src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-node.yaml

   1 # yamllint disable rule:hyphens rule:commas rule:indentation
   2 ---
   3 # ovnkube-node
   4 # daemonset version 3
   5 # starts node daemons for ovs and ovn, each in a separate container
   6 # it is run on all nodes
   7 kind: DaemonSet
   8 apiVersion: apps/v1
   9 metadata:
  10   name: ovnkube-node
  11   # namespace set up by install
  12   namespace: ovn-kubernetes
  13   annotations:
  14     kubernetes.io/description: |
  15       This DaemonSet launches the ovn-kubernetes networking components for worker nodes.
  16 spec:
  17   selector:
  18     matchLabels:
  19       app: ovnkube-node
  20   updateStrategy:
  21     type: RollingUpdate
  22   template:
  23     metadata:
  24       labels:
  25         app: ovnkube-node
  26         name: ovnkube-node
  27         component: network
  28         type: infra
  29         kubernetes.io/os: "linux"
  30       annotations:
  31         scheduler.alpha.kubernetes.io/critical-pod: ''
  32     spec:
  33       # Requires fairly broad permissions - ability to read all services and network functions as well
  34       # as all pods.
  35       serviceAccountName: ovn
  36       hostNetwork: true
  37       hostPID: true
  38       containers:
  39
  40       # ovsdb-server and ovs-switchd daemons
  41       - name: ovs-daemons
  42         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
  43         imagePullPolicy: "IfNotPresent"
  44
  45         command: ["/root/ovnkube.sh", "ovs-server"]
  46
  47         livenessProbe:
  48           exec:
  49             command:
  50             - /usr/share/openvswitch/scripts/ovs-ctl
  51             - status
  52           initialDelaySeconds: 30
  53           timeoutSeconds: 30
  54           periodSeconds: 60
  55         readinessProbe:
  56           exec:
  57             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovs-daemons"]
  58           initialDelaySeconds: 30
  59           timeoutSeconds: 30
  60           periodSeconds: 60
  61
  62         securityContext:
  63           runAsUser: 0
  64           # Permission could be reduced by selecting an appropriate SELinux policy
  65           privileged: true
  66
  67         terminationMessagePolicy: FallbackToLogsOnError
  68         volumeMounts:
  69         - mountPath: /lib/modules
  70           name: host-modules
  71           readOnly: true
  72         - mountPath: /run/openvswitch
  73           name: host-run-ovs
  74         - mountPath: /var/run/openvswitch
  75           name: host-var-run-ovs
  76         - mountPath: /sys
  77           name: host-sys
  78           readOnly: true
  79         - mountPath: /etc/openvswitch
  80           name: host-config-openvswitch
  81         resources:
  82           requests:
  83             cpu: 100m
  84             memory: 300Mi
  85           limits:
  86             cpu: 200m
  87             memory: 400Mi
  88         env:
  89         - name: OVN_DAEMONSET_VERSION
  90           value: "3"
  91         - name: K8S_APISERVER
  92           valueFrom:
  93             configMapKeyRef:
  94               name: ovn-config
  95               key: k8s_apiserver
  96         lifecycle:
  97           preStop:
  98             exec:
  99               command: ["/root/ovnkube.sh", "cleanup-ovs-server"]
 100
 101       - name: ovn-controller
 102         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 103         imagePullPolicy: "IfNotPresent"
 104
 105         command: ["/root/ovnkube.sh", "ovn-controller"]
 106
 107         securityContext:
 108           runAsUser: 0
 109           capabilities:
 110             add: ["SYS_NICE"]
 111
 112         terminationMessagePolicy: FallbackToLogsOnError
 113         volumeMounts:
 114         - mountPath: /var/run/dbus/
 115           name: host-var-run-dbus
 116           readOnly: true
 117         - mountPath: /var/log/openvswitch/
 118           name: host-var-log-ovs
 119         - mountPath: /var/log/ovn/
 120           name: host-var-log-ovs
 121         - mountPath: /var/run/openvswitch/
 122           name: host-var-run-ovs
 123         - mountPath: /var/run/ovn/
 124           name: host-var-run-ovs
 125         - mountPath: /ovn-cert
 126           name: host-ovn-cert
 127           readOnly: true
 128
 129         resources:
 130           requests:
 131             cpu: 100m
 132             memory: 300Mi
 133         env:
 134         - name: OVN_DAEMONSET_VERSION
 135           value: "3"
 136         - name: OVN_LOG_CONTROLLER
 137           value: "-vconsole:info"
 138         - name: K8S_APISERVER
 139           valueFrom:
 140             configMapKeyRef:
 141               name: ovn-config
 142               key: k8s_apiserver
 143         - name: OVN_KUBERNETES_NAMESPACE
 144           valueFrom:
 145             fieldRef:
 146               fieldPath: metadata.namespace
