kubernetes-sigs
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

kube_ovn_cni_config_priority (#10125)

pull/10128/head
Kay Yan 2023-05-25 09:34:51 +08:00 committed by GitHub
parent 861d5b763d
commit 9d1e9a6a78
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 521 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitlab-ci/packet.yml
View File

@ -133,7 +133,7 @@ packet_centos7-calico-ha-once-localhost:
packet_almalinux8-kube-ovn: packet_almalinux8-kube-ovn:
stage: deploy-part2 stage: deploy-part2
extends: .packet_periodic extends: .packet_pr
when: on_success when: on_success
packet_almalinux8-calico: packet_almalinux8-calico:

2
README.md
View File

@ -171,7 +171,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [calico](https://github.com/projectcalico/calico) v3.25.1 - [calico](https://github.com/projectcalico/calico) v3.25.1
- [cilium](https://github.com/cilium/cilium) v1.13.0 - [cilium](https://github.com/cilium/cilium) v1.13.0
- [flannel](https://github.com/flannel-io/flannel) v0.21.4 - [flannel](https://github.com/flannel-io/flannel) v0.21.4
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.10.7 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.11.5
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1
- [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8 - [multus](https://github.com/k8snetworkplumbingwg/multus-cni) v3.8
- [weave](https://github.com/weaveworks/weave) v2.8.1 - [weave](https://github.com/weaveworks/weave) v2.8.1

2
roles/download/defaults/main.yml
View File

@ -123,7 +123,7 @@ cilium_version: "v1.13.0"
cilium_cli_version: "v0.13.1" cilium_cli_version: "v0.13.1"
cilium_enable_hubble: false cilium_enable_hubble: false
kube_ovn_version: "v1.10.7" kube_ovn_version: "v1.11.5"
kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}" kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
kube_router_version: "v1.5.1" kube_router_version: "v1.5.1"
multus_version: "v3.8" multus_version: "v3.8"

10
roles/network_plugin/kube-ovn/defaults/main.yml
View File

@ -67,6 +67,10 @@ kube_ovn_external_dns: alauda.cn
# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0 # kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
kube_ovn_default_gateway_check: true kube_ovn_default_gateway_check: true
kube_ovn_default_logical_gateway: false kube_ovn_default_logical_gateway: false
# u2o_interconnection
kube_ovn_u2o_interconnection: false
# kube_ovn_default_exclude_ips: 10.16.0.1 # kube_ovn_default_exclude_ips: 10.16.0.1
kube_ovn_node_switch_cidr: 100.64.0.0/16 kube_ovn_node_switch_cidr: 100.64.0.0/16
kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64 kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
@ -98,9 +102,15 @@ kube_ovn_enable_ssl: false
kube_ovn_dpdk_enabled: false kube_ovn_dpdk_enabled: false
kube_ovn_dpdk_tunnel_iface: br-phy kube_ovn_dpdk_tunnel_iface: br-phy
## bind local ip
kube_ovn_bind_local_ip_enabled: true
## eip snat ## eip snat
kube_ovn_eip_snat_enabled: true kube_ovn_eip_snat_enabled: true
# ls dnat mod dl dst
kube_ovn_ls_dnat_mod_dl_dst: true
## keep vm ip ## keep vm ip
kube_ovn_keep_vm_ip: true kube_ovn_keep_vm_ip: true

