X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Ftemplates%2Fovnkube-db-vip.yaml.j2;fp=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Ftemplates%2Fovnkube-db-vip.yaml.j2;h=bea4a9a07fd4cb470fe99f3835a0f025df654006;hb=a4546182269b01038a1e672cb16b081930bd11bb;hp=0000000000000000000000000000000000000000;hpb=59b4dc71733209d00625e0ed2f342417fd09d998;p=iec.git diff --git a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db-vip.yaml.j2 b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db-vip.yaml.j2 new file mode 100644 index 0000000..bea4a9a --- /dev/null +++ b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-db-vip.yaml.j2 @@ -0,0 +1,139 @@ +# ovnkube-db HA using Corosync/Pacemaker +# daemonset version 3 +# starts ovn NB/SB ovsdb daemons in a single container +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ovnkube-db + # namespace set up by install + namespace: ovn-kubernetes + annotations: + kubernetes.io/description: | + This daemonset launches the OVN NB/SB DB server in a single container. +spec: + progressDeadlineSeconds: 600 + replicas: {{ ovn_db_replicas | default(3) }} + revisionHistoryLimit: 10 + selector: + matchLabels: + name: ovnkube-db + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + name: ovnkube-db + component: network + type: infra + openshift.io/component: network + beta.kubernetes.io/os: "linux" + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + # Requires fairly broad permissions - ability to read all services and network functions as well + # as all pods. + serviceAccountName: ovn + hostNetwork: true + # required to be scheduled on node with openvswitch.org/ovnkube-db=true label but can + # only have one instance per node + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: openvswitch.org/ovnkube-db + operator: In + values: + - "true" + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - ovnkube-db + topologyKey: kubernetes.io/hostname + + containers: + # ovsdb with corosync in one container - v3 + - name: ovsdb + image: "{{ ovn_db_vip_image | default('docker.io/ovnkube/ovndb-vip-u:latest') }}" + imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}" + command: ["/root/ovndb-vip.sh", "run-ovndb"] + + securityContext: + runAsUser: 0 + capabilities: + add: ["NET_ADMIN"] + + volumeMounts: + # ovn db is stored in the pod in /etc/openvswitch + # and on the host in /var/lib/openvswitch/ + - mountPath: /etc/openvswitch/ + name: host-var-lib-ovs + - mountPath: /var/log/openvswitch/ + name: host-var-log-ovs + - mountPath: /etc/corosync + name: host-etc-corosync + - mountPath: /var/log/corosync + name: host-var-log-corosync + - mountPath: /dev/shm + name: dshm + + resources: + requests: + cpu: 100m + memory: 1024Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: OVN_LOG_NB + value: "-vconsole:info -vfile:info" + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OVN_DB_VIP + value: "{{ ovn_db_vip }}" + ports: + - name: healthz + containerPort: 10256 + # TODO: Temporarily disabled until we determine how to wait for clean default + # config + # livenessProbe: + # initialDelaySeconds: 10 + # httpGet: + # path: /healthz + # port: 10256 + # scheme: HTTP + lifecycle: + # end of container + + volumes: + - name: host-var-lib-ovs + hostPath: + path: /var/lib/openvswitch + - name: host-var-log-ovs + hostPath: + path: /var/log/openvswitch + - name: host-var-log-corosync + hostPath: + path: /var/log/corosync + - name: host-etc-corosync + hostPath: + path: /etc/corosync + - name: dshm + emptyDir: + medium: Memory + + tolerations: + - operator: "Exists"