src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-node.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 ---
   3 # ovnkube-node
   4 # daemonset version 3
   5 # starts node daemons for ovs and ovn, each in a separate container
   6 # it is run on all nodes
   7 kind: DaemonSet
   8 apiVersion: apps/v1
   9 metadata:
  10   name: ovnkube-node
  11   # namespace set up by install
  12   namespace: ovn-kubernetes
  13   annotations:
  14     kubernetes.io/description: |
  15       This daemonset launches the ovn-kubernetes networking components.
  16 spec:
  17   selector:
  18     matchLabels:
  19       app: ovnkube-node
  20   updateStrategy:
  21     type: RollingUpdate
  22   template:
  23     metadata:
  24       labels:
  25         app: ovnkube-node
  26         component: network
  27         type: infra
  28         openshift.io/component: network
  29         beta.kubernetes.io/os: "linux"
  30       annotations:
  31         scheduler.alpha.kubernetes.io/critical-pod: ''
  32     spec:
  33       # Requires fairly broad permissions - ability to read all services and network functions as well
  34       # as all pods.
  35       serviceAccountName: ovn
  36       hostNetwork: true
  37       hostPID: true
  38       containers:
  39
  40       # ovsdb-server and ovs-switchd daemons
  41       - name: ovs-daemons
  42         image: "iecedge/ovn-daemonset:latest"
  43         imagePullPolicy: "IfNotPresent"
  44
  45         command: ["/root/ovnkube.sh", "ovs-server"]
  46
  47         livenessProbe:
  48           exec:
  49             command:
  50             - /usr/share/openvswitch/scripts/ovs-ctl
  51             - status
  52           initialDelaySeconds: 15
  53           periodSeconds: 5
  54
  55         securityContext:
  56           runAsUser: 0
  57           # Permission could be reduced by selecting an appropriate SELinux policy
  58           privileged: true
  59
  60         volumeMounts:
  61         - mountPath: /lib/modules
  62           name: host-modules
  63           readOnly: true
  64         - mountPath: /run/openvswitch
  65           name: host-run-ovs
  66         - mountPath: /var/run/openvswitch
  67           name: host-var-run-ovs
  68         - mountPath: /sys
  69           name: host-sys
  70           readOnly: true
  71         - mountPath: /etc/openvswitch
  72           name: host-config-openvswitch
  73         resources:
  74           requests:
  75             cpu: 100m
  76             memory: 300Mi
  77           limits:
  78             cpu: 200m
  79             memory: 400Mi
  80         env:
  81         - name: OVN_DAEMONSET_VERSION
  82           value: "3"
  83         - name: K8S_APISERVER
  84           valueFrom:
  85             configMapKeyRef:
  86               name: ovn-config
  87               key: k8s_apiserver
  88         lifecycle:
  89           preStop:
  90             exec:
  91               command: ["/root/ovnkube.sh", "cleanup-ovs-server"]
  92
  93       - name: ovn-controller
  94         image: "iecedge/ovn-daemonset:latest"
  95         imagePullPolicy: "IfNotPresent"
  96
  97         command: ["/root/ovnkube.sh", "ovn-controller"]
  98
  99         securityContext:
 100           runAsUser: 0
 101           capabilities:
 102             add: ["SYS_NICE"]
 103
 104         volumeMounts:
 105         - mountPath: /var/run/dbus/
 106           name: host-var-run-dbus
 107           readOnly: true
 108         - mountPath: /var/log/openvswitch/
 109           name: host-var-log-ovs
 110         - mountPath: /var/run/openvswitch/
 111           name: host-var-run-ovs
 112
 113         resources:
 114           requests:
 115             cpu: 100m
 116             memory: 300Mi
 117         env:
 118         - name: OVN_DAEMONSET_VERSION
 119           value: "3"
 120         - name: OVNKUBE_LOGLEVEL
 121           value: "4"
 122         - name: OVN_NET_CIDR
 123           valueFrom:
 124             configMapKeyRef:
 125               name: ovn-config
 126               key: net_cidr
 127         - name: OVN_SVC_CIDR
 128           valueFrom:
 129             configMapKeyRef:
 130               name: ovn-config
 131               key: svc_cidr
 132         - name: K8S_APISERVER
 133           valueFrom:
 134             configMapKeyRef:
 135               name: ovn-config
 136               key: k8s_apiserver
 137         - name: K8S_NODE
 138           valueFrom:
 139             fieldRef:
 140               fieldPath: spec.nodeName
 141         - name: OVN_KUBERNETES_NAMESPACE
 142           valueFrom:
 143             fieldRef:
 144               fieldPath: metadata.namespace
 145
 146         ports:
 147         - name: healthz
 148           containerPort: 10258
 149         # TODO: Temporarily disabled until we determine how to wait for clean default
 150         # config
 151         # livenessProbe:
 152         #   initialDelaySeconds: 10
 153         #   httpGet:
 154         #     path: /healthz
 155         #     port: 10258
 156         #     scheme: HTTP
 157         lifecycle:
 158
 159       - name: ovnkube-node
 160         image: "iecedge/ovn-daemonset:latest"
 161         imagePullPolicy: "IfNotPresent"
 162
 163         command: ["/root/ovnkube.sh", "ovn-node"]
 164
 165         securityContext:
 166           runAsUser: 0
 167           capabilities:
 168             add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
 169
 170         volumeMounts:
 171         - mountPath: /var/run/dbus/
 172           name: host-var-run-dbus
 173           readOnly: true
 174         - mountPath: /var/log/ovn-kubernetes/
 175           name: host-var-log-ovnkube
 176         - mountPath: /var/run/openvswitch/
 177           name: host-var-run-ovs
 178         # We mount our socket here
 179         - mountPath: /var/run/ovn-kubernetes
 180           name: host-var-run-ovn-kubernetes
 181         # CNI related mounts which we take over
 182         - mountPath: /opt/cni/bin
 183           name: host-opt-cni-bin
 184         - mountPath: /etc/cni/net.d
 185           name: host-etc-cni-netd
 186
 187         resources:
 188           requests:
 189             cpu: 100m
 190             memory: 300Mi
 191         env:
 192         - name: OVN_DAEMONSET_VERSION
 193           value: "3"
 194         - name: OVNKUBE_LOGLEVEL
 195           value: "5"
 196         - name: OVN_NET_CIDR
 197           valueFrom:
 198             configMapKeyRef:
 199               name: ovn-config
 200               key: net_cidr
 201         - name: OVN_SVC_CIDR
 202           valueFrom:
 203             configMapKeyRef:
 204               name: ovn-config
 205               key: svc_cidr
 206         - name: K8S_APISERVER
 207           valueFrom:
 208             configMapKeyRef:
 209               name: ovn-config
 210               key: k8s_apiserver
 211         - name: K8S_NODE
 212           valueFrom:
 213             fieldRef:
 214               fieldPath: spec.nodeName
 215         - name: OVN_GATEWAY_MODE
 216           value: "local"
 217         - name: OVN_GATEWAY_OPTS
 218           value: ""
 219
 220         ports:
 221         - name: healthz
 222           containerPort: 10259
 223         # TODO: Temporarily disabled until we determine how to wait for clean default
 224         # config
 225         # livenessProbe:
 226         #   initialDelaySeconds: 10
 227         #   httpGet:
 228         #     path: /healthz
 229         #     port: 10259
 230         #     scheme: HTTP
 231         lifecycle:
 232           preStop:
 233             exec:
 234               command: ["/root/ovnkube.sh", "cleanup-ovn-node"]
 235
 236       nodeSelector:
 237         beta.kubernetes.io/os: "linux"
 238       volumes:
 239       - name: host-modules
 240         hostPath:
 241           path: /lib/modules
 242
 243       - name: host-var-run-dbus
 244         hostPath:
 245           path: /var/run/dbus
 246       - name: host-var-log-ovs
 247         hostPath:
 248           path: /var/log/openvswitch
 249       - name: host-var-log-ovnkube
 250         hostPath:
 251           path: /var/log/ovn-kubernetes
 252       - name: host-run-ovs
 253         hostPath:
 254           path: /run/openvswitch
 255       - name: host-var-run-ovs
 256         hostPath:
 257           path: /var/run/openvswitch
 258       - name: host-var-run-ovn-kubernetes
 259         hostPath:
 260           path: /var/run/ovn-kubernetes
 261       - name: host-sys
 262         hostPath:
 263           path: /sys
 264       - name: host-opt-cni-bin
 265         hostPath:
 266           path: /opt/cni/bin
 267       - name: host-etc-cni-netd
 268         hostPath:
 269           path: /etc/cni/net.d
 270       - name: host-config-openvswitch
 271         hostPath:
 272           path: /etc/origin/openvswitch
 273       tolerations:
 274       - operator: "Exists"