kube_ovn_cni_config_priority (#10125)
parent
861d5b763d
commit
9d1e9a6a78
|
@ -133,7 +133,7 @@ packet_centos7-calico-ha-once-localhost:
|
||||||
|
|
||||||
packet_almalinux8-kube-ovn:
|
packet_almalinux8-kube-ovn:
|
||||||
stage: deploy-part2
|
stage: deploy-part2
|
||||||
extends: .packet_periodic
|
extends: .packet_pr
|
||||||
when: on_success
|
when: on_success
|
||||||
|
|
||||||
packet_almalinux8-calico:
|
packet_almalinux8-calico:
|
||||||
|
|
|
@ -171,7 +171,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||||
- [calico](https://github.com/projectcalico/calico) v3.25.1
|
- [calico](https://github.com/projectcalico/calico) v3.25.1
|
||||||
- [cilium](https://github.com/cilium/cilium) v1.13.0
|
- [cilium](https://github.com/cilium/cilium) v1.13.0
|
||||||
- [flannel](https://github.com/flannel-io/flannel) v0.21.4
|
- [flannel](https://github.com/flannel-io/flannel) v0.21.4
|
||||||
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.10.7
|
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
|
||||||
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1
|
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1
|
||||||
- [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8
|
- [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8
|
||||||
- [weave](https://github.com/weaveworks/weave) v2.8.1
|
- [weave](https://github.com/weaveworks/weave) v2.8.1
|
||||||
|
|
|
@ -123,7 +123,7 @@ cilium_version: "v1.13.0"
|
||||||
cilium_cli_version: "v0.13.1"
|
cilium_cli_version: "v0.13.1"
|
||||||
cilium_enable_hubble: false
|
cilium_enable_hubble: false
|
||||||
|
|
||||||
kube_ovn_version: "v1.10.7"
|
kube_ovn_version: "v1.11.5"
|
||||||
kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
|
kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
|
||||||
kube_router_version: "v1.5.1"
|
kube_router_version: "v1.5.1"
|
||||||
multus_version: "v3.8"
|
multus_version: "v3.8"
|
||||||
|
|
|
@ -67,6 +67,10 @@ kube_ovn_external_dns: alauda.cn
|
||||||
# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
|
# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
|
||||||
kube_ovn_default_gateway_check: true
|
kube_ovn_default_gateway_check: true
|
||||||
kube_ovn_default_logical_gateway: false
|
kube_ovn_default_logical_gateway: false
|
||||||
|
|
||||||
|
# u2o_interconnection
|
||||||
|
kube_ovn_u2o_interconnection: false
|
||||||
|
|
||||||
# kube_ovn_default_exclude_ips: 10.16.0.1
|
# kube_ovn_default_exclude_ips: 10.16.0.1
|
||||||
kube_ovn_node_switch_cidr: 100.64.0.0/16
|
kube_ovn_node_switch_cidr: 100.64.0.0/16
|
||||||
kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
|
kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
|
||||||
|
@ -98,9 +102,15 @@ kube_ovn_enable_ssl: false
|
||||||
kube_ovn_dpdk_enabled: false
|
kube_ovn_dpdk_enabled: false
|
||||||
kube_ovn_dpdk_tunnel_iface: br-phy
|
kube_ovn_dpdk_tunnel_iface: br-phy
|
||||||
|
|
||||||
|
## bind local ip
|
||||||
|
kube_ovn_bind_local_ip_enabled: true
|
||||||
|
|
||||||
## eip snat
|
## eip snat
|
||||||
kube_ovn_eip_snat_enabled: true
|
kube_ovn_eip_snat_enabled: true
|
||||||
|
|
||||||
|
# ls dnat mod dl dst
|
||||||
|
kube_ovn_ls_dnat_mod_dl_dst: true
|
||||||
|
|
||||||
## keep vm ip
|
## keep vm ip
|
||||||
kube_ovn_keep_vm_ip: true
|
kube_ovn_keep_vm_ip: true
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,144 @@
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: vpc-dnses.kubeovn.io
|
||||||
|
spec:
|
||||||
|
group: kubeovn.io
|
||||||
|
names:
|
||||||
|
plural: vpc-dnses
|
||||||
|
singular: vpc-dns
|
||||||
|
shortNames:
|
||||||
|
- vpc-dns
|
||||||
|
kind: VpcDns
|
||||||
|
listKind: VpcDnsList
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.active
|
||||||
|
name: Active
|
||||||
|
type: boolean
|
||||||
|
- jsonPath: .spec.vpc
|
||||||
|
name: Vpc
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.subnet
|
