X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Ftemplates%2Fovnkube-master.yaml.j2;h=f6a0b2128800d89630c7051cb48857d0ad51f8a1;hb=fa1c3405246cfa807b6c2e917d90ab8a44222bdb;hp=b8bfc4f4defaa6e793b49345cdef427105f4cff5;hpb=98abc23e45881386e989954743d9daf6f732f967;p=iec.git diff --git a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2 b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2 index b8bfc4f..f6a0b21 100644 --- a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2 +++ b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-master.yaml.j2 @@ -1,7 +1,7 @@ # ovnkube-master # daemonset version 3 # starts master daemons, each in a separate container -# it is run on the master node(s) +# it is run on the master(s) kind: Deployment apiVersion: apps/v1 metadata: @@ -10,7 +10,7 @@ metadata: namespace: ovn-kubernetes annotations: kubernetes.io/description: | - This daemonset launches the ovn-kubernetes networking components. + This Deployment launches the ovn-kubernetes master networking components. spec: progressDeadlineSeconds: 600 replicas: 1 @@ -29,8 +29,7 @@ spec: name: ovnkube-master component: network type: infra - openshift.io/component: network - beta.kubernetes.io/os: "linux" + kubernetes.io/os: "linux" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: @@ -39,10 +38,34 @@ spec: serviceAccountName: ovn hostNetwork: true - containers: + # required to be scheduled on a linux node with node-role.kubernetes.io/master label and + # only one instance of ovnkube-master pod per node + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: node-role.kubernetes.io/master + operator: In + values: + - "" + - key: kubernetes.io/os + operator: In + values: + - "linux" + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - ovnkube-master + topologyKey: kubernetes.io/hostname - # run-ovn-northd - v3 - - name: run-ovn-northd + containers: + # ovn-northd - v3 + - name: ovn-northd image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}" imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}" @@ -53,6 +76,7 @@ spec: capabilities: add: ["SYS_NICE"] + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ @@ -60,8 +84,15 @@ spec: readOnly: true - mountPath: /var/log/openvswitch/ name: host-var-log-ovs + - mountPath: /var/log/ovn/ + name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true resources: requests: @@ -70,46 +101,28 @@ spec: env: - name: OVN_DAEMONSET_VERSION value: "3" - - name: OVN_LOG_NORTHD - value: "-vconsole:info" - - name: OVN_NET_CIDR - valueFrom: - configMapKeyRef: - name: ovn-config - key: net_cidr - - name: OVN_SVC_CIDR - valueFrom: - configMapKeyRef: - name: ovn-config - key: svc_cidr + - name: OVN_LOGLEVEL_NORTHD + value: "{{ ovn_loglevel_northd }}" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - - name: K8S_NODE - valueFrom: - fieldRef: - fieldPath: spec.nodeName - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - ports: - - name: healthz - containerPort: 10257 - # TODO: Temporarily disabled until we determine how to wait for clean default - # config - # livenessProbe: - # initialDelaySeconds: 10 - # httpGet: - # path: /healthz - # port: 10257 - # scheme: HTTP - lifecycle: + - name: OVN_SSL_ENABLE + value: "{{ ovn_ssl_en }}" + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-northd"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 # end of container - - name: run-nbctld + - name: nbctl-daemon image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}" imagePullPolicy: "{{ ovn_image_pull_policy | default('IfNotPresent') }}" @@ -118,12 +131,19 @@ spec: securityContext: runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/log/openvswitch/ name: host-var-log-ovs + - mountPath: /var/log/ovn/ + name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs - + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true resources: requests: cpu: 100m @@ -131,24 +151,23 @@ spec: env: - name: OVN_DAEMONSET_VERSION value: "3" + - name: OVN_LOGLEVEL_NBCTLD + value: "{{ ovn_loglevel_nbctld }}" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver + - name: OVN_SSL_ENABLE + value: "{{ ovn_ssl_en }}" - ports: - - name: healthz - containerPort: 10260 - # TODO: Temporarily disabled until we determine how to wait for clean default - # config - # livenessProbe: - # initialDelaySeconds: 10 - # httpGet: - # path: /healthz - # port: 10258 - # scheme: HTTP - lifecycle: + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-nbctld"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + # end of container - name: ovnkube-master image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}" @@ -159,6 +178,7 @@ spec: securityContext: runAsUser: 0 + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: # Run directories where we need to be able to access sockets - mountPath: /var/run/dbus/ @@ -168,6 +188,11 @@ spec: name: host-var-log-ovnkube - mountPath: /var/run/openvswitch/ name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true resources: requests: @@ -177,7 +202,7 @@ spec: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVNKUBE_LOGLEVEL - value: "4" + value: "{{ ovnkube_master_loglevel }}" - name: OVN_NET_CIDR valueFrom: configMapKeyRef: @@ -201,23 +226,14 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - ports: - - name: healthz - containerPort: 10254 - # TODO: Temporarily disabled until we determine how to wait for clean default - # config - # livenessProbe: - # initialDelaySeconds: 10 - # httpGet: - # path: /healthz - # port: 10254 - # scheme: HTTP - lifecycle: + - name: OVN_HYBRID_OVERLAY_ENABLE + value: "{{ ovn_hybrid_overlay_enable }}" + - name: OVN_HYBRID_OVERLAY_NET_CIDR + value: "{{ ovn_hybrid_overlay_net_cidr }}" + - name: OVN_SSL_ENABLE + value: "{{ ovn_ssl_en }}" # end of container - nodeSelector: - node-role.kubernetes.io/master: "" - beta.kubernetes.io/os: "linux" volumes: # TODO: Need to check why we need this? - name: host-var-run-dbus @@ -232,5 +248,9 @@ spec: - name: host-var-run-ovs hostPath: path: /var/run/openvswitch + - name: host-ovn-cert + hostPath: + path: /etc/ovn + type: DirectoryOrCreate tolerations: - operator: "Exists"