kubeasz/roles/kube-ovn/templates/install.sh.j2

3658 lines
98 KiB
Plaintext
Raw Normal View History

2023-05-14 20:53:18 +08:00
#!/usr/bin/env bash
set -euo pipefail
IPV6=${IPV6:-false}
DUAL_STACK=${DUAL_STACK:-false}
ENABLE_SSL=${ENABLE_SSL:-false}
ENABLE_VLAN=${ENABLE_VLAN:-false}
CHECK_GATEWAY=${CHECK_GATEWAY:-true}
LOGICAL_GATEWAY=${LOGICAL_GATEWAY:-false}
U2O_INTERCONNECTION=${U2O_INTERCONNECTION:-false}
ENABLE_MIRROR=${ENABLE_MIRROR:-false}
VLAN_NIC=${VLAN_NIC:-}
HW_OFFLOAD=${HW_OFFLOAD:-false}
ENABLE_LB=${ENABLE_LB:-false}
ENABLE_NP=${ENABLE_NP:-false}
ENABLE_EIP_SNAT=${ENABLE_EIP_SNAT:-false}
LS_DNAT_MOD_DL_DST=${LS_DNAT_MOD_DL_DST:-true}
ENABLE_EXTERNAL_VPC=${ENABLE_EXTERNAL_VPC:-true}
CNI_CONFIG_PRIORITY=${CNI_CONFIG_PRIORITY:-01}
ENABLE_LB_SVC=${ENABLE_LB_SVC:-false}
ENABLE_KEEP_VM_IP=${ENABLE_KEEP_VM_IP:-true}
# exchange link names of OVS bridge and the provider nic
# in the default provider-network
EXCHANGE_LINK_NAME=${EXCHANGE_LINK_NAME:-false}
# The nic to support container network can be a nic name or a group of regex
# separated by comma, if empty will use the nic that the default route use
IFACE=${IFACE:-}
# Specifies the name of the dpdk tunnel iface.
# Note that the dpdk tunnel iface and tunnel ip cidr should be diffierent with Kubernetes api cidr,otherwise the route will be a problem.
DPDK_TUNNEL_IFACE=${DPDK_TUNNEL_IFACE:-br-phy}
ENABLE_BIND_LOCAL_IP=${ENABLE_BIND_LOCAL_IP:-true}
CNI_CONF_DIR="/etc/cni/net.d"
CNI_BIN_DIR="/opt/cni/bin"
REGISTRY="easzlab.io.local:5000/kubeovn"
VERSION="v1.11.5"
IMAGE_PULL_POLICY="IfNotPresent"
POD_CIDR="{{ CLUSTER_CIDR }}" # Do NOT overlap with NODE/SVC/JOIN CIDR
POD_GATEWAY="{{ CLUSTER_CIDR_GW }}"
SVC_CIDR="{{ SERVICE_CIDR }}" # Do NOT overlap with NODE/POD/JOIN CIDR
JOIN_CIDR="100.64.0.0/16" # Do NOT overlap with NODE/POD/SVC CIDR
PINGER_EXTERNAL_ADDRESS="114.114.114.114" # Pinger check external ip probe
PINGER_EXTERNAL_DOMAIN="alauda.cn" # Pinger check external domain probe
SVC_YAML_IPFAMILYPOLICY=""
if [ "$IPV6" = "true" ]; then
POD_CIDR="fd00:10:16::/64" # Do NOT overlap with NODE/SVC/JOIN CIDR
POD_GATEWAY="fd00:10:16::1"
SVC_CIDR="fd00:10:96::/112" # Do NOT overlap with NODE/POD/JOIN CIDR
JOIN_CIDR="fd00:100:64::/64" # Do NOT overlap with NODE/POD/SVC CIDR
PINGER_EXTERNAL_ADDRESS="2400:3200::1"
PINGER_EXTERNAL_DOMAIN="google.com"
fi
if [ "$DUAL_STACK" = "true" ]; then
POD_CIDR="10.16.0.0/16,fd00:10:16::/64" # Do NOT overlap with NODE/SVC/JOIN CIDR
POD_GATEWAY="10.16.0.1,fd00:10:16::1"
SVC_CIDR="10.96.0.0/12,fd00:10:96::/112" # Do NOT overlap with NODE/POD/JOIN CIDR
JOIN_CIDR="100.64.0.0/16,fd00:100:64::/64" # Do NOT overlap with NODE/POD/SVC CIDR
PINGER_EXTERNAL_ADDRESS="114.114.114.114,2400:3200::1"
PINGER_EXTERNAL_DOMAIN="google.com"
SVC_YAML_IPFAMILYPOLICY="ipFamilyPolicy: PreferDualStack"
fi
EXCLUDE_IPS="" # EXCLUDE_IPS for default subnet
LABEL="kubernetes.io/role=master" # The node label to deploy OVN DB
DEPRECATED_LABEL="node-role.kubernetes.io/master" # The node label to deploy OVN DB in earlier versions
NETWORK_TYPE="geneve" # geneve or vlan
TUNNEL_TYPE="geneve" # geneve, vxlan or stt. ATTENTION: some networkpolicy cannot take effect when using vxlan and stt need custom compile ovs kernel module
POD_NIC_TYPE="veth-pair" # veth-pair or internal-port
POD_DEFAULT_FIP_TYPE="" # iptables, pod can set iptables fip automatically by enable fip annotation
# VLAN Config only take effect when NETWORK_TYPE is vlan
PROVIDER_NAME="provider"
VLAN_INTERFACE_NAME=""
VLAN_NAME="ovn-vlan"
VLAN_ID="100"
if [ "$ENABLE_VLAN" = "true" ]; then
NETWORK_TYPE="vlan"
if [ "$VLAN_NIC" != "" ]; then
VLAN_INTERFACE_NAME="$VLAN_NIC"
fi
fi
# hybrid dpdk
HYBRID_DPDK="false"
# DPDK
DPDK="false"
DPDK_SUPPORTED_VERSIONS=("19.11")
DPDK_VERSION=""
DPDK_CPU="1000m" # Default CPU configuration for if --dpdk-cpu flag is not included
DPDK_MEMORY="2Gi" # Default Memory configuration for it --dpdk-memory flag is not included
# performance
MODULES="kube_ovn_fastpath.ko"
RPMS="openvswitch-kmod"
GC_INTERVAL=360
INSPECT_INTERVAL=20
display_help() {
echo "Usage: $0 [option...]"
