X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Fyaml%2Fovnkube-master.yaml;fp=src%2Ffoundation%2Fscripts%2Fcni%2Fovn-kubernetes%2Fyaml%2Fovnkube-master.yaml;h=de271b5c13c5139fec1ab6194cb55bf7d42a6508;hb=a4546182269b01038a1e672cb16b081930bd11bb;hp=0000000000000000000000000000000000000000;hpb=59b4dc71733209d00625e0ed2f342417fd09d998;p=iec.git diff --git a/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-master.yaml b/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-master.yaml new file mode 100644 index 0000000..de271b5 --- /dev/null +++ b/src/foundation/scripts/cni/ovn-kubernetes/yaml/ovnkube-master.yaml @@ -0,0 +1,237 @@ +# yamllint disable rule:hyphens rule:commas rule:indentation +# ovnkube-master +# daemonset version 3 +# starts master daemons, each in a separate container +# it is run on the master node(s) +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ovnkube-master + # namespace set up by install + namespace: ovn-kubernetes + annotations: + kubernetes.io/description: | + This daemonset launches the ovn-kubernetes networking components. +spec: + progressDeadlineSeconds: 600 + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + name: ovnkube-master + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + template: + metadata: + labels: + name: ovnkube-master + component: network + type: infra + openshift.io/component: network + beta.kubernetes.io/os: "linux" + annotations: + scheduler.alpha.kubernetes.io/critical-pod: '' + spec: + # Requires fairly broad permissions - ability to read all services and network functions as well + # as all pods. + serviceAccountName: ovn + hostNetwork: true + + containers: + + # run-ovn-northd - v3 + - name: run-ovn-northd + image: "iecedge/ovn-daemonset:latest" + imagePullPolicy: "IfNotPresent" + + command: ["/root/ovnkube.sh", "run-ovn-northd"] + + securityContext: + runAsUser: 0 + capabilities: + add: ["SYS_NICE"] + + volumeMounts: + # Run directories where we need to be able to access sockets + - mountPath: /var/run/dbus/ + name: host-var-run-dbus + readOnly: true + - mountPath: /var/log/openvswitch/ + name: host-var-log-ovs + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: OVN_LOG_NORTHD + value: "-vconsole:info" + - name: OVN_NET_CIDR + valueFrom: + configMapKeyRef: + name: ovn-config + key: net_cidr + - name: OVN_SVC_CIDR + valueFrom: + configMapKeyRef: + name: ovn-config + key: svc_cidr + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: K8S_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: healthz + containerPort: 10257 + # TODO: Temporarily disabled until we determine how to wait for clean default + # config + # livenessProbe: + # initialDelaySeconds: 10 + # httpGet: + # path: /healthz + # port: 10257 + # scheme: HTTP + lifecycle: + # end of container + + - name: run-nbctld + image: "iecedge/ovn-daemonset:latest" + imagePullPolicy: "IfNotPresent" + + command: ["/root/ovnkube.sh", "run-nbctld"] + + securityContext: + runAsUser: 0 + + volumeMounts: + - mountPath: /var/log/openvswitch/ + name: host-var-log-ovs + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + + ports: + - name: healthz + containerPort: 10260 + # TODO: Temporarily disabled until we determine how to wait for clean default + # config + # livenessProbe: + # initialDelaySeconds: 10 + # httpGet: + # path: /healthz + # port: 10258 + # scheme: HTTP + lifecycle: + + - name: ovnkube-master + image: "iecedge/ovn-daemonset:latest" + imagePullPolicy: "IfNotPresent" + + command: ["/root/ovnkube.sh", "ovn-master"] + + securityContext: + runAsUser: 0 + + volumeMounts: + # Run directories where we need to be able to access sockets + - mountPath: /var/run/dbus/ + name: host-var-run-dbus + readOnly: true + - mountPath: /var/log/ovn-kubernetes/ + name: host-var-log-ovnkube + - mountPath: /var/run/openvswitch/ + name: host-var-run-ovs + + resources: + requests: + cpu: 100m + memory: 300Mi + env: + - name: OVN_DAEMONSET_VERSION + value: "3" + - name: OVNKUBE_LOGLEVEL + value: "4" + - name: OVN_NET_CIDR + valueFrom: + configMapKeyRef: + name: ovn-config + key: net_cidr + - name: OVN_SVC_CIDR + valueFrom: + configMapKeyRef: + name: ovn-config + key: svc_cidr + - name: K8S_APISERVER + valueFrom: + configMapKeyRef: + name: ovn-config + key: k8s_apiserver + - name: K8S_NODE + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - name: healthz + containerPort: 10254 + # TODO: Temporarily disabled until we determine how to wait for clean default + # config + # livenessProbe: + # initialDelaySeconds: 10 + # httpGet: + # path: /healthz + # port: 10254 + # scheme: HTTP + lifecycle: + # end of container + + nodeSelector: + node-role.kubernetes.io/master: "" + beta.kubernetes.io/os: "linux" + volumes: + # TODO: Need to check why we need this? + - name: host-var-run-dbus + hostPath: + path: /var/run/dbus + - name: host-var-log-ovs + hostPath: + path: /var/log/openvswitch + - name: host-var-log-ovnkube + hostPath: + path: /var/log/ovn-kubernetes + - name: host-var-run-ovs + hostPath: + path: /var/run/openvswitch + tolerations: + - operator: "Exists"