Upgrade ovn-kubernetes CNI to latest release
[iec.git] / src / foundation / scripts / cni / ovn-kubernetes / yaml / ovnkube-master.yaml
1 # yamllint disable rule:hyphens rule:commas rule:indentation
2 # ovnkube-master
3 # daemonset version 3
4 # starts master daemons, each in a separate container
5 # it is run on the master(s)
6 kind: Deployment
7 apiVersion: apps/v1
8 metadata:
9   name: ovnkube-master
10   # namespace set up by install
11   namespace: ovn-kubernetes
12   annotations:
13     kubernetes.io/description: |
14       This Deployment launches the ovn-kubernetes master networking components.
15 spec:
16   progressDeadlineSeconds: 600
17   replicas: 1
18   revisionHistoryLimit: 10
19   selector:
20     matchLabels:
21       name: ovnkube-master
22   strategy:
23     rollingUpdate:
24       maxSurge: 25%
25       maxUnavailable: 25%
26     type: RollingUpdate
27   template:
28     metadata:
29       labels:
30         name: ovnkube-master
31         component: network
32         type: infra
33         kubernetes.io/os: "linux"
34       annotations:
35         scheduler.alpha.kubernetes.io/critical-pod: ''
36     spec:
37       # Requires fairly broad permissions - ability to read all services and network functions as well
38       # as all pods.
39       serviceAccountName: ovn
40       hostNetwork: true
41
42       # required to be scheduled on a linux node with node-role.kubernetes.io/master label and
43       # only one instance of ovnkube-master pod per node
44       affinity:
45         nodeAffinity:
46           requiredDuringSchedulingIgnoredDuringExecution:
47             nodeSelectorTerms:
48               - matchExpressions:
49                   - key: node-role.kubernetes.io/master
50                     operator: In
51                     values:
52                       - ""
53                   - key: kubernetes.io/os
54                     operator: In
55                     values:
56                       - "linux"
57         podAntiAffinity:
58           requiredDuringSchedulingIgnoredDuringExecution:
59             - labelSelector:
60                 matchExpressions:
61                   - key: name
62                     operator: In
63                     values:
64                       - ovnkube-master
65               topologyKey: kubernetes.io/hostname
66
67       containers:
68       # ovn-northd - v3
69       - name: ovn-northd
70         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
71         imagePullPolicy: "IfNotPresent"
72
73         command: ["/root/ovnkube.sh", "run-ovn-northd"]
74
75         securityContext:
76           runAsUser: 0
77           capabilities:
78             add: ["SYS_NICE"]
79
80         terminationMessagePolicy: FallbackToLogsOnError
81         volumeMounts:
82         # Run directories where we need to be able to access sockets
83         - mountPath: /var/run/dbus/
84           name: host-var-run-dbus
85           readOnly: true
86         - mountPath: /var/log/openvswitch/
87           name: host-var-log-ovs
88         - mountPath: /var/log/ovn/
89           name: host-var-log-ovs
90         - mountPath: /var/run/openvswitch/
91           name: host-var-run-ovs
92         - mountPath: /var/run/ovn/
93           name: host-var-run-ovs
94         - mountPath: /ovn-cert
95           name: host-ovn-cert
96           readOnly: true
97
98         resources:
99           requests:
100             cpu: 100m
101             memory: 300Mi
102         env:
103         - name: OVN_DAEMONSET_VERSION
104           value: "3"
105         - name: OVN_LOGLEVEL_NORTHD
106           value: "-vconsole:info -vfile:info"
107         - name: K8S_APISERVER
108           valueFrom:
109             configMapKeyRef:
110               name: ovn-config
111               key: k8s_apiserver
112         - name: OVN_KUBERNETES_NAMESPACE
113           valueFrom:
114             fieldRef:
115               fieldPath: metadata.namespace
116         - name: OVN_SSL_ENABLE
117           value: "no"
118         readinessProbe:
119           exec:
120             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"]
121           initialDelaySeconds: 30
122           timeoutSeconds: 30
123           periodSeconds: 60
124       # end of container
125
