src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2

   1 # ovnkube-master
   2 # daemonset version 3
   3 # starts master daemons, each in a separate container
   4 # it is run on the master(s)
   5 kind: Deployment
   6 apiVersion: apps/v1
   7 metadata:
   8   name: ovnkube-master
   9   # namespace set up by install
  10   namespace: ovn-kubernetes
  11   annotations:
  12     kubernetes.io/description: |
  13       This Deployment launches the ovn-kubernetes master networking components.
  14 spec:
  15   progressDeadlineSeconds: 600
  16   replicas: 1
  17   revisionHistoryLimit: 10
  18   selector:
  19     matchLabels:
  20       name: ovnkube-master
  21   strategy:
  22     rollingUpdate:
  23       maxSurge: 25%
  24       maxUnavailable: 25%
  25     type: RollingUpdate
  26   template:
  27     metadata:
  28       labels:
  29         name: ovnkube-master
  30         component: network
  31         type: infra
  32         kubernetes.io/os: "linux"
  33       annotations:
  34         scheduler.alpha.kubernetes.io/critical-pod: ''
  35     spec:
  36       # Requires fairly broad permissions - ability to read all services and network functions as well
  37       # as all pods.
  38       serviceAccountName: ovn
  39       hostNetwork: true
  40
  41       # required to be scheduled on a linux node with node-role.kubernetes.io/master label and
  42       # only one instance of ovnkube-master pod per node
  43       affinity:
  44         nodeAffinity:
  45           requiredDuringSchedulingIgnoredDuringExecution:
  46             nodeSelectorTerms:
  47               - matchExpressions:
  48                   - key: node-role.kubernetes.io/master
  49                     operator: In
  50                     values:
  51                       - ""
  52                   - key: kubernetes.io/os
  53                     operator: In
  54                     values:
  55                       - "linux"
  56         podAntiAffinity:
  57           requiredDuringSchedulingIgnoredDuringExecution:
  58             - labelSelector:
  59                 matchExpressions:
  60                   - key: name
  61                     operator: In
  62                     values:
  63                       - ovnkube-master
  64               topologyKey: kubernetes.io/hostname
  65
  66       containers:
  67       # ovn-northd - v3
  68       - name: ovn-northd
  69         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
  70         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  71
  72         command: ["/root/ovnkube.sh", "run-ovn-northd"]
  73
  74         securityContext:
  75           runAsUser: 0
  76           capabilities:
  77             add: ["SYS_NICE"]
  78
  79         terminationMessagePolicy: FallbackToLogsOnError
  80         volumeMounts:
  81         # Run directories where we need to be able to access sockets
  82         - mountPath: /var/run/dbus/
  83           name: host-var-run-dbus
  84           readOnly: true
  85         - mountPath: /var/log/openvswitch/
  86           name: host-var-log-ovs
  87         - mountPath: /var/log/ovn/
  88           name: host-var-log-ovs
  89         - mountPath: /var/run/openvswitch/
  90           name: host-var-run-ovs
  91         - mountPath: /var/run/ovn/
  92           name: host-var-run-ovs
  93         - mountPath: /ovn-cert
  94           name: host-ovn-cert
  95           readOnly: true
  96
  97         resources:
  98           requests:
  99             cpu: 100m
 100             memory: 300Mi
 101         env:
 102         - name: OVN_DAEMONSET_VERSION
 103           value: "3"
 104         - name: OVN_LOGLEVEL_NORTHD
 105           value: "{{ ovn_loglevel_northd }}"
 106         - name: K8S_APISERVER
 107           valueFrom:
 108             configMapKeyRef:
 109               name: ovn-config
 110               key: k8s_apiserver
 111         - name: OVN_KUBERNETES_NAMESPACE
 112           valueFrom:
 113             fieldRef:
 114               fieldPath: metadata.namespace
 115         - name: OVN_SSL_ENABLE
 116           value: "{{ ovn_ssl_en }}"
 117         readinessProbe:
 118           exec:
 119             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"]
 120           initialDelaySeconds: 30
 121           timeoutSeconds: 30
 122           periodSeconds: 60
 123       # end of container
 124
 125       - name: nbctl-daemon
