src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-master.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # ovnkube-master
   3 # daemonset version 3
   4 # starts master daemons, each in a separate container
   5 # it is run on the master(s)
   6 kind: Deployment
   7 apiVersion: apps/v1
   8 metadata:
   9   name: ovnkube-master
  10   # namespace set up by install
  11   namespace: ovn-kubernetes
  12   annotations:
  13     kubernetes.io/description: |
  14       This Deployment launches the ovn-kubernetes master networking components.
  15 spec:
  16   progressDeadlineSeconds: 600
  17   replicas: 1
  18   revisionHistoryLimit: 10
  19   selector:
  20     matchLabels:
  21       name: ovnkube-master
  22   strategy:
  23     rollingUpdate:
  24       maxSurge: 25%
  25       maxUnavailable: 25%
  26     type: RollingUpdate
  27   template:
  28     metadata:
  29       labels:
  30         name: ovnkube-master
  31         component: network
  32         type: infra
  33         kubernetes.io/os: "linux"
  34       annotations:
  35         scheduler.alpha.kubernetes.io/critical-pod: ''
  36     spec:
  37       # Requires fairly broad permissions - ability to read all services and network functions as well
  38       # as all pods.
  39       serviceAccountName: ovn
  40       hostNetwork: true
  41
  42       # required to be scheduled on a linux node with node-role.kubernetes.io/master label and
  43       # only one instance of ovnkube-master pod per node
  44       affinity:
  45         nodeAffinity:
  46           requiredDuringSchedulingIgnoredDuringExecution:
  47             nodeSelectorTerms:
  48               - matchExpressions:
  49                   - key: node-role.kubernetes.io/master
  50                     operator: In
  51                     values:
  52                       - ""
  53                   - key: kubernetes.io/os
  54                     operator: In
  55                     values:
  56                       - "linux"
  57         podAntiAffinity:
  58           requiredDuringSchedulingIgnoredDuringExecution:
  59             - labelSelector:
  60                 matchExpressions:
  61                   - key: name
  62                     operator: In
  63                     values:
  64                       - ovnkube-master
  65               topologyKey: kubernetes.io/hostname
  66
  67       containers:
  68       # ovn-northd - v3
  69       - name: ovn-northd
  70         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
  71         imagePullPolicy: "IfNotPresent"
  72
  73         command: ["/root/ovnkube.sh", "run-ovn-northd"]
  74
  75         securityContext:
  76           runAsUser: 0
  77           capabilities:
  78             add: ["SYS_NICE"]
  79
  80         terminationMessagePolicy: FallbackToLogsOnError
  81         volumeMounts:
  82         # Run directories where we need to be able to access sockets
  83         - mountPath: /var/run/dbus/
  84           name: host-var-run-dbus
  85           readOnly: true
  86         - mountPath: /var/log/openvswitch/
  87           name: host-var-log-ovs
  88         - mountPath: /var/log/ovn/
  89           name: host-var-log-ovs
  90         - mountPath: /var/run/openvswitch/
  91           name: host-var-run-ovs
  92         - mountPath: /var/run/ovn/
  93           name: host-var-run-ovs
  94         - mountPath: /ovn-cert
  95           name: host-ovn-cert
  96           readOnly: true
  97
  98         resources:
  99           requests:
 100             cpu: 100m
 101             memory: 300Mi
 102         env:
 103         - name: OVN_DAEMONSET_VERSION
 104           value: "3"
 105         - name: OVN_LOGLEVEL_NORTHD
 106           value: "-vconsole:info -vfile:info"
 107         - name: K8S_APISERVER
 108           valueFrom:
 109             configMapKeyRef:
 110               name: ovn-config
 111               key: k8s_apiserver
 112         - name: OVN_KUBERNETES_NAMESPACE
 113           valueFrom:
 114             fieldRef:
 115               fieldPath: metadata.namespace
 116         - name: OVN_SSL_ENABLE
 117           value: "no"
 118         readinessProbe:
 119           exec:
 120             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"]
 121           initialDelaySeconds: 30
 122           timeoutSeconds: 30
 123           periodSeconds: 60
 124       # end of container
