src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-vip.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # service to expose the ovnkube-db pod
   3 apiVersion: v1
   4 kind: Service
   5 metadata:
   6   name: ovnkube-db
   7   namespace: ovn-kubernetes
   8 spec:
   9   ports:
  10   - name: north
  11     port: 6641
  12     protocol: TCP
  13     targetPort: 6641
  14   - name: south
  15     port: 6642
  16     protocol: TCP
  17     targetPort: 6642
  18   sessionAffinity: None
  19   clusterIP: None
  20   type: ClusterIP
  21
  22 ---
  23
  24 # ovnkube-db HA using Corosync/Pacemaker
  25 # daemonset version 3
  26 # starts ovn NB/SB ovsdb daemons in a single container
  27 kind: Deployment
  28 apiVersion: apps/v1
  29 metadata:
  30   name: ovnkube-db
  31   # namespace set up by install
  32   namespace: ovn-kubernetes
  33   annotations:
  34     kubernetes.io/description: |
  35       This daemonset launches the OVN NB/SB DB server in a single container.
  36 spec:
  37   progressDeadlineSeconds: 600
  38   replicas: 3
  39   revisionHistoryLimit: 10
  40   selector:
  41     matchLabels:
  42       name: ovnkube-db
  43   strategy:
  44     rollingUpdate:
  45       maxSurge: 25%
  46       maxUnavailable: 25%
  47     type: RollingUpdate
  48   template:
  49     metadata:
  50       labels:
  51         name: ovnkube-db
  52         component: network
  53         type: infra
  54         kubernetes.io/os: "linux"
  55       annotations:
  56         scheduler.alpha.kubernetes.io/critical-pod: ''
  57     spec:
  58       # Requires fairly broad permissions - ability to read all services and network functions as well
  59       # as all pods.
  60       serviceAccountName: ovn
  61       hostNetwork: true
  62       # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can
  63       # only have one instance per node
  64       affinity:
  65         nodeAffinity:
  66           requiredDuringSchedulingIgnoredDuringExecution:
  67             nodeSelectorTerms:
  68             - matchExpressions:
  69               - key: openvswitch.org/ovnkube-db
  70                 operator: In
  71                 values:
  72                 - "true"
  73         podAntiAffinity:
  74           requiredDuringSchedulingIgnoredDuringExecution:
  75           - labelSelector:
  76               matchExpressions:
  77               - key: name
  78                 operator: In
  79                 values:
  80                 - ovnkube-db
  81             topologyKey: kubernetes.io/hostname
  82
  83       containers:
  84       # ovsdb with corosync in one container - v3
  85       - name: ovsdb
  86         image: "docker.io/ovnkube/ovndb-vip-u:latest"
  87         imagePullPolicy: "IfNotPresent"
  88         command: ["/root/ovndb-vip.sh", "run-ovndb"]
  89
  90         securityContext:
  91           runAsUser: 0
  92           capabilities:
  93             add: ["NET_ADMIN"]
  94
  95         terminationMessagePolicy: FallbackToLogsOnError
  96         volumeMounts:
  97         # ovn db is stored in the pod in /etc/openvswitch
  98         # (or in /etc/ovn if OVN from new repository is used)
  99         # and on the host in /var/lib/openvswitch/
 100         - mountPath: /etc/openvswitch/
 101           name: host-var-lib-ovs
 102         - mountPath: /etc/ovn/
 103           name: host-var-lib-ovs
 104         - mountPath: /var/log/openvswitch/
 105           name: host-var-log-ovs
 106         - mountPath: /var/log/ovn/
 107           name: host-var-log-ovs
 108         - mountPath: /etc/corosync
 109           name: host-etc-corosync
 110         - mountPath: /var/log/corosync
 111           name: host-var-log-corosync
 112         - mountPath: /dev/shm
 113           name: dshm
 114
 115         resources:
 116           requests:
 117             cpu: 100m
 118             memory: 1024Mi
 119         env:
 120         - name: OVN_DAEMONSET_VERSION
 121           value: "3"
 122         - name: OVN_LOGLEVEL_NB
 123           value: "-vconsole:info -vfile:info"
 124         - name: K8S_APISERVER
 125           valueFrom:
 126             configMapKeyRef:
 127               name: ovn-config
 128               key: k8s_apiserver
 129         - name: OVN_KUBERNETES_NAMESPACE
 130           valueFrom:
 131             fieldRef:
 132               fieldPath: metadata.namespace
 133         - name: K8S_NODE_IP
 134           valueFrom:
 135             fieldRef:
 136               fieldPath: status.hostIP
 137         - name: OVN_DB_VIP
 138           value: ""
 139       # end of container
 140
 141       volumes:
 142       - name: host-var-lib-ovs
 143         hostPath:
 144           path: /var/lib/openvswitch
 145       - name: host-var-log-ovs
 146         hostPath:
 147           path: /var/log/openvswitch
 148       - name: host-var-log-corosync
 149         hostPath:
 150           path: /var/log/corosync
 151       - name: host-etc-corosync
 152         hostPath:
 153           path: /etc/corosync
 154       - name: dshm
 155         emptyDir:
 156           medium: Memory
 157
 158       tolerations:
 159       - operator: "Exists"