 126         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 127         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 128
 129         command: ["/root/ovnkube.sh", "run-nbctld"]
 130
 131         securityContext:
 132           runAsUser: 0
 133
 134         terminationMessagePolicy: FallbackToLogsOnError
 135         volumeMounts:
 136         - mountPath: /var/log/openvswitch/
 137           name: host-var-log-ovs
 138         - mountPath: /var/log/ovn/
 139           name: host-var-log-ovs
 140         - mountPath: /var/run/openvswitch/
 141           name: host-var-run-ovs
 142         - mountPath: /var/run/ovn/
 143           name: host-var-run-ovs
 144         - mountPath: /ovn-cert
 145           name: host-ovn-cert
 146           readOnly: true
 147         resources:
 148           requests:
 149             cpu: 100m
 150             memory: 300Mi
 151         env:
 152         - name: OVN_DAEMONSET_VERSION
 153           value: "3"
 154         - name: OVN_LOGLEVEL_NBCTLD
 155           value: "{{ ovn_loglevel_nbctld }}"
 156         - name: K8S_APISERVER
 157           valueFrom:
 158             configMapKeyRef:
 159               name: ovn-config
 160               key: k8s_apiserver
 161         - name: OVN_SSL_ENABLE
 162           value: "{{ ovn_ssl_en }}"
 163
 164         readinessProbe:
 165           exec:
 166             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"]
 167           initialDelaySeconds: 30
 168           timeoutSeconds: 30
 169           periodSeconds: 60
 170         # end of container
 171
 172       - name: ovnkube-master
 173         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 174         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 175
 176         command: ["/root/ovnkube.sh", "ovn-master"]
 177
 178         securityContext:
 179           runAsUser: 0
 180
 181         terminationMessagePolicy: FallbackToLogsOnError
 182         volumeMounts:
 183         # Run directories where we need to be able to access sockets
 184         - mountPath: /var/run/dbus/
 185           name: host-var-run-dbus
 186           readOnly: true
 187         - mountPath: /var/log/ovn-kubernetes/
 188           name: host-var-log-ovnkube
 189         - mountPath: /var/run/openvswitch/
 190           name: host-var-run-ovs
 191         - mountPath: /var/run/ovn/
 192           name: host-var-run-ovs
 193         - mountPath: /ovn-cert
 194           name: host-ovn-cert
 195           readOnly: true
 196
 197         resources:
 198           requests:
 199             cpu: 100m
 200             memory: 300Mi
 201         env:
 202         - name: OVN_DAEMONSET_VERSION
 203           value: "3"
 204         - name: OVNKUBE_LOGLEVEL
 205           value: "{{ ovnkube_master_loglevel }}"
 206         - name: OVN_NET_CIDR
 207           valueFrom:
 208             configMapKeyRef:
 209               name: ovn-config
 210               key: net_cidr
 211         - name: OVN_SVC_CIDR
 212           valueFrom:
 213             configMapKeyRef:
 214               name: ovn-config
 215               key: svc_cidr
 216         - name: K8S_APISERVER
 217           valueFrom:
 218             configMapKeyRef:
 219               name: ovn-config
 220               key: k8s_apiserver
 221         - name: K8S_NODE
 222           valueFrom:
 223             fieldRef:
 224               fieldPath: spec.nodeName
 225         - name: OVN_KUBERNETES_NAMESPACE
 226           valueFrom:
 227             fieldRef:
 228               fieldPath: metadata.namespace
 229         - name: OVN_HYBRID_OVERLAY_ENABLE
 230           value: "{{ ovn_hybrid_overlay_enable }}"
 231         - name: OVN_HYBRID_OVERLAY_NET_CIDR
 232           value: "{{ ovn_hybrid_overlay_net_cidr }}"
 233         - name: OVN_SSL_ENABLE
 234           value: "{{ ovn_ssl_en }}"
 235       # end of container
 236
 237       volumes:
 238       # TODO: Need to check why we need this?
 239       - name: host-var-run-dbus
 240         hostPath:
 241           path: /var/run/dbus
 242       - name: host-var-log-ovs
 243         hostPath:
 244           path: /var/log/openvswitch
 245       - name: host-var-log-ovnkube
 246         hostPath:
 247           path: /var/log/ovn-kubernetes
 248       - name: host-var-run-ovs
 249         hostPath:
 250           path: /var/run/openvswitch
 251       - name: host-ovn-cert
 252         hostPath:
 253           path: /etc/ovn
 254           type: DirectoryOrCreate
 255       tolerations:
 256       - operator: "Exists"