 147         - name: OVN_SSL_ENABLE
 148           value: "no"
 149
 150         readinessProbe:
 151           exec:
 152             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-controller"]
 153           initialDelaySeconds: 30
 154           timeoutSeconds: 30
 155           periodSeconds: 60
 156
 157       - name: ovnkube-node
 158         image: "iecedge/ovn-daemonset-ubuntu:2020-04-16"
 159         imagePullPolicy: "IfNotPresent"
 160
 161         command: ["/root/ovnkube.sh", "ovn-node"]
 162
 163         securityContext:
 164           runAsUser: 0
 165           capabilities:
 166             add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
 167
 168
 169         terminationMessagePolicy: FallbackToLogsOnError
 170         volumeMounts:
 171         # for the iptables wrapper
 172         - mountPath: /host
 173           name: host-slash
 174           readOnly: true
 175         - mountPath: /var/run/dbus/
 176           name: host-var-run-dbus
 177           readOnly: true
 178         - mountPath: /var/log/ovn-kubernetes/
 179           name: host-var-log-ovnkube
 180         - mountPath: /var/run/openvswitch/
 181           name: host-var-run-ovs
 182         - mountPath: /var/run/ovn/
 183           name: host-var-run-ovs
 184         # We mount our socket here
 185         - mountPath: /var/run/ovn-kubernetes
 186           name: host-var-run-ovn-kubernetes
 187         # CNI related mounts which we take over
 188         - mountPath: /opt/cni/bin
 189           name: host-opt-cni-bin
 190         - mountPath: /etc/cni/net.d
 191           name: host-etc-cni-netd
 192         - mountPath: /ovn-cert
 193           name: host-ovn-cert
 194           readOnly: true
 195
 196
 197         resources:
 198           requests:
 199             cpu: 100m
 200             memory: 300Mi
 201         env:
 202         - name: OVN_DAEMONSET_VERSION
 203           value: "3"
 204         - name: OVNKUBE_LOGLEVEL
 205           value: "4"
 206         - name: OVN_NET_CIDR
 207           valueFrom:
 208             configMapKeyRef:
 209               name: ovn-config
 210               key: net_cidr
 211         - name: OVN_SVC_CIDR
 212           valueFrom:
 213             configMapKeyRef:
 214               name: ovn-config
 215               key: svc_cidr
 216         - name: K8S_APISERVER
 217           valueFrom:
 218             configMapKeyRef:
 219               name: ovn-config
 220               key: k8s_apiserver
 221         - name: OVN_MTU
 222           valueFrom:
 223             configMapKeyRef:
 224               name: ovn-config
 225               key: mtu
 226         - name: K8S_NODE
 227           valueFrom:
 228             fieldRef:
 229               fieldPath: spec.nodeName
 230         - name: OVN_GATEWAY_MODE
 231           value: "local"
 232         - name: OVN_GATEWAY_OPTS
 233           value: ""
 234         - name: OVN_HYBRID_OVERLAY_ENABLE
 235           value: ""
 236         - name: OVN_HYBRID_OVERLAY_NET_CIDR
 237           value: ""
 238         - name: OVN_SSL_ENABLE
 239           value: "no"
 240
 241         lifecycle:
 242           preStop:
 243             exec:
 244               command: ["/root/ovnkube.sh", "cleanup-ovn-node"]
 245         readinessProbe:
 246           exec:
 247             command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnkube-node"]
 248           initialDelaySeconds: 30
 249           timeoutSeconds: 30
 250           periodSeconds: 60
 251
 252       nodeSelector:
 253         kubernetes.io/os: "linux"
 254       volumes:
 255       - name: host-modules
 256         hostPath:
 257           path: /lib/modules
 258
 259       - name: host-var-run-dbus
 260         hostPath:
 261           path: /var/run/dbus
 262       - name: host-var-log-ovs
 263         hostPath:
 264           path: /var/log/openvswitch
 265       - name: host-var-log-ovnkube
 266         hostPath:
 267           path: /var/log/ovn-kubernetes
 268       - name: host-run-ovs
 269         hostPath:
 270           path: /run/openvswitch
 271       - name: host-var-run-ovs
 272         hostPath:
 273           path: /var/run/openvswitch
 274       - name: host-var-run-ovn-kubernetes
 275         hostPath:
 276           path: /var/run/ovn-kubernetes
 277       - name: host-sys
 278         hostPath:
 279           path: /sys
 280       - name: host-opt-cni-bin
 281         hostPath:
 282           path: /opt/cni/bin
 283       - name: host-etc-cni-netd
 284         hostPath:
 285           path: /etc/cni/net.d
 286       - name: host-ovn-cert
 287         hostPath:
 288           path: /etc/ovn
 289           type: DirectoryOrCreate
 290       - name: host-slash
 291         hostPath:
 292           path: /
 293       - name: host-config-openvswitch
 294         hostPath:
 295           path: /etc/origin/openvswitch
 296
 297
 298       tolerations:
 299       - operator: "Exists"