echo
echo " -h, --help Print Help (this message) and exit"
echo " --with-hybrid-dpdk Install Kube-OVN with nodes which run ovs-dpdk or ovs-kernel"
echo " --with-dpdk=<version> Install Kube-OVN with OVS-DPDK instead of kernel OVS"
echo " --dpdk-cpu=<amount>m Configure DPDK to use a specific amount of CPU"
echo " --dpdk-memory=<amount>Gi Configure DPDK to use a specific amount of memory"
echo
exit 0
}
if [ -n "${1-}" ]
then
set +u
while :; do
case $1 in
-h|--help)
display_help
;;
--with-hybrid-dpdk)
HYBRID_DPDK="true"
;;
--with-dpdk=*)
DPDK=true
DPDK_VERSION="${1#*=}"
if [[ ! "${DPDK_SUPPORTED_VERSIONS[@]}" = "${DPDK_VERSION}" ]] || [[ -z "${DPDK_VERSION}" ]]; then
echo "Unsupported DPDK version: ${DPDK_VERSION}"
echo "Supported DPDK versions: ${DPDK_SUPPORTED_VERSIONS[*]}"
exit 1
fi
;;
--dpdk-cpu=*)
DPDK_CPU="${1#*=}"
if [[ $DPDK_CPU =~ ^[0-9]+(m)$ ]]
then
echo "CPU $DPDK_CPU"
else
echo "$DPDK_CPU is not valid, please use the format --dpdk-cpu=<amount>m"
exit 1
fi
;;
--dpdk-memory=*)
DPDK_MEMORY="${1#*=}"
if [[ $DPDK_MEMORY =~ ^[0-9]+(Gi)$ ]]
then
echo "MEMORY $DPDK_MEMORY"
else
echo "$DPDK_MEMORY is not valid, please use the format --dpdk-memory=<amount>Gi"
exit 1
fi
;;
-?*)
echo "Unknown argument $1"
exit 1
;;
*) break
esac
shift
done
set -u
fi
echo "-------------------------------"
echo "Kube-OVN Version: $VERSION"
echo "Default Network Mode: $NETWORK_TYPE"
if [[ $NETWORK_TYPE = "vlan" ]];then
echo "Default Vlan Nic: $VLAN_INTERFACE_NAME"
echo "Default Vlan ID: $VLAN_ID"
fi
echo "Default Subnet CIDR: $POD_CIDR"
echo "Join Subnet CIDR: $JOIN_CIDR"
echo "Enable SVC LB: $ENABLE_LB"
echo "Enable Networkpolicy: $ENABLE_NP"
echo "Enable EIP and SNAT: $ENABLE_EIP_SNAT"
echo "Enable Mirror: $ENABLE_MIRROR"
echo "-------------------------------"
if [[ $ENABLE_SSL = "true" ]];then
echo "[Step 0/6] Generate SSL key and cert"
exist=$(kubectl get secret -n kube-system kube-ovn-tls --ignore-not-found)
if [[ $exist == "" ]];then
docker run --rm -v "$PWD":/etc/ovn $REGISTRY/kube-ovn:$VERSION bash generate-ssl.sh
kubectl create secret generic -n kube-system kube-ovn-tls --from-file=cacert=cacert.pem --from-file=cert=ovn-cert.pem --from-file=key=ovn-privkey.pem
rm -rf cacert.pem ovn-cert.pem ovn-privkey.pem ovn-req.pem
fi
echo "-------------------------------"
echo ""
fi
echo "[Step 1/6] Label kube-ovn-master node and label datapath type"
count=$(kubectl get no -l$LABEL --no-headers | wc -l)
node_label="$LABEL"
if [ $count -eq 0 ]; then
count=$(kubectl get no -l$DEPRECATED_LABEL --no-headers | wc -l)
node_label="$DEPRECATED_LABEL"
if [ $count -eq 0 ]; then
echo "ERROR: No node with label $LABEL or $DEPRECATED_LABEL found"
exit 1
fi
fi
kubectl label no -l$node_label kube-ovn/role=master --overwrite
if [ "$DPDK" = "true" -o "$HYBRID_DPDK" = "true" ]; then
kubectl label no -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite
fi
echo "-------------------------------"
echo ""
echo "[Step 2/6] Install OVN components"
addresses=$(kubectl get no -lkube-ovn/role=master --no-headers -o wide | awk '{print $6}' | tr \\n ',')
count=$(kubectl get no -lkube-ovn/role=master --no-headers | wc -l)
echo "Install OVN DB in $addresses"
cat <<EOF > kube-ovn-crd.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vpc-dnses.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vpc-dnses
singular: vpc-dns
shortNames:
- vpc-dns
kind: VpcDns
listKind: VpcDnsList
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.active
name: Active
type: boolean
- jsonPath: .spec.vpc
name: Vpc
type: string
- jsonPath: .spec.subnet
name: Subnet
type: string
name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
vpc:
type: string
subnet:
type: string
status:
type: object
properties:
active:
type: boolean
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: switch-lb-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: switch-lb-rules
singular: switch-lb-rule
shortNames:
- slr
kind: SwitchLBRule
listKind: SwitchLBRuleList
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.vip
name: vip
type: string
- jsonPath: .status.ports
name: port(s)
type: string
- jsonPath: .status.service
name: service
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
namespace:
type: string
vip:
type: string
sessionAffinity:
type: string
ports:
items:
properties:
name:
type: string
port:
type: integer
minimum: 1
maximum: 65535
protocol:
type: string
targetPort:
type: integer
minimum: 1
maximum: 65535
type: object
type: array
selector:
items:
type: string
type: array
status:
type: object
properties:
ports:
type: string
service:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vpc-nat-gateways.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vpc-nat-gateways
singular: vpc-nat-gateway
shortNames:
- vpc-nat-gw
kind: VpcNatGateway
listKind: VpcNatGatewayList
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.vpc
name: Vpc
type: string
- jsonPath: .spec.subnet
name: Subnet
type: string
- jsonPath: .spec.lanIp
name: LanIP
type: string
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
lanIp:
type: string
subnet:
type: string
vpc:
type: string
selector:
type: array
items:
type: string
tolerations:
type: array
items:
type: object
properties:
key:
type: string
operator:
type: string
value:
type: string
effect:
type: string
tolerationSeconds:
type: integer
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: iptables-eips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: iptables-eips
singular: iptables-eip
shortNames:
- eip
kind: IptablesEIP
listKind: IptablesEIPList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.ip
name: IP
type: string
- jsonPath: .spec.macAddress
name: Mac
type: string
- jsonPath: .status.nat
name: Nat
type: string
- jsonPath: .spec.natGwDp
name: NatGwDp
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
ip:
type: string
nat:
type: string
redo:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
v4ip:
type: string
v6ip:
type: string
macAddress:
type: string
natGwDp:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: iptables-fip-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: iptables-fip-rules
singular: iptables-fip-rule
shortNames:
- fip
kind: IptablesFIPRule
listKind: IptablesFIPRuleList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .spec.eip
name: Eip
type: string
- jsonPath: .status.v4ip
name: V4ip
type: string
- jsonPath: .spec.internalIp
name: InternalIp
type: string
- jsonPath: .status.v6ip
name: V6ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
- jsonPath: .status.natGwDp
name: NatGwDp
type: string
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4ip:
type: string
v6ip:
type: string
natGwDp:
type: string
redo:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
eip:
type: string
internalIp:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: iptables-dnat-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: iptables-dnat-rules
singular: iptables-dnat-rule
shortNames:
- dnat
kind: IptablesDnatRule
listKind: IptablesDnatRuleList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .spec.eip
name: Eip
type: string
- jsonPath: .spec.protocol
name: Protocol
type: string
- jsonPath: .status.v4ip
name: V4ip
type: string
- jsonPath: .status.v6ip
name: V6ip
type: string
- jsonPath: .spec.internalIp
name: InternalIp
type: string
- jsonPath: .spec.externalPort
name: ExternalPort
type: string
- jsonPath: .spec.internalPort
name: InternalPort
type: string
- jsonPath: .status.natGwDp
name: NatGwDp
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4ip:
type: string
v6ip:
type: string
natGwDp:
type: string
redo:
type: string
protocol:
type: string
internalIp:
type: string
internalPort:
type: string
externalPort:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
eip:
type: string
externalPort:
type: string
protocol:
type: string
internalIp:
type: string
internalPort:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: iptables-snat-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: iptables-snat-rules
singular: iptables-snat-rule
shortNames:
- snat
kind: IptablesSnatRule
listKind: IptablesSnatRuleList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .spec.eip
name: EIP
type: string
- jsonPath: .status.v4ip
name: V4ip
type: string
- jsonPath: .status.v6ip
name: V6ip
type: string
- jsonPath: .spec.internalCIDR
name: InternalCIDR
type: string
- jsonPath: .status.natGwDp
name: NatGwDp
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4ip:
type: string
v6ip:
type: string
natGwDp:
type: string
redo:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
eip:
type: string
internalCIDR:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ovn-eips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-eips
singular: ovn-eip
shortNames:
- oeip
kind: OvnEip
listKind: OvnEipList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .spec.v4ip
name: IP
type: string
- jsonPath: .spec.macAddress
name: Mac
type: string
- jsonPath: .spec.type
name: Type
type: string
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
v4Ip:
type: string
macAddress:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
externalSubnet:
type: string
type:
type: string
v4ip:
type: string
macAddress:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ovn-fips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-fips
singular: ovn-fip
shortNames:
- ofip
kind: OvnFip
listKind: OvnFipList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.vpc
name: Vpc
type: string
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v4Ip
name: V4Ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4Eip:
type: string
v4Ip:
type: string
macAddress:
type: string
vpc:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
ovnEip:
type: string
ipName:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ovn-snat-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-snat-rules
singular: ovn-snat-rule
shortNames:
- osnat
kind: OvnSnatRule
listKind: OvnSnatRuleList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.vpc
name: Vpc
type: string
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v4ipCidr
name: V4Ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4Eip:
type: string
v4ipCidr:
type: string
vpc:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
ovnEip:
type: string
vpcSubnet:
type: string
ipName:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vpcs.kubeovn.io
spec:
group: kubeovn.io
versions:
- additionalPrinterColumns:
- jsonPath: .status.enableExternal
name: EnableExternal
type: boolean
- jsonPath: .status.standby
name: Standby
type: boolean
- jsonPath: .status.subnets
name: Subnets
type: string
- jsonPath: .spec.namespaces
name: Namespaces
type: string
name: v1
schema:
openAPIV3Schema:
properties:
spec:
properties:
enableExternal:
type: boolean
namespaces:
items:
type: string
type: array
staticRoutes:
items:
properties:
policy:
type: string
cidr:
type: string
nextHopIP:
type: string
type: object
type: array
policyRoutes:
items:
properties:
priority:
type: integer
action:
type: string
match:
type: string
nextHopIP:
type: string
type: object
type: array
vpcPeerings:
items:
properties:
remoteVpc:
type: string
localConnectIP:
type: string
type: object
type: array
type: object
status:
properties:
conditions:
items:
properties:
lastTransitionTime:
type: string
lastUpdateTime:
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
default:
type: boolean
defaultLogicalSwitch:
type: string
router:
type: string
standby:
type: boolean
enableExternal:
type: boolean
subnets:
items:
type: string
type: array
vpcPeerings:
items:
type: string
type: array
tcpLoadBalancer:
type: string
tcpSessionLoadBalancer:
type: string
udpLoadBalancer:
type: string
udpSessionLoadBalancer:
type: string
sctpLoadBalancer:
type: string
sctpSessionLoadBalancer:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
names:
kind: Vpc
listKind: VpcList
plural: vpcs
shortNames:
- vpc
singular: vpc
scope: Cluster
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ips.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- name: V4IP
type: string
jsonPath: .spec.v4IpAddress
- name: V6IP
type: string
jsonPath: .spec.v6IpAddress
- name: Mac
type: string
jsonPath: .spec.macAddress
- name: Node
type: string
jsonPath: .spec.nodeName
- name: Subnet
type: string
jsonPath: .spec.subnet
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
podName:
type: string
namespace:
type: string
subnet:
type: string
attachSubnets:
type: array
items:
type: string
nodeName:
type: string
ipAddress:
type: string
v4IpAddress:
type: string
v6IpAddress:
type: string
attachIps:
type: array
items:
type: string
macAddress:
type: string
attachMacs:
type: array
items:
type: string
containerID:
type: string
podType:
type: string
scope: Cluster
names:
plural: ips
singular: ip
kind: IP
shortNames:
- ip
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vips
singular: vip
shortNames:
- vip
kind: Vip
listKind: VipList
scope: Cluster
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- name: V4IP
type: string
jsonPath: .status.v4ip
- name: PV4IP
type: string
jsonPath: .spec.parentV4ip
- name: Mac
type: string
jsonPath: .status.mac
- name: PMac
type: string
jsonPath: .spec.parentMac
- name: V6IP
type: string
jsonPath: .status.v6ip
- name: PV6IP
type: string
jsonPath: .spec.parentV6ip
- name: Subnet
type: string
jsonPath: .spec.subnet
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4ip:
type: string
v6ip:
type: string
mac:
type: string
pv4ip:
type: string
pv6ip:
type: string
pmac:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
namespace:
type: string
subnet:
type: string
attachSubnets:
type: array
items:
type: string
v4ip:
type: string
macAddress:
type: string
v6ip:
type: string
parentV4ip:
type: string
parentMac:
type: string
parentV6ip:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: subnets.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- name: Provider
type: string
jsonPath: .spec.provider
- name: Vpc
type: string
jsonPath: .spec.vpc
- name: Protocol
type: string
jsonPath: .spec.protocol
- name: CIDR
type: string
jsonPath: .spec.cidrBlock
- name: Private
type: boolean
jsonPath: .spec.private
- name: NAT
type: boolean
jsonPath: .spec.natOutgoing
- name: Default
type: boolean
jsonPath: .spec.default
- name: GatewayType
type: string
jsonPath: .spec.gatewayType
- name: V4Used
type: number
jsonPath: .status.v4usingIPs
- name: V4Available
type: number
jsonPath: .status.v4availableIPs
- name: V6Used
type: number
jsonPath: .status.v6usingIPs
- name: V6Available
type: number
jsonPath: .status.v6availableIPs
- name: ExcludeIPs
type: string
jsonPath: .spec.excludeIps
- name: U2OInterconnectionIP
type: string
jsonPath: .status.u2oInterconnectionIP
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
v4availableIPs:
type: number
v4usingIPs:
type: number
v6availableIPs:
type: number
v6usingIPs:
type: number
activateGateway:
type: string
dhcpV4OptionsUUID:
type: string
dhcpV6OptionsUUID:
type: string
u2oInterconnectionIP:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
vpc:
type: string
default:
type: boolean
protocol:
type: string
enum:
- IPv4
- IPv6
- Dual
cidrBlock:
type: string
namespaces:
type: array
items:
type: string
gateway:
type: string
provider:
type: string
excludeIps:
type: array
items:
type: string
vips:
type: array
items:
type: string
gatewayType:
type: string
allowSubnets:
type: array
items:
type: string
gatewayNode:
type: string
natOutgoing:
type: boolean
u2oRouting:
type: boolean
externalEgressGateway:
type: string
policyRoutingPriority:
type: integer
minimum: 1
maximum: 32765
policyRoutingTableID:
type: integer
minimum: 1
maximum: 2147483647
not:
enum:
- 252 # compat
- 253 # default
- 254 # main
- 255 # local
private:
type: boolean
vlan:
type: string
logicalGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
enableDHCP:
type: boolean
dhcpV4Options:
type: string
dhcpV6Options:
type: string
enableIPv6RA:
type: boolean
ipv6RAConfigs:
type: string
acls:
type: array
items:
type: object
properties:
direction:
type: string
enum:
- from-lport
- to-lport
priority:
type: integer
minimum: 0
maximum: 32767
match:
type: string
action:
type: string
enum:
- allow-related
- allow-stateless
- allow
- drop
- reject
u2oInterconnection:
type: boolean
scope: Cluster
names:
plural: subnets
singular: subnet
kind: Subnet
shortNames:
- subnet
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vlans.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
id:
type: integer
minimum: 0
maximum: 4095
provider:
type: string
vlanId:
type: integer
description: Deprecated in favor of id
providerInterfaceName:
type: string
description: Deprecated in favor of provider
required:
- provider
status:
type: object
properties:
subnets:
type: array
items:
type: string
additionalPrinterColumns:
- name: ID
type: string
jsonPath: .spec.id
- name: Provider
type: string
jsonPath: .spec.provider
scope: Cluster
names:
plural: vlans
singular: vlan
kind: Vlan
shortNames:
- vlan
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: provider-networks.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
metadata:
type: object
properties:
name:
type: string
maxLength: 12
not:
enum:
- int
- external
spec:
type: object
properties:
defaultInterface:
type: string
maxLength: 15
pattern: '^[^/\s]+$'
customInterfaces:
type: array
items:
type: object
properties:
interface:
type: string
maxLength: 15
pattern: '^[^/\s]+$'
nodes:
type: array
items:
type: string
exchangeLinkName:
type: boolean
excludeNodes:
type: array
items:
type: string
required:
- defaultInterface
status:
type: object
properties:
ready:
type: boolean
readyNodes:
type: array
items:
type: string
notReadyNodes:
type: array
items:
type: string
vlans:
type: array
items:
type: string
conditions:
type: array
items:
type: object
properties:
node:
type: string
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
additionalPrinterColumns:
- name: DefaultInterface
type: string
jsonPath: .spec.defaultInterface
- name: Ready
type: boolean
jsonPath: .status.ready
scope: Cluster
names:
plural: provider-networks
singular: provider-network
kind: ProviderNetwork
listKind: ProviderNetworkList
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: security-groups.kubeovn.io
spec:
group: kubeovn.io
names:
plural: security-groups
singular: security-group
shortNames:
- sg
kind: SecurityGroup
listKind: SecurityGroupList
scope: Cluster
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
ingressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
egressRules:
type: array
items:
type: object
properties:
ipVersion:
type: string
protocol:
type: string
priority:
type: integer
remoteType:
type: string
remoteAddress:
type: string
remoteSecurityGroup:
type: string
portRangeMin:
type: integer
portRangeMax:
type: integer
policy:
type: string
allowSameGroupTraffic:
type: boolean
status:
type: object
properties:
portGroup:
type: string
allowSameGroupTraffic:
type: boolean
ingressMd5:
type: string
egressMd5:
type: string
ingressLastSyncSuccess:
type: boolean
egressLastSyncSuccess:
type: boolean
subresources:
status: {}
conversion:
strategy: None
EOF
if $DPDK; then
cat <<EOF > ovn.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovn
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn
rules:
- apiGroups:
- "kubeovn.io"
resources:
- vpcs
- vpcs/status
- vpc-nat-gateways
- subnets
- subnets/status
- ips
- vips
- vips/status
- vlans
- vlans/status
- provider-networks
- provider-networks/status
- security-groups
- security-groups/status
- iptables-eips
- iptables-fip-rules
- iptables-dnat-rules
- iptables-snat-rules
- iptables-eips/status
- iptables-fip-rules/status
- iptables-dnat-rules/status
- iptables-snat-rules/status
- ovn-eips
- ovn-fips
- ovn-snat-rules
- ovn-eips/status
- ovn-fips/status
- ovn-snat-rules/status
- switch-lb-rules
- switch-lb-rules/status
- vpc-dnses
- vpc-dnses/status
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- pods/exec
- namespaces
- nodes
- configmaps
verbs:
- create
- get
- list
- watch
- patch
- update
- apiGroups:
- "k8s.cni.cncf.io"
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- update
- apiGroups:
- ""
- networking.k8s.io
- apps
- extensions
resources:
- networkpolicies
- services
- services/status
- endpoints
- statefulsets
- daemonsets
- deployments
- deployments/scale
verbs:
- create
- delete
- update
- patch
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- "*"
- apiGroups:
- "kubevirt.io"
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn
roleRef:
name: system:ovn
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-system
---
kind: Service
apiVersion: v1
metadata:
name: ovn-nb
namespace: kube-system
spec:
ports:
- name: ovn-nb
protocol: TCP
port: 6641
targetPort: 6641
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-nb-leader: "true"
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: ovn-sb
namespace: kube-system
spec:
ports:
- name: ovn-sb
protocol: TCP
port: 6642
targetPort: 6642
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-sb-leader: "true"
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: ovn-northd
namespace: kube-system
spec:
ports:
- name: ovn-northd
protocol: TCP
port: 6643
targetPort: 6643
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-northd-leader: "true"
sessionAffinity: None
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: ovn-central
namespace: kube-system
annotations:
kubernetes.io/description: |
OVN components: northd, nb and sb.
spec:
replicas: $count
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: ovn-central
template:
metadata:
labels:
app: ovn-central
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: ovn-central
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
containers:
- name: ovn-central
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-db.sh"]
securityContext:
capabilities:
add: ["SYS_NICE"]
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: NODE_IPS
value: $addresses
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "$ENABLE_BIND_LOCAL_IP"
resources:
requests:
cpu: 300m
memory: 300Mi
limits:
cpu: 3
memory: 4Gi
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
periodSeconds: 15
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 15
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-ovn
namespace: kube-system
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: ovs
updateStrategy:
type: OnDelete
template:
metadata:
labels:
app: ovs
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn
hostNetwork: true
hostPID: true
containers:
- name: openvswitch
image: "$REGISTRY/kube-ovn-dpdk:$DPDK_VERSION-$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-ovs-dpdk.sh"]
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: $addresses
volumeMounts:
- mountPath: /var/run/netns
name: host-ns
mountPropagation: HostToContainer
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /opt/ovs-config
name: host-config-ovs
- mountPath: /dev/hugepages
name: hugepage
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- /kube-ovn/ovs-dpdk-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovs-dpdk-healthcheck.sh
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: $DPDK_CPU
memory: $DPDK_MEMORY
limits:
cpu: $DPDK_CPU
memory: $DPDK_MEMORY
hugepages-1Gi: 1Gi
nodeSelector:
kubernetes.io/os: "linux"
ovn.kubernetes.io/ovs_dp_type: "kernel"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-ns
hostPath:
path: /var/run/netns
- name: cni-conf
hostPath:
path: /etc/cni/net.d
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: host-config-ovs
hostPath:
path: /opt/ovs-config
type: DirectoryOrCreate
- name: hugepage
emptyDir:
medium: HugePages
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
EOF
else
cat <<EOF > ovn.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovn
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn
rules:
- apiGroups:
- "kubeovn.io"
resources:
- vpcs
- vpcs/status
- vpc-nat-gateways
- subnets
- subnets/status
- ips
- vips
- vips/status
- vlans
- vlans/status
- provider-networks
- provider-networks/status
- security-groups
- security-groups/status
- iptables-eips
- iptables-fip-rules
- iptables-dnat-rules
- iptables-snat-rules
- iptables-eips/status
- iptables-fip-rules/status
- iptables-dnat-rules/status
- iptables-snat-rules/status
