# yamllint disable rule:hyphens rule:commas rule:indentation # ovnkube-master # daemonset version 3 # starts master daemons, each in a separate container # it is run on the master node(s) kind: Deployment apiVersion: apps/v1 metadata: name: ovnkube-master # namespace set up by install namespace: ovn-kubernetes annotations: kubernetes.io/description: | This daemonset launches the ovn-kubernetes networking components. spec: progressDeadlineSeconds: 600 replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: name: ovnkube-master strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: labels: name: ovnkube-master component: network type: infra openshift.io/component: network beta.kubernetes.io/os: "linux" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: # Requires fairly broad permissions - ability to read all services and network functions as well # as all pods. serviceAccountName: ovn hostNetwork: true containers: # run-ovn-northd - v3 - name: run-ovn-northd image: "iecedge/ovn-daemonset:latest" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "run-ovn-northd"] securityContext: runAsUser: 0 capabilities: add: ["SYS_NICE"] volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /var/log/openvswitch/ name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVN_LOG_NORTHD value: "-vconsole:info" - name: OVN_NET_CIDR valueFrom: configMapKeyRef: name: ovn-config key: net_cidr - name: OVN_SVC_CIDR valueFrom: configMapKeyRef: name: ovn-config key: svc_cidr - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - name: K8S_NODE valueFrom: fieldRef: fieldPath: spec.nodeName - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: healthz containerPort: 10257 # TODO: Temporarily disabled until we determine how to wait for clean default # config # livenessProbe: # initialDelaySeconds: 10 # httpGet: # path: /healthz # port: 10257 # scheme: HTTP lifecycle: # end of container - name: run-nbctld image: "iecedge/ovn-daemonset:latest" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "run-nbctld"] securityContext: runAsUser: 0 volumeMounts: - mountPath: /var/log/openvswitch/ name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver ports: - name: healthz containerPort: 10260 # TODO: Temporarily disabled until we determine how to wait for clean default # config # livenessProbe: # initialDelaySeconds: 10 # httpGet: # path: /healthz # port: 10258 # scheme: HTTP lifecycle: - name: ovnkube-master image: "iecedge/ovn-daemonset:latest" imagePullPolicy: "IfNotPresent" command: ["/root/ovnkube.sh", "ovn-master"] securityContext: runAsUser: 0 volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /var/log/ovn-kubernetes/ name: host-var-log-ovnkube - mountPath: /var/run/openvswitch/ name: host-var-run-ovs resources: requests: cpu: 100m memory: 300Mi env: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVNKUBE_LOGLEVEL value: "4" - name: OVN_NET_CIDR valueFrom: configMapKeyRef: name: ovn-config key: net_cidr - name: OVN_SVC_CIDR valueFrom: configMapKeyRef: name: ovn-config key: svc_cidr - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - name: K8S_NODE valueFrom: fieldRef: fieldPath: spec.nodeName - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace ports: - name: healthz containerPort: 10254 # TODO: Temporarily disabled until we determine how to wait for clean default # config # livenessProbe: # initialDelaySeconds: 10 # httpGet: # path: /healthz # port: 10254 # scheme: HTTP lifecycle: # end of container nodeSelector: node-role.kubernetes.io/master: "" beta.kubernetes.io/os: "linux" volumes: # TODO: Need to check why we need this? - name: host-var-run-dbus hostPath: path: /var/run/dbus - name: host-var-log-ovs hostPath: path: /var/log/openvswitch - name: host-var-log-ovnkube hostPath: path: /var/log/ovn-kubernetes - name: host-var-run-ovs hostPath: path: /var/run/openvswitch tolerations: - operator: "Exists"