src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-raft.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # service to expose the ovnkube-db pod
   3 apiVersion: v1
   4 kind: Service
   5 metadata:
   6   name: ovnkube-db
   7   namespace: ovn-kubernetes
   8 spec:
   9   ports:
  10   - name: north
  11     port: 6641
  12     protocol: TCP
  13     targetPort: 6641
  14   - name: south
  15     port: 6642
  16     protocol: TCP
  17     targetPort: 6642
  18   sessionAffinity: None
  19   clusterIP: None
  20   type: ClusterIP
  21
  22 ---
  23
  24 # ovndb-raft PodDisruptBudget to prevent majority of ovnkube raft cluster
  25 # nodes from disruption
  26 apiVersion: policy/v1beta1
  27 kind: PodDisruptionBudget
  28 metadata:
  29   name: ovndb-raft-pdb
  30   namespace: ovn-kubernetes
  31 spec:
  32   minAvailable: 2
  33   selector:
  34     matchLabels:
  35       name: ovnkube-db
  36
  37 ---
  38
  39 # ovnkube-db raft statefulset
  40 # daemonset version 3
  41 # starts ovn NB/SB ovsdb daemons, each in a separate container
  42 #
  43 kind: StatefulSet
  44 apiVersion: apps/v1
  45 metadata:
  46   name: ovnkube-db
  47   namespace: ovn-kubernetes
  48   annotations:
  49     kubernetes.io/description: |
  50       This statefulset launches the OVN Northbound/Southbound Database raft clusters.
  51 spec:
  52   serviceName: ovnkube-db
  53   podManagementPolicy: "Parallel"
  54   replicas: 3
  55   revisionHistoryLimit: 10
  56   selector:
  57     matchLabels:
  58       name: ovnkube-db
  59   template:
  60     metadata:
  61       labels:
  62         name: ovnkube-db
  63         component: network
  64         type: infra
  65         kubernetes.io/os: "linux"
  66       annotations:
  67         scheduler.alpha.kubernetes.io/critical-pod: ''
  68     spec:
  69       terminationGracePeriodSeconds: 30
  70       imagePullSecrets:
  71         - name: registry-credentials
  72       serviceAccountName: ovn
  73       hostNetwork: true
  74
  75       # required to be scheduled on node with k8s.ovn.org/ovnkube-db=true label but can
  76       # only have one instance per node
  77       affinity:
  78         nodeAffinity:
  79           requiredDuringSchedulingIgnoredDuringExecution:
  80             nodeSelectorTerms:
  81             - matchExpressions:
  82               - key: k8s.ovn.org/ovnkube-db
  83                 operator: In
  84                 values:
  85                 - "true"
  86         podAntiAffinity:
  87           requiredDuringSchedulingIgnoredDuringExecution:
  88           - labelSelector:
  89               matchExpressions:
  90               - key: name
  91                 operator: In
  92                 values:
  93                 - ovnkube-db
  94             topologyKey: kubernetes.io/hostname
  95
  96       containers:
  97       # nb-ovsdb - v3
  98       - name: nb-ovsdb
  99         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 100         imagePullPolicy: "IfNotPresent"
 101         command: ["/root/ovnkube.sh", "nb-ovsdb-raft"]
 102
 103         readinessProbe:
 104           exec:
 105             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db-raft"]
 106           initialDelaySeconds: 30
 107           timeoutSeconds: 30
 108           periodSeconds: 60
 109
 110         securityContext:
 111           runAsUser: 0
 112           capabilities:
 113             add: ["NET_ADMIN"]
 114
 115         terminationMessagePolicy: FallbackToLogsOnError
 116         volumeMounts:
 117         # ovn db is stored in the pod in /etc/openvswitch
 118         # (or in /etc/ovn if OVN from new repository is used)
 119         # and on the host in /var/lib/openvswitch/
 120         - mountPath: /etc/openvswitch/
 121           name: host-var-lib-ovs
 122         - mountPath: /etc/ovn/
 123           name: host-var-lib-ovs
 124         - mountPath: /var/log/openvswitch/
 125           name: host-var-log-ovs
 126         - mountPath: /var/log/ovn/
 127           name: host-var-log-ovs
 128         - mountPath: /var/run/openvswitch/
 129           name: host-var-run-ovs
 130         - mountPath: /var/run/ovn/
 131           name: host-var-run-ovs
 132         - mountPath: /ovn-cert
 133           name: host-ovn-cert
 134           readOnly: true
 135
 136         resources:
 137           requests:
 138             cpu: 100m
 139             memory: 300Mi
 140         env:
 141         - name: OVN_DAEMONSET_VERSION
 142           value: "3"
 143         - name: OVN_LOGLEVEL_NB
 144           value: "-vconsole:info -vfile:info"
 145         - name: K8S_APISERVER
 146           valueFrom:
 147             configMapKeyRef:
 148               name: ovn-config
 149               key: k8s_apiserver
 150         - name: OVN_KUBERNETES_NAMESPACE
 151           valueFrom:
 152             fieldRef:
 153               fieldPath: metadata.namespace
 154         - name: POD_NAME
 155           valueFrom:
 156             fieldRef:
 157               fieldPath: metadata.name
 158         - name: K8S_NODE_IP
 159           valueFrom:
 160             fieldRef:
 161               fieldPath: status.hostIP
 162         - name: OVN_SSL_ENABLE
 163           value: "no"
 164       # end of container
 165
 166       # sb-ovsdb - v3
 167       - name: sb-ovsdb
 168         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 169         imagePullPolicy: "IfNotPresent"
 170         command: ["/root/ovnkube.sh", "sb-ovsdb-raft"]
 171
 172         readinessProbe:
 173           exec:
 174             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db-raft"]
 175           initialDelaySeconds: 30
 176           timeoutSeconds: 30
 177           periodSeconds: 60
 178
 179         securityContext:
 180           runAsUser: 0
 181           capabilities:
 182             add: ["NET_ADMIN"]
 183
 184         terminationMessagePolicy: FallbackToLogsOnError
 185         volumeMounts:
 186         # ovn db is stored in the pod in /etc/openvswitch
 187         # (or in /etc/ovn if OVN from new repository is used)
 188         # and on the host in /var/lib/openvswitch/
 189         - mountPath: /etc/openvswitch/
 190           name: host-var-lib-ovs
 191         - mountPath: /etc/ovn/
 192           name: host-var-lib-ovs
 193         - mountPath: /var/log/openvswitch/
 194           name: host-var-log-ovs
 195         - mountPath: /var/log/ovn/
 196           name: host-var-log-ovs
 197         - mountPath: /var/run/openvswitch/
 198           name: host-var-run-ovs
 199         - mountPath: /var/run/ovn/
 200           name: host-var-run-ovs
 201         - mountPath: /ovn-cert
 202           name: host-ovn-cert
 203           readOnly: true
 204
 205         resources:
 206           requests:
 207             cpu: 100m
 208             memory: 300Mi
 209         env:
 210         - name: OVN_DAEMONSET_VERSION
 211           value: "3"
 212         - name: OVN_LOGLEVEL_SB
 213           value: "-vconsole:info -vfile:info"
 214         - name: K8S_APISERVER
 215           valueFrom:
 216             configMapKeyRef:
 217               name: ovn-config
 218               key: k8s_apiserver
 219         - name: OVN_KUBERNETES_NAMESPACE
 220           valueFrom:
 221             fieldRef:
 222               fieldPath: metadata.namespace
 223         - name: POD_NAME
 224           valueFrom:
 225             fieldRef:
 226               fieldPath: metadata.name
 227         - name: K8S_NODE_IP
 228           valueFrom:
 229             fieldRef:
 230               fieldPath: status.hostIP
 231         - name: OVN_SSL_ENABLE
 232           value: "no"
 233       # end of container
 234
 235       # db-metrics-exporter - v3
 236       - name: db-metrics-exporter
 237         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 238         imagePullPolicy: "IfNotPresent"
 239         command: ["/root/ovnkube.sh", "db-raft-metrics"]
 240
 241         securityContext:
 242           runAsUser: 0
 243           capabilities:
 244             add: ["NET_ADMIN"]
 245
 246         terminationMessagePolicy: FallbackToLogsOnError
 247         volumeMounts:
 248           # ovn db is stored in the pod in /etc/openvswitch
 249           # (or in /etc/ovn if OVN from new repository is used)
 250           # and on the host in /var/lib/openvswitch/
 251           - mountPath: /etc/openvswitch/
 252             name: host-var-lib-ovs
 253           - mountPath: /etc/ovn/
 254             name: host-var-lib-ovs
 255           - mountPath: /var/run/openvswitch/
 256             name: host-var-run-ovs
 257           - mountPath: /var/run/ovn/
 258             name: host-var-run-ovs
 259           - mountPath: /ovn-cert
 260             name: host-ovn-cert
 261             readOnly: true
 262
 263         resources:
 264           requests:
 265             cpu: 100m
 266             memory: 300Mi
 267         env:
 268           - name: OVN_DAEMONSET_VERSION
 269             value: "3"
 270           - name: K8S_APISERVER
 271             valueFrom:
 272               configMapKeyRef:
 273                 name: ovn-config
 274                 key: k8s_apiserver
 275           - name: OVN_KUBERNETES_NAMESPACE
 276             valueFrom:
 277               fieldRef:
 278                 fieldPath: metadata.namespace
 279           - name: OVN_SSL_ENABLE
 280             value: "no"
 281       # end of container
 282
 283       volumes:
 284       - name: host-var-log-ovs
 285         hostPath:
 286           path: /var/log/openvswitch
 287       - name: host-var-lib-ovs
 288         hostPath:
 289           path: /var/lib/openvswitch
 290       - name: host-var-run-ovs
 291         hostPath:
 292           path: /var/run/openvswitch
 293       - name: host-ovn-cert
 294         hostPath:
 295           path: /etc/ovn
 296           type: DirectoryOrCreate
 297       tolerations:
 298       - operator: "Exists"