449
roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
View File

@ -1,5 +1,144 @@
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata:
name: vpc-dnses.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vpc-dnses
singular: vpc-dns
shortNames:
- vpc-dns
kind: VpcDns
listKind: VpcDnsList
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.active
name: Active
type: boolean
- jsonPath: .spec.vpc
name: Vpc
type: string
- jsonPath: .spec.subnet
name: Subnet
type: string
name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
vpc:
type: string
subnet:
type: string
status:
type: object
properties:
active:
type: boolean
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: switch-lb-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: switch-lb-rules
singular: switch-lb-rule
shortNames:
- slr
kind: SwitchLBRule
listKind: SwitchLBRuleList
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.vip
name: vip
type: string
- jsonPath: .status.ports
name: port(s)
type: string
- jsonPath: .status.service
name: service
type: string
- jsonPath: .metadata.creationTimestamp
name: age
type: date
name: v1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
namespace:
type: string
vip:
type: string
sessionAffinity:
type: string
ports:
items:
properties:
name:
type: string
port:
type: integer
minimum: 1
maximum: 65535
protocol:
type: string
targetPort:
type: integer
minimum: 1
maximum: 65535
type: object
type: array
selector:
items:
type: string
type: array
status:
type: object
properties:
ports:
type: string
service:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata: metadata:
name: vpc-nat-gateways.kubeovn.io name: vpc-nat-gateways.kubeovn.io
spec: spec:
@ -43,6 +182,21 @@ spec:
type: array type: array
items: items:
type: string type: string
tolerations:
type: array
items:
type: object
properties:
key:
type: string
operator:
type: string
value:
type: string
effect:
type: string
tolerationSeconds:
type: integer
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
@ -270,6 +424,14 @@ spec:
type: string type: string
redo: redo:
type: string type: string
protocol:
type: string
internalIp:
type: string
internalPort:
type: string
externalPort:
type: string
conditions: conditions:
type: array type: array
items: items:
@ -384,12 +546,235 @@ spec:
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata:
name: ovn-eips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-eips
singular: ovn-eip
shortNames:
- oeip
kind: OvnEip
listKind: OvnEipList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .spec.v4ip
name: IP
type: string
- jsonPath: .spec.macAddress
name: Mac
type: string
- jsonPath: .spec.type
name: Type
type: string
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
v4Ip:
type: string
macAddress:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
externalSubnet:
type: string
type:
type: string
v4ip:
type: string
macAddress:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ovn-fips.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-fips
singular: ovn-fip
shortNames:
- ofip
kind: OvnFip
listKind: OvnFipList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.vpc
name: Vpc
type: string
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v4Ip
name: V4Ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4Eip:
type: string
v4Ip:
type: string
macAddress:
type: string
vpc:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
ovnEip:
type: string
ipName:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: ovn-snat-rules.kubeovn.io
spec:
group: kubeovn.io
names:
plural: ovn-snat-rules
singular: ovn-snat-rule
shortNames:
- osnat
kind: OvnSnatRule
listKind: OvnSnatRuleList
scope: Cluster
versions:
- name: v1
served: true
storage: true
subresources:
status: {}
additionalPrinterColumns:
- jsonPath: .status.vpc
name: Vpc
type: string
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v4ipCidr
name: V4Ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
schema:
openAPIV3Schema:
type: object
properties:
status:
type: object
properties:
ready:
type: boolean
v4Eip:
type: string
v4ipCidr:
type: string
vpc:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
ovnEip:
type: string
vpcSubnet:
type: string
ipName:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata: metadata:
name: vpcs.kubeovn.io name: vpcs.kubeovn.io
spec: spec:
group: kubeovn.io group: kubeovn.io
versions: versions:
- additionalPrinterColumns: - additionalPrinterColumns:
- jsonPath: .status.enableExternal
name: EnableExternal
type: boolean
- jsonPath: .status.standby - jsonPath: .status.standby
name: Standby name: Standby
type: boolean type: boolean
@ -405,6 +790,8 @@ spec:
properties: properties:
spec: spec:
properties: properties:
enableExternal:
type: boolean
namespaces: namespaces:
items: items:
type: string type: string
@ -470,6 +857,8 @@ spec:
type: string type: string
standby: standby:
type: boolean type: boolean
enableExternal:
type: boolean
subnets: subnets:
items: items:
type: string type: string
@ -486,6 +875,10 @@ spec:
type: string type: string
udpSessionLoadBalancer: udpSessionLoadBalancer:
type: string type: string
sctpLoadBalancer:
type: string
sctpSessionLoadBalancer:
type: string
type: object type: object
type: object type: object
served: true served: true
@ -595,19 +988,19 @@ spec:
additionalPrinterColumns: additionalPrinterColumns:
- name: V4IP - name: V4IP
type: string type: string
jsonPath: .spec.v4ip jsonPath: .status.v4ip
- name: PV4IP - name: PV4IP
type: string type: string
jsonPath: .spec.parentV4ip jsonPath: .spec.parentV4ip
- name: Mac - name: Mac
type: string type: string
jsonPath: .spec.macAddress jsonPath: .status.mac
- name: PMac - name: PMac
type: string type: string
jsonPath: .spec.ParentMac jsonPath: .spec.parentMac
- name: V6IP - name: V6IP
type: string type: string
jsonPath: .spec.v6ip jsonPath: .status.v6ip
- name: PV6IP - name: PV6IP
type: string type: string
jsonPath: .spec.parentV6ip jsonPath: .spec.parentV6ip
@ -731,6 +1124,9 @@ spec:
- name: ExcludeIPs - name: ExcludeIPs
type: string type: string
jsonPath: .spec.excludeIps jsonPath: .spec.excludeIps
- name: U2OInterconnectionIP
type: string
jsonPath: .status.u2oInterconnectionIP
schema: schema:
openAPIV3Schema: openAPIV3Schema:
type: object type: object
@ -752,6 +1148,8 @@ spec:
type: string type: string
dhcpV6OptionsUUID: dhcpV6OptionsUUID:
type: string type: string
u2oInterconnectionIP:
type: string
conditions: conditions:
type: array type: array
items: items:
@ -810,6 +1208,8 @@ spec:
type: string type: string
natOutgoing: natOutgoing:
type: boolean type: boolean
u2oRouting:
type: boolean
externalEgressGateway: externalEgressGateway:
type: string type: string
policyRoutingPriority: policyRoutingPriority:
@ -836,8 +1236,6 @@ spec:
type: boolean type: boolean
disableInterConnection: disableInterConnection:
type: boolean type: boolean
htbqos:
type: string
enableDHCP: enableDHCP:
type: boolean type: boolean
dhcpV4Options: dhcpV4Options:
@ -872,6 +1270,8 @@ spec:
- allow - allow
- drop - drop
- reject - reject
u2oInterconnection:
type: boolean
scope: Cluster scope: Cluster
names: names:
plural: subnets plural: subnets
@ -998,6 +1398,10 @@ spec:
type: array type: array
items: items:
type: string type: string
notReadyNodes:
type: array
items:
type: string
vlans: vlans:
type: array type: array
items: items:
@ -1126,35 +1530,4 @@ spec:
subresources: subresources:
status: {} status: {}
conversion: conversion:
strategy: None strategy: None
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: htbqoses.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- name: PRIORITY
type: string
jsonPath: .spec.priority
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
priority:
type: string # Value in range 0 to 4,294,967,295.
scope: Cluster
names:
plural: htbqoses
singular: htbqos
kind: HtbQos
shortNames:
- htbqos

