--- /dev/null
+# ovnkube-db HA using Corosync/Pacemaker
+# daemonset version 3
+# starts ovn NB/SB ovsdb daemons in a single container
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: ovnkube-db
+ # namespace set up by install
+ namespace: ovn-kubernetes
+ annotations:
+ kubernetes.io/description: |
+ This daemonset launches the OVN NB/SB DB server in a single container.
+spec:
+ progressDeadlineSeconds: 600
+ replicas: {{ ovn_db_replicas | default(3) }}
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ name: ovnkube-db
+ strategy:
+ rollingUpdate:
+ maxSurge: 25%
+ maxUnavailable: 25%
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ name: ovnkube-db
+ component: network
+ type: infra
+ openshift.io/component: network
+ beta.kubernetes.io/os: "linux"
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ spec:
+ # Requires fairly broad permissions - ability to read all services and network functions as well
+ # as all pods.
+ serviceAccountName: ovn
+ hostNetwork: true
+ # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can
+ # only have one instance per node
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: openvswitch.org/ovnkube-db
+ operator: In
+ values:
+ - "true"
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: name
+ operator: In
+ values:
+ - ovnkube-db
+ topologyKey: kubernetes.io/hostname
+
+ containers:
+ # ovsdb with corosync in one container - v3
+ - name: ovsdb
+ image: "{{ ovn_db_vip_image | default('docker.io/ovnkube/ovndb-vip-u:latest') }}"
+ imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
+ command: ["/root/ovndb-vip.sh", "run-ovndb"]
+
+ securityContext:
+ runAsUser: 0
+ capabilities:
+ add: ["NET_ADMIN"]
+
+ volumeMounts:
+ # ovn db is stored in the pod in /etc/openvswitch
+ # and on the host in /var/lib/openvswitch/
+ - mountPath: /etc/openvswitch/
+ name: host-var-lib-ovs
+ - mountPath: /var/log/openvswitch/
+ name: host-var-log-ovs
+ - mountPath: /etc/corosync
+ name: host-etc-corosync
+ - mountPath: /var/log/corosync
+ name: host-var-log-corosync
+ - mountPath: /dev/shm
+ name: dshm
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 1024Mi
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOG_NB
+ value: "-vconsole:info -vfile:info"
+ - name: K8S_APISERVER
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: k8s_apiserver
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: OVN_DB_VIP
+ value: "{{ ovn_db_vip }}"
+ ports:
+ - name: healthz
+ containerPort: 10256
+ # TODO: Temporarily disabled until we determine how to wait for clean default
+ # config
+ # livenessProbe:
+ # initialDelaySeconds: 10
+ # httpGet:
+ # path: /healthz
+ # port: 10256
+ # scheme: HTTP
+ lifecycle:
+ # end of container
+
+ volumes:
+ - name: host-var-lib-ovs
+ hostPath:
+ path: /var/lib/openvswitch
+ - name: host-var-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-var-log-corosync
+ hostPath:
+ path: /var/log/corosync
+ - name: host-etc-corosync
+ hostPath:
+ path: /etc/corosync
+ - name: dshm
+ emptyDir:
+ medium: Memory
+
+ tolerations:
+ - operator: "Exists"