2781 lines
71 KiB
Go
2781 lines
71 KiB
Go
/*
|
|
Copyright 2022 The KubeSphere Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package templates
|
|
|
|
import (
|
|
"text/template"
|
|
|
|
"github.com/lithammer/dedent"
|
|
)
|
|
|
|
var (
|
|
KubeOvnCrd = template.Must(template.New("kube-ovn-crd.yaml").Parse(
|
|
dedent.Dedent(`---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: vpc-nat-gateways.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: vpc-nat-gateways
|
|
singular: vpc-nat-gateway
|
|
shortNames:
|
|
- vpc-nat-gw
|
|
kind: VpcNatGateway
|
|
listKind: VpcNatGatewayList
|
|
scope: Cluster
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .spec.vpc
|
|
name: Vpc
|
|
type: string
|
|
- jsonPath: .spec.subnet
|
|
name: Subnet
|
|
type: string
|
|
- jsonPath: .spec.lanIp
|
|
name: LanIP
|
|
type: string
|
|
name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
lanIp:
|
|
type: string
|
|
subnet:
|
|
type: string
|
|
vpc:
|
|
type: string
|
|
selector:
|
|
type: array
|
|
items:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: iptables-eips.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: iptables-eips
|
|
singular: iptables-eip
|
|
shortNames:
|
|
- eip
|
|
kind: IptablesEIP
|
|
listKind: IptablesEIPList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
additionalPrinterColumns:
|
|
- jsonPath: .status.ip
|
|
name: IP
|
|
type: string
|
|
- jsonPath: .spec.macAddress
|
|
name: Mac
|
|
type: string
|
|
- jsonPath: .status.nat
|
|
name: Nat
|
|
type: string
|
|
- jsonPath: .spec.natGwDp
|
|
name: NatGwDp
|
|
type: string
|
|
- jsonPath: .status.ready
|
|
name: Ready
|
|
type: boolean
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
ip:
|
|
type: string
|
|
nat:
|
|
type: string
|
|
redo:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
v4ip:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
macAddress:
|
|
type: string
|
|
natGwDp:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: iptables-fip-rules.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: iptables-fip-rules
|
|
singular: iptables-fip-rule
|
|
shortNames:
|
|
- fip
|
|
kind: IptablesFIPRule
|
|
listKind: IptablesFIPRuleList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
additionalPrinterColumns:
|
|
- jsonPath: .spec.eip
|
|
name: Eip
|
|
type: string
|
|
- jsonPath: .status.v4ip
|
|
name: V4ip
|
|
type: string
|
|
- jsonPath: .spec.internalIp
|
|
name: InternalIp
|
|
type: string
|
|
- jsonPath: .status.v6ip
|
|
name: V6ip
|
|
type: string
|
|
- jsonPath: .status.ready
|
|
name: Ready
|
|
type: boolean
|
|
- jsonPath: .status.natGwDp
|
|
name: NatGwDp
|
|
type: string
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
v4ip:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
natGwDp:
|
|
type: string
|
|
redo:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
eip:
|
|
type: string
|
|
internalIp:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: iptables-dnat-rules.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: iptables-dnat-rules
|
|
singular: iptables-dnat-rule
|
|
shortNames:
|
|
- dnat
|
|
kind: IptablesDnatRule
|
|
listKind: IptablesDnatRuleList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
additionalPrinterColumns:
|
|
- jsonPath: .spec.eip
|
|
name: Eip
|
|
type: string
|
|
- jsonPath: .spec.protocol
|
|
name: Protocol
|
|
type: string
|
|
- jsonPath: .status.v4ip
|
|
name: V4ip
|
|
type: string
|
|
- jsonPath: .status.v6ip
|
|
name: V6ip
|
|
type: string
|
|
- jsonPath: .spec.internalIp
|
|
name: InternalIp
|
|
type: string
|
|
- jsonPath: .spec.externalPort
|
|
name: ExternalPort
|
|
type: string
|
|
- jsonPath: .spec.internalPort
|
|
name: InternalPort
|
|
type: string
|
|
- jsonPath: .status.natGwDp
|
|
name: NatGwDp
|
|
type: string
|
|
- jsonPath: .status.ready
|
|
name: Ready
|
|
type: boolean
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
v4ip:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
natGwDp:
|
|
type: string
|
|
redo:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
eip:
|
|
type: string
|
|
externalPort:
|
|
type: string
|
|
protocol:
|
|
type: string
|
|
internalIp:
|
|
type: string
|
|
internalPort:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: iptables-snat-rules.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: iptables-snat-rules
|
|
singular: iptables-snat-rule
|
|
shortNames:
|
|
- snat
|
|
kind: IptablesSnatRule
|
|
listKind: IptablesSnatRuleList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
additionalPrinterColumns:
|
|
- jsonPath: .spec.eip
|
|
name: EIP
|
|
type: string
|
|
- jsonPath: .status.v4ip
|
|
name: V4ip
|
|
type: string
|
|
- jsonPath: .status.v6ip
|
|
name: V6ip
|
|
type: string
|
|
- jsonPath: .spec.internalCIDR
|
|
name: InternalCIDR
|
|
type: string
|
|
- jsonPath: .status.natGwDp
|
|
name: NatGwDp
|
|
type: string
|
|
- jsonPath: .status.ready
|
|
name: Ready
|
|
type: boolean
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
v4ip:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
natGwDp:
|
|
type: string
|
|
redo:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
eip:
|
|
type: string
|
|
internalCIDR:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: vpcs.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- additionalPrinterColumns:
|
|
- jsonPath: .status.standby
|
|
name: Standby
|
|
type: boolean
|
|
- jsonPath: .status.subnets
|
|
name: Subnets
|
|
type: string
|
|
- jsonPath: .spec.namespaces
|
|
name: Namespaces
|
|
type: string
|
|
name: v1
|
|
schema:
|
|
openAPIV3Schema:
|
|
properties:
|
|
spec:
|
|
properties:
|
|
namespaces:
|
|
items:
|
|
type: string
|
|
type: array
|
|
staticRoutes:
|
|
items:
|
|
properties:
|
|
policy:
|
|
type: string
|
|
cidr:
|
|
type: string
|
|
nextHopIP:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
policyRoutes:
|
|
items:
|
|
properties:
|
|
priority:
|
|
type: integer
|
|
action:
|
|
type: string
|
|
match:
|
|
type: string
|
|
nextHopIP:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
vpcPeerings:
|
|
items:
|
|
properties:
|
|
remoteVpc:
|
|
type: string
|
|
localConnectIP:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
properties:
|
|
conditions:
|
|
items:
|
|
properties:
|
|
lastTransitionTime:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
message:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
status:
|
|
type: string
|
|
type:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
default:
|
|
type: boolean
|
|
defaultLogicalSwitch:
|
|
type: string
|
|
router:
|
|
type: string
|
|
standby:
|
|
type: boolean
|
|
subnets:
|
|
items:
|
|
type: string
|
|
type: array
|
|
vpcPeerings:
|
|
items:
|
|
type: string
|
|
type: array
|
|
tcpLoadBalancer:
|
|
type: string
|
|
tcpSessionLoadBalancer:
|
|
type: string
|
|
udpLoadBalancer:
|
|
type: string
|
|
udpSessionLoadBalancer:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
names:
|
|
kind: Vpc
|
|
listKind: VpcList
|
|
plural: vpcs
|
|
shortNames:
|
|
- vpc
|
|
singular: vpc
|
|
scope: Cluster
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: ips.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
additionalPrinterColumns:
|
|
- name: V4IP
|
|
type: string
|
|
jsonPath: .spec.v4IpAddress
|
|
- name: V6IP
|
|
type: string
|
|
jsonPath: .spec.v6IpAddress
|
|
- name: Mac
|
|
type: string
|
|
jsonPath: .spec.macAddress
|
|
- name: Node
|
|
type: string
|
|
jsonPath: .spec.nodeName
|
|
- name: Subnet
|
|
type: string
|
|
jsonPath: .spec.subnet
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
podName:
|
|
type: string
|
|
namespace:
|
|
type: string
|
|
subnet:
|
|
type: string
|
|
attachSubnets:
|
|
type: array
|
|
items:
|
|
type: string
|
|
nodeName:
|
|
type: string
|
|
ipAddress:
|
|
type: string
|
|
v4IpAddress:
|
|
type: string
|
|
v6IpAddress:
|
|
type: string
|
|
attachIps:
|
|
type: array
|
|
items:
|
|
type: string
|
|
macAddress:
|
|
type: string
|
|
attachMacs:
|
|
type: array
|
|
items:
|
|
type: string
|
|
containerID:
|
|
type: string
|
|
podType:
|
|
type: string
|
|
scope: Cluster
|
|
names:
|
|
plural: ips
|
|
singular: ip
|
|
kind: IP
|
|
shortNames:
|
|
- ip
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: vips.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: vips
|
|
singular: vip
|
|
shortNames:
|
|
- vip
|
|
kind: Vip
|
|
listKind: VipList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
additionalPrinterColumns:
|
|
- name: V4IP
|
|
type: string
|
|
jsonPath: .spec.v4ip
|
|
- name: PV4IP
|
|
type: string
|
|
jsonPath: .spec.parentV4ip
|
|
- name: Mac
|
|
type: string
|
|
jsonPath: .spec.macAddress
|
|
- name: PMac
|
|
type: string
|
|
jsonPath: .spec.ParentMac
|
|
- name: V6IP
|
|
type: string
|
|
jsonPath: .spec.v6ip
|
|
- name: PV6IP
|
|
type: string
|
|
jsonPath: .spec.parentV6ip
|
|
- name: Subnet
|
|
type: string
|
|
jsonPath: .spec.subnet
|
|
- jsonPath: .status.ready
|
|
name: Ready
|
|
type: boolean
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
v4ip:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
mac:
|
|
type: string
|
|
pv4ip:
|
|
type: string
|
|
pv6ip:
|
|
type: string
|
|
pmac:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
namespace:
|
|
type: string
|
|
subnet:
|
|
type: string
|
|
attachSubnets:
|
|
type: array
|
|
items:
|
|
type: string
|
|
v4ip:
|
|
type: string
|
|
macAddress:
|
|
type: string
|
|
v6ip:
|
|
type: string
|
|
parentV4ip:
|
|
type: string
|
|
parentMac:
|
|
type: string
|
|
parentV6ip:
|
|
type: string
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: subnets.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
additionalPrinterColumns:
|
|
- name: Provider
|
|
type: string
|
|
jsonPath: .spec.provider
|
|
- name: Vpc
|
|
type: string
|
|
jsonPath: .spec.vpc
|
|
- name: Protocol
|
|
type: string
|
|
jsonPath: .spec.protocol
|
|
- name: CIDR
|
|
type: string
|
|
jsonPath: .spec.cidrBlock
|
|
- name: Private
|
|
type: boolean
|
|
jsonPath: .spec.private
|
|
- name: NAT
|
|
type: boolean
|
|
jsonPath: .spec.natOutgoing
|
|
- name: Default
|
|
type: boolean
|
|
jsonPath: .spec.default
|
|
- name: GatewayType
|
|
type: string
|
|
jsonPath: .spec.gatewayType
|
|
- name: V4Used
|
|
type: number
|
|
jsonPath: .status.v4usingIPs
|
|
- name: V4Available
|
|
type: number
|
|
jsonPath: .status.v4availableIPs
|
|
- name: V6Used
|
|
type: number
|
|
jsonPath: .status.v6usingIPs
|
|
- name: V6Available
|
|
type: number
|
|
jsonPath: .status.v6availableIPs
|
|
- name: ExcludeIPs
|
|
type: string
|
|
jsonPath: .spec.excludeIps
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
status:
|
|
type: object
|
|
properties:
|
|
v4availableIPs:
|
|
type: number
|
|
v4usingIPs:
|
|
type: number
|
|
v6availableIPs:
|
|
type: number
|
|
v6usingIPs:
|
|
type: number
|
|
activateGateway:
|
|
type: string
|
|
dhcpV4OptionsUUID:
|
|
type: string
|
|
dhcpV6OptionsUUID:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
spec:
|
|
type: object
|
|
properties:
|
|
vpc:
|
|
type: string
|
|
default:
|
|
type: boolean
|
|
protocol:
|
|
type: string
|
|
enum:
|
|
- IPv4
|
|
- IPv6
|
|
- Dual
|
|
cidrBlock:
|
|
type: string
|
|
namespaces:
|
|
type: array
|
|
items:
|
|
type: string
|
|
gateway:
|
|
type: string
|
|
provider:
|
|
type: string
|
|
excludeIps:
|
|
type: array
|
|
items:
|
|
type: string
|
|
vips:
|
|
type: array
|
|
items:
|
|
type: string
|
|
gatewayType:
|
|
type: string
|
|
allowSubnets:
|
|
type: array
|
|
items:
|
|
type: string
|
|
gatewayNode:
|
|
type: string
|
|
natOutgoing:
|
|
type: boolean
|
|
externalEgressGateway:
|
|
type: string
|
|
policyRoutingPriority:
|
|
type: integer
|
|
minimum: 1
|
|
maximum: 32765
|
|
policyRoutingTableID:
|
|
type: integer
|
|
minimum: 1
|
|
maximum: 2147483647
|
|
not:
|
|
enum:
|
|
- 252 # compat
|
|
- 253 # default
|
|
- 254 # main
|
|
- 255 # local
|
|
private:
|
|
type: boolean
|
|
vlan:
|
|
type: string
|
|
logicalGateway:
|
|
type: boolean
|
|
disableGatewayCheck:
|
|
type: boolean
|
|
disableInterConnection:
|
|
type: boolean
|
|
htbqos:
|
|
type: string
|
|
enableDHCP:
|
|
type: boolean
|
|
dhcpV4Options:
|
|
type: string
|
|
dhcpV6Options:
|
|
type: string
|
|
enableIPv6RA:
|
|
type: boolean
|
|
ipv6RAConfigs:
|
|
type: string
|
|
acls:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
direction:
|
|
type: string
|
|
enum:
|
|
- from-lport
|
|
- to-lport
|
|
priority:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 32767
|
|
match:
|
|
type: string
|
|
action:
|
|
type: string
|
|
enum:
|
|
- allow-related
|
|
- allow-stateless
|
|
- allow
|
|
- drop
|
|
- reject
|
|
scope: Cluster
|
|
names:
|
|
plural: subnets
|
|
singular: subnet
|
|
kind: Subnet
|
|
shortNames:
|
|
- subnet
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: vlans.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
id:
|
|
type: integer
|
|
minimum: 0
|
|
maximum: 4095
|
|
provider:
|
|
type: string
|
|
vlanId:
|
|
type: integer
|
|
description: Deprecated in favor of id
|
|
providerInterfaceName:
|
|
type: string
|
|
description: Deprecated in favor of provider
|
|
required:
|
|
- provider
|
|
status:
|
|
type: object
|
|
properties:
|
|
subnets:
|
|
type: array
|
|
items:
|
|
type: string
|
|
additionalPrinterColumns:
|
|
- name: ID
|
|
type: string
|
|
jsonPath: .spec.id
|
|
- name: Provider
|
|
type: string
|
|
jsonPath: .spec.provider
|
|
scope: Cluster
|
|
names:
|
|
plural: vlans
|
|
singular: vlan
|
|
kind: Vlan
|
|
shortNames:
|
|
- vlan
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: provider-networks.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
metadata:
|
|
type: object
|
|
properties:
|
|
name:
|
|
type: string
|
|
maxLength: 12
|
|
not:
|
|
enum:
|
|
- int
|
|
- external
|
|
spec:
|
|
type: object
|
|
properties:
|
|
defaultInterface:
|
|
type: string
|
|
maxLength: 15
|
|
pattern: '^[^/\s]+$'
|
|
customInterfaces:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
interface:
|
|
type: string
|
|
maxLength: 15
|
|
pattern: '^[^/\s]+$'
|
|
nodes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
exchangeLinkName:
|
|
type: boolean
|
|
excludeNodes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
required:
|
|
- defaultInterface
|
|
status:
|
|
type: object
|
|
properties:
|
|
ready:
|
|
type: boolean
|
|
readyNodes:
|
|
type: array
|
|
items:
|
|
type: string
|
|
vlans:
|
|
type: array
|
|
items:
|
|
type: string
|
|
conditions:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
node:
|
|
type: string
|
|
type:
|
|
type: string
|
|
status:
|
|
type: string
|
|
reason:
|
|
type: string
|
|
message:
|
|
type: string
|
|
lastUpdateTime:
|
|
type: string
|
|
lastTransitionTime:
|
|
type: string
|
|
additionalPrinterColumns:
|
|
- name: DefaultInterface
|
|
type: string
|
|
jsonPath: .spec.defaultInterface
|
|
- name: Ready
|
|
type: boolean
|
|
jsonPath: .status.ready
|
|
scope: Cluster
|
|
names:
|
|
plural: provider-networks
|
|
singular: provider-network
|
|
kind: ProviderNetwork
|
|
listKind: ProviderNetworkList
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: security-groups.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
names:
|
|
plural: security-groups
|
|
singular: security-group
|
|
shortNames:
|
|
- sg
|
|
kind: SecurityGroup
|
|
listKind: SecurityGroupList
|
|
scope: Cluster
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
ingressRules:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
ipVersion:
|
|
type: string
|
|
protocol:
|
|
type: string
|
|
priority:
|
|
type: integer
|
|
remoteType:
|
|
type: string
|
|
remoteAddress:
|
|
type: string
|
|
remoteSecurityGroup:
|
|
type: string
|
|
portRangeMin:
|
|
type: integer
|
|
portRangeMax:
|
|
type: integer
|
|
policy:
|
|
type: string
|
|
egressRules:
|
|
type: array
|
|
items:
|
|
type: object
|
|
properties:
|
|
ipVersion:
|
|
type: string
|
|
protocol:
|
|
type: string
|
|
priority:
|
|
type: integer
|
|
remoteType:
|
|
type: string
|
|
remoteAddress:
|
|
type: string
|
|
remoteSecurityGroup:
|
|
type: string
|
|
portRangeMin:
|
|
type: integer
|
|
portRangeMax:
|
|
type: integer
|
|
policy:
|
|
type: string
|
|
allowSameGroupTraffic:
|
|
type: boolean
|
|
status:
|
|
type: object
|
|
properties:
|
|
portGroup:
|
|
type: string
|
|
allowSameGroupTraffic:
|
|
type: boolean
|
|
ingressMd5:
|
|
type: string
|
|
egressMd5:
|
|
type: string
|
|
ingressLastSyncSuccess:
|
|
type: boolean
|
|
egressLastSyncSuccess:
|
|
type: boolean
|
|
subresources:
|
|
status: {}
|
|
conversion:
|
|
strategy: None
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
name: htbqoses.kubeovn.io
|
|
spec:
|
|
group: kubeovn.io
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
additionalPrinterColumns:
|
|
- name: PRIORITY
|
|
type: string
|
|
jsonPath: .spec.priority
|
|
schema:
|
|
openAPIV3Schema:
|
|
type: object
|
|
properties:
|
|
spec:
|
|
type: object
|
|
properties:
|
|
priority:
|
|
type: string # Value in range 0 to 4,294,967,295.
|
|
scope: Cluster
|
|
names:
|
|
plural: htbqoses
|
|
singular: htbqos
|
|
kind: HtbQos
|
|
shortNames:
|
|
- htbqos
|
|
`)))
|
|
|
|
OVN = template.Must(template.New("ovn.yaml").Parse(
|
|
dedent.Dedent(`---
|
|
{{ if .DpdkMode }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: ovn
|
|
namespace: kube-system
|
|
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
annotations:
|
|
rbac.authorization.k8s.io/system-only: "true"
|
|
name: system:ovn
|
|
rules:
|
|
- apiGroups: ['policy']
|
|
resources: ['podsecuritypolicies']
|
|
verbs: ['use']
|
|
resourceNames:
|
|
- kube-ovn
|
|
- apiGroups:
|
|
- "kubeovn.io"
|
|
resources:
|
|
- vpcs
|
|
- vpcs/status
|
|
- vpc-nat-gateways
|
|
- subnets
|
|
- subnets/status
|
|
- ips
|
|
- vips
|
|
- vips/status
|
|
- vlans
|
|
- vlans/status
|
|
- provider-networks
|
|
- provider-networks/status
|
|
- security-groups
|
|
- security-groups/status
|
|
- htbqoses
|
|
- iptables-eips
|
|
- iptables-fip-rules
|
|
- iptables-dnat-rules
|
|
- iptables-snat-rules
|
|
- iptables-eips/status
|
|
- iptables-fip-rules/status
|
|
- iptables-dnat-rules/status
|
|
- iptables-snat-rules/status
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
- pods/exec
|
|
- namespaces
|
|
- nodes
|
|
- configmaps
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- "k8s.cni.cncf.io"
|
|
resources:
|
|
- network-attachment-definitions
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
- networking.k8s.io
|
|
- apps
|
|
- extensions
|
|
resources:
|
|
- networkpolicies
|
|
- services
|
|
- endpoints
|
|
- statefulsets
|
|
- daemonsets
|
|
- deployments
|
|
- deployments/scale
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- update
|
|
- patch
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- "k8s.cni.cncf.io"
|
|
resources:
|
|
- network-attachment-definitions
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- update
|
|
- apiGroups:
|
|
- "kubevirt.io"
|
|
resources:
|
|
- virtualmachines
|
|
- virtualmachineinstances
|
|
verbs:
|
|
- get
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: ovn
|
|
roleRef:
|
|
name: system:ovn
|
|
kind: ClusterRole
|
|
apiGroup: rbac.authorization.k8s.io
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: ovn
|
|
namespace: kube-system
|
|
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-nb
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-nb
|
|
protocol: TCP
|
|
port: 6641
|
|
targetPort: 6641
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-nb-leader: "true"
|
|
sessionAffinity: None
|
|
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-sb
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-sb
|
|
protocol: TCP
|
|
port: 6642
|
|
targetPort: 6642
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-sb-leader: "true"
|
|
sessionAffinity: None
|
|
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-northd
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-northd
|
|
protocol: TCP
|
|
port: 6643
|
|
targetPort: 6643
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-northd-leader: "true"
|
|
sessionAffinity: None
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: ovn-central
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
OVN components: northd, nb and sb.
|
|
spec:
|
|
replicas: {{ .Count }}
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app: ovn-central
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ovn-central
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: ovn-central
|
|
topologyKey: kubernetes.io/hostname
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
containers:
|
|
- name: ovn-central
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/start-db.sh"]
|
|
securityContext:
|
|
capabilities:
|
|
add: ["SYS_NICE"]
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: NODE_IPS
|
|
value: {{ .Address }}
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
resources:
|
|
requests:
|
|
cpu: 300m
|
|
memory: 300Mi
|
|
limits:
|
|
cpu: 3
|
|
memory: 4Gi
|
|
volumeMounts:
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
readOnly: true
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /etc/ovn
|
|
name: host-config-ovn
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovn-healthcheck.sh
|
|
periodSeconds: 15
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovn-healthcheck.sh
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 15
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
kube-ovn/role: "master"
|
|
volumes:
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-config-ovn
|
|
hostPath:
|
|
path: /etc/origin/ovn
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: ovs-ovn
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
This daemon set launches the openvswitch daemon.
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: ovs
|
|
updateStrategy:
|
|
type: OnDelete
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ovs
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
hostPID: true
|
|
containers:
|
|
- name: openvswitch
|
|
image: "kubeovn/kube-ovn-dpdk:{{ .DpdkVersion }}-{{ .OvnVersion }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/start-ovs-dpdk.sh"]
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: true
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: KUBE_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: OVN_DB_IPS
|
|
value: {{ .Address }}
|
|
volumeMounts:
|
|
- mountPath: /var/run/netns
|
|
name: host-ns
|
|
mountPropagation: HostToContainer
|
|
- mountPath: /lib/modules
|
|
name: host-modules
|
|
readOnly: true
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
readOnly: true
|
|
- mountPath: /etc/cni/net.d
|
|
name: cni-conf
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /etc/ovn
|
|
name: host-config-ovn
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /opt/ovs-config
|
|
name: host-config-ovs
|
|
- mountPath: /dev/hugepages
|
|
name: hugepage
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovs-dpdk-healthcheck.sh
|
|
periodSeconds: 5
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovs-dpdk-healthcheck.sh
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 5
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
resources:
|
|
requests:
|
|
cpu: 1000m
|
|
memory: 2Gi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 2Gi
|
|
hugepages-1Gi: 1Gi
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
ovn.kubernetes.io/ovs_dp_type: "kernel"
|
|
volumes:
|
|
- name: host-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: host-ns
|
|
hostPath:
|
|
path: /var/run/netns
|
|
- name: cni-conf
|
|
hostPath:
|
|
path: /etc/cni/net.d
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-config-ovn
|
|
hostPath:
|
|
path: /etc/origin/ovn
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: host-config-ovs
|
|
hostPath:
|
|
path: /opt/ovs-config
|
|
type: DirectoryOrCreate
|
|
- name: hugepage
|
|
emptyDir:
|
|
medium: HugePages
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
{{ else }}
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: ovn
|
|
namespace: kube-system
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
annotations:
|
|
rbac.authorization.k8s.io/system-only: "true"
|
|
name: system:ovn
|
|
rules:
|
|
- apiGroups: ['policy']
|
|
resources: ['podsecuritypolicies']
|
|
verbs: ['use']
|
|
resourceNames:
|
|
- kube-ovn
|
|
- apiGroups:
|
|
- "kubeovn.io"
|
|
resources:
|
|
- vpcs
|
|
- vpcs/status
|
|
- vpc-nat-gateways
|
|
- subnets
|
|
- subnets/status
|
|
- ips
|
|
- vips
|
|
- vips/status
|
|
- vlans
|
|
- vlans/status
|
|
- provider-networks
|
|
- provider-networks/status
|
|
- security-groups
|
|
- security-groups/status
|
|
- htbqoses
|
|
- iptables-eips
|
|
- iptables-fip-rules
|
|
- iptables-dnat-rules
|
|
- iptables-snat-rules
|
|
- iptables-eips/status
|
|
- iptables-fip-rules/status
|
|
- iptables-dnat-rules/status
|
|
- iptables-snat-rules/status
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- pods
|
|
- pods/exec
|
|
- namespaces
|
|
- nodes
|
|
- configmaps
|
|
verbs:
|
|
- create
|
|
- get
|
|
- list
|
|
- watch
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- ""
|
|
- networking.k8s.io
|
|
- apps
|
|
- extensions
|
|
resources:
|
|
- networkpolicies
|
|
- services
|
|
- endpoints
|
|
- statefulsets
|
|
- daemonsets
|
|
- deployments
|
|
- deployments/scale
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- update
|
|
- patch
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
- update
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- "*"
|
|
- apiGroups:
|
|
- "k8s.cni.cncf.io"
|
|
resources:
|
|
- network-attachment-definitions
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- update
|
|
- apiGroups:
|
|
- "kubevirt.io"
|
|
resources:
|
|
- virtualmachines
|
|
- virtualmachineinstances
|
|
verbs:
|
|
- get
|
|
- list
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: ovn
|
|
roleRef:
|
|
name: system:ovn
|
|
kind: ClusterRole
|
|
apiGroup: rbac.authorization.k8s.io
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: ovn
|
|
namespace: kube-system
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-nb
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-nb
|
|
protocol: TCP
|
|
port: 6641
|
|
targetPort: 6641
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-nb-leader: "true"
|
|
sessionAffinity: None
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-sb
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-sb
|
|
protocol: TCP
|
|
port: 6642
|
|
targetPort: 6642
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-sb-leader: "true"
|
|
sessionAffinity: None
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: ovn-northd
|
|
namespace: kube-system
|
|
spec:
|
|
ports:
|
|
- name: ovn-northd
|
|
protocol: TCP
|
|
port: 6643
|
|
targetPort: 6643
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: ovn-central
|
|
ovn-northd-leader: "true"
|
|
sessionAffinity: None
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: ovn-central
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
OVN components: northd, nb and sb.
|
|
spec:
|
|
replicas: {{ .Count }}
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 0
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app: ovn-central
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ovn-central
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: ovn-central
|
|
topologyKey: kubernetes.io/hostname
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
containers:
|
|
- name: ovn-central
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/start-db.sh"]
|
|
securityContext:
|
|
capabilities:
|
|
add: ["SYS_NICE"]
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: NODE_IPS
|
|
value: {{ .Address }}
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: POD_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
resources:
|
|
requests:
|
|
cpu: 300m
|
|
memory: 200Mi
|
|
limits:
|
|
cpu: 3
|
|
memory: 4Gi
|
|
volumeMounts:
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
readOnly: true
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /etc/ovn
|
|
name: host-config-ovn
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovn-healthcheck.sh
|
|
periodSeconds: 15
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovn-healthcheck.sh
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 15
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
kube-ovn/role: "master"
|
|
volumes:
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-config-ovn
|
|
hostPath:
|
|
path: /etc/origin/ovn
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: ovs-ovn
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
This daemon set launches the openvswitch daemon.
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: ovs
|
|
updateStrategy:
|
|
type: OnDelete
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: ovs
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
hostPID: true
|
|
containers:
|
|
- name: openvswitch
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/start-ovs.sh"]
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: true
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: HW_OFFLOAD
|
|
value: "{{ .HwOffload }}"
|
|
- name: TUNNEL_TYPE
|
|
value: "{{ .TunnelType }}"
|
|
- name: KUBE_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: OVN_DB_IPS
|
|
value: {{ .Address }}
|
|
volumeMounts:
|
|
- mountPath: /var/run/netns
|
|
name: host-ns
|
|
mountPropagation: HostToContainer
|
|
- mountPath: /lib/modules
|
|
name: host-modules
|
|
readOnly: true
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
readOnly: true
|
|
- mountPath: /etc/cni/net.d
|
|
name: cni-conf
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /etc/ovn
|
|
name: host-config-ovn
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- -c
|
|
- LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
|
|
periodSeconds: 5
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- bash
|
|
- /kube-ovn/ovs-healthcheck.sh
|
|
initialDelaySeconds: 60
|
|
periodSeconds: 5
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 200Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1000Mi
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
volumes:
|
|
- name: host-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: host-ns
|
|
hostPath:
|
|
path: /var/run/netns
|
|
- name: cni-conf
|
|
hostPath:
|
|
path: /etc/cni/net.d
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-config-ovn
|
|
hostPath:
|
|
path: /etc/origin/ovn
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
{{ end }}`)))
|
|
|
|
KubeOvn = template.Must(template.New("kube-ovn.yaml").Parse(
|
|
dedent.Dedent(`---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: kube-ovn-controller
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
kube-ovn controller
|
|
spec:
|
|
replicas: {{ .Count }}
|
|
selector:
|
|
matchLabels:
|
|
app: kube-ovn-controller
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 0%
|
|
maxUnavailable: 100%
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: kube-ovn-controller
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: kube-ovn-controller
|
|
topologyKey: kubernetes.io/hostname
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-ovn-controller
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
args:
|
|
- /kube-ovn/start-controller.sh
|
|
- --default-cidr={{ .PodCIDR }}
|
|
- --default-gateway={{ .PodGateway }}
|
|
- --default-gateway-check={{ .CheckGateway }}
|
|
- --default-logical-gateway={{ .LogicalGateway }}
|
|
- --default-exclude-ips={{ .ExcludeIps }}
|
|
- --node-switch-cidr={{ .JoinCIDR }}
|
|
- --service-cluster-ip-range={{ .SvcCIDR }}
|
|
- --network-type={{ .NetworkType }}
|
|
- --default-interface-name={{ .VlanInterfaceName }}
|
|
- --default-vlan-id={{ .VlanID }}
|
|
- --pod-nic-type={{ .PodNicType }}
|
|
- --enable-lb={{ .EnableLB }}
|
|
- --enable-np={{ .EnableNP }}
|
|
- --enable-eip-snat={{ .EnableEipSnat }}
|
|
- --enable-external-vpc={{ .EnableExternalVPC }}
|
|
- --logtostderr=false
|
|
- --alsologtostderr=true
|
|
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
|
|
- --log_file_max_size=0
|
|
- --keep-vm-ip=true
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: KUBE_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
- name: KUBE_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: OVN_DB_IPS
|
|
value: {{ .Address }}
|
|
volumeMounts:
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/log/kube-ovn
|
|
name: kube-ovn-log
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- /kube-ovn/kube-ovn-controller-healthcheck
|
|
periodSeconds: 3
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- /kube-ovn/kube-ovn-controller-healthcheck
|
|
initialDelaySeconds: 300
|
|
periodSeconds: 7
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 200Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
volumes:
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-log
|
|
hostPath:
|
|
path: /var/log/kube-ovn
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: kube-ovn-cni
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
This daemon set launches the kube-ovn cni daemon.
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: kube-ovn-cni
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: kube-ovn-cni
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- effect: NoExecute
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
hostPID: true
|
|
initContainers:
|
|
- name: install-cni
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/install-cni.sh"]
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: true
|
|
volumeMounts:
|
|
- mountPath: /opt/cni/bin
|
|
name: cni-bin
|
|
containers:
|
|
- name: cni-server
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- bash
|
|
- /kube-ovn/start-cniserver.sh
|
|
args:
|
|
- --enable-mirror={{ .EnableMirror }}
|
|
- --encap-checksum=true
|
|
- --service-cluster-ip-range={{ .SvcCIDR }}
|
|
- --iface={{ .Iface }}
|
|
- --dpdk-tunnel-iface={{ .DpdkTunnelIface }}
|
|
- --network-type={{ .TunnelType }}
|
|
- --default-interface-name={{ .VlanInterfaceName }}
|
|
- --cni-conf-name={{ .CNIConfigPriority }}-kube-ovn.conflist
|
|
- --logtostderr=false
|
|
- --alsologtostderr=true
|
|
- --log_file=/var/log/kube-ovn/kube-ovn-cni.log
|
|
- --log_file_max_size=0
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: true
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: KUBE_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
- name: MODULES
|
|
value: {{ .Modules }}
|
|
- name: RPMS
|
|
value: {{ .RPMs }}
|
|
volumeMounts:
|
|
- name: host-modules
|
|
mountPath: /lib/modules
|
|
readOnly: true
|
|
- name: shared-dir
|
|
mountPath: /var/lib/kubelet/pods
|
|
- mountPath: /etc/openvswitch
|
|
name: systemid
|
|
- mountPath: /etc/cni/net.d
|
|
name: cni-conf
|
|
- mountPath: /run/openvswitch
|
|
name: host-run-ovs
|
|
mountPropagation: Bidirectional
|
|
- mountPath: /run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /var/run/netns
|
|
name: host-ns
|
|
mountPropagation: HostToContainer
|
|
- mountPath: /var/log/kube-ovn
|
|
name: kube-ovn-log
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /tmp
|
|
name: tmp
|
|
livenessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 7
|
|
successThreshold: 1
|
|
tcpSocket:
|
|
port: 10665
|
|
timeoutSeconds: 3
|
|
readinessProbe:
|
|
failureThreshold: 3
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 7
|
|
successThreshold: 1
|
|
tcpSocket:
|
|
port: 10665
|
|
timeoutSeconds: 3
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
limits:
|
|
cpu: 1000m
|
|
memory: 1Gi
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
volumes:
|
|
- name: host-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: shared-dir
|
|
hostPath:
|
|
path: /var/lib/kubelet/pods
|
|
- name: systemid
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: cni-conf
|
|
hostPath:
|
|
path: /etc/cni/net.d
|
|
- name: cni-bin
|
|
hostPath:
|
|
path: /opt/cni/bin
|
|
- name: host-ns
|
|
hostPath:
|
|
path: /var/run/netns
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: kube-ovn-log
|
|
hostPath:
|
|
path: /var/log/kube-ovn
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: tmp
|
|
hostPath:
|
|
path: /tmp
|
|
|
|
---
|
|
kind: DaemonSet
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: kube-ovn-pinger
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
This daemon set launches the openvswitch daemon.
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: kube-ovn-pinger
|
|
updateStrategy:
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: kube-ovn-pinger
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
serviceAccountName: ovn
|
|
hostPID: true
|
|
containers:
|
|
- name: pinger
|
|
image: "{{ .KubeovnImage }}"
|
|
command:
|
|
- /kube-ovn/kube-ovn-pinger
|
|
args:
|
|
- --external-address={{ .PingExternalAddress }}
|
|
- --external-dns={{ .PingExternalDNS }}
|
|
- --logtostderr=false
|
|
- --alsologtostderr=true
|
|
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
|
|
- --log_file_max_size=0
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: false
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: POD_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.podIP
|
|
- name: HOST_IP
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: status.hostIP
|
|
- name: POD_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.name
|
|
- name: NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
volumeMounts:
|
|
- mountPath: /lib/modules
|
|
name: host-modules
|
|
readOnly: true
|
|
- mountPath: /run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /sys
|
|
name: host-sys
|
|
readOnly: true
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /var/log/kube-ovn
|
|
name: kube-ovn-log
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 100Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 400Mi
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
volumes:
|
|
- name: host-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-sys
|
|
hostPath:
|
|
path: /sys
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: kube-ovn-log
|
|
hostPath:
|
|
path: /var/log/kube-ovn
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
---
|
|
kind: Deployment
|
|
apiVersion: apps/v1
|
|
metadata:
|
|
name: kube-ovn-monitor
|
|
namespace: kube-system
|
|
annotations:
|
|
kubernetes.io/description: |
|
|
Metrics for OVN components: northd, nb and sb.
|
|
spec:
|
|
replicas: 1
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 1
|
|
type: RollingUpdate
|
|
selector:
|
|
matchLabels:
|
|
app: kube-ovn-monitor
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: kube-ovn-monitor
|
|
component: network
|
|
type: infra
|
|
spec:
|
|
tolerations:
|
|
- effect: NoSchedule
|
|
operator: Exists
|
|
- key: CriticalAddonsOnly
|
|
operator: Exists
|
|
affinity:
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app: kube-ovn-monitor
|
|
topologyKey: kubernetes.io/hostname
|
|
priorityClassName: system-cluster-critical
|
|
serviceAccountName: ovn
|
|
hostNetwork: true
|
|
containers:
|
|
- name: kube-ovn-monitor
|
|
image: "{{ .KubeovnImage }}"
|
|
imagePullPolicy: IfNotPresent
|
|
command: ["/kube-ovn/start-ovn-monitor.sh"]
|
|
securityContext:
|
|
runAsUser: 0
|
|
privileged: false
|
|
env:
|
|
- name: ENABLE_SSL
|
|
value: "{{ .EnableSSL }}"
|
|
- name: KUBE_NODE_NAME
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: spec.nodeName
|
|
resources:
|
|
requests:
|
|
cpu: 200m
|
|
memory: 200Mi
|
|
limits:
|
|
cpu: 200m
|
|
memory: 200Mi
|
|
volumeMounts:
|
|
- mountPath: /var/run/openvswitch
|
|
name: host-run-ovs
|
|
- mountPath: /var/run/ovn
|
|
name: host-run-ovn
|
|
- mountPath: /etc/openvswitch
|
|
name: host-config-openvswitch
|
|
- mountPath: /etc/ovn
|
|
name: host-config-ovn
|
|
- mountPath: /var/log/openvswitch
|
|
name: host-log-ovs
|
|
- mountPath: /var/log/ovn
|
|
name: host-log-ovn
|
|
- mountPath: /etc/localtime
|
|
name: localtime
|
|
- mountPath: /var/run/tls
|
|
name: kube-ovn-tls
|
|
readinessProbe:
|
|
exec:
|
|
command:
|
|
- cat
|
|
- /var/run/ovn/ovn-controller.pid
|
|
periodSeconds: 10
|
|
timeoutSeconds: 45
|
|
livenessProbe:
|
|
exec:
|
|
command:
|
|
- cat
|
|
- /var/run/ovn/ovn-controller.pid
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 10
|
|
failureThreshold: 5
|
|
timeoutSeconds: 45
|
|
nodeSelector:
|
|
kubernetes.io/os: "linux"
|
|
kube-ovn/role: "master"
|
|
volumes:
|
|
- name: host-run-ovs
|
|
hostPath:
|
|
path: /run/openvswitch
|
|
- name: host-run-ovn
|
|
hostPath:
|
|
path: /run/ovn
|
|
- name: host-config-openvswitch
|
|
hostPath:
|
|
path: /etc/origin/openvswitch
|
|
- name: host-config-ovn
|
|
hostPath:
|
|
path: /etc/origin/ovn
|
|
- name: host-log-ovs
|
|
hostPath:
|
|
path: /var/log/openvswitch
|
|
- name: host-log-ovn
|
|
hostPath:
|
|
path: /var/log/ovn
|
|
- name: localtime
|
|
hostPath:
|
|
path: /etc/localtime
|
|
- name: kube-ovn-tls
|
|
secret:
|
|
optional: true
|
|
secretName: kube-ovn-tls
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: kube-ovn-monitor
|
|
namespace: kube-system
|
|
labels:
|
|
app: kube-ovn-monitor
|
|
spec:
|
|
ports:
|
|
- name: metrics
|
|
port: 10661
|
|
type: ClusterIP
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: kube-ovn-monitor
|
|
sessionAffinity: None
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: kube-ovn-pinger
|
|
namespace: kube-system
|
|
labels:
|
|
app: kube-ovn-pinger
|
|
spec:
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: kube-ovn-pinger
|
|
ports:
|
|
- port: 8080
|
|
name: metrics
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: kube-ovn-controller
|
|
namespace: kube-system
|
|
labels:
|
|
app: kube-ovn-controller
|
|
spec:
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: kube-ovn-controller
|
|
ports:
|
|
- port: 10660
|
|
name: metrics
|
|
---
|
|
kind: Service
|
|
apiVersion: v1
|
|
metadata:
|
|
name: kube-ovn-cni
|
|
namespace: kube-system
|
|
labels:
|
|
app: kube-ovn-cni
|
|
spec:
|
|
{{ .SvcYamlIpfamilypolicy }}
|
|
selector:
|
|
app: kube-ovn-cni
|
|
ports:
|
|
- port: 10665
|
|
name: metrics`)))
|
|
)
|