
208             configMapKeyRef:
209               name: ovn-config
210               key: net_cidr
211         - name: OVN_SVC_CIDR
212           valueFrom:
213             configMapKeyRef:
214               name: ovn-config
215               key: svc_cidr
216         - name: K8S_APISERVER
217           valueFrom:
218             configMapKeyRef:
219               name: ovn-config
220               key: k8s_apiserver
221         - name: K8S_NODE
222           valueFrom:
223             fieldRef:
224               fieldPath: spec.nodeName
225         - name: OVN_KUBERNETES_NAMESPACE
226           valueFrom:
227             fieldRef:
228               fieldPath: metadata.namespace
229         - name: OVN_HYBRID_OVERLAY_ENABLE
230           value: "{{ ovn_hybrid_overlay_enable }}"
231         - name: OVN_HYBRID_OVERLAY_NET_CIDR
232           value: "{{ ovn_hybrid_overlay_net_cidr }}"
233         - name: OVN_SSL_ENABLE
234           value: "{{ ovn_ssl_en }}"
235       # end of container
236
237       volumes:
238       # TODO: Need to check why we need this?
239       - name: host-var-run-dbus
240         hostPath:
241           path: /var/run/dbus
242       - name: host-var-log-ovs
243         hostPath:
244           path: /var/log/openvswitch
245       - name: host-var-log-ovnkube
246         hostPath:
247           path: /var/log/ovn-kubernetes
248       - name: host-var-run-ovs
249         hostPath:
250           path: /var/run/openvswitch
251       - name: host-ovn-cert
252         hostPath:
253           path: /etc/ovn
254           type: DirectoryOrCreate
255       tolerations:
256       - operator: "Exists"