src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-vip.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # ovnkube-db HA using Corosync/Pacemaker
   3 # daemonset version 3
   4 # starts ovn NB/SB ovsdb daemons in a single container
   5 kind: Deployment
   6 apiVersion: apps/v1
   7 metadata:
   8   name: ovnkube-db
   9   # namespace set up by install
  10   namespace: ovn-kubernetes
  11   annotations:
  12     kubernetes.io/description: |
  13       This daemonset launches the OVN NB/SB DB server in a single container.
  14 spec:
  15   progressDeadlineSeconds: 600
  16   replicas: 3
  17   revisionHistoryLimit: 10
  18   selector:
  19     matchLabels:
  20       name: ovnkube-db
  21   strategy:
  22     rollingUpdate:
  23       maxSurge: 25%
  24       maxUnavailable: 25%
  25     type: RollingUpdate
  26   template:
  27     metadata:
  28       labels:
  29         name: ovnkube-db
  30         component: network
  31         type: infra
  32         openshift.io/component: network
  33         beta.kubernetes.io/os: "linux"
  34       annotations:
  35         scheduler.alpha.kubernetes.io/critical-pod: ''
  36     spec:
  37       # Requires fairly broad permissions - ability to read all services and network functions as well
  38       # as all pods.
  39       serviceAccountName: ovn
  40       hostNetwork: true
  41       # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can
  42       # only have one instance per node
  43       affinity:
  44         nodeAffinity:
  45           requiredDuringSchedulingIgnoredDuringExecution:
  46             nodeSelectorTerms:
  47             - matchExpressions:
  48               - key: openvswitch.org/ovnkube-db
  49                 operator: In
  50                 values:
  51                 - "true"
  52         podAntiAffinity:
  53           requiredDuringSchedulingIgnoredDuringExecution:
  54           - labelSelector:
  55               matchExpressions:
  56               - key: name
  57                 operator: In
  58                 values:
  59                 - ovnkube-db
  60             topologyKey: kubernetes.io/hostname
  61
  62       containers:
  63       # ovsdb with corosync in one container - v3
  64       - name: ovsdb
  65         image: "docker.io/ovnkube/ovndb-vip-u:latest"
  66         imagePullPolicy: "IfNotPresent"
  67         command: ["/root/ovndb-vip.sh", "run-ovndb"]
  68
  69         securityContext:
  70           runAsUser: 0
  71           capabilities:
  72             add: ["NET_ADMIN"]
  73
  74         volumeMounts:
  75         # ovn db is stored in the pod in /etc/openvswitch
  76         # and on the host in /var/lib/openvswitch/
  77         - mountPath: /etc/openvswitch/
  78           name: host-var-lib-ovs
  79         - mountPath: /var/log/openvswitch/
  80           name: host-var-log-ovs
  81         - mountPath: /etc/corosync
  82           name: host-etc-corosync
  83         - mountPath: /var/log/corosync
  84           name: host-var-log-corosync
  85         - mountPath: /dev/shm
  86           name: dshm
  87
  88         resources:
  89           requests:
  90             cpu: 100m
  91             memory: 1024Mi
  92         env:
  93         - name: OVN_DAEMONSET_VERSION
  94           value: "3"
  95         - name: OVN_LOG_NB
  96           value: "-vconsole:info -vfile:info"
  97         - name: K8S_APISERVER
  98           valueFrom:
  99             configMapKeyRef:
 100               name: ovn-config
 101               key: k8s_apiserver
 102         - name: OVN_KUBERNETES_NAMESPACE
 103           valueFrom:
 104             fieldRef:
 105               fieldPath: metadata.namespace
 106         - name: OVN_DB_VIP
 107           value: ""
 108         ports:
 109         - name: healthz
 110           containerPort: 10256
 111         # TODO: Temporarily disabled until we determine how to wait for clean default
 112         # config
 113         # livenessProbe:
 114         #   initialDelaySeconds: 10
 115         #   httpGet:
 116         #     path: /healthz
 117         #     port: 10256
 118         #     scheme: HTTP
 119         lifecycle:
 120       # end of container
 121
 122       volumes:
 123       - name: host-var-lib-ovs
 124         hostPath:
 125           path: /var/lib/openvswitch
 126       - name: host-var-log-ovs
 127         hostPath:
 128           path: /var/log/openvswitch
 129       - name: host-var-log-corosync
 130         hostPath:
 131           path: /var/log/corosync
 132       - name: host-etc-corosync
 133         hostPath:
 134           path: /etc/corosync
 135       - name: dshm
 136         emptyDir:
 137           medium: Memory
 138
 139       tolerations:
 140       - operator: "Exists"