src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # service to expose the ovnkube-db pod
   3 apiVersion: v1
   4 kind: Service
   5 metadata:
   6   name: ovnkube-db
   7   namespace: ovn-kubernetes
   8 spec:
   9   ports:
  10   - name: north
  11     port: 6641
  12     protocol: TCP
  13     targetPort: 6641
  14   - name: south
  15     port: 6642
  16     protocol: TCP
  17     targetPort: 6642
  18   sessionAffinity: None
  19   clusterIP: None
  20   type: ClusterIP
  21
  22 ---
  23
  24 # ovnkube-db
  25 # daemonset version 3
  26 # starts ovn NB/SB ovsdb daemons, each in a separate container
  27 # it is running on master for now, but does not need to be the case
  28 kind: Deployment
  29 apiVersion: apps/v1
  30 metadata:
  31   name: ovnkube-db
  32   # namespace set up by install
  33   namespace: ovn-kubernetes
  34   annotations:
  35     kubernetes.io/description: |
  36       This daemonset launches the OVN NB/SB ovsdb service components.
  37 spec:
  38   progressDeadlineSeconds: 600
  39   replicas: 1
  40   revisionHistoryLimit: 10
  41   selector:
  42     matchLabels:
  43       name: ovnkube-db
  44   strategy:
  45     rollingUpdate:
  46       maxSurge: 25%
  47       maxUnavailable: 25%
  48     type: RollingUpdate
  49   template:
  50     metadata:
  51       labels:
  52         name: ovnkube-db
  53         component: network
  54         type: infra
  55         kubernetes.io/os: "linux"
  56       annotations:
  57         scheduler.alpha.kubernetes.io/critical-pod: ''
  58     spec:
  59       # Requires fairly broad permissions - ability to read all services and network functions as well
  60       # as all pods.
  61       serviceAccountName: ovn
  62       hostNetwork: true
  63       containers:
  64       # firewall rules for ovn - assumed to be setup
  65       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6641 -j ACCEPT
  66       # iptables -A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m tcp --dport 6642 -j ACCEPT
  67
  68       # nb-ovsdb - v3
  69       - name: nb-ovsdb
  70         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
  71         imagePullPolicy: "IfNotPresent"
  72
  73         command: ["/root/ovnkube.sh", "nb-ovsdb"]
  74
  75         securityContext:
  76           runAsUser: 0
  77           capabilities:
  78             add: ["NET_ADMIN"]
  79
  80         terminationMessagePolicy: FallbackToLogsOnError
  81         volumeMounts:
  82         # ovn db is stored in the pod in /etc/openvswitch
  83         # (or in /etc/ovn if OVN from new repository is used)
  84         # and on the host in /var/lib/openvswitch/
  85         - mountPath: /etc/openvswitch/
  86           name: host-var-lib-ovs
  87         - mountPath: /etc/ovn/
  88           name: host-var-lib-ovs
  89         - mountPath: /var/log/openvswitch/
  90           name: host-var-log-ovs
  91         - mountPath: /var/log/ovn/
  92           name: host-var-log-ovs
  93         # for the iptables wrapper
  94         - mountPath: /host
  95           name: host-slash
  96           readOnly: true
  97         - mountPath: /ovn-cert
  98           name: host-ovn-cert
  99           readOnly: true
 100
 101         resources:
 102           requests:
 103             cpu: 100m
 104             memory: 300Mi
 105         env:
 106         - name: OVN_DAEMONSET_VERSION
 107           value: "3"
 108         - name: OVN_LOGLEVEL_NB
 109           value: "-vconsole:info -vfile:info"
 110         - name: K8S_APISERVER
 111           valueFrom:
 112             configMapKeyRef:
 113               name: ovn-config
 114               key: k8s_apiserver
 115         - name: OVN_KUBERNETES_NAMESPACE
 116           valueFrom:
 117             fieldRef:
 118               fieldPath: metadata.namespace
 119         - name: K8S_NODE_IP
 120           valueFrom:
 121             fieldRef:
 122               fieldPath: status.hostIP
 123         - name: OVN_SSL_ENABLE
 124           value: "no"
 125         readinessProbe:
 126           exec:
 127             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db"]
 128           initialDelaySeconds: 30
 129           timeoutSeconds: 30
 130           periodSeconds: 60
 131       # end of container
 132
 133       # sb-ovsdb - v3
 134       - name: sb-ovsdb
 135         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 136         imagePullPolicy: "IfNotPresent"
 137
 138         command: ["/root/ovnkube.sh", "sb-ovsdb"]
 139
 140         securityContext:
 141           runAsUser: 0
 142           capabilities:
 143             add: ["NET_ADMIN"]
 144
 145         terminationMessagePolicy: FallbackToLogsOnError
 146         volumeMounts:
 147         # ovn db is stored in the pod in /etc/openvswitch
 148         # (or in /etc/ovn if OVN from new repository is used)
 149         # and on the host in /var/lib/openvswitch/
 150         - mountPath: /etc/openvswitch/
 151           name: host-var-lib-ovs
 152         - mountPath: /etc/ovn/
 153           name: host-var-lib-ovs
 154         - mountPath: /var/log/openvswitch/
 155           name: host-var-log-ovs
 156         - mountPath: /var/log/ovn/
 157           name: host-var-log-ovs
 158         # for the iptables wrapper
 159         - mountPath: /host
 160           name: host-slash
 161           readOnly: true
 162         - mountPath: /ovn-cert
 163           name: host-ovn-cert
 164           readOnly: true
 165
 166         resources:
 167           requests:
 168             cpu: 100m
 169             memory: 300Mi
 170         env:
 171         - name: OVN_DAEMONSET_VERSION
 172           value: "3"
 173         - name: OVN_LOGLEVEL_SB
 174           value: "-vconsole:info -vfile:info"
 175         - name: K8S_APISERVER
 176           valueFrom:
 177             configMapKeyRef:
 178               name: ovn-config
 179               key: k8s_apiserver
 180         - name: OVN_KUBERNETES_NAMESPACE
 181           valueFrom:
 182             fieldRef:
 183               fieldPath: metadata.namespace
 184         - name: K8S_NODE_IP
 185           valueFrom:
 186             fieldRef:
 187               fieldPath: status.hostIP
 188         - name: OVN_SSL_ENABLE
 189           value: "no"
 190         readinessProbe:
 191           exec:
 192             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db"]
 193           initialDelaySeconds: 30
 194           timeoutSeconds: 30
 195           periodSeconds: 60
 196
 197       # end of container
 198
 199       nodeSelector:
 200         node-role.kubernetes.io/master: ""
 201         kubernetes.io/os: "linux"
 202       volumes:
 203       - name: host-var-lib-ovs
 204         hostPath:
 205           path: /var/lib/openvswitch
 206       - name: host-var-log-ovs
 207         hostPath:
 208           path: /var/log/openvswitch
 209       - name: host-slash
 210         hostPath:
 211           path: /
 212       - name: host-ovn-cert
 213         hostPath:
 214           path: /etc/ovn
 215           type: DirectoryOrCreate
 216       tolerations:
 217       - operator: "Exists"