105
roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
View File

@ -40,29 +40,34 @@ spec:
- name: kube-ovn-controller - name: kube-ovn-controller
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- /kube-ovn/start-controller.sh
args: args:
- --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{''}} - /kube-ovn/start-controller.sh
- --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{''}} - --default-cidr={{ kube_pods_subnet }}{% if enable_dual_stack_networks %},{{ kube_ovn_pool_cidr_ipv6 | default(kube_pods_subnet_ipv6) }}{% endif %}{{''}}
- --default-gateway-check={{ kube_ovn_default_gateway_check|string }} - --default-gateway={% if kube_ovn_default_gateway is defined %}{{ kube_ovn_default_gateway }}{% endif %}{{''}}
- --default-logical-gateway={{ kube_ovn_default_logical_gateway|string }} - --default-gateway-check={{ kube_ovn_default_gateway_check|string }}
- --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{''}} - --default-logical-gateway={{ kube_ovn_default_logical_gateway|string }}
- --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{''}} - --default-u2o-interconnection={{ kube_ovn_u2o_interconnection }}
- --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}} - --default-exclude-ips={% if kube_ovn_default_exclude_ips is defined %}{{ kube_ovn_default_exclude_ips }}{% endif %}{{''}}
- --network-type={{ kube_ovn_network_type }} - --node-switch-cidr={{ kube_ovn_node_switch_cidr }}{% if enable_dual_stack_networks %},{{ kube_ovn_node_switch_cidr_ipv6 }}{% endif %}{{''}}
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }} - --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
- --default-vlan-id={{ kube_ovn_default_vlan_id }} - --network-type={{ kube_ovn_network_type }}
- --pod-nic-type={{ kube_ovn_pod_nic_type }} - --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
- --enable-lb={{ kube_ovn_enable_lb|string }} - --default-vlan-id={{ kube_ovn_default_vlan_id }}
- --enable-np={{ kube_ovn_enable_np|string }} - --ls-dnat-mod-dl-dst={{ kube_ovn_ls_dnat_mod_dl_dst }}
- --enable-eip-snat={{ kube_ovn_eip_snat_enabled }} - --pod-nic-type={{ kube_ovn_pod_nic_type }}
- --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }} - --enable-lb={{ kube_ovn_enable_lb|string }}
- --logtostderr=false - --enable-np={{ kube_ovn_enable_np|string }}
- --alsologtostderr=true - --enable-eip-snat={{ kube_ovn_eip_snat_enabled }}
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log - --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }}
- --log_file_max_size=0 - --logtostderr=false
- --keep-vm-ip={{ kube_ovn_keep_vm_ip }} - --alsologtostderr=true
- --gc-interval=360
- --inspect-interval=20
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
- --log_file_max_size=0
- --enable-lb-svc=false
- --keep-vm-ip={{ kube_ovn_keep_vm_ip }}
- --pod-default-fip-type=""
env: env:
- name: ENABLE_SSL - name: ENABLE_SSL
value: "{{ kube_ovn_enable_ssl | lower }}" value: "{{ kube_ovn_enable_ssl | lower }}"
@ -78,6 +83,14 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: "{{ kube_ovn_central_ips }}"
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{ kube_ovn_bind_local_ip_enabled }}"
volumeMounts: volumeMounts:
- mountPath: /etc/localtime - mountPath: /etc/localtime
name: localtime name: localtime
@ -141,8 +154,13 @@ spec:
type: infra type: infra
spec: spec:
tolerations: tolerations:
- operator: Exists - effect: NoSchedule
priorityClassName: system-cluster-critical operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn serviceAccountName: ovn
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
@ -157,6 +175,8 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /opt/cni/bin - mountPath: /opt/cni/bin
name: cni-bin name: cni-bin
- mountPath: /usr/local/bin