- ovn-eips
- ovn-fips
- ovn-snat-rules
- ovn-eips/status
- ovn-fips/status
- ovn-snat-rules/status
- vpc-dnses
- vpc-dnses/status
- switch-lb-rules
- switch-lb-rules/status
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- pods/exec
- namespaces
- nodes
- configmaps
verbs:
- create
- get
- list
- watch
- patch
- update
- apiGroups:
- ""
- networking.k8s.io
- apps
- extensions
resources:
- networkpolicies
- services
- services/status
- endpoints
- statefulsets
- daemonsets
- deployments
- deployments/scale
verbs:
- create
- delete
- update
- patch
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- "*"
- apiGroups:
- "k8s.cni.cncf.io"
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- update
- apiGroups:
- "kubevirt.io"
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn
roleRef:
name: system:ovn
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-system
---
kind: Service
apiVersion: v1
metadata:
name: ovn-nb
namespace: kube-system
spec:
ports:
- name: ovn-nb
protocol: TCP
port: 6641
targetPort: 6641
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-nb-leader: "true"
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: ovn-sb
namespace: kube-system
spec:
ports:
- name: ovn-sb
protocol: TCP
port: 6642
targetPort: 6642
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-sb-leader: "true"
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: ovn-northd
namespace: kube-system
spec:
ports:
- name: ovn-northd
protocol: TCP
port: 6643
targetPort: 6643
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: ovn-central
ovn-northd-leader: "true"
sessionAffinity: None
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: ovn-central
namespace: kube-system
annotations:
kubernetes.io/description: |
OVN components: northd, nb and sb.
spec:
replicas: $count
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: ovn-central
template:
metadata:
labels:
app: ovn-central
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: ovn-central
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
containers:
- name: ovn-central
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-db.sh"]
securityContext:
capabilities:
add: ["SYS_NICE"]
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: NODE_IPS
value: $addresses
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "$ENABLE_BIND_LOCAL_IP"
resources:
requests:
cpu: 300m
memory: 200Mi
limits:
cpu: 3
memory: 4Gi
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
periodSeconds: 15
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 15
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-ovn
namespace: kube-system
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: ovs
updateStrategy:
type: OnDelete
template:
metadata:
labels:
app: ovs
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn
hostNetwork: true
hostPID: true
containers:
- name: openvswitch
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-ovs.sh"]
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HW_OFFLOAD
value: "$HW_OFFLOAD"
- name: TUNNEL_TYPE
value: "$TUNNEL_TYPE"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: $addresses
volumeMounts:
- mountPath: /var/run/netns
name: host-ns
mountPropagation: HostToContainer
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
- mountPath: /var/run/containerd
name: cruntime
readinessProbe:
exec:
command:
- bash
- -c
- LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovs-healthcheck.sh
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: 200m
memory: 200Mi
limits:
cpu: 1000m
memory: 1000Mi
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-ns
hostPath:
path: /var/run/netns
- name: cni-conf
hostPath:
path: /etc/cni/net.d
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- hostPath:
path: /var/run/containerd
name: cruntime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
EOF
fi
kubectl apply -f kube-ovn-crd.yaml
kubectl apply -f ovn.yaml
if $HYBRID_DPDK; then
cat <<EOF > ovn-dpdk.yaml
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-ovn-dpdk
namespace: kube-system
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: ovs-dpdk
updateStrategy:
type: OnDelete
template:
metadata:
labels:
app: ovs-dpdk
component: network
type: infra
spec:
tolerations:
- operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn
hostNetwork: true
hostPID: true
containers:
- name: openvswitch
image: "$REGISTRY/kube-ovn:${VERSION}-dpdk"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-ovs-dpdk-v2.sh"]
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HW_OFFLOAD
value: "$HW_OFFLOAD"
- name: TUNNEL_TYPE
value: "$TUNNEL_TYPE"
- name: DPDK_TUNNEL_IFACE
value: "$DPDK_TUNNEL_IFACE"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: $addresses
volumeMounts:
- mountPath: /opt/ovs-config
name: host-config-ovs
- name: shareddir
mountPath: /var/lib/kubelet/pods
- name: hugepage
mountPath: /dev/hugepages
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
mountPropagation: HostToContainer
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- -c
- LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovs-healthcheck.sh
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: 200m
hugepages-2Mi: 1Gi
memory: 200Mi
limits:
cpu: 1000m
hugepages-2Mi: 1Gi
memory: 800Mi
nodeSelector:
kubernetes.io/os: "linux"
ovn.kubernetes.io/ovs_dp_type: "userspace"
volumes:
- name: host-config-ovs
hostPath:
path: /opt/ovs-config
type: DirectoryOrCreate
- name: shareddir
hostPath:
path: /var/lib/kubelet/pods
type: ''
- name: hugepage
emptyDir:
medium: HugePages
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: cni-conf
hostPath:
path: /etc/cni/net.d
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
EOF
kubectl apply -f ovn-dpdk.yaml
fi
kubectl rollout status deployment/ovn-central -n kube-system --timeout 300s
echo "-------------------------------"
echo ""
echo "[Step 3/6] Install Kube-OVN"
cat <<EOF > kube-ovn.yaml
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: kube-ovn-controller
namespace: kube-system
annotations:
kubernetes.io/description: |
kube-ovn controller
spec:
replicas: $count
selector:
matchLabels:
app: kube-ovn-controller
strategy:
rollingUpdate:
maxSurge: 0%
maxUnavailable: 100%
type: RollingUpdate
template:
metadata:
labels:
app: kube-ovn-controller
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: kube-ovn-controller
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
containers:
- name: kube-ovn-controller
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
args:
- /kube-ovn/start-controller.sh
- --default-cidr=$POD_CIDR
- --default-gateway=$POD_GATEWAY
- --default-gateway-check=$CHECK_GATEWAY
- --default-logical-gateway=$LOGICAL_GATEWAY
- --default-u2o-interconnection=$U2O_INTERCONNECTION
- --default-exclude-ips=$EXCLUDE_IPS
- --node-switch-cidr=$JOIN_CIDR
- --service-cluster-ip-range=$SVC_CIDR
- --network-type=$NETWORK_TYPE
- --default-interface-name=$VLAN_INTERFACE_NAME
- --default-exchange-link-name=$EXCHANGE_LINK_NAME
- --default-vlan-id=$VLAN_ID
- --ls-dnat-mod-dl-dst=$LS_DNAT_MOD_DL_DST
- --pod-nic-type=$POD_NIC_TYPE
- --enable-lb=$ENABLE_LB
- --enable-np=$ENABLE_NP
- --enable-eip-snat=$ENABLE_EIP_SNAT
- --enable-external-vpc=$ENABLE_EXTERNAL_VPC
- --logtostderr=false
- --alsologtostderr=true
- --gc-interval=$GC_INTERVAL
- --inspect-interval=$INSPECT_INTERVAL
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
- --log_file_max_size=0
- --enable-lb-svc=$ENABLE_LB_SVC
- --keep-vm-ip=$ENABLE_KEEP_VM_IP
- --pod-default-fip-type=$POD_DEFAULT_FIP_TYPE
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KUBE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: $addresses
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "$ENABLE_BIND_LOCAL_IP"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- /kube-ovn/kube-ovn-controller-healthcheck
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- /kube-ovn/kube-ovn-controller-healthcheck
initialDelaySeconds: 300
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: 200m
memory: 200Mi
limits:
cpu: 1000m
memory: 1Gi
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-log
hostPath:
path: /var/log/kube-ovn
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kube-ovn-cni
namespace: kube-system
annotations:
kubernetes.io/description: |
This daemon set launches the kube-ovn cni daemon.
spec:
selector:
matchLabels:
app: kube-ovn-cni
template:
metadata:
labels:
app: kube-ovn-cni
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn
hostNetwork: true
hostPID: true
initContainers:
- name: install-cni
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/install-cni.sh"]
securityContext:
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /opt/cni/bin
name: cni-bin
- mountPath: /usr/local/bin
name: local-bin
containers:
- name: cni-server
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command:
- bash
- /kube-ovn/start-cniserver.sh
args:
- --enable-mirror=$ENABLE_MIRROR
- --encap-checksum=true
- --service-cluster-ip-range=$SVC_CIDR
- --iface=${IFACE}
- --dpdk-tunnel-iface=${DPDK_TUNNEL_IFACE}
- --network-type=$TUNNEL_TYPE
- --default-interface-name=$VLAN_INTERFACE_NAME
- --cni-conf-name=${CNI_CONFIG_PRIORITY}-kube-ovn.conflist
- --logtostderr=false
- --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-cni.log
- --log_file_max_size=0
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MODULES
value: $MODULES
- name: RPMS
value: $RPMS
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "$ENABLE_BIND_LOCAL_IP"
- name: DBUS_SYSTEM_BUS_ADDRESS
value: "unix:path=/host/var/run/dbus/system_bus_socket"
volumeMounts:
- name: host-modules
mountPath: /lib/modules
readOnly: true
- name: shared-dir
mountPath: /var/lib/kubelet/pods
- mountPath: /etc/openvswitch
name: systemid
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /run/openvswitch
name: host-run-ovs
mountPropagation: Bidirectional
- mountPath: /run/ovn
name: host-run-ovn
- mountPath: /host/var/run/dbus
name: host-dbus
mountPropagation: HostToContainer
- mountPath: /var/run/netns
name: host-ns
mountPropagation: HostToContainer
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /tmp
name: tmp
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10665
timeoutSeconds: 3
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10665
timeoutSeconds: 3
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 1000m
memory: 1Gi
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: shared-dir
hostPath:
path: /var/lib/kubelet/pods
- name: systemid
hostPath:
path: /etc/origin/openvswitch
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: cni-conf
hostPath:
path: $CNI_CONF_DIR
- name: cni-bin
hostPath:
path: $CNI_BIN_DIR
- name: host-ns
hostPath:
path: /var/run/netns
- name: host-dbus
hostPath:
path: /var/run/dbus
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: kube-ovn-log
hostPath:
path: /var/log/kube-ovn
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: tmp
hostPath:
path: /tmp
- name: local-bin
hostPath:
path: /usr/local/bin
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kube-ovn-pinger
namespace: kube-system
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: kube-ovn-pinger
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: kube-ovn-pinger
component: network
type: infra
spec:
priorityClassName: system-node-critical
serviceAccountName: ovn
hostPID: true
containers:
- name: pinger
image: "$REGISTRY/kube-ovn:$VERSION"
command:
- /kube-ovn/kube-ovn-pinger
args:
- --external-address=$PINGER_EXTERNAL_ADDRESS
- --external-dns=$PINGER_EXTERNAL_DOMAIN
- --logtostderr=false
- --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
- --log_file_max_size=0
imagePullPolicy: $IMAGE_PULL_POLICY
securityContext:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /run/openvswitch
name: host-run-ovs
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 200m
memory: 400Mi
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: kube-ovn-log
hostPath:
path: /var/log/kube-ovn
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: kube-ovn-monitor
namespace: kube-system
annotations:
kubernetes.io/description: |
Metrics for OVN components: northd, nb and sb.