||||||
|
name: Subnet
|
||||||
|
type: string
|
||||||
|
name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
vpc:
|
||||||
|
type: string
|
||||||
|
subnet:
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
active:
|
||||||
|
type: boolean
|
||||||
|
conditions:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
type: string
|
||||||
|
lastTransitionTime:
|
||||||
|
type: string
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: switch-lb-rules.kubeovn.io
|
||||||
|
spec:
|
||||||
|
group: kubeovn.io
|
||||||
|
names:
|
||||||
|
plural: switch-lb-rules
|
||||||
|
singular: switch-lb-rule
|
||||||
|
shortNames:
|
||||||
|
- slr
|
||||||
|
kind: SwitchLBRule
|
||||||
|
listKind: SwitchLBRuleList
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.vip
|
||||||
|
name: vip
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.ports
|
||||||
|
name: port(s)
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.service
|
||||||
|
name: service
|
||||||
|
type: string
|
||||||
|
- jsonPath: .metadata.creationTimestamp
|
||||||
|
name: age
|
||||||
|
type: date
|
||||||
|
name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
namespace:
|
||||||
|
type: string
|
||||||
|
vip:
|
||||||
|
type: string
|
||||||
|
sessionAffinity:
|
||||||
|
type: string
|
||||||
|
ports:
|
||||||
|
items:
|
||||||
|
properties:
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
port:
|
||||||
|
type: integer
|
||||||
|
minimum: 1
|
||||||
|
maximum: 65535
|
||||||
|
protocol:
|
||||||
|
type: string
|
||||||
|
targetPort:
|
||||||
|
type: integer
|
||||||
|
minimum: 1
|
||||||
|
maximum: 65535
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
selector:
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
status:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ports:
|
||||||
|
type: string
|
||||||
|
service:
|
||||||
|
type: string
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
name: vpc-nat-gateways.kubeovn.io
|
name: vpc-nat-gateways.kubeovn.io
|
||||||
spec:
|
spec:
|
||||||
|
@ -43,6 +182,21 @@ spec:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
tolerations:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
type: string
|
||||||
|
value:
|
||||||
|
type: string
|
||||||
|
effect:
|
||||||
|
type: string
|
||||||
|
tolerationSeconds:
|
||||||
|
type: integer
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
@ -270,6 +424,14 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
redo:
|
redo:
|
||||||
type: string
|
type: string
|
||||||
|
protocol:
|
||||||
|
type: string
|
||||||
|
internalIp:
|
||||||
|
type: string
|
||||||
|
internalPort:
|
||||||
|
type: string
|
||||||
|
externalPort:
|
||||||
|
type: string
|
||||||
conditions:
|
conditions:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
@ -384,12 +546,235 @@ spec:
|
||||||
---
|
---
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
kind: CustomResourceDefinition
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: ovn-eips.kubeovn.io
|
||||||
|
spec:
|
||||||
|
group: kubeovn.io
|
||||||
|
names:
|
||||||
|
plural: ovn-eips
|
||||||
|
singular: ovn-eip
|
||||||
|
shortNames:
|
||||||
|
- oeip
|
||||||
|
kind: OvnEip
|
||||||
|
listKind: OvnEipList
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.v4ip
|
||||||
|
name: IP
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.macAddress
|
||||||
|
name: Mac
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.type
|
||||||
|
name: Type
|
||||||
|
type: string
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
status:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
v4Ip:
|
||||||
|
type: string
|
||||||
|
macAddress:
|
||||||
|
type: string
|
||||||
|
conditions:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
type: string
|
||||||
|
lastTransitionTime:
|
||||||
|
type: string
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
externalSubnet:
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
v4ip:
|
||||||
|
type: string
|
||||||
|
macAddress:
|
||||||
|
type: string
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: ovn-fips.kubeovn.io
|
||||||
|
spec:
|
||||||
|
group: kubeovn.io
|
||||||
|
names:
|
||||||
|
plural: ovn-fips
|
||||||
|
singular: ovn-fip
|
||||||
|
shortNames:
|
||||||
|
- ofip
|
||||||
|
kind: OvnFip
|
||||||
|
listKind: OvnFipList
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.vpc
|
||||||
|
name: Vpc
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.v4Eip
|
||||||
|
name: V4Eip
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.v4Ip
|
||||||
|
name: V4Ip
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.ready
|
||||||
|
name: Ready
|
||||||
|
type: boolean
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
status:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ready:
|
||||||
|
type: boolean
|
||||||
|
v4Eip:
|
||||||
|
type: string
|
||||||
|
v4Ip:
|
||||||
|
type: string
|
||||||
|
macAddress:
|
||||||
|
type: string
|
||||||
|
vpc:
|
||||||
|
type: string
|
||||||
|
conditions:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
type: string
|
||||||
|
lastTransitionTime:
|
||||||
|
type: string
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ovnEip:
|
||||||
|
type: string
|
||||||
|
ipName:
|
||||||
|
type: string
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
name: ovn-snat-rules.kubeovn.io
|
||||||
|
spec:
|
||||||
|
group: kubeovn.io
|
||||||
|
names:
|
||||||
|
plural: ovn-snat-rules
|
||||||
|
singular: ovn-snat-rule
|
||||||
|
shortNames:
|
||||||
|
- osnat
|
||||||
|
kind: OvnSnatRule
|
||||||
|
listKind: OvnSnatRuleList
|
||||||
|
scope: Cluster
|
||||||
|
versions:
|
||||||
|
- name: v1
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.vpc
|
||||||
|
name: Vpc
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.v4Eip
|
||||||
|
name: V4Eip
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.v4ipCidr
|
||||||
|
name: V4Ip
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.ready
|
||||||
|
name: Ready
|
||||||
|
type: boolean
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
status:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ready:
|
||||||
|
type: boolean
|
||||||
|
v4Eip:
|
||||||
|
type: string
|
||||||
|
v4ipCidr:
|
||||||
|
type: string
|
||||||
|
vpc:
|
||||||
|
type: string
|
||||||
|
conditions:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
type:
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
type: string
|
||||||
|
lastUpdateTime:
|
||||||
|
type: string
|
||||||
|
lastTransitionTime:
|
||||||
|
type: string
|
||||||
|
spec:
|
||||||
|
type: object
|
||||||
|
properties:
|
||||||
|
ovnEip:
|
||||||
|
type: string
|
||||||
|
vpcSubnet:
|
||||||
|
type: string
|
||||||
|
ipName:
|
||||||
|
type: string
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
metadata:
|
metadata:
|
||||||
name: vpcs.kubeovn.io
|
name: vpcs.kubeovn.io
|
||||||
spec:
|
spec:
|
||||||
group: kubeovn.io
|
group: kubeovn.io
|
||||||
versions:
|
versions:
|
||||||
- additionalPrinterColumns:
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .status.enableExternal
|
||||||
|
name: EnableExternal
|
||||||
|
type: boolean
|
||||||
- jsonPath: .status.standby
|
- jsonPath: .status.standby
|
||||||
name: Standby
|
name: Standby
|
||||||
type: boolean
|
type: boolean
|
||||||
|
@ -405,6 +790,8 @@ spec:
|
||||||
properties:
|
properties:
|
||||||
spec:
|
spec:
|
||||||
properties:
|
properties:
|
||||||
|
enableExternal:
|
||||||
|
type: boolean
|
||||||
namespaces:
|
namespaces:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -470,6 +857,8 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
standby:
|
standby:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
enableExternal:
|
||||||
|
type: boolean
|
||||||
subnets:
|
subnets:
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
@ -486,6 +875,10 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
udpSessionLoadBalancer:
|
udpSessionLoadBalancer:
|
||||||
type: string
|
type: string
|
||||||
|
sctpLoadBalancer:
|
||||||
|
type: string
|
||||||
|
sctpSessionLoadBalancer:
|
||||||
|
type: string
|
||||||
type: object
|
type: object
|
||||||
type: object
|
type: object
|
||||||
served: true
|
served: true
|
||||||
|
@ -595,19 +988,19 @@ spec:
|
||||||
additionalPrinterColumns:
|
additionalPrinterColumns:
|
||||||
- name: V4IP
|
- name: V4IP
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.v4ip
|
jsonPath: .status.v4ip
|
||||||
- name: PV4IP
|
- name: PV4IP
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.parentV4ip
|
jsonPath: .spec.parentV4ip
|
||||||
- name: Mac
|
- name: Mac
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.macAddress
|
jsonPath: .status.mac
|
||||||
- name: PMac
|
- name: PMac
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.ParentMac
|
jsonPath: .spec.parentMac
|
||||||
- name: V6IP
|
- name: V6IP
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.v6ip
|
jsonPath: .status.v6ip
|
||||||
- name: PV6IP
|
- name: PV6IP
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.parentV6ip
|
jsonPath: .spec.parentV6ip
|
||||||
|
@ -731,6 +1124,9 @@ spec:
|
||||||
- name: ExcludeIPs
|
- name: ExcludeIPs
|
||||||
type: string
|
type: string
|
||||||
jsonPath: .spec.excludeIps
|
jsonPath: .spec.excludeIps
|
||||||
|
- name: U2OInterconnectionIP
|
||||||
|
type: string
|
||||||
|
jsonPath: .status.u2oInterconnectionIP
|
||||||
schema:
|
schema:
|
||||||
openAPIV3Schema:
|
openAPIV3Schema:
|
||||||
type: object
|
type: object
|
||||||
|
@ -752,6 +1148,8 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
dhcpV6OptionsUUID:
|
dhcpV6OptionsUUID:
|
||||||
type: string
|
type: string
|
||||||
|
u2oInterconnectionIP:
|
||||||
|
type: string
|
||||||
conditions:
|
conditions:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
@ -810,6 +1208,8 @@ spec:
|
||||||
type: string
|
type: string
|
||||||
natOutgoing:
|
natOutgoing:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
u2oRouting:
|
||||||
|
type: boolean
|
||||||
externalEgressGateway:
|
externalEgressGateway:
|
||||||
type: string
|
type: string
|
||||||
policyRoutingPriority:
|
policyRoutingPriority:
|
||||||
|
@ -836,8 +1236,6 @@ spec:
|
||||||
type: boolean
|
type: boolean
|
||||||
disableInterConnection:
|
disableInterConnection:
|
||||||
type: boolean
|
type: boolean
|
||||||
htbqos:
|
|
||||||
type: string
|
|
||||||
enableDHCP:
|
enableDHCP:
|
||||||
type: boolean
|
type: boolean
|
||||||
dhcpV4Options:
|
dhcpV4Options:
|
||||||
|
@ -872,6 +1270,8 @@ spec:
|
||||||
- allow
|
- allow
|
||||||
- drop
|
- drop
|
||||||
- reject
|
- reject
|
||||||
|
u2oInterconnection:
|
||||||
|
type: boolean
|
||||||
scope: Cluster
|
scope: Cluster
|
||||||
names:
|
names:
|
||||||
plural: subnets
|
plural: subnets
|
||||||
|
@ -998,6 +1398,10 @@ spec:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
type: string
|
type: string
|
||||||
|
notReadyNodes:
|
||||||
|
type: array
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
vlans:
|
vlans:
|
||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
|
@ -1127,34 +1531,3 @@ spec:
|
||||||
status: {}
|
status: {}
|
||||||
conversion:
|
conversion:
|
||||||
strategy: None
|
strategy: None
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: htbqoses.kubeovn.io
|
|
||||||
spec:
|
|
||||||
group: kubeovn.io
|
|
||||||
versions:
|
|
||||||
- name: v1
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
additionalPrinterColumns:
|
|
||||||
- name: PRIORITY
|
|
||||||
type: string
|
|
||||||
jsonPath: .spec.priority
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
spec:
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
priority:
|
|
||||||
type: string # Value in range 0 to 4,294,967,295.
|
|
||||||
scope: Cluster
|
|
||||||
names:
|
|
||||||
plural: htbqoses
|
|
||||||
singular: htbqos
|
|
||||||
kind: HtbQos
|
|
||||||
shortNames:
|
|
||||||
- htbqos
|
|
||||||
|
|
|
@ -40,19 +40,20 @@ spec:
|
||||||
- name: kube-ovn-controller
|
- name: kube-ovn-controller
|
||||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
command:
|
|
||||||
- /kube-ovn/start-controller.sh
|
|
||||||
args:
|
args:
|
||||||
|
- /kube-ovn/start-controller.sh
|
||||||
- --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{''}}
|
- --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{''}}
|
||||||
- --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{''}}
|
- --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{''}}
|
||||||
- --default-gateway-check={{ kube_ovn_default_gateway_check|string }}
|
- --default-gateway-check={{ kube_ovn_default_gateway_check|string }}
|
||||||
- --default-logical-gateway={{ kube_ovn_default_logical_gateway|string }}
|
- --default-logical-gateway={{ kube_ovn_default_logical_gateway|string }}
|
||||||
|
- --default-u2o-interconnection={{ kube_ovn_u2o_interconnection }}
|
||||||
- --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{''}}
|
- --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{''}}
|
||||||
- --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{''}}
|
- --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{''}}
|
||||||
- --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
|
- --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
|
||||||
- --network-type={{ kube_ovn_network_type }}
|
- --network-type={{ kube_ovn_network_type }}
|
||||||
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
||||||
- --default-vlan-id={{ kube_ovn_default_vlan_id }}
|
- --default-vlan-id={{ kube_ovn_default_vlan_id }}
|
||||||
|
- --ls-dnat-mod-dl-dst={{ kube_ovn_ls_dnat_mod_dl_dst }}
|
||||||
- --pod-nic-type={{ kube_ovn_pod_nic_type }}
|
- --pod-nic-type={{ kube_ovn_pod_nic_type }}
|
||||||
- --enable-lb={{ kube_ovn_enable_lb|string }}
|
- --enable-lb={{ kube_ovn_enable_lb|string }}
|
||||||
- --enable-np={{ kube_ovn_enable_np|string }}
|
- --enable-np={{ kube_ovn_enable_np|string }}
|
||||||
|
@ -60,9 +61,13 @@ spec:
|
||||||
- --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }}
|
- --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }}
|
||||||
- --logtostderr=false
|
- --logtostderr=false
|
||||||
- --alsologtostderr=true
|
- --alsologtostderr=true
|
||||||
|
- --gc-interval=360
|
||||||
|
- --inspect-interval=20
|
||||||
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
|
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
|
||||||
- --log_file_max_size=0
|
- --log_file_max_size=0
|
||||||
|
- --enable-lb-svc=false
|
||||||
- --keep-vm-ip={{ kube_ovn_keep_vm_ip }}
|
- --keep-vm-ip={{ kube_ovn_keep_vm_ip }}
|
||||||
|
- --pod-default-fip-type=""
|
||||||
env:
|
env:
|
||||||
- name: ENABLE_SSL
|
- name: ENABLE_SSL
|
||||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||||
|
@ -78,6 +83,14 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: spec.nodeName
|
fieldPath: spec.nodeName
|
||||||
|
- name: OVN_DB_IPS
|
||||||
|
value: "{{ kube_ovn_central_ips }}"
|
||||||
|
- name: POD_IPS
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIPs
|
||||||
|
- name: ENABLE_BIND_LOCAL_IP
|
||||||
|
value: "{{ kube_ovn_bind_local_ip_enabled }}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/localtime
|
- mountPath: /etc/localtime
|
||||||
name: localtime
|
name: localtime
|
||||||
|
@ -141,8 +154,13 @@ spec:
|
||||||
type: infra
|
type: infra
|
||||||
spec:
|
spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- effect: NoSchedule
|
||||||
priorityClassName: system-cluster-critical
|
operator: Exists
|
||||||
|
- effect: NoExecute
|
||||||
|
operator: Exists
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
|
priorityClassName: system-node-critical
|
||||||
serviceAccountName: ovn
|
serviceAccountName: ovn
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
@ -157,6 +175,8 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /opt/cni/bin
|
- mountPath: /opt/cni/bin
|
||||||
name: cni-bin
|
name: cni-bin
|
||||||
|
- mountPath: /usr/local/bin
|
||||||
|
name: local-bin
|
||||||
containers:
|
containers:
|
||||||
- name: cni-server
|
- name: cni-server
|
||||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||||
|
@ -172,7 +192,7 @@ spec:
|
||||||
- --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
|
- --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
|
||||||
- --network-type={{ kube_ovn_network_type }}
|
- --network-type={{ kube_ovn_network_type }}
|
||||||
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
|
||||||
{% if kube_ovn_mtu is defined %}
|
{% if kube_ovn_mtu is defined %}
|
||||||
- --mtu={{ kube_ovn_mtu }}
|
- --mtu={{ kube_ovn_mtu }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist
|
- --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist
|
||||||
|
@ -184,7 +204,7 @@ spec:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
- name: kube_ovn_enable_ssl
|
- name: ENABLE_SSL
|
||||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -198,6 +218,14 @@ spec:
|
||||||
value: kube_ovn_fastpath.ko
|
value: kube_ovn_fastpath.ko
|
||||||
- name: RPMS
|
- name: RPMS
|
||||||
value: openvswitch-kmod
|
value: openvswitch-kmod
|
||||||
|
- name: POD_IPS
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIPs
|
||||||
|
- name: ENABLE_BIND_LOCAL_IP
|
||||||
|
value: "{{ kube_ovn_bind_local_ip_enabled }}"
|
||||||
|
- name: DBUS_SYSTEM_BUS_ADDRESS
|
||||||
|
value: "unix:path=/host/var/run/dbus/system_bus_socket"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: host-modules
|
- name: host-modules
|
||||||
mountPath: /lib/modules
|
mountPath: /lib/modules
|
||||||
|
@ -213,6 +241,9 @@ spec:
|
||||||
mountPropagation: Bidirectional
|
mountPropagation: Bidirectional
|
||||||
- mountPath: /run/ovn
|
- mountPath: /run/ovn
|
||||||
name: host-run-ovn
|
name: host-run-ovn
|
||||||
|
- mountPath: /host/var/run/dbus
|
||||||
|
name: host-dbus
|
||||||
|
mountPropagation: HostToContainer
|
||||||
- mountPath: /var/run/netns
|
- mountPath: /var/run/netns
|
||||||
name: host-ns
|
name: host-ns
|
||||||
mountPropagation: HostToContainer
|
mountPropagation: HostToContainer
|
||||||
|
@ -276,6 +307,9 @@ spec:
|
||||||
- name: host-ns
|
- name: host-ns
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/run/netns
|
path: /var/run/netns
|
||||||
|
- name: host-dbus
|
||||||
|
hostPath:
|
||||||
|
path: /var/run/dbus
