src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2

   1 ---
   2 # ovnkube-node
   3 # daemonset version 3
   4 # starts node daemons for ovs and ovn, each in a separate container
   5 # it is run on all nodes
   6 kind: DaemonSet
   7 apiVersion: apps/v1
   8 metadata:
   9   name: ovnkube-node
  10   # namespace set up by install
  11   namespace: ovn-kubernetes
  12   annotations:
  13     kubernetes.io/description: |
  14       This daemonset launches the ovn-kubernetes networking components.
  15 spec:
  16   selector:
  17     matchLabels:
  18       app: ovnkube-node
  19   updateStrategy:
  20     type: RollingUpdate
  21   template:
  22     metadata:
  23       labels:
  24         app: ovnkube-node
  25         component: network
  26         type: infra
  27         openshift.io/component: network
  28         beta.kubernetes.io/os: "linux"
  29       annotations:
  30         scheduler.alpha.kubernetes.io/critical-pod: ''
  31     spec:
  32       # Requires fairly broad permissions - ability to read all services and network functions as well
  33       # as all pods.
  34       serviceAccountName: ovn
  35       hostNetwork: true
  36       hostPID: true
  37       containers:
  38
  39       # ovsdb-server and ovs-switchd daemons
  40       - name: ovs-daemons
  41         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
  42         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  43
  44         command: ["/root/ovnkube.sh", "ovs-server"]
  45
  46         livenessProbe:
  47           exec:
  48             command:
  49             - /usr/share/openvswitch/scripts/ovs-ctl
  50             - status
  51           initialDelaySeconds: 15
  52           periodSeconds: 5
  53
  54         securityContext:
  55           runAsUser: 0
  56           # Permission could be reduced by selecting an appropriate SELinux policy
  57           privileged: true
  58
  59         volumeMounts:
  60         - mountPath: /lib/modules
  61           name: host-modules
  62           readOnly: true
  63         - mountPath: /run/openvswitch
  64           name: host-run-ovs
  65         - mountPath: /var/run/openvswitch
  66           name: host-var-run-ovs
  67         - mountPath: /sys
  68           name: host-sys
  69           readOnly: true
  70         - mountPath: /etc/openvswitch
  71           name: host-config-openvswitch
  72         resources:
  73           requests:
  74             cpu: 100m
  75             memory: 300Mi
  76           limits:
  77             cpu: 200m
  78             memory: 400Mi
  79         env:
  80         - name: OVN_DAEMONSET_VERSION
  81           value: "3"
  82         - name: K8S_APISERVER
  83           valueFrom:
  84             configMapKeyRef:
  85               name: ovn-config
  86               key: k8s_apiserver
  87         lifecycle:
  88           preStop:
  89             exec:
  90               command: ["/root/ovnkube.sh", "cleanup-ovs-server"]
  91
  92       - name: ovn-controller
  93         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
  94         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
  95
  96         command: ["/root/ovnkube.sh", "ovn-controller"]
  97
  98         securityContext:
  99           runAsUser: 0
 100           capabilities:
 101             add: ["SYS_NICE"]
 102
 103         volumeMounts:
 104         - mountPath: /var/run/dbus/
 105           name: host-var-run-dbus
 106           readOnly: true
 107         - mountPath: /var/log/openvswitch/
 108           name: host-var-log-ovs
 109         - mountPath: /var/run/openvswitch/
 110           name: host-var-run-ovs
 111
 112         resources:
 113           requests:
 114             cpu: 100m
 115             memory: 300Mi
 116         env:
 117         - name: OVN_DAEMONSET_VERSION
 118           value: "3"
 119         - name: OVNKUBE_LOGLEVEL
 120           value: "4"
 121         - name: OVN_NET_CIDR
 122           valueFrom:
 123             configMapKeyRef:
 124               name: ovn-config
 125               key: net_cidr
 126         - name: OVN_SVC_CIDR
 127           valueFrom:
 128             configMapKeyRef:
 129               name: ovn-config
 130               key: svc_cidr
 131         - name: K8S_APISERVER
 132           valueFrom:
 133             configMapKeyRef:
 134               name: ovn-config
 135               key: k8s_apiserver
 136         - name: K8S_NODE
 137           valueFrom:
 138             fieldRef:
