Code Review
/
iec.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
Merge "this change mainly updating project code"
[iec.git]
/
src
/
foundation
/
scripts
/
cni
/
ovn-kubernetes
/
templates
/
ovnkube-node.yaml.j2
diff --git
a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2
b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2
index
8e7b181
..
713e426
100644
(file)
--- a/
src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2
+++ b/
src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2
@@
-11,7
+11,7
@@
metadata:
namespace: ovn-kubernetes
annotations:
kubernetes.io/description: |
namespace: ovn-kubernetes
annotations:
kubernetes.io/description: |
- This
daemonset launches the ovn-kubernetes networking component
s.
+ This
DaemonSet launches the ovn-kubernetes networking components for worker node
s.
spec:
selector:
matchLabels:
spec:
selector:
matchLabels:
@@
-22,10
+22,10
@@
spec:
metadata:
labels:
app: ovnkube-node
metadata:
labels:
app: ovnkube-node
+ name: ovnkube-node
component: network
type: infra
component: network
type: infra
- openshift.io/component: network
- beta.kubernetes.io/os: "linux"
+ kubernetes.io/os: "linux"
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
@@
-48,14
+48,22
@@
spec:
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
- initialDelaySeconds: 15
- periodSeconds: 5
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovs-daemons"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
securityContext:
runAsUser: 0
# Permission could be reduced by selecting an appropriate SELinux policy
privileged: true
securityContext:
runAsUser: 0
# Permission could be reduced by selecting an appropriate SELinux policy
privileged: true
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /lib/modules
name: host-modules
volumeMounts:
- mountPath: /lib/modules
name: host-modules
@@
-100,14
+108,22
@@
spec:
capabilities:
add: ["SYS_NICE"]
capabilities:
add: ["SYS_NICE"]
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/run/dbus/
name: host-var-run-dbus
readOnly: true
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
volumeMounts:
- mountPath: /var/run/dbus/
name: host-var-run-dbus
readOnly: true
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
+ - mountPath: /var/log/ovn/
+ name: host-var-log-ovs
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
+ - mountPath: /var/run/ovn/
+ name: host-var-run-ovs
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
resources:
requests:
@@
-116,44
+132,26
@@
spec:
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
- - name: OVNKUBE_LOGLEVEL
- value: "4"
- - name: OVN_NET_CIDR
- valueFrom:
- configMapKeyRef:
- name: ovn-config
- key: net_cidr
- - name: OVN_SVC_CIDR
- valueFrom:
- configMapKeyRef:
- name: ovn-config
- key: svc_cidr
+ - name: OVN_LOG_CONTROLLER
+ value: "{{ ovn_loglevel_controller }}"
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
- - name: K8S_NODE
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
- ports:
- - name: healthz
- containerPort: 10258
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10258
- # scheme: HTTP
- lifecycle:
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-controller"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
- name: ovnkube-node
image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
- name: ovnkube-node
image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
@@
-165,8
+163,16
@@
spec:
runAsUser: 0
capabilities:
add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
runAsUser: 0
capabilities:
add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
+ {% if kind is defined and kind -%}
+ privileged: true
+ {% endif %}
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
volumeMounts:
+ # for the iptables wrapper
+ - mountPath: /host
+ name: host-slash
+ readOnly: true
- mountPath: /var/run/dbus/
name: host-var-run-dbus
readOnly: true
- mountPath: /var/run/dbus/
name: host-var-run-dbus
readOnly: true
@@
-174,6
+180,8
@@
spec:
name: host-var-log-ovnkube
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
name: host-var-log-ovnkube
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
+ - mountPath: /var/run/ovn/
+ name: host-var-run-ovs
# We mount our socket here
- mountPath: /var/run/ovn-kubernetes
name: host-var-run-ovn-kubernetes
# We mount our socket here
- mountPath: /var/run/ovn-kubernetes
name: host-var-run-ovn-kubernetes
@@
-182,6
+190,14
@@
spec:
name: host-opt-cni-bin
- mountPath: /etc/cni/net.d
name: host-etc-cni-netd
name: host-opt-cni-bin
- mountPath: /etc/cni/net.d
name: host-etc-cni-netd
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
+ {% if kind is defined and kind -%}
+ - mountPath: /var/run/netns
+ name: host-netns
+ mountPropagation: Bidirectional
+ {% endif %}
resources:
requests:
resources:
requests:
@@
-191,7
+207,7
@@
spec:
- name: OVN_DAEMONSET_VERSION
value: "3"
- name: OVNKUBE_LOGLEVEL
- name: OVN_DAEMONSET_VERSION
value: "3"
- name: OVNKUBE_LOGLEVEL
- value: "
5
"
+ value: "
{{ ovnkube_node_loglevel }}
"
- name: OVN_NET_CIDR
valueFrom:
configMapKeyRef:
- name: OVN_NET_CIDR
valueFrom:
configMapKeyRef:
@@
-207,6
+223,11
@@
spec:
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
+ - name: OVN_MTU
+ valueFrom:
+ configMapKeyRef:
+ name: ovn-config
+ key: mtu
- name: K8S_NODE
valueFrom:
fieldRef:
- name: K8S_NODE
valueFrom:
fieldRef:
@@
-215,25
+236,26
@@
spec:
value: "{{ ovn_gateway_mode }}"
- name: OVN_GATEWAY_OPTS
value: "{{ ovn_gateway_opts }}"
value: "{{ ovn_gateway_mode }}"
- name: OVN_GATEWAY_OPTS
value: "{{ ovn_gateway_opts }}"
+ - name: OVN_HYBRID_OVERLAY_ENABLE
+ value: "{{ ovn_hybrid_overlay_enable }}"
+ - name: OVN_HYBRID_OVERLAY_NET_CIDR
+ value: "{{ ovn_hybrid_overlay_net_cidr }}"
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
- ports:
- - name: healthz
- containerPort: 10259
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10259
- # scheme: HTTP
lifecycle:
preStop:
exec:
command: ["/root/ovnkube.sh", "cleanup-ovn-node"]
lifecycle:
preStop:
exec:
command: ["/root/ovnkube.sh", "cleanup-ovn-node"]
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnkube-node"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
nodeSelector:
nodeSelector:
-
beta.
kubernetes.io/os: "linux"
+ kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
volumes:
- name: host-modules
hostPath:
@@
-266,8
+288,21
@@
spec:
- name: host-etc-cni-netd
hostPath:
path: /etc/cni/net.d
- name: host-etc-cni-netd
hostPath:
path: /etc/cni/net.d
+ - name: host-ovn-cert
+ hostPath:
+ path: /etc/ovn
+ type: DirectoryOrCreate
+ - name: host-slash
+ hostPath:
+ path: /
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
+ {% if kind is defined and kind -%}
+ - name: host-netns
+ hostPath:
+ path: /var/run/netns
+ {% endif %}
+
tolerations:
- operator: "Exists"
tolerations:
- operator: "Exists"