126       - name: nbctl-daemon
127         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
128         imagePullPolicy: "IfNotPresent"
129
130         command: ["/root/ovnkube.sh", "run-nbctld"]
131
132         securityContext:
133           runAsUser: 0
134
135         terminationMessagePolicy: FallbackToLogsOnError
136         volumeMounts:
137         - mountPath: /var/log/openvswitch/
138           name: host-var-log-ovs
139         - mountPath: /var/log/ovn/
140           name: host-var-log-ovs
141         - mountPath: /var/run/openvswitch/
142           name: host-var-run-ovs
143         - mountPath: /var/run/ovn/
144           name: host-var-run-ovs
145         - mountPath: /ovn-cert
146           name: host-ovn-cert
147           readOnly: true
148         resources:
149           requests:
150             cpu: 100m
151             memory: 300Mi
152         env:
153         - name: OVN_DAEMONSET_VERSION
154           value: "3"
155         - name: OVN_LOGLEVEL_NBCTLD
156           value: "-vconsole:info"
157         - name: K8S_APISERVER
158           valueFrom:
159             configMapKeyRef:
160               name: ovn-config
161               key: k8s_apiserver
162         - name: OVN_SSL_ENABLE
163           value: "no"
164
165         readinessProbe:
166           exec:
167             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"]
168           initialDelaySeconds: 30
169           timeoutSeconds: 30
170           periodSeconds: 60
171       # end of container
172
173       - name: ovnkube-master
174         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
175         imagePullPolicy: "IfNotPresent"
176
177         command: ["/root/ovnkube.sh", "ovn-master"]
178
179         securityContext:
180           runAsUser: 0
181
182         terminationMessagePolicy: FallbackToLogsOnError
183         volumeMounts:
184         # Run directories where we need to be able to access sockets
185         - mountPath: /var/run/dbus/
186           name: host-var-run-dbus
187           readOnly: true
188         - mountPath: /var/log/ovn-kubernetes/
189           name: host-var-log-ovnkube
190         - mountPath: /var/run/openvswitch/
191           name: host-var-run-ovs
192         - mountPath: /var/run/ovn/
193           name: host-var-run-ovs
194         - mountPath: /ovn-cert
195           name: host-ovn-cert
196           readOnly: true
197
198         resources:
199           requests:
200             cpu: 100m
201             memory: 300Mi
202         env:
203         - name: OVN_DAEMONSET_VERSION
204           value: "3"
205         - name: OVNKUBE_LOGLEVEL
206           value: "4"
207         - name: OVN_NET_CIDR
208           valueFrom:
209             configMapKeyRef:
210               name: ovn-config
211               key: net_cidr
212         - name: OVN_SVC_CIDR
213           valueFrom:
214             configMapKeyRef:
215               name: ovn-config
216               key: svc_cidr
217         - name: K8S_APISERVER
218           valueFrom:
219             configMapKeyRef:
220               name: ovn-config
221               key: k8s_apiserver
222         - name: K8S_NODE
223           valueFrom:
224             fieldRef:
225               fieldPath: spec.nodeName
226         - name: OVN_KUBERNETES_NAMESPACE
227           valueFrom:
228             fieldRef:
229               fieldPath: metadata.namespace
230         - name: OVN_HYBRID_OVERLAY_ENABLE
231           value: ""
232         - name: OVN_HYBRID_OVERLAY_NET_CIDR
233           value: ""
234         - name: OVN_SSL_ENABLE
235           value: "no"
236       # end of container
237
238       volumes:
239       # TODO: Need to check why we need this?
240       - name: host-var-run-dbus
241         hostPath:
242           path: /var/run/dbus
243       - name: host-var-log-ovs
244         hostPath:
245           path: /var/log/openvswitch
246       - name: host-var-log-ovnkube
247         hostPath:
248           path: /var/log/ovn-kubernetes
249       - name: host-var-run-ovs
250         hostPath:
251           path: /var/run/openvswitch
252       - name: host-ovn-cert
253         hostPath:
254           path: /etc/ovn
255           type: DirectoryOrCreate
256       tolerations:
257       - operator: "Exists"