Florian Ruynat
4 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with
80 additions and
12 deletions
-
README.md
-
roles/download/defaults/main.yml
-
roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
-
roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
|
|
|
@ -128,7 +128,7 @@ Note: Upstart/SysV init based OS types are not supported. |
|
|
|
- [cilium](https://github.com/cilium/cilium) v1.8.5 |
|
|
|
- [contiv](https://github.com/contiv/install) v1.2.1 |
|
|
|
- [flanneld](https://github.com/coreos/flannel) v0.13.0 |
|
|
|
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.3.0 |
|
|
|
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.5.2 |
|
|
|
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.1.0 |
|
|
|
- [multus](https://github.com/intel/multus-cni) v3.6.0 |
|
|
|
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0 |
|
|
|
|
|
|
|
@ -80,7 +80,7 @@ weave_version: 2.7.0 |
|
|
|
pod_infra_version: "3.3" |
|
|
|
contiv_version: 1.2.1 |
|
|
|
cilium_version: "v1.8.5" |
|
|
|
kube_ovn_version: "v1.3.0" |
|
|
|
kube_ovn_version: "v1.5.2" |
|
|
|
kube_router_version: "v1.1.0" |
|
|
|
multus_version: "v3.6" |
|
|
|
ovn4nfv_ovn_image_version: "v1.0.0" |
|
|
|
|
|
|
|
@ -8,7 +8,7 @@ metadata: |
|
|
|
kubernetes.io/description: | |
|
|
|
kube-ovn controller |
|
|
|
spec: |
|
|
|
replicas: 2 |
|
|
|
replicas: 1 |
|
|
|
selector: |
|
|
|
matchLabels: |
|
|
|
app: kube-ovn-controller |
|
|
|
@ -46,6 +46,8 @@ spec: |
|
|
|
args: |
|
|
|
- --default-cidr={{ kube_pods_subnet }} |
|
|
|
env: |
|
|
|
- name: ENABLE_SSL |
|
|
|
value: "false" |
|
|
|
- name: POD_NAME |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
@ -58,12 +60,16 @@ spec: |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
fieldPath: spec.nodeName |
|
|
|
volumeMounts: |
|
|
|
- mountPath: /var/run/tls |
|
|
|
name: kube-ovn-tls |
|
|
|
readinessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
- sh |
|
|
|
- /kube-ovn/kube-ovn-controller-healthcheck.sh |
|
|
|
periodSeconds: 3 |
|
|
|
timeoutSeconds: 45 |
|
|
|
livenessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
@ -72,9 +78,14 @@ spec: |
|
|
|
initialDelaySeconds: 300 |
|
|
|
periodSeconds: 7 |
|
|
|
failureThreshold: 5 |
|
|
|
timeoutSeconds: 45 |
|
|
|
nodeSelector: |
|
|
|
kubernetes.io/os: "linux" |
|
|
|
|
|
|
|
volumes: |
|
|
|
- name: kube-ovn-tls |
|
|
|
secret: |
|
|
|
optional: true |
|
|
|
secretName: kube-ovn-tls |
|
|
|
--- |
|
|
|
kind: DaemonSet |
|
|
|
apiVersion: apps/v1 |
|
|
|
@ -88,8 +99,6 @@ spec: |
|
|
|
selector: |
|
|
|
matchLabels: |
|
|
|
app: kube-ovn-cni |
|
|
|
updateStrategy: |
|
|
|
type: OnDelete |
|
|
|
template: |
|
|
|
metadata: |
|
|
|
labels: |
|
|
|
@ -112,8 +121,6 @@ spec: |
|
|
|
runAsUser: 0 |
|
|
|
privileged: true |
|
|
|
volumeMounts: |
|
|
|
- mountPath: /etc/cni/net.d |
|
|
|
name: cni-conf |
|
|
|
- mountPath: /opt/cni/bin |
|
|
|
name: cni-bin |
|
|
|
containers: |
|
|
|
@ -131,6 +138,8 @@ spec: |
|
|
|
runAsUser: 0 |
|
|
|
privileged: true |
|
|
|
env: |
|
|
|
- name: ENABLE_SSL |
|
|
|
value: "false" |
|
|
|
- name: POD_IP |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
@ -140,6 +149,8 @@ spec: |
|
|
|
fieldRef: |
|
|
|
fieldPath: spec.nodeName |
|
|
|
volumeMounts: |
|
|
|
- mountPath: /etc/cni/net.d |
|
|
|
name: cni-conf |
|
|
|
- mountPath: /run/openvswitch |
|
|
|
name: host-run-ovs |
|
|
|
- mountPath: /run/ovn |
|
|
|
@ -221,6 +232,8 @@ spec: |
|
|
|
runAsUser: 0 |
|
|
|
privileged: false |
|
|
|
env: |
|
|
|
- name: ENABLE_SSL |
|
|
|
value: "false" |
|
|
|
- name: POD_IP |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
@ -256,6 +269,8 @@ spec: |
|
|
|
name: host-log-ovs |
|
|
|
- mountPath: /var/log/ovn |
|
|
|
name: host-log-ovn |
|
|
|
- mountPath: /var/run/tls |
|
|
|
name: kube-ovn-tls |
|
|
|
resources: |
|
|
|
requests: |
|
|
|
cpu: {{ kube_ovn_pinger_cpu_request }} |
|
|
|
@ -287,6 +302,10 @@ spec: |
|
|
|
- name: host-log-ovn |
|
|
|
hostPath: |
|
|
|
path: /var/log/ovn |
|
|
|
- name: kube-ovn-tls |
|
|
|
secret: |
|
|
|
optional: true |
|
|
|
secretName: kube-ovn-tls |
|
|
|
--- |
|
|
|
kind: Service |
|
|
|
apiVersion: v1 |
|
|
|
|
|
|
|
@ -1,3 +1,31 @@ |
|
|
|
apiVersion: policy/v1beta1 |
|
|
|
kind: PodSecurityPolicy |
|
|
|
metadata: |
|
|
|
name: kube-ovn |
|
|
|
annotations: |
|
|
|
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' |
|
|
|
spec: |
|
|
|
privileged: true |
|
|
|
allowPrivilegeEscalation: true |
|
|
|
allowedCapabilities: |
|
|
|
- '*' |
|
|
|
volumes: |
|
|
|
- '*' |
|
|
|
hostNetwork: true |
|
|
|
hostPorts: |
|
|
|
- min: 0 |
|
|
|
max: 65535 |
|
|
|
hostIPC: true |
|
|
|
hostPID: true |
|
|
|
runAsUser: |
|
|
|
rule: 'RunAsAny' |
|
|
|
seLinux: |
|
|
|
rule: 'RunAsAny' |
|
|
|
supplementalGroups: |
|
|
|
rule: 'RunAsAny' |
|
|
|
fsGroup: |
|
|
|
rule: 'RunAsAny' |
|
|
|
|
|
|
|
--- |
|
|
|
apiVersion: v1 |
|
|
|
kind: ConfigMap |
|
|
|
@ -27,6 +55,7 @@ rules: |
|
|
|
- subnets/status |
|
|
|
- ips |
|
|
|
- vlans |
|
|
|
- networks |
|
|
|
verbs: |
|
|
|
- "*" |
|
|
|
- apiGroups: |
|
|
|
@ -81,7 +110,6 @@ subjects: |
|
|
|
- kind: ServiceAccount |
|
|
|
name: ovn |
|
|
|
namespace: kube-system |
|
|
|
|
|
|
|
--- |
|
|
|
kind: Service |
|
|
|
apiVersion: v1 |
|
|
|
@ -99,7 +127,6 @@ spec: |
|
|
|
app: ovn-central |
|
|
|
ovn-nb-leader: "true" |
|
|
|
sessionAffinity: None |
|
|
|
|
|
|
|
--- |
|
|
|
kind: Service |
|
|
|
apiVersion: v1 |
|
|
|
@ -117,7 +144,6 @@ spec: |
|
|
|
app: ovn-central |
|
|
|
ovn-sb-leader: "true" |
|
|
|
sessionAffinity: None |
|
|
|
|
|
|
|
--- |
|
|
|
kind: Deployment |
|
|
|
apiVersion: apps/v1 |
|
|
|
@ -166,6 +192,8 @@ spec: |
|
|
|
capabilities: |
|
|
|
add: ["SYS_NICE"] |
|
|
|
env: |
|
|
|
- name: ENABLE_SSL |
|
|
|
value: "false" |
|
|
|
- name: POD_IP |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
@ -201,12 +229,15 @@ spec: |
|
|
|
name: host-log-ovs |
|
|
|
- mountPath: /var/log/ovn |
|
|
|
name: host-log-ovn |
|
|
|
- mountPath: /var/run/tls |
|
|
|
name: kube-ovn-tls |
|
|
|
readinessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
- sh |
|
|
|
- /kube-ovn/ovn-is-leader.sh |
|
|
|
periodSeconds: 3 |
|
|
|
timeoutSeconds: 45 |
|
|
|
livenessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
@ -215,6 +246,7 @@ spec: |
|
|
|
initialDelaySeconds: 30 |
|
|
|
periodSeconds: 7 |
|
|
|
failureThreshold: 5 |
|
|
|
timeoutSeconds: 45 |
|
|
|
nodeSelector: |
|
|
|
kubernetes.io/os: "linux" |
|
|
|
kube-ovn/role: "master" |
|
|
|
@ -240,7 +272,10 @@ spec: |
|
|
|
- name: host-log-ovn |
|
|
|
hostPath: |
|
|
|
path: /var/log/ovn |
|
|
|
|
|
|
|
- name: kube-ovn-tls |
|
|
|
secret: |
|
|
|
optional: true |
|
|
|
secretName: kube-ovn-tls |
|
|
|
--- |
|
|
|
kind: DaemonSet |
|
|
|
apiVersion: apps/v1 |
|
|
|
@ -279,12 +314,18 @@ spec: |
|
|
|
runAsUser: 0 |
|
|
|
privileged: true |
|
|
|
env: |
|
|
|
- name: ENABLE_SSL |
|
|
|
value: "false" |
|
|
|
- name: POD_IP |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
fieldPath: status.podIP |
|
|
|
- name: HW_OFFLOAD |
|
|
|
value: "false" |
|
|
|
- name: KUBE_NODE_NAME |
|
|
|
valueFrom: |
|
|
|
fieldRef: |
|
|
|
fieldPath: spec.nodeName |
|
|
|
volumeMounts: |
|
|
|
- mountPath: /lib/modules |
|
|
|
name: host-modules |
|
|
|
@ -304,12 +345,15 @@ spec: |
|
|
|
name: host-log-ovs |
|
|
|
- mountPath: /var/log/ovn |
|
|
|
name: host-log-ovn |
|
|
|
- mountPath: /var/run/tls |
|
|
|
name: kube-ovn-tls |
|
|
|
readinessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
- sh |
|
|
|
- /kube-ovn/ovs-healthcheck.sh |
|
|
|
periodSeconds: 5 |
|
|
|
timeoutSeconds: 45 |
|
|
|
livenessProbe: |
|
|
|
exec: |
|
|
|
command: |
|
|
|
@ -318,6 +362,7 @@ spec: |
|
|
|
initialDelaySeconds: 10 |
|
|
|
periodSeconds: 5 |
|
|
|
failureThreshold: 5 |
|
|
|
timeoutSeconds: 45 |
|
|
|
resources: |
|
|
|
requests: |
|
|
|
cpu: {{ kube_ovn_node_cpu_request }} |
|
|
|
@ -352,3 +397,7 @@ spec: |
|
|
|
- name: host-log-ovn |
|
|
|
hostPath: |
|
|
|
path: /var/log/ovn |
|
|
|
- name: kube-ovn-tls |
|
|
|
secret: |
|
|
|
optional: true |
|
|
|
secretName: kube-ovn-tls |