|
||||||
- name: host-log-ovs
|
- name: host-log-ovs
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/log/openvswitch
|
path: /var/log/openvswitch
|
||||||
|
@ -291,6 +325,9 @@ spec:
|
||||||
- name: tmp
|
- name: tmp
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /tmp
|
path: /tmp
|
||||||
|
- name: local-bin
|
||||||
|
hostPath:
|
||||||
|
path: /usr/local/bin
|
||||||
---
|
---
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
|
@ -313,12 +350,12 @@ spec:
|
||||||
component: network
|
component: network
|
||||||
type: infra
|
type: infra
|
||||||
spec:
|
spec:
|
||||||
|
priorityClassName: system-node-critical
|
||||||
serviceAccountName: ovn
|
serviceAccountName: ovn
|
||||||
hostPID: true
|
hostPID: true
|
||||||
containers:
|
containers:
|
||||||
- name: pinger
|
- name: pinger
|
||||||
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
|
||||||
imagePullPolicy: {{ k8s_image_pull_policy }}
|
|
||||||
command:
|
command:
|
||||||
- /kube-ovn/kube-ovn-pinger
|
- /kube-ovn/kube-ovn-pinger
|
||||||
args:
|
args:
|
||||||
|
@ -328,6 +365,7 @@ spec:
|
||||||
- --alsologtostderr=true
|
- --alsologtostderr=true
|
||||||
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
|
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
|
||||||
- --log_file_max_size=0
|
- --log_file_max_size=0
|
||||||
|
imagePullPolicy: {{ k8s_image_pull_policy }}
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: false
|
privileged: false
|
||||||
|
@ -443,7 +481,10 @@ spec:
|
||||||
type: infra
|
type: infra
|
||||||
spec:
|
spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- effect: NoSchedule
|
||||||
|
operator: Exists
|
||||||
|
- key: CriticalAddonsOnly
|
||||||
|
operator: Exists
|
||||||
affinity:
|
affinity:
|
||||||
podAntiAffinity:
|
podAntiAffinity:
|
||||||
requiredDuringSchedulingIgnoredDuringExecution:
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
@ -469,6 +510,12 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: spec.nodeName
|
fieldPath: spec.nodeName
|
||||||
|
- name: POD_IPS
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIPs
|
||||||
|
- name: ENABLE_BIND_LOCAL_IP
|
||||||
|
value: "{{ kube_ovn_bind_local_ip_enabled }}"
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ kube_ovn_monitor_cpu_request }}
|
cpu: {{ kube_ovn_monitor_cpu_request }}
|
||||||
|
@ -608,7 +655,7 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 10665
|
- port: 10665
|
||||||
name: metrics
|
name: metrics
|
||||||
{% if kube_ovn_ic_enable %}
|
{% if kube_ovn_ic_enable %}
|
||||||
---
|
---
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
|
@ -12,11 +12,6 @@ metadata:
|
||||||
rbac.authorization.k8s.io/system-only: "true"
|
rbac.authorization.k8s.io/system-only: "true"
|
||||||
name: system:ovn
|
name: system:ovn
|
||||||
rules:
|
rules:
|
||||||
- apiGroups: ['policy']
|
|
||||||
resources: ['podsecuritypolicies']
|
|
||||||
verbs: ['use']
|
|
||||||
resourceNames:
|
|
||||||
- kube-ovn
|
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- "kubeovn.io"
|
- "kubeovn.io"
|
||||||
resources:
|
resources:
|
||||||
|
@ -34,7 +29,6 @@ rules:
|
||||||
- provider-networks/status
|
- provider-networks/status
|
||||||
- security-groups
|
- security-groups
|
||||||
- security-groups/status
