src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-master.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 # ovnkube-master
   3 # daemonset version 3
   4 # starts master daemons, each in a separate container
   5 # it is run on the master node(s)
   6 kind: Deployment
   7 apiVersion: apps/v1
   8 metadata:
   9   name: ovnkube-master
  10   # namespace set up by install
  11   namespace: ovn-kubernetes
  12   annotations:
  13     kubernetes.io/description: |
  14       This daemonset launches the ovn-kubernetes networking components.
  15 spec:
  16   progressDeadlineSeconds: 600
  17   replicas: 1
  18   revisionHistoryLimit: 10
  19   selector:
  20     matchLabels:
  21       name: ovnkube-master
  22   strategy:
  23     rollingUpdate:
  24       maxSurge: 25%
  25       maxUnavailable: 25%
  26     type: RollingUpdate
  27   template:
  28     metadata:
  29       labels:
  30         name: ovnkube-master
  31         component: network
  32         type: infra
  33         openshift.io/component: network
  34         beta.kubernetes.io/os: "linux"
  35       annotations:
  36         scheduler.alpha.kubernetes.io/critical-pod: ''
  37     spec:
  38       # Requires fairly broad permissions - ability to read all services and network functions as well
  39       # as all pods.
  40       serviceAccountName: ovn
  41       hostNetwork: true
  42
  43       containers:
  44
  45       # run-ovn-northd - v3
  46       - name: run-ovn-northd
  47         image: "iecedge/ovn-daemonset:latest"
  48         imagePullPolicy: "IfNotPresent"
  49
  50         command: ["/root/ovnkube.sh", "run-ovn-northd"]
  51
  52         securityContext:
  53           runAsUser: 0
  54           capabilities:
  55             add: ["SYS_NICE"]
  56
  57         volumeMounts:
  58         # Run directories where we need to be able to access sockets
  59         - mountPath: /var/run/dbus/
  60           name: host-var-run-dbus
  61           readOnly: true
  62         - mountPath: /var/log/openvswitch/
  63           name: host-var-log-ovs
  64         - mountPath: /var/run/openvswitch/
  65           name: host-var-run-ovs
  66
  67         resources:
  68           requests:
  69             cpu: 100m
  70             memory: 300Mi
  71         env:
  72         - name: OVN_DAEMONSET_VERSION
  73           value: "3"
  74         - name: OVN_LOG_NORTHD
  75           value: "-vconsole:info"
  76         - name: OVN_NET_CIDR
  77           valueFrom:
  78             configMapKeyRef:
  79               name: ovn-config
  80               key: net_cidr
  81         - name: OVN_SVC_CIDR
  82           valueFrom:
  83             configMapKeyRef:
  84               name: ovn-config
  85               key: svc_cidr
  86         - name: K8S_APISERVER
  87           valueFrom:
  88             configMapKeyRef:
  89               name: ovn-config
  90               key: k8s_apiserver
  91         - name: K8S_NODE
  92           valueFrom:
  93             fieldRef:
  94               fieldPath: spec.nodeName
  95         - name: OVN_KUBERNETES_NAMESPACE
  96           valueFrom:
  97             fieldRef:
  98               fieldPath: metadata.namespace
  99         ports:
 100         - name: healthz
 101           containerPort: 10257
 102         # TODO: Temporarily disabled until we determine how to wait for clean default
 103         # config
 104         # livenessProbe:
 105         #   initialDelaySeconds: 10
 106         #   httpGet:
 107         #     path: /healthz
 108         #     port: 10257
 109         #     scheme: HTTP
 110         lifecycle:
 111       # end of container
 112
 113       - name: run-nbctld
 114         image: "iecedge/ovn-daemonset:latest"
 115         imagePullPolicy: "IfNotPresent"
 116
 117         command: ["/root/ovnkube.sh", "run-nbctld"]
 118
 119         securityContext:
 120           runAsUser: 0
 121
 122         volumeMounts:
 123         - mountPath: /var/log/openvswitch/
 124           name: host-var-log-ovs
 125         - mountPath: /var/run/openvswitch/
 126           name: host-var-run-ovs
 127
 128         resources:
 129           requests:
 130             cpu: 100m
 131             memory: 300Mi
 132         env:
 133         - name: OVN_DAEMONSET_VERSION
 134           value: "3"
 135         - name: K8S_APISERVER
 136           valueFrom:
 137             configMapKeyRef:
 138               name: ovn-config
 139               key: k8s_apiserver
 140
 141         ports:
 142         - name: healthz
 143           containerPort: 10260
 144         # TODO: Temporarily disabled until we determine how to wait for clean default
 145         # config
 146         # livenessProbe:
 147         #   initialDelaySeconds: 10
 148         #   httpGet:
 149         #     path: /healthz
 150         #     port: 10258
 151         #     scheme: HTTP
 152         lifecycle:
 153
 154       - name: ovnkube-master
 155         image: "iecedge/ovn-daemonset:latest"
 156         imagePullPolicy: "IfNotPresent"
 157
 158         command: ["/root/ovnkube.sh", "ovn-master"]
 159
 160         securityContext:
 161           runAsUser: 0
 162
 163         volumeMounts:
 164         # Run directories where we need to be able to access sockets
 165         - mountPath: /var/run/dbus/
 166           name: host-var-run-dbus
 167           readOnly: true
 168         - mountPath: /var/log/ovn-kubernetes/
 169           name: host-var-log-ovnkube
 170         - mountPath: /var/run/openvswitch/
 171           name: host-var-run-ovs
 172
 173         resources:
 174           requests:
 175             cpu: 100m
 176             memory: 300Mi
 177         env:
 178         - name: OVN_DAEMONSET_VERSION
 179           value: "3"
 180         - name: OVNKUBE_LOGLEVEL
 181           value: "4"
 182         - name: OVN_NET_CIDR
 183           valueFrom:
 184             configMapKeyRef:
 185               name: ovn-config
 186               key: net_cidr
 187         - name: OVN_SVC_CIDR
 188           valueFrom:
 189             configMapKeyRef:
 190               name: ovn-config
 191               key: svc_cidr
 192         - name: K8S_APISERVER
 193           valueFrom:
 194             configMapKeyRef:
 195               name: ovn-config
 196               key: k8s_apiserver
 197         - name: K8S_NODE
 198           valueFrom:
 199             fieldRef:
 200               fieldPath: spec.nodeName
 201         - name: OVN_KUBERNETES_NAMESPACE
 202           valueFrom:
 203             fieldRef:
 204               fieldPath: metadata.namespace
 205         ports:
 206         - name: healthz
 207           containerPort: 10254
 208         # TODO: Temporarily disabled until we determine how to wait for clean default
 209         # config
 210         # livenessProbe:
 211         #   initialDelaySeconds: 10
 212         #   httpGet:
 213         #     path: /healthz
 214         #     port: 10254
 215         #     scheme: HTTP
 216         lifecycle:
 217       # end of container
 218
 219       nodeSelector:
 220         node-role.kubernetes.io/master: ""
 221         beta.kubernetes.io/os: "linux"
 222       volumes:
 223       # TODO: Need to check why we need this?
 224       - name: host-var-run-dbus
 225         hostPath:
 226           path: /var/run/dbus
 227       - name: host-var-log-ovs
 228         hostPath:
 229           path: /var/log/openvswitch
 230       - name: host-var-log-ovnkube
 231         hostPath:
 232           path: /var/log/ovn-kubernetes
 233       - name: host-var-run-ovs
 234         hostPath:
 235           path: /var/run/openvswitch
 236       tolerations:
 237       - operator: "Exists"