 125
 126       - name: nbctl-daemon
 127         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 128         imagePullPolicy: "IfNotPresent"
 129
 130         command: ["/root/ovnkube.sh", "run-nbctld"]
 131
 132         securityContext:
 133           runAsUser: 0
 134
 135         terminationMessagePolicy: FallbackToLogsOnError
 136         volumeMounts:
 137         - mountPath: /var/log/openvswitch/
 138           name: host-var-log-ovs
 139         - mountPath: /var/log/ovn/
 140           name: host-var-log-ovs
 141         - mountPath: /var/run/openvswitch/
 142           name: host-var-run-ovs
 143         - mountPath: /var/run/ovn/
 144           name: host-var-run-ovs
 145         - mountPath: /ovn-cert
 146           name: host-ovn-cert
 147           readOnly: true
 148         resources:
 149           requests:
 150             cpu: 100m
 151             memory: 300Mi
 152         env:
 153         - name: OVN_DAEMONSET_VERSION
 154           value: "3"
 155         - name: OVN_LOGLEVEL_NBCTLD
 156           value: "-vconsole:info"
 157         - name: K8S_APISERVER
 158           valueFrom:
 159             configMapKeyRef:
 160               name: ovn-config
 161               key: k8s_apiserver
 162         - name: OVN_SSL_ENABLE
 163           value: "no"
 164
 165         readinessProbe:
 166           exec:
 167             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"]
 168           initialDelaySeconds: 30
 169           timeoutSeconds: 30
 170           periodSeconds: 60
 171       # end of container
 172
 173       - name: ovnkube-master
 174         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 175         imagePullPolicy: "IfNotPresent"
 176
 177         command: ["/root/ovnkube.sh", "ovn-master"]
 178
 179         securityContext:
 180           runAsUser: 0
 181
 182         terminationMessagePolicy: FallbackToLogsOnError
 183         volumeMounts:
 184         # Run directories where we need to be able to access sockets
 185         - mountPath: /var/run/dbus/
 186           name: host-var-run-dbus
 187           readOnly: true
 188         - mountPath: /var/log/ovn-kubernetes/
 189           name: host-var-log-ovnkube
 190         - mountPath: /var/run/openvswitch/
 191           name: host-var-run-ovs
 192         - mountPath: /var/run/ovn/
 193           name: host-var-run-ovs
 194         - mountPath: /ovn-cert
 195           name: host-ovn-cert
 196           readOnly: true
 197
 198         resources:
 199           requests:
 200             cpu: 100m
 201             memory: 300Mi
 202         env:
 203         - name: OVN_DAEMONSET_VERSION
 204           value: "3"
 205         - name: OVNKUBE_LOGLEVEL
 206           value: "4"
 207         - name: OVN_NET_CIDR
 208           valueFrom:
 209             configMapKeyRef:
 210               name: ovn-config
 211               key: net_cidr
 212         - name: OVN_SVC_CIDR
 213           valueFrom:
 214             configMapKeyRef:
 215               name: ovn-config
 216               key: svc_cidr
 217         - name: K8S_APISERVER
 218           valueFrom:
 219             configMapKeyRef:
 220               name: ovn-config
 221               key: k8s_apiserver
 222         - name: K8S_NODE
 223           valueFrom:
 224             fieldRef:
 225               fieldPath: spec.nodeName
 226         - name: OVN_KUBERNETES_NAMESPACE
 227           valueFrom:
 228             fieldRef:
 229               fieldPath: metadata.namespace
 230         - name: OVN_HYBRID_OVERLAY_ENABLE
 231           value: ""
 232         - name: OVN_HYBRID_OVERLAY_NET_CIDR
 233           value: ""
 234         - name: OVN_SSL_ENABLE
 235           value: "no"
 236       # end of container
 237
 238       volumes:
 239       # TODO: Need to check why we need this?
 240       - name: host-var-run-dbus
 241         hostPath:
 242           path: /var/run/dbus
 243       - name: host-var-log-ovs
 244         hostPath:
 245           path: /var/log/openvswitch
 246       - name: host-var-log-ovnkube
 247         hostPath:
 248           path: /var/log/ovn-kubernetes
 249       - name: host-var-run-ovs
 250         hostPath:
 251           path: /var/run/openvswitch
 252       - name: host-ovn-cert
 253         hostPath:
 254           path: /etc/ovn
 255           type: DirectoryOrCreate
 256       tolerations:
 257       - operator: "Exists"