name: local-bin
containers: containers:
- name: cni-server - name: cni-server
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
@ -172,7 +192,7 @@ spec:
- --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }} - --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
- --network-type={{ kube_ovn_network_type }} - --network-type={{ kube_ovn_network_type }}
- --default-interface-name={{ kube_ovn_default_interface_name|default('') }} - --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
{% if kube_ovn_mtu is defined %} {% if kube_ovn_mtu is defined %}
- --mtu={{ kube_ovn_mtu }} - --mtu={{ kube_ovn_mtu }}
{% endif %} {% endif %}
- --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist - --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist
@ -184,7 +204,7 @@ spec:
runAsUser: 0 runAsUser: 0
privileged: true privileged: true
env: env:
- name: kube_ovn_enable_ssl - name: ENABLE_SSL
value: "{{ kube_ovn_enable_ssl | lower }}" value: "{{ kube_ovn_enable_ssl | lower }}"
- name: POD_IP - name: POD_IP
valueFrom: valueFrom:
@ -198,6 +218,14 @@ spec:
value: kube_ovn_fastpath.ko value: kube_ovn_fastpath.ko
- name: RPMS - name: RPMS
value: openvswitch-kmod value: openvswitch-kmod
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{ kube_ovn_bind_local_ip_enabled }}"
- name: DBUS_SYSTEM_BUS_ADDRESS
value: "unix:path=/host/var/run/dbus/system_bus_socket"
volumeMounts: volumeMounts:
- name: host-modules - name: host-modules
mountPath: /lib/modules mountPath: /lib/modules
@ -213,6 +241,9 @@ spec:
mountPropagation: Bidirectional mountPropagation: Bidirectional
- mountPath: /run/ovn - mountPath: /run/ovn
name: host-run-ovn name: host-run-ovn
- mountPath: /host/var/run/dbus
name: host-dbus
mountPropagation: HostToContainer
- mountPath: /var/run/netns - mountPath: /var/run/netns
name: host-ns name: host-ns
mountPropagation: HostToContainer mountPropagation: HostToContainer
@ -276,6 +307,9 @@ spec:
- name: host-ns - name: host-ns
hostPath: hostPath:
path: /var/run/netns path: /var/run/netns
- name: host-dbus
hostPath:
path: /var/run/dbus
- name: host-log-ovs - name: host-log-ovs
hostPath: hostPath:
path: /var/log/openvswitch path: /var/log/openvswitch
@ -291,6 +325,9 @@ spec:
- name: tmp - name: tmp
hostPath: hostPath:
path: /tmp path: /tmp
- name: local-bin
hostPath:
path: /usr/local/bin
--- ---
kind: DaemonSet kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1
@ -313,12 +350,12 @@ spec:
component: network component: network
type: infra type: infra
spec: spec:
priorityClassName: system-node-critical
serviceAccountName: ovn serviceAccountName: ovn
hostPID: true hostPID: true
containers: containers:
- name: pinger - name: pinger
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command: command:
- /kube-ovn/kube-ovn-pinger - /kube-ovn/kube-ovn-pinger
args: args:
@ -328,6 +365,7 @@ spec:
- --alsologtostderr=true - --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
- --log_file_max_size=0 - --log_file_max_size=0
imagePullPolicy: {{ k8s_image_pull_policy }}
securityContext: securityContext:
runAsUser: 0 runAsUser: 0
privileged: false privileged: false
@ -443,7 +481,10 @@ spec:
type: infra type: infra
spec: spec:
tolerations: tolerations:
- operator: Exists - effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@ -469,6 +510,12 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{ kube_ovn_bind_local_ip_enabled }}"
resources: resources:
requests: requests:
cpu: {{ kube_ovn_monitor_cpu_request }} cpu: {{ kube_ovn_monitor_cpu_request }}
@ -608,7 +655,7 @@ spec:
ports: ports:
- port: 10665 - port: 10665
name: metrics name: metrics
{% if kube_ovn_ic_enable %} {% if kube_ovn_ic_enable %}
--- ---
kind: ConfigMap kind: ConfigMap
apiVersion: v1 apiVersion: v1

