+# service to expose the ovnkube-db pod
+apiVersion: v1
+kind: Service
+metadata:
+ name: ovnkube-db
+ namespace: ovn-kubernetes
+spec:
+ ports:
+ - name: north
+ port: 6641
+ protocol: TCP
+ targetPort: 6641
+ - name: south
+ port: 6642
+ protocol: TCP
+ targetPort: 6642
+ sessionAffinity: None
+ clusterIP: None
+ type: ClusterIP
+
+---
+
# ovnkube-db
# daemonset version 3
# starts ovn NB/SB ovsdb daemons, each in a separate container
-# it is running on master node for now, but does not need to be the case
+# it is running on master for now, but does not need to be the case
kind: Deployment
apiVersion: apps/v1
metadata:
name: ovnkube-db
component: network
type: infra
- openshift.io/component: network
- beta.kubernetes.io/os: "linux"
+ kubernetes.io/os: "linux"
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
capabilities:
add: ["NET_ADMIN"]
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
# ovn db is stored in the pod in /etc/openvswitch
+ # (or in /etc/ovn if OVN from new repository is used)
# and on the host in /var/lib/openvswitch/
- mountPath: /etc/openvswitch/
name: host-var-lib-ovs
+ - mountPath: /etc/ovn/
+ name: host-var-lib-ovs
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
+ - mountPath: /var/log/ovn/
+ name: host-var-log-ovs
+ # for the iptables wrapper
+ - mountPath: /host
+ name: host-slash
+ readOnly: true
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
- - name: OVN_LOG_NB
- value: "-vconsole:info -vfile:info"
+ - name: OVN_LOGLEVEL_NB
+ value: "{{ ovn_loglevel_nb }}"
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- ports:
- - name: healthz
- containerPort: 10256
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10256
- # scheme: HTTP
- lifecycle:
+ - name: K8S_NODE_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
# end of container
# sb-ovsdb - v3
capabilities:
add: ["NET_ADMIN"]
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
# ovn db is stored in the pod in /etc/openvswitch
+ # (or in /etc/ovn if OVN from new repository is used)
# and on the host in /var/lib/openvswitch/
- mountPath: /etc/openvswitch/
name: host-var-lib-ovs
+ - mountPath: /etc/ovn/
+ name: host-var-lib-ovs
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
+ - mountPath: /var/log/ovn/
+ name: host-var-log-ovs
+ # for the iptables wrapper
+ - mountPath: /host
+ name: host-slash
+ readOnly: true
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
- - name: OVN_LOG_SB
- value: "-vconsole:info -vfile:info"
+ - name: OVN_LOGLEVEL_SB
+ value: "{{ ovn_loglevel_sb }}"
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- ports:
- - name: healthz
- containerPort: 10255
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10255
- # scheme: HTTP
- lifecycle:
+ - name: K8S_NODE_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.hostIP
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+
# end of container
nodeSelector:
node-role.kubernetes.io/master: ""
- beta.kubernetes.io/os: "linux"
+ kubernetes.io/os: "linux"
volumes:
- name: host-var-lib-ovs
hostPath:
- name: host-var-log-ovs
hostPath:
path: /var/log/openvswitch
+ - name: host-slash
+ hostPath:
+ path: /
+ - name: host-ovn-cert
+ hostPath:
+ path: /etc/ovn
+ type: DirectoryOrCreate
tolerations:
- operator: "Exists"