--- /dev/null
+# yamllint disable rule:hyphens rule:commas rule:indentation
+# ovnkube-master
+# daemonset version 3
+# starts master daemons, each in a separate container
+# it is run on the master node(s)
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: ovnkube-master
+ # namespace set up by install
+ namespace: ovn-kubernetes
+ annotations:
+ kubernetes.io/description: |
+ This daemonset launches the ovn-kubernetes networking components.
+spec:
+ progressDeadlineSeconds: 600
+ replicas: 1
+ revisionHistoryLimit: 10
+ selector:
+ matchLabels:
+ name: ovnkube-master
+ strategy:
+ rollingUpdate:
+ maxSurge: 25%
+ maxUnavailable: 25%
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ name: ovnkube-master
+ component: network
+ type: infra
+ openshift.io/component: network
+ beta.kubernetes.io/os: "linux"
+ annotations:
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ spec:
+ # Requires fairly broad permissions - ability to read all services and network functions as well
+ # as all pods.
+ serviceAccountName: ovn
+ hostNetwork: true
+
+ containers:
+
+ # run-ovn-northd - v3
+ - name: run-ovn-northd
+ image: "iecedge/ovn-daemonset:latest"
+ imagePullPolicy: "IfNotPresent"
+
+ command: ["/root/ovnkube.sh", "run-ovn-northd"]
+
+ securityContext:
+ runAsUser: 0
+ capabilities:
+ add: ["SYS_NICE"]
+
+ volumeMounts:
+ # Run directories where we need to be able to access sockets
+ - mountPath: /var/run/dbus/
+ name: host-var-run-dbus
+ readOnly: true
+ - mountPath: /var/log/openvswitch/
+ name: host-var-log-ovs
+ - mountPath: /var/run/openvswitch/
+ name: host-var-run-ovs
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVN_LOG_NORTHD
+ value: "-vconsole:info"
+ - name: OVN_NET_CIDR
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: net_cidr
+ - name: OVN_SVC_CIDR
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: svc_cidr
+ - name: K8S_APISERVER
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: k8s_apiserver
+ - name: K8S_NODE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ ports:
+ - name: healthz
+ containerPort: 10257
+ # TODO: Temporarily disabled until we determine how to wait for clean default
+ # config
+ # livenessProbe:
+ # initialDelaySeconds: 10
+ # httpGet:
+ # path: /healthz
+ # port: 10257
+ # scheme: HTTP
+ lifecycle:
+ # end of container
+
+ - name: run-nbctld
+ image: "iecedge/ovn-daemonset:latest"
+ imagePullPolicy: "IfNotPresent"
+
+ command: ["/root/ovnkube.sh", "run-nbctld"]
+
+ securityContext:
+ runAsUser: 0
+
+ volumeMounts:
+ - mountPath: /var/log/openvswitch/
+ name: host-var-log-ovs
+ - mountPath: /var/run/openvswitch/
+ name: host-var-run-ovs
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: K8S_APISERVER
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: k8s_apiserver
+
+ ports:
+ - name: healthz
+ containerPort: 10260
+ # TODO: Temporarily disabled until we determine how to wait for clean default
+ # config
+ # livenessProbe:
+ # initialDelaySeconds: 10
+ # httpGet:
+ # path: /healthz
+ # port: 10258
+ # scheme: HTTP
+ lifecycle:
+
+ - name: ovnkube-master
+ image: "iecedge/ovn-daemonset:latest"
+ imagePullPolicy: "IfNotPresent"
+
+ command: ["/root/ovnkube.sh", "ovn-master"]
+
+ securityContext:
+ runAsUser: 0
+
+ volumeMounts:
+ # Run directories where we need to be able to access sockets
+ - mountPath: /var/run/dbus/
+ name: host-var-run-dbus
+ readOnly: true
+ - mountPath: /var/log/ovn-kubernetes/
+ name: host-var-log-ovnkube
+ - mountPath: /var/run/openvswitch/
+ name: host-var-run-ovs
+
+ resources:
+ requests:
+ cpu: 100m
+ memory: 300Mi
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
+ - name: OVNKUBE_LOGLEVEL
+ value: "4"
+ - name: OVN_NET_CIDR
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: net_cidr
+ - name: OVN_SVC_CIDR
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: svc_cidr
+ - name: K8S_APISERVER
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: k8s_apiserver
+ - name: K8S_NODE
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: OVN_KUBERNETES_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ ports:
+ - name: healthz
+ containerPort: 10254
+ # TODO: Temporarily disabled until we determine how to wait for clean default
+ # config
+ # livenessProbe:
+ # initialDelaySeconds: 10
+ # httpGet:
+ # path: /healthz
+ # port: 10254
+ # scheme: HTTP
+ lifecycle:
+ # end of container
+
+ nodeSelector:
+ node-role.kubernetes.io/master: ""
+ beta.kubernetes.io/os: "linux"
+ volumes:
+ # TODO: Need to check why we need this?
+ - name: host-var-run-dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: host-var-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-var-log-ovnkube
+ hostPath:
+ path: /var/log/ovn-kubernetes
+ - name: host-var-run-ovs
+ hostPath:
+ path: /var/run/openvswitch
+ tolerations:
+ - operator: "Exists"