41
roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
View File

@ -12,11 +12,6 @@ metadata:
rbac.authorization.k8s.io/system-only: "true" rbac.authorization.k8s.io/system-only: "true"
name: system:ovn name: system:ovn
rules: rules:
- apiGroups: ['policy']
resources: ['podsecuritypolicies']
verbs: ['use']
resourceNames:
- kube-ovn
- apiGroups: - apiGroups:
- "kubeovn.io" - "kubeovn.io"
resources: resources:
@ -34,7 +29,6 @@ rules:
- provider-networks/status - provider-networks/status
- security-groups - security-groups
- security-groups/status - security-groups/status
- htbqoses
- iptables-eips - iptables-eips
- iptables-fip-rules - iptables-fip-rules
- iptables-dnat-rules - iptables-dnat-rules
@ -43,6 +37,16 @@ rules:
- iptables-fip-rules/status - iptables-fip-rules/status
- iptables-dnat-rules/status - iptables-dnat-rules/status
- iptables-snat-rules/status - iptables-snat-rules/status
- ovn-eips
- ovn-fips
- ovn-snat-rules
- ovn-eips/status
- ovn-fips/status
- ovn-snat-rules/status
- switch-lb-rules
- switch-lb-rules/status
- vpc-dnses
- vpc-dnses/status
verbs: verbs:
- "*" - "*"
- apiGroups: - apiGroups:
@ -78,6 +82,7 @@ rules:
resources: resources:
- networkpolicies - networkpolicies
- services - services
- services/status
- endpoints - endpoints
- statefulsets - statefulsets
- daemonsets - daemonsets
@ -105,16 +110,6 @@ rules:
- leases - leases
verbs: verbs:
- "*" - "*"
- apiGroups:
- "k8s.cni.cncf.io"
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- update
- apiGroups: - apiGroups:
- "kubevirt.io" - "kubevirt.io"
resources: resources:
@ -245,12 +240,12 @@ spec:
env: env:
- name: ENABLE_SSL - name: ENABLE_SSL
value: "{{ kube_ovn_enable_ssl | lower }}" value: "{{ kube_ovn_enable_ssl | lower }}"
- name: NODE_IPS
value: "{{ kube_ovn_central_ips }}"
- name: POD_IP - name: POD_IP
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: status.podIP fieldPath: status.podIP
- name: NODE_IPS
value: "{{ kube_ovn_central_ips }}"
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
@ -259,6 +254,12 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{ kube_ovn_bind_local_ip_enabled }}"
resources: resources:
requests: requests:
cpu: {{ kube_ovn_db_cpu_request }} cpu: {{ kube_ovn_db_cpu_request }}
@ -358,7 +359,7 @@ spec:
spec: spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
priorityClassName: system-cluster-critical priorityClassName: system-node-critical
serviceAccountName: ovn serviceAccountName: ovn
hostNetwork: true hostNetwork: true
hostPID: true hostPID: true
@ -444,7 +445,7 @@ spec:
{% else %} {% else %}
- /kube-ovn/ovs-healthcheck.sh - /kube-ovn/ovs-healthcheck.sh
{% endif %} {% endif %}
initialDelaySeconds: 10 initialDelaySeconds: 60
periodSeconds: 5 periodSeconds: 5
failureThreshold: 5 failureThreshold: 5
timeoutSeconds: 45 timeoutSeconds: 45