|
- security-groups/status
|
||||||
- htbqoses
|
|
||||||
- iptables-eips
|
- iptables-eips
|
||||||
- iptables-fip-rules
|
- iptables-fip-rules
|
||||||
- iptables-dnat-rules
|
- iptables-dnat-rules
|
||||||
|
@ -43,6 +37,16 @@ rules:
|
||||||
- iptables-fip-rules/status
|
- iptables-fip-rules/status
|
||||||
- iptables-dnat-rules/status
|
- iptables-dnat-rules/status
|
||||||
- iptables-snat-rules/status
|
- iptables-snat-rules/status
|
||||||
|
- ovn-eips
|
||||||
|
- ovn-fips
|
||||||
|
- ovn-snat-rules
|
||||||
|
- ovn-eips/status
|
||||||
|
- ovn-fips/status
|
||||||
|
- ovn-snat-rules/status
|
||||||
|
- switch-lb-rules
|
||||||
|
- switch-lb-rules/status
|
||||||
|
- vpc-dnses
|
||||||
|
- vpc-dnses/status
|
||||||
verbs:
|
verbs:
|
||||||
- "*"
|
- "*"
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
@ -78,6 +82,7 @@ rules:
|
||||||
resources:
|
resources:
|
||||||
- networkpolicies
|
- networkpolicies
|
||||||
- services
|
- services
|
||||||
|
- services/status
|
||||||
- endpoints
|
- endpoints
|
||||||
- statefulsets
|
- statefulsets
|
||||||
- daemonsets
|
- daemonsets
|
||||||
|
@ -105,16 +110,6 @@ rules:
|
||||||
- leases
|
- leases
|
||||||
verbs:
|
verbs:
|
||||||
- "*"
|
- "*"
|
||||||
- apiGroups:
|
|
||||||
- "k8s.cni.cncf.io"
|
|
||||||
resources:
|
|
||||||
- network-attachment-definitions
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- delete
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- update
|
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- "kubevirt.io"
|
- "kubevirt.io"
|
||||||
resources:
|
resources:
|
||||||
|
@ -245,12 +240,12 @@ spec:
|
||||||
env:
|
env:
|
||||||
- name: ENABLE_SSL
|
- name: ENABLE_SSL
|
||||||
value: "{{ kube_ovn_enable_ssl | lower }}"
|
value: "{{ kube_ovn_enable_ssl | lower }}"
|
||||||
|
- name: NODE_IPS
|
||||||
|
value: "{{ kube_ovn_central_ips }}"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: status.podIP
|
fieldPath: status.podIP
|
||||||
- name: NODE_IPS
|
|
||||||
value: "{{ kube_ovn_central_ips }}"
|
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
@ -259,6 +254,12 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
|
- name: POD_IPS
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: status.podIPs
|
||||||
|
- name: ENABLE_BIND_LOCAL_IP
|
||||||
|
value: "{{ kube_ovn_bind_local_ip_enabled }}"
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ kube_ovn_db_cpu_request }}
|
cpu: {{ kube_ovn_db_cpu_request }}
|
||||||
|
@ -358,7 +359,7 @@ spec:
|
||||||
spec:
|
spec:
|
||||||
tolerations:
|
tolerations:
|
||||||
- operator: Exists
|
- operator: Exists
|
||||||
priorityClassName: system-cluster-critical
|
priorityClassName: system-node-critical
|
||||||
serviceAccountName: ovn
|
serviceAccountName: ovn
|
||||||
hostNetwork: true
|
hostNetwork: true
|
||||||
hostPID: true
|
hostPID: true
|
||||||
|
@ -444,7 +445,7 @@ spec:
|
||||||
{% else %}
|
{% else %}
|
||||||
- /kube-ovn/ovs-healthcheck.sh
|
- /kube-ovn/ovs-healthcheck.sh
|
||||||
{% endif %}
|
{% endif %}
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 60
|
||||||
periodSeconds: 5
|
periodSeconds: 5
|
||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
timeoutSeconds: 45
|
timeoutSeconds: 45
|
||||||
|
|
Loading…
Reference in New Issue