richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5763 Commits
33 Branches
82 Tags
153 MiB
Tree: ae3a1d7c01
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ae3a1d7c01'
${ noResults }
kubespray/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2

413 lines
9.7 KiB
Raw Normal View History

Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-router to 1.0.1 and kube-ovn to 1.3.0 (#6479)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.6.0 (#7240)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Update kube-ovn to 1.1.1 (#6060)
4 years ago
Upgrade kube-ovn to v1.1.0 and move test from centos7 to centos8 (#5852)
4 years ago
add Kube-OVN cni to kubespray (#5020)
5 years ago
Add .editorconfig file (#6307)
4 years ago
Update kube-ovn to 1.5.2 (#6610)
4 years ago
  1. apiVersion: policy/v1beta1
  2. kind: PodSecurityPolicy
  3. metadata:
  4. name: kube-ovn
  5. annotations:
  6. seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
  7. spec:
  8. privileged: true
  9. allowPrivilegeEscalation: true
  10. allowedCapabilities:
  11. - '*'
  12. volumes:
  13. - '*'
  14. hostNetwork: true
  15. hostPorts:
  16. - min: 0
  17. max: 65535
  18. hostIPC: true
  19. hostPID: true
  20. runAsUser:
  21. rule: 'RunAsAny'
  22. seLinux:
  23. rule: 'RunAsAny'
  24. supplementalGroups:
  25. rule: 'RunAsAny'
  26. fsGroup:
  27. rule: 'RunAsAny'
  29. ---
  30. apiVersion: v1
  31. kind: ConfigMap
  32. metadata:
  33. name: ovn-config
  34. namespace: kube-system
  36. ---
  37. apiVersion: v1
  38. kind: ServiceAccount
  39. metadata:
  40. name: ovn
  41. namespace: kube-system
  43. ---
  44. apiVersion: rbac.authorization.k8s.io/v1
  45. kind: ClusterRole
  46. metadata:
  47. annotations:
  48. rbac.authorization.k8s.io/system-only: "true"
  49. name: system:ovn
  50. rules:
  51. - apiGroups:
  52. - policy
  53. resources:
  54. - podsecuritypolicies
  55. verbs:
  56. - use
  57. resourceNames:
  58. - kube-ovn
  59. - apiGroups:
  60. - "kubeovn.io"
  61. resources:
  62. - subnets
  63. - subnets/status
  64. - vpcs
  65. - vpcs/status
  66. - ips
  67. - vlans
  68. - networks
  69. verbs:
  70. - "*"
  71. - apiGroups:
  72. - ""
  73. resources:
  74. - pods
  75. - namespaces
  76. - nodes
  77. - configmaps
  78. verbs:
  79. - create
  80. - get
  81. - list
  82. - watch
  83. - patch
  84. - update
  85. - apiGroups:
  86. - ""
  87. - networking.k8s.io
  88. - apps
  89. - extensions
  90. resources:
  91. - networkpolicies
  92. - services
  93. - endpoints
  94. - statefulsets
  95. - daemonsets
  96. - deployments
  97. verbs:
  98. - get
  99. - list
  100. - watch
  101. - apiGroups:
  102. - ""
  103. resources:
  104. - events
  105. verbs:
  106. - create
  107. - patch
  108. - update
  110. ---
  111. apiVersion: rbac.authorization.k8s.io/v1
  112. kind: ClusterRoleBinding
  113. metadata:
  114. name: ovn
  115. roleRef:
  116. name: system:ovn
  117. kind: ClusterRole
  118. apiGroup: rbac.authorization.k8s.io
  119. subjects:
  120. - kind: ServiceAccount
  121. name: ovn
  122. namespace: kube-system
  123. ---
  124. kind: Service
  125. apiVersion: v1
  126. metadata:
  127. name: ovn-nb
  128. namespace: kube-system
  129. spec:
  130. ports:
  131. - name: ovn-nb
  132. protocol: TCP
  133. port: 6641
  134. targetPort: 6641
  135. type: ClusterIP
  136. selector:
  137. app: ovn-central
  138. ovn-nb-leader: "true"
  139. sessionAffinity: None
  140. ---
  141. kind: Service
  142. apiVersion: v1
  143. metadata:
  144. name: ovn-sb
  145. namespace: kube-system
  146. spec:
  147. ports:
  148. - name: ovn-sb
  149. protocol: TCP
  150. port: 6642
  151. targetPort: 6642
  152. type: ClusterIP
  153. selector:
  154. app: ovn-central
  155. ovn-sb-leader: "true"
  156. sessionAffinity: None
  157. ---
  158. kind: Deployment
  159. apiVersion: apps/v1
  160. metadata:
  161. name: ovn-central
  162. namespace: kube-system
  163. annotations:
  164. kubernetes.io/description: |
  165. OVN components: northd, nb and sb.
  166. spec:
  167. replicas: 1
  168. strategy:
  169. rollingUpdate:
  170. maxSurge: 0
  171. maxUnavailable: 1
  172. type: RollingUpdate
  173. selector:
  174. matchLabels:
  175. app: ovn-central
  176. template:
  177. metadata:
  178. labels:
  179. app: ovn-central
  180. component: network
  181. type: infra
  182. spec:
  183. tolerations:
  184. - operator: Exists
  185. effect: NoSchedule
  186. affinity:
  187. podAntiAffinity:
  188. requiredDuringSchedulingIgnoredDuringExecution:
  189. - labelSelector:
  190. matchLabels:
  191. app: ovn-central
  192. topologyKey: kubernetes.io/hostname
  193. priorityClassName: system-cluster-critical
  194. serviceAccountName: ovn
  195. hostNetwork: true
  196. containers:
  197. - name: ovn-central
  198. image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
  199. imagePullPolicy: {{ k8s_image_pull_policy }}
  200. command: ["/kube-ovn/start-db.sh"]
  201. securityContext:
  202. capabilities:
  203. add: ["SYS_NICE"]
  204. env:
  205. - name: ENABLE_SSL
  206. value: "false"
  207. - name: POD_IP
  208. valueFrom:
  209. fieldRef:
  210. fieldPath: status.podIP
  211. - name: POD_NAME
  212. valueFrom:
  213. fieldRef:
  214. fieldPath: metadata.name
  215. - name: POD_NAMESPACE
  216. valueFrom:
  217. fieldRef:
  218. fieldPath: metadata.namespace
  219. resources:
  220. requests:
  221. cpu: {{ kube_ovn_db_cpu_request }}
  222. memory: {{ kube_ovn_db_memory_request }}
  223. limits:
  224. cpu: {{ kube_ovn_db_cpu_limit }}
  225. memory: {{ kube_ovn_db_memory_limit }}
  226. volumeMounts:
  227. - mountPath: /var/run/openvswitch
  228. name: host-run-ovs
  229. - mountPath: /var/run/ovn
  230. name: host-run-ovn
  231. - mountPath: /sys
  232. name: host-sys
  233. readOnly: true
  234. - mountPath: /etc/openvswitch
  235. name: host-config-openvswitch
  236. - mountPath: /etc/ovn
  237. name: host-config-ovn
  238. - mountPath: /var/log/openvswitch
  239. name: host-log-ovs
  240. - mountPath: /var/log/ovn
  241. name: host-log-ovn
  242. - mountPath: /var/run/tls
  243. name: kube-ovn-tls
  244. readinessProbe:
  245. exec:
  246. command:
  247. - bash
  248. - /kube-ovn/ovn-is-leader.sh
  249. periodSeconds: 3
  250. timeoutSeconds: 45
  251. livenessProbe:
  252. exec:
  253. command:
  254. - bash
  255. - /kube-ovn/ovn-healthcheck.sh
  256. initialDelaySeconds: 30
  257. periodSeconds: 7
  258. failureThreshold: 5
  259. timeoutSeconds: 45
  260. nodeSelector:
  261. kubernetes.io/os: "linux"
  262. kube-ovn/role: "master"
  263. volumes:
  264. - name: host-run-ovs
  265. hostPath:
  266. path: /run/openvswitch
  267. - name: host-run-ovn
  268. hostPath:
  269. path: /run/ovn
  270. - name: host-sys
  271. hostPath:
  272. path: /sys
  273. - name: host-config-openvswitch
  274. hostPath:
  275. path: /etc/origin/openvswitch
  276. - name: host-config-ovn
  277. hostPath:
  278. path: /etc/origin/ovn
  279. - name: host-log-ovs
  280. hostPath:
  281. path: /var/log/openvswitch
  282. - name: host-log-ovn
  283. hostPath:
  284. path: /var/log/ovn
  285. - name: kube-ovn-tls
  286. secret:
  287. optional: true
  288. secretName: kube-ovn-tls
  289. ---
  290. kind: DaemonSet
  291. apiVersion: apps/v1
  292. metadata:
  293. name: ovs-ovn
  294. namespace: kube-system
  295. annotations:
  296. kubernetes.io/description: |
  297. This daemon set launches the openvswitch daemon.
  298. spec:
  299. selector:
  300. matchLabels:
  301. app: ovs
  302. updateStrategy:
  303. type: OnDelete
  304. template:
  305. metadata:
  306. labels:
  307. app: ovs
  308. component: network
  309. type: infra
  310. spec:
  311. tolerations:
  312. - operator: Exists
  313. effect: NoSchedule
  314. priorityClassName: system-cluster-critical
  315. serviceAccountName: ovn
  316. hostNetwork: true
  317. hostPID: true
  318. containers:
  319. - name: openvswitch
  320. image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
  321. imagePullPolicy: {{ k8s_image_pull_policy }}
  322. command: ["/kube-ovn/start-ovs.sh"]
  323. securityContext:
  324. runAsUser: 0
  325. privileged: true
  326. env:
  327. - name: ENABLE_SSL
  328. value: "false"
  329. - name: POD_IP
  330. valueFrom:
  331. fieldRef:
  332. fieldPath: status.podIP
  333. - name: HW_OFFLOAD
  334. value: "false"
  335. - name: KUBE_NODE_NAME
  336. valueFrom:
  337. fieldRef:
  338. fieldPath: spec.nodeName
  339. volumeMounts:
  340. - mountPath: /lib/modules
  341. name: host-modules
  342. readOnly: true
  343. - mountPath: /var/run/openvswitch
  344. name: host-run-ovs
  345. - mountPath: /var/run/ovn
  346. name: host-run-ovn
  347. - mountPath: /sys
  348. name: host-sys
  349. readOnly: true
  350. - mountPath: /etc/openvswitch
  351. name: host-config-openvswitch
  352. - mountPath: /etc/ovn
  353. name: host-config-ovn
  354. - mountPath: /var/log/openvswitch
  355. name: host-log-ovs
  356. - mountPath: /var/log/ovn
  357. name: host-log-ovn
  358. - mountPath: /var/run/tls
  359. name: kube-ovn-tls
  360. readinessProbe:
  361. exec:
  362. command:
  363. - bash
  364. - /kube-ovn/ovs-healthcheck.sh
  365. periodSeconds: 5
  366. timeoutSeconds: 45
  367. livenessProbe:
  368. exec:
  369. command:
  370. - bash
  371. - /kube-ovn/ovs-healthcheck.sh
  372. initialDelaySeconds: 10
  373. periodSeconds: 5
  374. failureThreshold: 5
  375. timeoutSeconds: 45
  376. resources:
  377. requests:
  378. cpu: {{ kube_ovn_node_cpu_request }}
  379. memory: {{ kube_ovn_node_memory_request }}
  380. limits:
  381. cpu: {{ kube_ovn_node_cpu_limit }}
  382. memory: {{ kube_ovn_node_memory_limit }}
  383. nodeSelector:
  384. kubernetes.io/os: "linux"
  385. volumes:
  386. - name: host-modules
  387. hostPath:
  388. path: /lib/modules
  389. - name: host-run-ovs
  390. hostPath:
  391. path: /run/openvswitch
  392. - name: host-run-ovn
  393. hostPath:
  394. path: /run/ovn
  395. - name: host-sys
  396. hostPath:
  397. path: /sys
  398. - name: host-config-openvswitch
  399. hostPath:
  400. path: /etc/origin/openvswitch
  401. - name: host-config-ovn
  402. hostPath:
  403. path: /etc/origin/ovn
  404. - name: host-log-ovs
  405. hostPath:
  406. path: /var/log/openvswitch
  407. - name: host-log-ovn
  408. hostPath:
  409. path: /var/log/ovn
  410. - name: kube-ovn-tls
  411. secret:
  412. optional: true
  413. secretName: kube-ovn-tls