# ovnkube-master
# daemonset version 3
# starts master daemons, each in a separate container
-# it is run on the master node(s)
+# it is run on the master(s)
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: ovn-kubernetes
annotations:
kubernetes.io/description: |
- This daemonset launches the ovn-kubernetes networking components.
+ This Deployment launches the ovn-kubernetes master networking components.
spec:
progressDeadlineSeconds: 600
replicas: 1
name: ovnkube-master
component: network
type: infra
- openshift.io/component: network
- beta.kubernetes.io/os: "linux"
+ kubernetes.io/os: "linux"
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
serviceAccountName: ovn
hostNetwork: true
- containers:
+ # required to be scheduled on a linux node with node-role.kubernetes.io/master label and
+ # only one instance of ovnkube-master pod per node
+ affinity:
+ nodeAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nodeSelectorTerms:
+ - matchExpressions:
+ - key: node-role.kubernetes.io/master
+ operator: In
+ values:
+ - ""
+ - key: kubernetes.io/os
+ operator: In
+ values:
+ - "linux"
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchExpressions:
+ - key: name
+ operator: In
+ values:
+ - ovnkube-master
+ topologyKey: kubernetes.io/hostname
- # run-ovn-northd - v3
- - name: run-ovn-northd
+ containers:
+ # ovn-northd - v3
+ - name: ovn-northd
image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
capabilities:
add: ["SYS_NICE"]
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
# Run directories where we need to be able to access sockets
- mountPath: /var/run/dbus/
readOnly: true
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
+ - mountPath: /var/log/ovn/
+ name: host-var-log-ovs
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
+ - mountPath: /var/run/ovn/
+ name: host-var-run-ovs
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
- - name: OVN_LOG_NORTHD
- value: "-vconsole:info"
- - name: OVN_NET_CIDR
- valueFrom:
- configMapKeyRef:
- name: ovn-config
- key: net_cidr
- - name: OVN_SVC_CIDR
- valueFrom:
- configMapKeyRef:
- name: ovn-config
- key: svc_cidr
+ - name: OVN_LOGLEVEL_NORTHD
+ value: "{{ ovn_loglevel_northd }}"
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
- - name: K8S_NODE
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- ports:
- - name: healthz
- containerPort: 10257
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10257
- # scheme: HTTP
- lifecycle:
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
# end of container
- - name: run-nbctld
+ - name: nbctl-daemon
image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}"
securityContext:
runAsUser: 0
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
- mountPath: /var/log/openvswitch/
name: host-var-log-ovs
+ - mountPath: /var/log/ovn/
+ name: host-var-log-ovs
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
-
+ - mountPath: /var/run/ovn/
+ name: host-var-run-ovs
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
cpu: 100m
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
+ - name: OVN_LOGLEVEL_NBCTLD
+ value: "{{ ovn_loglevel_nbctld }}"
- name: K8S_APISERVER
valueFrom:
configMapKeyRef:
name: ovn-config
key: k8s_apiserver
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
- ports:
- - name: healthz
- containerPort: 10260
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10258
- # scheme: HTTP
- lifecycle:
+ readinessProbe:
+ exec:
+ command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"]
+ initialDelaySeconds: 30
+ timeoutSeconds: 30
+ periodSeconds: 60
+ # end of container
- name: ovnkube-master
image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"
securityContext:
runAsUser: 0
+ terminationMessagePolicy: FallbackToLogsOnError
volumeMounts:
# Run directories where we need to be able to access sockets
- mountPath: /var/run/dbus/
name: host-var-log-ovnkube
- mountPath: /var/run/openvswitch/
name: host-var-run-ovs
+ - mountPath: /var/run/ovn/
+ name: host-var-run-ovs
+ - mountPath: /ovn-cert
+ name: host-ovn-cert
+ readOnly: true
resources:
requests:
- name: OVN_DAEMONSET_VERSION
value: "3"
- name: OVNKUBE_LOGLEVEL
- value: "4"
+ value: "{{ ovnkube_master_loglevel }}"
- name: OVN_NET_CIDR
valueFrom:
configMapKeyRef:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- ports:
- - name: healthz
- containerPort: 10254
- # TODO: Temporarily disabled until we determine how to wait for clean default
- # config
- # livenessProbe:
- # initialDelaySeconds: 10
- # httpGet:
- # path: /healthz
- # port: 10254
- # scheme: HTTP
- lifecycle:
+ - name: OVN_HYBRID_OVERLAY_ENABLE
+ value: "{{ ovn_hybrid_overlay_enable }}"
+ - name: OVN_HYBRID_OVERLAY_NET_CIDR
+ value: "{{ ovn_hybrid_overlay_net_cidr }}"
+ - name: OVN_SSL_ENABLE
+ value: "{{ ovn_ssl_en }}"
# end of container
- nodeSelector:
- node-role.kubernetes.io/master: ""
- beta.kubernetes.io/os: "linux"
volumes:
# TODO: Need to check why we need this?
- name: host-var-run-dbus
- name: host-var-run-ovs
hostPath:
path: /var/run/openvswitch
+ - name: host-ovn-cert
+ hostPath:
+ path: /etc/ovn
+ type: DirectoryOrCreate
tolerations:
- operator: "Exists"
Code Review / iec.git / blobdiff