X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Ftemplates%2Fovnkube-node.yaml.j2;h=713e426df6c8c090c4e17b17dea327bc32be42b5;hb=fa1c3405246cfa807b6c2e917d90ab8a44222bdb;hp=8e7b18149015a41a69ca1b934321b2ce65f5f1c0;hpb=bba2e4db70d9f5b39845e991020db05de4d03b62;p=iec.git diff --git a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2 b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2 index 8e7b181..713e426 100644 --- a/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2 +++ b/src/foundation/scripts/cni/ovn-kubernetes/templates/ovnkube-node.yaml.j2 @@ -11,7 +11,7 @@ metadata: namespace: ovn-kubernetes annotations: kubernetes.io/description: | - This daemonset launches the ovn-kubernetes networking components. + This DaemonSet launches the ovn-kubernetes networking components for worker nodes. spec: selector: matchLabels: @@ -22,10 +22,10 @@ spec: metadata: labels: app: ovnkube-node + name: ovnkube-node component: network type: infra - openshift.io/component: network - beta.kubernetes.io/os: "linux" + kubernetes.io/os: "linux" annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: @@ -48,14 +48,22 @@ spec: command: - /usr/share/openvswitch/scripts/ovs-ctl - status - initialDelaySeconds: 15 - periodSeconds: 5 + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovs-daemons"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 securityContext: runAsUser: 0 # Permission could be reduced by selecting an appropriate SELinux policy privileged: true + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /lib/modules name: host-modules @@ -100,14 +108,22 @@ spec: capabilities: add: ["SYS_NICE"] + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /var/log/openvswitch/ name: host-var-log-ovs + - mountPath: /var/log/ovn/ + name: host-var-log-ovs - mountPath: /var/run/openvswitch/ name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true resources: requests: @@ -116,44 +132,26 @@ spec: env: - name: OVN_DAEMONSET_VERSION value: "3" - - name: OVNKUBE_LOGLEVEL - value: "4" - - name: OVN_NET_CIDR - valueFrom: - configMapKeyRef: - name: ovn-config - key: net_cidr - - name: OVN_SVC_CIDR - valueFrom: - configMapKeyRef: - name: ovn-config - key: svc_cidr + - name: OVN_LOG_CONTROLLER + value: "{{ ovn_loglevel_controller }}" - name: K8S_APISERVER valueFrom: configMapKeyRef: name: ovn-config key: k8s_apiserver - - name: K8S_NODE - valueFrom: - fieldRef: - fieldPath: spec.nodeName - name: OVN_KUBERNETES_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: OVN_SSL_ENABLE + value: "{{ ovn_ssl_en }}" - ports: - - name: healthz - containerPort: 10258 - # TODO: Temporarily disabled until we determine how to wait for clean default - # config - # livenessProbe: - # initialDelaySeconds: 10 - # httpGet: - # path: /healthz - # port: 10258 - # scheme: HTTP - lifecycle: + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovn-controller"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 - name: ovnkube-node image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}" @@ -165,8 +163,16 @@ spec: runAsUser: 0 capabilities: add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"] + {% if kind is defined and kind -%} + privileged: true + {% endif %} + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: + # for the iptables wrapper + - mountPath: /host + name: host-slash + readOnly: true - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true @@ -174,6 +180,8 @@ spec: name: host-var-log-ovnkube - mountPath: /var/run/openvswitch/ name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs # We mount our socket here - mountPath: /var/run/ovn-kubernetes name: host-var-run-ovn-kubernetes @@ -182,6 +190,14 @@ spec: name: host-opt-cni-bin - mountPath: /etc/cni/net.d name: host-etc-cni-netd + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true + {% if kind is defined and kind -%} + - mountPath: /var/run/netns + name: host-netns + mountPropagation: Bidirectional + {% endif %} resources: requests: @@ -191,7 +207,7 @@ spec: - name: OVN_DAEMONSET_VERSION value: "3" - name: OVNKUBE_LOGLEVEL - value: "5" + value: "{{ ovnkube_node_loglevel }}" - name: OVN_NET_CIDR valueFrom: configMapKeyRef: @@ -207,6 +223,11 @@ spec: configMapKeyRef: name: ovn-config key: k8s_apiserver + - name: OVN_MTU + valueFrom: + configMapKeyRef: + name: ovn-config + key: mtu - name: K8S_NODE valueFrom: fieldRef: @@ -215,25 +236,26 @@ spec: value: "{{ ovn_gateway_mode }}" - name: OVN_GATEWAY_OPTS value: "{{ ovn_gateway_opts }}" + - name: OVN_HYBRID_OVERLAY_ENABLE + value: "{{ ovn_hybrid_overlay_enable }}" + - name: OVN_HYBRID_OVERLAY_NET_CIDR + value: "{{ ovn_hybrid_overlay_net_cidr }}" + - name: OVN_SSL_ENABLE + value: "{{ ovn_ssl_en }}" - ports: - - name: healthz - containerPort: 10259 - # TODO: Temporarily disabled until we determine how to wait for clean default - # config - # livenessProbe: - # initialDelaySeconds: 10 - # httpGet: - # path: /healthz - # port: 10259 - # scheme: HTTP lifecycle: preStop: exec: command: ["/root/ovnkube.sh", "cleanup-ovn-node"] + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnkube-node"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 nodeSelector: - beta.kubernetes.io/os: "linux" + kubernetes.io/os: "linux" volumes: - name: host-modules hostPath: @@ -266,8 +288,21 @@ spec: - name: host-etc-cni-netd hostPath: path: /etc/cni/net.d + - name: host-ovn-cert + hostPath: + path: /etc/ovn + type: DirectoryOrCreate + - name: host-slash + hostPath: + path: / - name: host-config-openvswitch hostPath: path: /etc/origin/openvswitch + {% if kind is defined and kind -%} + - name: host-netns + hostPath: + path: /var/run/netns + {% endif %} + tolerations: - operator: "Exists"