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: kube-ovn-monitor
template:
metadata:
labels:
app: kube-ovn-monitor
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: kube-ovn-monitor
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
containers:
- name: kube-ovn-monitor
image: "$REGISTRY/kube-ovn:$VERSION"
imagePullPolicy: $IMAGE_PULL_POLICY
command: ["/kube-ovn/start-ovn-monitor.sh"]
securityContext:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "$ENABLE_SSL"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "$ENABLE_BIND_LOCAL_IP"
resources:
requests:
cpu: 200m
memory: 200Mi
limits:
cpu: 200m
memory: 200Mi
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- cat
- /var/run/ovn/ovn-controller.pid
periodSeconds: 10
timeoutSeconds: 45
livenessProbe:
exec:
command:
- cat
- /var/run/ovn/ovn-controller.pid
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-monitor
namespace: kube-system
labels:
app: kube-ovn-monitor
spec:
ports:
- name: metrics
port: 10661
type: ClusterIP
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: kube-ovn-monitor
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-pinger
namespace: kube-system
labels:
app: kube-ovn-pinger
spec:
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: kube-ovn-pinger
ports:
- port: 8080
name: metrics
---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-controller
namespace: kube-system
labels:
app: kube-ovn-controller
spec:
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: kube-ovn-controller
ports:
- port: 10660
name: metrics
---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-cni
namespace: kube-system
labels:
app: kube-ovn-cni
spec:
${SVC_YAML_IPFAMILYPOLICY}
selector:
app: kube-ovn-cni
ports:
- port: 10665
name: metrics
EOF
kubectl apply -f kube-ovn.yaml
kubectl rollout status deployment/kube-ovn-controller -n kube-system --timeout 300s
kubectl rollout status daemonset/kube-ovn-cni -n kube-system --timeout 300s
echo "-------------------------------"
echo ""
echo "[Step 4/6] Delete pod that not in host network mode"
for ns in $(kubectl get ns --no-headers -o custom-columns=NAME:.metadata.name); do
for pod in $(kubectl get pod --no-headers -n "$ns" --field-selector spec.restartPolicy=Always -o custom-columns=NAME:.metadata.name,HOST:spec.hostNetwork | awk '{if ($2!="true") print $1}'); do
kubectl delete pod "$pod" -n "$ns" --ignore-not-found
done
done
sleep 5
kubectl rollout status daemonset/kube-ovn-pinger -n kube-system --timeout 300s
#kubectl rollout status deployment/coredns -n kube-system --timeout 600s
echo "-------------------------------"
echo ""
echo "[Step 5/6] Add kubectl plugin PATH"
if ! sh -c "echo \":$PATH:\" | grep -q \":/usr/local/bin:\""; then
echo "Tips:Please join the /usr/local/bin to your PATH. Temporarily, we do it for this execution."
export PATH=/usr/local/bin:$PATH
echo "-------------------------------"
echo ""
fi
echo "[Step 6/6] Run network diagnose"
kubectl cp kube-system/$(kubectl -n kube-system get pods -o wide | grep cni | awk '{print $1}' | awk 'NR==1{print}'):/kube-ovn/kubectl-ko /usr/local/bin/kubectl-ko
chmod +x /usr/local/bin/kubectl-ko
kubectl ko diagnose all
echo "-------------------------------"
echo "
,,,,
,::,
,,::,,,,
,,,,,::::::::::::,,,,,
,,,::::::::::::::::::::::,,,
,,::::::::::::::::::::::::::::,,
,,::::::::::::::::::::::::::::::::,,
,::::::::::::::::::::::::::::::::::::,
,:::::::::::::,, ,,:::::,,,::::::::::,
,,:::::::::::::, ,::, ,:::::::::,
,:::::::::::::, :x, ,:: :, ,:::::::::,
,:::::::::::::::, ,,, ,::, ,, ,::::::::::,
,:::::::::::::::::,,,,,,:::::,,,,::::::::::::, ,:, ,:, ,xx, ,:::::, ,:, ,:: :::, ,x
,::::::::::::::::::::::::::::::::::::::::::::, :x: ,:xx: , :xx, :xxxxxxxxx, :xx, ,xx:,xxxx, :x
,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx:, ,xx, :x: :xxx:x::, ::xxxx: :xx:, ,:xxx :xx, ,xx: ,xxxxx:, :x
,::::::::::::::::::::::::::::::::::::::::::::, :xxxxx, :xx, :x: :xxx,,:xx,:xx:,:xx, ,,,,,,,,,xxx, ,xx: :xx:xx: ,xxx,:xx::x
,::::::,,::::::::,,::::::::,,:::::::,,,::::::, :x:,xxx: ,xx, :xx :xx: ,xx,xxxxxx:, ,xxxxxxx:,xxx:, ,xxx, :xxx: ,xxx, :xxxx
,::::, ,::::, ,:::::, ,,::::, ,::::, :x: ,:xx,,:xx::xxxx,,xxx::xx: :xx::::x: ,,,,,, ,xxxxxxxxx, ,xx: ,xxx, :xxx
,::::, ,::::, ,::::, ,::::, ,::::, ,:, ,:, ,,::,,:, ,::::,, ,:::::, ,,:::::, ,, :x: ,::
,::::, ,::::, ,::::, ,::::, ,::::,
,,,,, ,::::, ,::::, ,::::, ,:::, ,,,,,,,,,,,,,
,::::, ,::::, ,::::, ,:::, ,,,:::::::::::::::,
,::::, ,::::, ,::::, ,::::, ,,,,:::::::::,,,,,,,:::,
,::::, ,::::, ,::::, ,::::::::::::,,,,,
,,,, ,::::, ,,,, ,,,::::,,,,
,::::,
,,::,
"
echo "Thanks for choosing Kube-OVN!
For more advanced features, please read https://kubeovn.github.io/docs/stable/en/
If you have any question, please file an issue https://github.com/kubeovn/kube-ovn/issues/new/choose"