From 6164c90f70023fe91e851c91239562a729f30ff1 Mon Sep 17 00:00:00 2001 From: Florian Ruynat <16313165+floryut@users.noreply.github.com> Date: Sun, 18 Apr 2021 03:50:21 +0200 Subject: [PATCH] Update kube-ovn to 1.6.2 --- README.md | 2 +- roles/download/defaults/main.yml | 2 +- .../network_plugin/kube-ovn/defaults/main.yml | 5 +- .../kube-ovn/templates/cni-kube-ovn.yml.j2 | 6 +- .../kube-ovn/templates/cni-ovn.yml.j2 | 95 ++++++++++++++++++- 5 files changed, 102 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 2c3e3fac7..8291528ad 100644 --- a/README.md +++ b/README.md @@ -139,7 +139,7 @@ Note: Upstart/SysV init based OS types are not supported. - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) - [cilium](https://github.com/cilium/cilium) v1.8.8 - [flanneld](https://github.com/coreos/flannel) v0.13.0 - - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.1 + - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.2 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.2.0 - [multus](https://github.com/intel/multus-cni) v3.7.0 - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0 diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 54702d6ad..4ffd1a647 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -78,7 +78,7 @@ cni_version: "v0.9.0" weave_version: 2.8.1 pod_infra_version: "3.3" cilium_version: "v1.8.8" -kube_ovn_version: "v1.6.1" +kube_ovn_version: "v1.6.2" kube_router_version: "v1.2.0" multus_version: "v3.7" ovn4nfv_ovn_image_version: "v1.0.0" diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml index a4e43917e..5bbb84b77 100644 --- a/roles/network_plugin/kube-ovn/defaults/main.yml +++ b/roles/network_plugin/kube-ovn/defaults/main.yml @@ -15,6 +15,9 @@ kube_ovn_pinger_cpu_request: 100m kube_ovn_pinger_memory_request: 200Mi kube_ovn_pinger_cpu_limit: 200m kube_ovn_pinger_memory_limit: 400Mi +kube_ovn_monitor_cpu_request: 500m +kube_ovn_monitor_memory_request: 300Mi traffic_mirror: true -encap_checksum: true +encap_checksum: false +enable_ssl: false diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 index c0a20449b..e71e96869 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 @@ -47,7 +47,7 @@ spec: - --default-cidr={{ kube_pods_subnet }} env: - name: ENABLE_SSL - value: "false" + value: "{{ enable_ssl }}" - name: POD_NAME valueFrom: fieldRef: @@ -146,7 +146,7 @@ spec: privileged: true env: - name: ENABLE_SSL - value: "false" + value: "{{ enable_ssl }}" - name: POD_IP valueFrom: fieldRef: @@ -240,7 +240,7 @@ spec: privileged: false env: - name: ENABLE_SSL - value: "false" + value: "{{ enable_ssl }}" - name: POD_IP valueFrom: fieldRef: diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 index 1d6c64319..d2c41fe92 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 @@ -155,6 +155,39 @@ spec: ovn-sb-leader: "true" sessionAffinity: None --- +kind: Service +apiVersion: v1 +metadata: + name: ovn-northd + namespace: kube-system +spec: + ports: + - name: ovn-northd + protocol: TCP + port: 6643 + targetPort: 6643 + type: ClusterIP + selector: + app: ovn-central + ovn-northd-leader: "true" + sessionAffinity: None +--- +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-monitor + namespace: kube-system + labels: + app: kube-ovn-monitor +spec: + ports: + - name: metrics + port: 10661 + type: ClusterIP + selector: + app: ovn-central + sessionAffinity: None +--- kind: Deployment apiVersion: apps/v1 metadata: @@ -193,6 +226,7 @@ spec: priorityClassName: system-cluster-critical serviceAccountName: ovn hostNetwork: true + shareProcessNamespace: true containers: - name: ovn-central image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} @@ -203,7 +237,7 @@ spec: add: ["SYS_NICE"] env: - name: ENABLE_SSL - value: "false" + value: "{{ enable_ssl }}" - name: POD_IP valueFrom: fieldRef: @@ -257,6 +291,63 @@ spec: periodSeconds: 7 failureThreshold: 5 timeoutSeconds: 45 + - name: ovn-monitor + image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} + command: ["/kube-ovn/start-ovn-monitor.sh"] + env: + - name: ENABLE_SSL + value: "{{ enable_ssl }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: {{ kube_ovn_monitor_cpu_request }} + memory: {{ kube_ovn_monitor_memory_request }} + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /sys + name: host-sys + readOnly: true + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /var/run/tls + name: kube-ovn-tls + readinessProbe: + exec: + command: + - cat + - /var/run/ovn/ovnnb_db.pid + periodSeconds: 3 + timeoutSeconds: 45 + livenessProbe: + exec: + command: + - cat + - /var/run/ovn/ovn-nbctl.pid + initialDelaySeconds: 30 + periodSeconds: 10 + failureThreshold: 5 + timeoutSeconds: 45 nodeSelector: kubernetes.io/os: "linux" kube-ovn/role: "master" @@ -325,7 +416,7 @@ spec: privileged: true env: - name: ENABLE_SSL - value: "false" + value: "{{ enable_ssl }}" - name: POD_IP valueFrom: fieldRef: