src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # ovnkube-db
   3 # daemonset version 3
   4 # starts ovn NB/SB ovsdb daemons, each in a separate container
   5 # it is running on master node for now, but does not need to be the case
   6 kind: Deployment
   7 apiVersion: apps/v1
   8 metadata:
   9   name: ovnkube-db
  10   # namespace set up by install
  11   namespace: ovn-kubernetes
  12   annotations:
  13     kubernetes.io/description: |
  14       This daemonset launches the OVN NB/SB ovsdb service components.
  15 spec:
  16   progressDeadlineSeconds: 600
  17   replicas: 1
  18   revisionHistoryLimit: 10
  19   selector:
  20     matchLabels:
  21       name: ovnkube-db
  22   strategy:
  23     rollingUpdate:
  24       maxSurge: 25%
  25       maxUnavailable: 25%
  26     type: RollingUpdate
  27   template:
  28     metadata:
  29       labels:
  30         name: ovnkube-db
  31         component: network
  32         type: infra
  33         openshift.io/component: network
  34         beta.kubernetes.io/os: "linux"
  35       annotations:
  36         scheduler.alpha.kubernetes.io/critical-pod: ''
  37     spec:
  38       # Requires fairly broad permissions - ability to read all services and network functions as well
  39       # as all pods.
  40       serviceAccountName: ovn
  41       hostNetwork: true
  42       containers:
  43       # firewall rules for ovn - assumed to be setup
  44       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT
  45       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT
  46
  47       # nb-ovsdb - v3
  48       - name: nb-ovsdb
  49         image: "iecedge/ovn-daemonset:latest"
  50         imagePullPolicy: "IfNotPresent"
  51
  52         command: ["/root/ovnkube.sh", "nb-ovsdb"]
  53
  54         securityContext:
  55           runAsUser: 0
  56           capabilities:
  57             add: ["NET_ADMIN"]
  58
  59         volumeMounts:
  60         # ovn db is stored in the pod in /etc/openvswitch
  61         # and on the host in /var/lib/openvswitch/
  62         - mountPath: /etc/openvswitch/
  63           name: host-var-lib-ovs
  64         - mountPath: /var/log/openvswitch/
  65           name: host-var-log-ovs
  66
  67         resources:
  68           requests:
  69             cpu: 100m
  70             memory: 300Mi
  71         env:
  72         - name: OVN_DAEMONSET_VERSION
  73           value: "3"
  74         - name: OVN_LOG_NB
  75           value: "-vconsole:info -vfile:info"
  76         - name: K8S_APISERVER
  77           valueFrom:
  78             configMapKeyRef:
  79               name: ovn-config
  80               key: k8s_apiserver
  81         - name: OVN_KUBERNETES_NAMESPACE
  82           valueFrom:
  83             fieldRef:
  84               fieldPath: metadata.namespace
  85         ports:
  86         - name: healthz
  87           containerPort: 10256
  88         # TODO: Temporarily disabled until we determine how to wait for clean default
  89         # config
  90         # livenessProbe:
  91         #   initialDelaySeconds: 10
  92         #   httpGet:
  93         #     path: /healthz
  94         #     port: 10256
  95         #     scheme: HTTP
  96         lifecycle:
  97       # end of container
  98
  99       # sb-ovsdb - v3
 100       - name: sb-ovsdb
 101         image: "iecedge/ovn-daemonset:latest"
 102         imagePullPolicy: "IfNotPresent"
 103
 104         command: ["/root/ovnkube.sh", "sb-ovsdb"]
 105
 106         securityContext:
 107           runAsUser: 0
 108           capabilities:
 109             add: ["NET_ADMIN"]
 110
 111         volumeMounts:
 112         # ovn db is stored in the pod in /etc/openvswitch
 113         # and on the host in /var/lib/openvswitch/
 114         - mountPath: /etc/openvswitch/
 115           name: host-var-lib-ovs
 116         - mountPath: /var/log/openvswitch/
 117           name: host-var-log-ovs
 118
 119         resources:
 120           requests:
 121             cpu: 100m
 122             memory: 300Mi
 123         env:
 124         - name: OVN_DAEMONSET_VERSION
 125           value: "3"
 126         - name: OVN_LOG_SB
 127           value: "-vconsole:info -vfile:info"
 128         - name: K8S_APISERVER
 129           valueFrom:
 130             configMapKeyRef:
 131               name: ovn-config
 132               key: k8s_apiserver
 133         - name: OVN_KUBERNETES_NAMESPACE
 134           valueFrom:
 135             fieldRef:
 136               fieldPath: metadata.namespace
 137         ports:
 138         - name: healthz
 139           containerPort: 10255
 140         # TODO: Temporarily disabled until we determine how to wait for clean default
 141         # config
 142         # livenessProbe:
 143         #   initialDelaySeconds: 10
 144         #   httpGet:
 145         #     path: /healthz
 146         #     port: 10255
 147         #     scheme: HTTP
 148         lifecycle:
 149       # end of container
 150
 151       nodeSelector:
 152         node-role.kubernetes.io/master: ""
 153         beta.kubernetes.io/os: "linux"
 154       volumes:
 155       - name: host-var-lib-ovs
 156         hostPath:
 157           path: /var/lib/openvswitch
 158       - name: host-var-log-ovs
 159         hostPath:
 160           path: /var/log/openvswitch
 161       tolerations:
 162       - operator: "Exists"