 139               fieldPath: spec.nodeName
 140         - name: OVN_KUBERNETES_NAMESPACE
 141           valueFrom:
 142             fieldRef:
 143               fieldPath: metadata.namespace
 144
 145         ports:
 146         - name: healthz
 147           containerPort: 10258
 148         # TODO: Temporarily disabled until we determine how to wait for clean default
 149         # config
 150         # livenessProbe:
 151         #   initialDelaySeconds: 10
 152         #   httpGet:
 153         #     path: /healthz
 154         #     port: 10258
 155         #     scheme: HTTP
 156         lifecycle:
 157
 158       - name: ovnkube-node
 159         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
 160         imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
 161
 162         command: ["/root/ovnkube.sh", "ovn-node"]
 163
 164         securityContext:
 165           runAsUser: 0
 166           capabilities:
 167             add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
 168
 169         volumeMounts:
 170         - mountPath: /var/run/dbus/
 171           name: host-var-run-dbus
 172           readOnly: true
 173         - mountPath: /var/log/ovn-kubernetes/
 174           name: host-var-log-ovnkube
 175         - mountPath: /var/run/openvswitch/
 176           name: host-var-run-ovs
 177         # We mount our socket here
 178         - mountPath: /var/run/ovn-kubernetes
 179           name: host-var-run-ovn-kubernetes
 180         # CNI related mounts which we take over
 181         - mountPath: /opt/cni/bin
 182           name: host-opt-cni-bin
 183         - mountPath: /etc/cni/net.d
 184           name: host-etc-cni-netd
 185
 186         resources:
 187           requests:
 188             cpu: 100m
 189             memory: 300Mi
 190         env:
 191         - name: OVN_DAEMONSET_VERSION
 192           value: "3"
 193         - name: OVNKUBE_LOGLEVEL
 194           value: "5"
 195         - name: OVN_NET_CIDR
 196           valueFrom:
 197             configMapKeyRef:
 198               name: ovn-config
 199               key: net_cidr
 200         - name: OVN_SVC_CIDR
 201           valueFrom:
 202             configMapKeyRef:
 203               name: ovn-config
 204               key: svc_cidr
 205         - name: K8S_APISERVER
 206           valueFrom:
 207             configMapKeyRef:
 208               name: ovn-config
 209               key: k8s_apiserver
 210         - name: K8S_NODE
 211           valueFrom:
 212             fieldRef:
 213               fieldPath: spec.nodeName
 214         - name: OVN_GATEWAY_MODE
 215           value: "{{ ovn_gateway_mode }}"
 216         - name: OVN_GATEWAY_OPTS
 217           value: "{{ ovn_gateway_opts }}"
 218
 219         ports:
 220         - name: healthz
 221           containerPort: 10259
 222         # TODO: Temporarily disabled until we determine how to wait for clean default
 223         # config
 224         # livenessProbe:
 225         #   initialDelaySeconds: 10
 226         #   httpGet:
 227         #     path: /healthz
 228         #     port: 10259
 229         #     scheme: HTTP
 230         lifecycle:
 231           preStop:
 232             exec:
 233               command: ["/root/ovnkube.sh", "cleanup-ovn-node"]
 234
 235       nodeSelector:
 236         beta.kubernetes.io/os: "linux"
 237       volumes:
 238       - name: host-modules
 239         hostPath:
 240           path: /lib/modules
 241
 242       - name: host-var-run-dbus
 243         hostPath:
 244           path: /var/run/dbus
 245       - name: host-var-log-ovs
 246         hostPath:
 247           path: /var/log/openvswitch
 248       - name: host-var-log-ovnkube
 249         hostPath:
 250           path: /var/log/ovn-kubernetes
 251       - name: host-run-ovs
 252         hostPath:
 253           path: /run/openvswitch
 254       - name: host-var-run-ovs
 255         hostPath:
 256           path: /var/run/openvswitch
 257       - name: host-var-run-ovn-kubernetes
 258         hostPath:
 259           path: /var/run/ovn-kubernetes
 260       - name: host-sys
 261         hostPath:
 262           path: /sys
 263       - name: host-opt-cni-bin
 264         hostPath:
 265           path: /opt/cni/bin
 266       - name: host-etc-cni-netd
 267         hostPath:
 268           path: /etc/cni/net.d
 269       - name: host-config-openvswitch
 270         hostPath:
 271           path: /etc/origin/openvswitch
 272       tolerations:
 273       - operator: "Exists"