richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5938 Commits
34 Branches
82 Tags
155 MiB
Tree: 0ac364dfae
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0ac364dfae'
${ noResults }
kubespray/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2

461 lines
11 KiB
Raw Normal View History

Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Update kube-ovn to 1.7.1
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Update kube-ovn to 1.7.1
3 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.2
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
Minor update to cni-plugins and kube-router
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
Minor update to cni-plugins and kube-router
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 (#6479)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.1
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.7.1
3 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Add .editorconfig file (#6307)
4 years ago
Update kube-ovn to 1.7.0 (#7686)
3 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
  1. apiVersion: policy/v1beta1
  2. kind: PodSecurityPolicy
  3. metadata:
  4. name: kube-ovn
  5. annotations:
  6. seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
  7. spec:
  8. privileged: true
  9. allowPrivilegeEscalation: true
  10. allowedCapabilities:
  11. - '*'
  12. volumes:
  13. - '*'
  14. hostNetwork: true
  15. hostPorts:
  16. - min: 0
  17. max: 65535
  18. hostIPC: true
  19. hostPID: true
  20. runAsUser:
  21. rule: 'RunAsAny'
  22. seLinux:
  23. rule: 'RunAsAny'
  24. supplementalGroups:
  25. rule: 'RunAsAny'
  26. fsGroup:
  27. rule: 'RunAsAny'
  29. ---
  31. apiVersion: v1
  32. kind: ConfigMap
  33. metadata:
  34. name: ovn-config
  35. namespace: kube-system
  36. data:
  37. defaultNetworkType: geneve
  38. ---
  39. apiVersion: v1
  40. kind: ServiceAccount
  41. metadata:
  42. name: ovn
  43. namespace: kube-system
  44. ---
  45. apiVersion: rbac.authorization.k8s.io/v1
  46. kind: ClusterRole
  47. metadata:
  48. annotations:
  49. rbac.authorization.k8s.io/system-only: "true"
  50. name: system:ovn
  51. rules:
  52. - apiGroups:
  53. - policy
  54. resources:
  55. - podsecuritypolicies
  56. verbs:
  57. - use
  58. resourceNames:
  59. - kube-ovn
  60. - apiGroups:
  61. - "kubeovn.io"
  62. resources:
  63. - subnets
  64. - subnets/status
  65. - vpcs
  66. - vpcs/status
  67. - vpc-nat-gateways
  68. - ips
  69. - vlans
  70. - provider-networks
  71. - provider-networks/status
  72. - networks
  73. verbs:
  74. - "*"
  75. - apiGroups:
  76. - ""
  77. resources:
  78. - pods
  79. - pods/exec
  80. - namespaces
  81. - nodes
  82. - configmaps
  83. verbs:
  84. - create
  85. - get
  86. - list
  87. - watch
  88. - patch
  89. - update
  90. - apiGroups:
  91. - "k8s.cni.cncf.io"
  92. resources:
  93. - network-attachment-definitions
  94. verbs:
  95. - create
  96. - delete
  97. - get
  98. - list
  99. - update
  100. - apiGroups:
  101. - ""
  102. - networking.k8s.io
  103. - apps
  104. - extensions
  105. resources:
  106. - networkpolicies
  107. - services
  108. - endpoints
  109. - statefulsets
  110. - daemonsets
  111. - deployments
  112. verbs:
  113. - create
  114. - delete
  115. - update
  116. - patch
  117. - get
  118. - list
  119. - watch
  120. - apiGroups:
  121. - ""
  122. resources:
  123. - events
  124. verbs:
  125. - create
  126. - patch
  127. - update
  128. ---
  129. apiVersion: rbac.authorization.k8s.io/v1
  130. kind: ClusterRoleBinding
  131. metadata:
  132. name: ovn
  133. roleRef:
  134. name: system:ovn
  135. kind: ClusterRole
  136. apiGroup: rbac.authorization.k8s.io
  137. subjects:
  138. - kind: ServiceAccount
  139. name: ovn
  140. namespace: kube-system
  141. ---
  142. kind: Service
  143. apiVersion: v1
  144. metadata:
  145. name: ovn-nb
  146. namespace: kube-system
  147. spec:
  148. ports:
  149. - name: ovn-nb
  150. protocol: TCP
  151. port: 6641
  152. targetPort: 6641
  153. type: ClusterIP
  154. selector:
  155. app: ovn-central
  156. ovn-nb-leader: "true"
  157. sessionAffinity: None
  158. ---
  159. kind: Service
  160. apiVersion: v1
  161. metadata:
  162. name: ovn-sb
  163. namespace: kube-system
  164. spec:
  165. ports:
  166. - name: ovn-sb
  167. protocol: TCP
  168. port: 6642
  169. targetPort: 6642
  170. type: ClusterIP
  171. selector:
  172. app: ovn-central
  173. ovn-sb-leader: "true"
  174. sessionAffinity: None
  175. ---
  176. kind: Service
  177. apiVersion: v1
  178. metadata:
  179. name: ovn-northd
  180. namespace: kube-system
  181. spec:
  182. ports:
  183. - name: ovn-northd
  184. protocol: TCP
  185. port: 6643
  186. targetPort: 6643
  187. type: ClusterIP
  188. selector:
  189. app: ovn-central
  190. ovn-northd-leader: "true"
  191. sessionAffinity: None
  192. ---
  193. kind: Deployment
  194. apiVersion: apps/v1
  195. metadata:
  196. name: ovn-central
  197. namespace: kube-system
  198. annotations:
  199. kubernetes.io/description: |
  200. OVN components: northd, nb and sb.
  201. spec:
  202. replicas: 1
  203. strategy:
  204. rollingUpdate:
  205. maxSurge: 0
  206. maxUnavailable: 1
  207. type: RollingUpdate
  208. selector:
  209. matchLabels:
  210. app: ovn-central
  211. template:
  212. metadata:
  213. labels:
  214. app: ovn-central
  215. component: network
  216. type: infra
  217. spec:
  218. tolerations:
  219. - operator: Exists
  220. affinity:
  221. podAntiAffinity:
  222. requiredDuringSchedulingIgnoredDuringExecution:
  223. - labelSelector:
  224. matchLabels:
  225. app: ovn-central
  226. topologyKey: kubernetes.io/hostname
  227. priorityClassName: system-cluster-critical
  228. serviceAccountName: ovn
  229. hostNetwork: true
  230. containers:
  231. - name: ovn-central
  232. image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
  233. imagePullPolicy: {{ k8s_image_pull_policy }}
  234. command: ["/kube-ovn/start-db.sh"]
  235. securityContext:
  236. capabilities:
  237. add: ["SYS_NICE"]
  238. env:
  239. - name: ENABLE_SSL
  240. value: "{{ enable_ssl | lower }}"
  241. - name: POD_IP
  242. valueFrom:
  243. fieldRef:
  244. fieldPath: status.podIP
  245. - name: POD_NAME
  246. valueFrom:
  247. fieldRef:
  248. fieldPath: metadata.name
  249. - name: POD_NAMESPACE
  250. valueFrom:
  251. fieldRef:
  252. fieldPath: metadata.namespace
  253. resources:
  254. requests:
  255. cpu: {{ kube_ovn_db_cpu_request }}
  256. memory: {{ kube_ovn_db_memory_request }}
  257. limits:
  258. cpu: {{ kube_ovn_db_cpu_limit }}
  259. memory: {{ kube_ovn_db_memory_limit }}
  260. volumeMounts:
  261. - mountPath: /var/run/openvswitch
  262. name: host-run-ovs
  263. - mountPath: /var/run/ovn
  264. name: host-run-ovn
  265. - mountPath: /sys
  266. name: host-sys
  267. readOnly: true
  268. - mountPath: /etc/openvswitch
  269. name: host-config-openvswitch
  270. - mountPath: /etc/ovn
  271. name: host-config-ovn
  272. - mountPath: /var/log/openvswitch
  273. name: host-log-ovs
  274. - mountPath: /var/log/ovn
  275. name: host-log-ovn
  276. - mountPath: /etc/localtime
  277. name: localtime
  278. - mountPath: /var/run/tls
  279. name: kube-ovn-tls
  280. readinessProbe:
  281. exec:
  282. command:
  283. - bash
  284. - /kube-ovn/ovn-is-leader.sh
  285. periodSeconds: 3
  286. timeoutSeconds: 45
  287. livenessProbe:
  288. exec:
  289. command:
  290. - bash
  291. - /kube-ovn/ovn-healthcheck.sh
  292. initialDelaySeconds: 30
  293. periodSeconds: 7
  294. failureThreshold: 5
  295. timeoutSeconds: 45
  296. nodeSelector:
  297. kubernetes.io/os: "linux"
  298. kube-ovn/role: "master"
  299. volumes:
  300. - name: host-run-ovs
  301. hostPath:
  302. path: /run/openvswitch
  303. - name: host-run-ovn
  304. hostPath:
  305. path: /run/ovn
  306. - name: host-sys
  307. hostPath:
  308. path: /sys
  309. - name: host-config-openvswitch
  310. hostPath:
  311. path: /etc/origin/openvswitch
  312. - name: host-config-ovn
  313. hostPath:
  314. path: /etc/origin/ovn
  315. - name: host-log-ovs
  316. hostPath:
  317. path: /var/log/openvswitch
  318. - name: host-log-ovn
  319. hostPath:
  320. path: /var/log/ovn
  321. - name: localtime
  322. hostPath:
  323. path: /etc/localtime
  324. - name: kube-ovn-tls
  325. secret:
  326. optional: true
  327. secretName: kube-ovn-tls
  328. ---
  329. kind: DaemonSet
  330. apiVersion: apps/v1
  331. metadata:
  332. name: ovs-ovn
  333. namespace: kube-system
  334. annotations:
  335. kubernetes.io/description: |
  336. This daemon set launches the openvswitch daemon.
  337. spec:
  338. selector:
  339. matchLabels:
  340. app: ovs
  341. updateStrategy:
  342. type: OnDelete
  343. template:
  344. metadata:
  345. labels:
  346. app: ovs
  347. component: network
  348. type: infra
  349. spec:
  350. tolerations:
  351. - operator: Exists
  352. priorityClassName: system-cluster-critical
  353. serviceAccountName: ovn
  354. hostNetwork: true
  355. hostPID: true
  356. containers:
  357. - name: openvswitch
  358. image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
  359. imagePullPolicy: {{ k8s_image_pull_policy }}
  360. command: ["/kube-ovn/start-ovs.sh"]
  361. securityContext:
  362. runAsUser: 0
  363. privileged: true
  364. env:
  365. - name: ENABLE_SSL
  366. value: "{{ enable_ssl | lower }}"
  367. - name: POD_IP
  368. valueFrom:
  369. fieldRef:
  370. fieldPath: status.podIP
  371. - name: HW_OFFLOAD
  372. value: "false"
  373. - name: KUBE_NODE_NAME
  374. valueFrom:
  375. fieldRef:
  376. fieldPath: spec.nodeName
  377. volumeMounts:
  378. - mountPath: /lib/modules
  379. name: host-modules
  380. readOnly: true
  381. - mountPath: /var/run/openvswitch
  382. name: host-run-ovs
  383. - mountPath: /var/run/ovn
  384. name: host-run-ovn
  385. - mountPath: /sys
  386. name: host-sys
  387. readOnly: true
  388. - mountPath: /etc/cni/net.d
  389. name: cni-conf
  390. - mountPath: /etc/openvswitch
  391. name: host-config-openvswitch
  392. - mountPath: /etc/ovn
  393. name: host-config-ovn
  394. - mountPath: /var/log/openvswitch
  395. name: host-log-ovs
  396. - mountPath: /var/log/ovn
  397. name: host-log-ovn
  398. - mountPath: /etc/localtime
  399. name: localtime
  400. - mountPath: /var/run/tls
  401. name: kube-ovn-tls
  402. readinessProbe:
  403. exec:
  404. command:
  405. - bash
  406. - /kube-ovn/ovs-healthcheck.sh
  407. periodSeconds: 5
  408. timeoutSeconds: 45
  409. livenessProbe:
  410. exec:
  411. command:
  412. - bash
  413. - /kube-ovn/ovs-healthcheck.sh
  414. initialDelaySeconds: 10
  415. periodSeconds: 5
  416. failureThreshold: 5
  417. timeoutSeconds: 45
  418. resources:
  419. requests:
  420. cpu: {{ kube_ovn_node_cpu_request }}
  421. memory: {{ kube_ovn_node_memory_request }}
  422. limits:
  423. cpu: {{ kube_ovn_node_cpu_limit }}
  424. memory: {{ kube_ovn_node_memory_limit }}
  425. nodeSelector:
  426. kubernetes.io/os: "linux"
  427. volumes:
  428. - name: host-modules
  429. hostPath:
  430. path: /lib/modules
  431. - name: host-run-ovs
  432. hostPath:
  433. path: /run/openvswitch
  434. - name: host-run-ovn
  435. hostPath:
  436. path: /run/ovn
  437. - name: host-sys
  438. hostPath:
  439. path: /sys
  440. - name: cni-conf
  441. hostPath:
  442. path: /etc/cni/net.d
  443. - name: host-config-openvswitch
  444. hostPath:
  445. path: /etc/origin/openvswitch
  446. - name: host-config-ovn
  447. hostPath:
  448. path: /etc/origin/ovn
  449. - name: host-log-ovs
  450. hostPath:
  451. path: /var/log/openvswitch
  452. - name: host-log-ovn
  453. hostPath:
  454. path: /var/log/ovn
  455. - name: localtime
  456. hostPath:
  457. path: /etc/localtime
  458. - name: kube-ovn-tls
  459. secret:
  460. optional: true
  461. secretName: kube-ovn-tls