X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Fyaml%2Fovnkube-db-raft.yaml;fp=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Fyaml%2Fovnkube-db-raft.yaml;h=e42f4d720c0d48af9940d73f82de0da06c754496;hb=fa1c3405246cfa807b6c2e917d90ab8a44222bdb;hp=0000000000000000000000000000000000000000;hpb=bba2e4db70d9f5b39845e991020db05de4d03b62;p=iec.git diff --git a/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-raft.yaml b/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-raft.yaml new file mode 100644 index 0000000..e42f4d7 --- /dev/null +++ b/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-db-raft.yaml @@ -0,0 +1,298 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +# service to expose the ovnkube-db pod +apiVersion: v1 +kind: Service +metadata: + name: ovnkube-db + namespace: ovn-kubernetes +spec: + ports: + - name: north + port: 6641 + protocol: TCP + targetPort: 6641 + - name: south + port: 6642 + protocol: TCP + targetPort: 6642 + sessionAffinity: None + clusterIP: None + type: ClusterIP + +--- + +# ovndb-raft PodDisruptBudget to prevent majority of ovnkube raft cluster +# nodes from disruption +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: ovndb-raft-pdb + namespace: ovn-kubernetes +spec: + minAvailable: 2 + selector: + matchLabels: + name: ovnkube-db + +--- + +# ovnkube-db raft statefulset +# daemonset version 3 +# starts ovn NB/SB ovsdb daemons, each in a separate container +# +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: ovnkube-db + namespace: ovn-kubernetes + annotations: + kubernetes.io/description: | + This statefulset launches the OVN Northbound/Southbound Database raft clusters. +spec: + serviceName: ovnkube-db + podManagementPolicy: "Parallel" + replicas: 3 + revisionHistoryLimit: 10 + selector: + matchLabels: + name: ovnkube-db + template: + metadata: + labels: + name: ovnkube-db + component: network + type: infra + kubernetes.io/os: "linux" + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + terminationGracePeriodSeconds: 30 + imagePullSecrets: + - name: registry-credentials + serviceAccountName: ovn + hostNetwork: true + + # required to be scheduled on node with k8s.ovn.org/ovnkube-db=true label but can + # only have one instance per node + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: k8s.ovn.org/ovnkube-db + operator: In + values: + - "true" + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: name + operator: In + values: + - ovnkube-db + topologyKey: kubernetes.io/hostname + + containers: + # nb-ovsdb - v3 + - name: nb-ovsdb + image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" + imagePullPolicy: "IfNotPresent" + command: ["/root/ovnkube.sh", "nb-ovsdb-raft"] + + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnnb-db-raft"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + + securityContext: + runAsUser: 0 + capabilities: + add: ["NET_ADMIN"] + + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + # ovn db is stored in the pod in /etc/openvswitch + # (or in /etc/ovn if OVN from new repository is used) + # and on the host in /var/lib/openvswitch/ + - mountPath: /etc/openvswitch/ + name: host-var-lib-ovs + - mountPath: /etc/ovn/ + name: host-var-lib-ovs + - mountPath: /var/log/openvswitch/ + name: host-var-log-ovs + - mountPath: /var/log/ovn/ + name: host-var-log-ovs + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: OVN_LOGLEVEL_NB + value: "-vconsole:info -vfile:info" + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: K8S_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVN_SSL_ENABLE + value: "no" + # end of container + + # sb-ovsdb - v3 + - name: sb-ovsdb + image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" + imagePullPolicy: "IfNotPresent" + command: ["/root/ovnkube.sh", "sb-ovsdb-raft"] + + readinessProbe: + exec: + command: ["/usr/bin/ovn-kube-util", "readiness-probe", "-t", "ovnsb-db-raft"] + initialDelaySeconds: 30 + timeoutSeconds: 30 + periodSeconds: 60 + + securityContext: + runAsUser: 0 + capabilities: + add: ["NET_ADMIN"] + + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + # ovn db is stored in the pod in /etc/openvswitch + # (or in /etc/ovn if OVN from new repository is used) + # and on the host in /var/lib/openvswitch/ + - mountPath: /etc/openvswitch/ + name: host-var-lib-ovs + - mountPath: /etc/ovn/ + name: host-var-lib-ovs + - mountPath: /var/log/openvswitch/ + name: host-var-log-ovs + - mountPath: /var/log/ovn/ + name: host-var-log-ovs + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: OVN_LOGLEVEL_SB + value: "-vconsole:info -vfile:info" + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: K8S_NODE_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: OVN_SSL_ENABLE + value: "no" + # end of container + + # db-metrics-exporter - v3 + - name: db-metrics-exporter + image: "iecedge/ovn-daemonset-ubuntu:2020-04-16" + imagePullPolicy: "IfNotPresent" + command: ["/root/ovnkube.sh", "db-raft-metrics"] + + securityContext: + runAsUser: 0 + capabilities: + add: ["NET_ADMIN"] + + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + # ovn db is stored in the pod in /etc/openvswitch + # (or in /etc/ovn if OVN from new repository is used) + # and on the host in /var/lib/openvswitch/ + - mountPath: /etc/openvswitch/ + name: host-var-lib-ovs + - mountPath: /etc/ovn/ + name: host-var-lib-ovs + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + - mountPath: /var/run/ovn/ + name: host-var-run-ovs + - mountPath: /ovn-cert + name: host-ovn-cert + readOnly: true + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OVN_SSL_ENABLE + value: "no" + # end of container + + volumes: + - name: host-var-log-ovs + hostPath: + path: /var/log/openvswitch + - name: host-var-lib-ovs + hostPath: + path: /var/lib/openvswitch + - name: host-var-run-ovs + hostPath: + path: /var/run/openvswitch + - name: host-ovn-cert + hostPath: + path: /etc/ovn + type: DirectoryOrCreate + tolerations: + - operator: "Exists"