From 33bc23cfca06b98c20b8b7997cea3846c6d12d94 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 1 Apr 2024 17:42:51 +0200 Subject: [PATCH] Introduce bundles (#53) * bundles * Allow overriding values by prividng values-: in cozystack-config * match bundle-name from cozystack-config * add extra bundles --- packages/core/platform/Makefile | 2 +- .../core/platform/bundles/full-distro.yaml | 96 + packages/core/platform/bundles/full-paas.yaml | 177 ++ .../core/platform/bundles/hosted-distro.yaml | 69 + .../core/platform/bundles/hosted-paas.yaml | 95 + packages/core/platform/templates/_helpers.tpl | 2 +- .../core/platform/templates/helmreleases.yaml | 770 +---- .../core/platform/templates/namespaces.yaml | 22 +- packages/core/platform/values.yaml | 30 - packages/system/kubeovn/Makefile | 1 - .../charts/kube-ovn/kube-ovn/Chart.yaml | 24 + .../charts/kube-ovn/kube-ovn/README.md | 42 + .../kube-ovn/kube-ovn/templates/_helpers.tpl | 54 + .../kube-ovn/templates/central-deploy.yaml | 161 + .../kube-ovn/templates/controller-deploy.yaml | 190 ++ .../kube-ovn/templates/controller-svc.yaml | 16 + .../templates/ic-controller-deploy.yaml | 109 + .../kube-ovn/templates/kube-ovn-crd.yaml | 2591 +++++++++++++++++ .../kube-ovn/templates/monitor-deploy.yaml | 139 + .../kube-ovn/templates/monitor-svc.yaml | 18 + .../kube-ovn/kube-ovn/templates/nb-svc.yaml | 19 + .../kube-ovn/templates/northd-svc.yaml | 19 + .../kube-ovn/kube-ovn/templates/ovn-CR.yaml | 256 ++ .../kube-ovn/kube-ovn/templates/ovn-CRB.yaml | 54 + .../kube-ovn/templates/ovn-dpdk-ds.yaml | 164 ++ .../kube-ovn/kube-ovn/templates/ovn-sa.yaml | 34 + .../kube-ovn/templates/ovn-tls-secret.yaml | 23 + .../kube-ovn/templates/ovncni-ds.yaml | 206 ++ .../kube-ovn/templates/ovncni-svc.yaml | 16 + .../kube-ovn/templates/ovsovn-ds.yaml | 221 ++ .../kube-ovn/templates/pinger-ds.yaml | 137 + .../kube-ovn/templates/pinger-svc.yaml | 16 + .../kube-ovn/templates/pre-delete-hook.yaml | 123 + .../kube-ovn/kube-ovn/templates/sb-svc.yaml | 19 + .../kube-ovn/templates/upgrade-ovs-ovn.yaml | 163 ++ .../kube-ovn/templates/vpc-nat-config.yaml | 10 + .../charts/kube-ovn/kube-ovn/values.yaml | 181 ++ .../kube-ovn/templates/controller-deploy.yaml | 37 +- .../charts/kube-ovn/templates/ovncni-ds.yaml | 10 +- .../kubeovn/charts/kube-ovn/values.yaml | 4 + .../system/kubeovn/patches/cozyconfig.diff | 97 - packages/system/kubeovn/values.yaml | 6 + 42 files changed, 5549 insertions(+), 874 deletions(-) create mode 100644 packages/core/platform/bundles/full-distro.yaml create mode 100644 packages/core/platform/bundles/full-paas.yaml create mode 100644 packages/core/platform/bundles/hosted-distro.yaml create mode 100644 packages/core/platform/bundles/hosted-paas.yaml delete mode 100644 packages/core/platform/values.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml create mode 100755 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml create mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml delete mode 100644 packages/system/kubeovn/patches/cozyconfig.diff diff --git a/packages/core/platform/Makefile b/packages/core/platform/Makefile index 74668225..53709ee4 100644 --- a/packages/core/platform/Makefile +++ b/packages/core/platform/Makefile @@ -16,4 +16,4 @@ namespaces-apply: helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl apply -f- diff: - helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) -s templates/namespaces.yaml | kubectl diff -f- + helm template -n $(NAMESPACE) $(NAME) . --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -f- diff --git a/packages/core/platform/bundles/full-distro.yaml b/packages/core/platform/bundles/full-distro.yaml new file mode 100644 index 00000000..88f21234 --- /dev/null +++ b/packages/core/platform/bundles/full-distro.yaml @@ -0,0 +1,96 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + +releases: +- name: cilium + releaseName: cilium + chart: cozy-cilium + namespace: cozy-cilium + privileged: true + dependsOn: [] + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [cilium] + +- name: cert-manager + releaseName: cert-manager + chart: cozy-cert-manager + namespace: cozy-cert-manager + dependsOn: [cilium] + +- name: cert-manager-issuers + releaseName: cert-manager-issuers + chart: cozy-cert-manager-issuers + namespace: cozy-cert-manager + dependsOn: [cilium,cert-manager] + +- name: victoria-metrics-operator + releaseName: victoria-metrics-operator + chart: cozy-victoria-metrics-operator + namespace: cozy-victoria-metrics-operator + dependsOn: [cilium,cert-manager] + +- name: monitoring + releaseName: monitoring + chart: cozy-monitoring + namespace: cozy-monitoring + privileged: true + dependsOn: [cilium,victoria-metrics-operator] + +- name: metallb + releaseName: metallb + chart: cozy-metallb + namespace: cozy-metallb + privileged: true + dependsOn: [cilium] + +- name: grafana-operator + releaseName: grafana-operator + chart: cozy-grafana-operator + namespace: cozy-grafana-operator + dependsOn: [cilium] + +- name: mariadb-operator + releaseName: mariadb-operator + chart: cozy-mariadb-operator + namespace: cozy-mariadb-operator + dependsOn: [cilium,cert-manager,victoria-metrics-operator] + +- name: postgres-operator + releaseName: postgres-operator + chart: cozy-postgres-operator + namespace: cozy-postgres-operator + dependsOn: [cilium,cert-manager] + +- name: rabbitmq-operator + releaseName: rabbitmq-operator + chart: cozy-rabbitmq-operator + namespace: cozy-rabbitmq-operator + dependsOn: [cilium] + +- name: redis-operator + releaseName: redis-operator + chart: cozy-redis-operator + namespace: cozy-redis-operator + dependsOn: [cilium] + +- name: piraeus-operator + releaseName: piraeus-operator + chart: cozy-piraeus-operator + namespace: cozy-linstor + dependsOn: [cilium,cert-manager] + +- name: linstor + releaseName: linstor + chart: cozy-linstor + namespace: cozy-linstor + privileged: true + dependsOn: [piraeus-operator,cilium,cert-manager] + +- name: telepresence + releaseName: traffic-manager + chart: cozy-telepresence + namespace: cozy-telepresence + dependsOn: [kubeovn] diff --git a/packages/core/platform/bundles/full-paas.yaml b/packages/core/platform/bundles/full-paas.yaml new file mode 100644 index 00000000..4a492f79 --- /dev/null +++ b/packages/core/platform/bundles/full-paas.yaml @@ -0,0 +1,177 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + +releases: +- name: cilium + releaseName: cilium + chart: cozy-cilium + namespace: cozy-cilium + privileged: true + dependsOn: [] + +- name: kubeovn + releaseName: kubeovn + chart: cozy-kubeovn + namespace: cozy-kubeovn + privileged: true + dependsOn: [cilium] + values: + cozystack: + nodesHash: {{ include "cozystack.master-node-ips" . | sha256sum }} + kube-ovn: + ipv4: + POD_CIDR: "{{ index $cozyConfig.data "ipv4-pod-cidr" }}" + POD_GATEWAY: "{{ index $cozyConfig.data "ipv4-pod-gateway" }}" + SVC_CIDR: "{{ index $cozyConfig.data "ipv4-svc-cidr" }}" + JOIN_CIDR: "{{ index $cozyConfig.data "ipv4-join-cidr" }}" + +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [cilium,kubeovn] + +- name: cert-manager + releaseName: cert-manager + chart: cozy-cert-manager + namespace: cozy-cert-manager + dependsOn: [cilium,kubeovn] + +- name: cert-manager-issuers + releaseName: cert-manager-issuers + chart: cozy-cert-manager-issuers + namespace: cozy-cert-manager + dependsOn: [cilium,kubeovn,cert-manager] + +- name: victoria-metrics-operator + releaseName: victoria-metrics-operator + chart: cozy-victoria-metrics-operator + namespace: cozy-victoria-metrics-operator + dependsOn: [cilium,kubeovn,cert-manager] + +- name: monitoring + releaseName: monitoring + chart: cozy-monitoring + namespace: cozy-monitoring + privileged: true + dependsOn: [cilium,kubeovn,victoria-metrics-operator] + +- name: kubevirt-operator + releaseName: kubevirt-operator + chart: cozy-kubevirt-operator + namespace: cozy-kubevirt + dependsOn: [cilium,kubeovn] + +- name: kubevirt + releaseName: kubevirt + chart: cozy-kubevirt + namespace: cozy-kubevirt + privileged: true + dependsOn: [cilium,kubeovn,kubevirt-operator] + +- name: kubevirt-cdi-operator + releaseName: kubevirt-cdi-operator + chart: cozy-kubevirt-cdi-operator + namespace: cozy-kubevirt-cdi + dependsOn: [cilium,kubeovn] + +- name: kubevirt-cdi + releaseName: kubevirt-cdi + chart: cozy-kubevirt-cdi + namespace: cozy-kubevirt-cdi + dependsOn: [cilium,kubeovn,kubevirt-cdi-operator] + +- name: metallb + releaseName: metallb + chart: cozy-metallb + namespace: cozy-metallb + privileged: true + dependsOn: [cilium,kubeovn] + +- name: grafana-operator + releaseName: grafana-operator + chart: cozy-grafana-operator + namespace: cozy-grafana-operator + dependsOn: [cilium,kubeovn] + +- name: mariadb-operator + releaseName: mariadb-operator + chart: cozy-mariadb-operator + namespace: cozy-mariadb-operator + dependsOn: [cilium,kubeovn,cert-manager,victoria-metrics-operator] + +- name: postgres-operator + releaseName: postgres-operator + chart: cozy-postgres-operator + namespace: cozy-postgres-operator + dependsOn: [cilium,kubeovn,cert-manager] + +- name: rabbitmq-operator + releaseName: rabbitmq-operator + chart: cozy-rabbitmq-operator + namespace: cozy-rabbitmq-operator + dependsOn: [cilium,kubeovn] + +- name: redis-operator + releaseName: redis-operator + chart: cozy-redis-operator + namespace: cozy-redis-operator + dependsOn: [cilium,kubeovn] + +- name: piraeus-operator + releaseName: piraeus-operator + chart: cozy-piraeus-operator + namespace: cozy-linstor + dependsOn: [cilium,kubeovn,cert-manager] + +- name: linstor + releaseName: linstor + chart: cozy-linstor + namespace: cozy-linstor + privileged: true + dependsOn: [piraeus-operator,cilium,kubeovn,cert-manager] + +- name: telepresence + releaseName: traffic-manager + chart: cozy-telepresence + namespace: cozy-telepresence + dependsOn: [cilium,kubeovn] + +- name: dashboard + releaseName: dashboard + chart: cozy-dashboard + namespace: cozy-dashboard + dependsOn: [cilium,kubeovn] + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + values: + kubeapps: + redis: + master: + podAnnotations: + {{- range $index, $repo := . }} + {{- with (($repo.status).artifact).revision }} + repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + +- name: kamaji + releaseName: kamaji + chart: cozy-kamaji + namespace: cozy-kamaji + dependsOn: [cilium,kubeovn,cert-manager] + +- name: capi-operator + releaseName: capi-operator + chart: cozy-capi-operator + namespace: cozy-cluster-api + privileged: true + dependsOn: [cilium,kubeovn,cert-manager] + +- name: capi-providers + releaseName: capi-providers + chart: cozy-capi-providers + namespace: cozy-cluster-api + privileged: true + dependsOn: [cilium,kubeovn,capi-operator] diff --git a/packages/core/platform/bundles/hosted-distro.yaml b/packages/core/platform/bundles/hosted-distro.yaml new file mode 100644 index 00000000..446b0ae2 --- /dev/null +++ b/packages/core/platform/bundles/hosted-distro.yaml @@ -0,0 +1,69 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + +releases: +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [] + +- name: cert-manager + releaseName: cert-manager + chart: cozy-cert-manager + namespace: cozy-cert-manager + dependsOn: [] + +- name: cert-manager-issuers + releaseName: cert-manager-issuers + chart: cozy-cert-manager-issuers + namespace: cozy-cert-manager + dependsOn: [cert-manager] + +- name: victoria-metrics-operator + releaseName: victoria-metrics-operator + chart: cozy-victoria-metrics-operator + namespace: cozy-victoria-metrics-operator + dependsOn: [cert-manager] + +- name: monitoring + releaseName: monitoring + chart: cozy-monitoring + namespace: cozy-monitoring + privileged: true + dependsOn: [victoria-metrics-operator] + +- name: grafana-operator + releaseName: grafana-operator + chart: cozy-grafana-operator + namespace: cozy-grafana-operator + dependsOn: [] + +- name: mariadb-operator + releaseName: mariadb-operator + chart: cozy-mariadb-operator + namespace: cozy-mariadb-operator + dependsOn: [victoria-metrics-operator] + +- name: postgres-operator + releaseName: postgres-operator + chart: cozy-postgres-operator + namespace: cozy-postgres-operator + dependsOn: [cert-manager] + +- name: rabbitmq-operator + releaseName: rabbitmq-operator + chart: cozy-rabbitmq-operator + namespace: cozy-rabbitmq-operator + dependsOn: [] + +- name: redis-operator + releaseName: redis-operator + chart: cozy-redis-operator + namespace: cozy-redis-operator + dependsOn: [] + +- name: telepresence + releaseName: traffic-manager + chart: cozy-telepresence + namespace: cozy-telepresence + dependsOn: [] diff --git a/packages/core/platform/bundles/hosted-paas.yaml b/packages/core/platform/bundles/hosted-paas.yaml new file mode 100644 index 00000000..a2c17951 --- /dev/null +++ b/packages/core/platform/bundles/hosted-paas.yaml @@ -0,0 +1,95 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + +releases: +- name: fluxcd + releaseName: fluxcd + chart: cozy-fluxcd + namespace: cozy-fluxcd + dependsOn: [] + +- name: cert-manager + releaseName: cert-manager + chart: cozy-cert-manager + namespace: cozy-cert-manager + dependsOn: [] + +- name: cert-manager-issuers + releaseName: cert-manager-issuers + chart: cozy-cert-manager-issuers + namespace: cozy-cert-manager + dependsOn: [cert-manager] + +- name: victoria-metrics-operator + releaseName: victoria-metrics-operator + chart: cozy-victoria-metrics-operator + namespace: cozy-victoria-metrics-operator + dependsOn: [cert-manager] + +- name: monitoring + releaseName: monitoring + chart: cozy-monitoring + namespace: cozy-monitoring + privileged: true + dependsOn: [victoria-metrics-operator] + +- name: grafana-operator + releaseName: grafana-operator + chart: cozy-grafana-operator + namespace: cozy-grafana-operator + dependsOn: [] + +- name: mariadb-operator + releaseName: mariadb-operator + chart: cozy-mariadb-operator + namespace: cozy-mariadb-operator + dependsOn: [cert-manager,victoria-metrics-operator] + +- name: postgres-operator + releaseName: postgres-operator + chart: cozy-postgres-operator + namespace: cozy-postgres-operator + dependsOn: [cert-manager] + +- name: rabbitmq-operator + releaseName: rabbitmq-operator + chart: cozy-rabbitmq-operator + namespace: cozy-rabbitmq-operator + dependsOn: [] + +- name: redis-operator + releaseName: redis-operator + chart: cozy-redis-operator + namespace: cozy-redis-operator + dependsOn: [] + +- name: piraeus-operator + releaseName: piraeus-operator + chart: cozy-piraeus-operator + namespace: cozy-linstor + dependsOn: [cert-manager] + +- name: telepresence + releaseName: traffic-manager + chart: cozy-telepresence + namespace: cozy-telepresence + dependsOn: [] + +- name: dashboard + releaseName: dashboard + chart: cozy-dashboard + namespace: cozy-dashboard + dependsOn: [] + {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} + {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} + values: + kubeapps: + redis: + master: + podAnnotations: + {{- range $index, $repo := . }} + {{- with (($repo.status).artifact).revision }} + repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} diff --git a/packages/core/platform/templates/_helpers.tpl b/packages/core/platform/templates/_helpers.tpl index 8273961f..b3ab6a86 100644 --- a/packages/core/platform/templates/_helpers.tpl +++ b/packages/core/platform/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Get IP-addresses of master nodes */}} -{{- define "master.nodeIPs" -}} +{{- define "cozystack.master-node-ips" -}} {{- $nodes := lookup "v1" "Node" "" "" -}} {{- $ips := list -}} {{- range $node := $nodes.items -}} diff --git a/packages/core/platform/templates/helmreleases.yaml b/packages/core/platform/templates/helmreleases.yaml index 4fa96550..4d074c02 100644 --- a/packages/core/platform/templates/helmreleases.yaml +++ b/packages/core/platform/templates/helmreleases.yaml @@ -1,38 +1,27 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cilium - namespace: cozy-cilium - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: cilium - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-cilium - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $bundleName := index $cozyConfig.data "bundle-name" }} +{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }} +{{- $dependencyNamespaces := dict }} +{{- $disabledComponents := splitList "," ((index $cozyConfig.data "bundle-disable") | default "") }} + +{{/* collect dependency namespaces from releases */}} +{{- range $x := $bundle.releases }} +{{- $_ := set $dependencyNamespaces $x.name $x.namespace }} +{{- end }} + +{{- range $x := $bundle.releases }} +{{- if not (has $x.name $disabledComponents) }} --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2beta2 kind: HelmRelease metadata: - name: kubeovn - namespace: cozy-kubeovn + name: {{ $x.name }} + namespace: {{ $x.namespace }} labels: cozystack.io/repository: system spec: interval: 1m - releaseName: kubeovn + releaseName: {{ $x.releaseName | default $x.name }} install: remediation: retries: -1 @@ -41,718 +30,31 @@ spec: retries: -1 chart: spec: - chart: cozy-kubeovn + chart: {{ $x.chart }} reconcileStrategy: Revision sourceRef: kind: HelmRepository name: cozystack-system namespace: cozy-system + {{- $values := dict }} + {{- with $x.values }} + {{- $values = merge . $values }} + {{- end }} + {{- with index $cozyConfig.data (printf "values-%s" $x.name) }} + {{- $values = merge (fromYaml .) $values }} + {{- end }} + {{- with $values }} values: - cozystack: - configHash: {{ index (lookup "v1" "ConfigMap" "cozy-system" "cozystack") "data" | toJson | sha256sum }} - nodesHash: {{ include "master.nodeIPs" . | sha256sum }} + {{- toYaml . | nindent 4}} + {{- end }} + {{- with $x.dependsOn }} dependsOn: - - name: cilium - namespace: cozy-cilium ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cozy-fluxcd - namespace: cozy-fluxcd - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: fluxcd - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-fluxcd - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cert-manager - namespace: cozy-cert-manager - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: cert-manager - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-cert-manager - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: cert-manager-issuers - namespace: cozy-cert-manager - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: cert-manager-issuers - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-cert-manager-issuers - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: victoria-metrics-operator - namespace: cozy-victoria-metrics-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: victoria-metrics-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-victoria-metrics-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: monitoring - namespace: cozy-monitoring - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: monitoring - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-monitoring - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: victoria-metrics-operator - namespace: cozy-victoria-metrics-operator ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubevirt-operator - namespace: cozy-kubevirt - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: kubevirt-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-kubevirt-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubevirt - namespace: cozy-kubevirt - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: kubevirt - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-kubevirt - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: kubevirt-operator - namespace: cozy-kubevirt ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubevirt-cdi-operator - namespace: cozy-kubevirt-cdi - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: kubevirt-cdi-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-kubevirt-cdi-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kubevirt-cdi - namespace: cozy-kubevirt-cdi - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: kubevirt-cdi - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-kubevirt-cdi - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: kubevirt-cdi-operator - namespace: cozy-kubevirt-cdi ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: metallb - namespace: cozy-metallb - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: metallb - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-metallb - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: grafana-operator - namespace: cozy-grafana-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: grafana-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-grafana-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: mariadb-operator - namespace: cozy-mariadb-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: mariadb-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-mariadb-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager - - name: victoria-metrics-operator - namespace: cozy-victoria-metrics-operator ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: postgres-operator - namespace: cozy-postgres-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: postgres-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-postgres-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: rabbitmq-operator - namespace: cozy-rabbitmq-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: rabbitmq-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-rabbitmq-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: redis-operator - namespace: cozy-redis-operator - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: redis-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-redis-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: piraeus-operator - namespace: cozy-linstor - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: piraeus-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-piraeus-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: linstor - namespace: cozy-linstor - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: linstor - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-linstor - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: piraeus-operator - namespace: cozy-linstor - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: telepresence - namespace: cozy-telepresence - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: traffic-manager - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-telepresence - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: dashboard - namespace: cozy-dashboard - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: dashboard - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-dashboard - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - {{- if .Capabilities.APIVersions.Has "source.toolkit.fluxcd.io/v1beta2" }} - {{- with (lookup "source.toolkit.fluxcd.io/v1beta2" "HelmRepository" "cozy-public" "").items }} - values: - kubeapps: - redis: - master: - podAnnotations: - {{- range $index, $repo := . }} - {{- with (($repo.status).artifact).revision }} - repository.cozystack.io/{{ $repo.metadata.name }}: {{ quote . }} - {{- end }} - {{- end }} + {{- range $dep := . }} + {{- if not (has $dep $disabledComponents) }} + - name: {{ $dep }} + namespace: {{ index $dependencyNamespaces $dep }} {{- end }} {{- end }} ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: kamaji - namespace: cozy-kamaji - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: kamaji - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-kamaji - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: capi-operator - namespace: cozy-cluster-api - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: capi-operator - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-capi-operator - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn - - name: cert-manager - namespace: cozy-cert-manager ---- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: capi-providers - namespace: cozy-cluster-api - labels: - cozystack.io/repository: system -spec: - interval: 1m - releaseName: capi-providers - install: - remediation: - retries: -1 - upgrade: - remediation: - retries: -1 - chart: - spec: - chart: cozy-capi-providers - reconcileStrategy: Revision - sourceRef: - kind: HelmRepository - name: cozystack-system - namespace: cozy-system - dependsOn: - - name: capi-operator - namespace: cozy-cluster-api - - name: cilium - namespace: cozy-cilium - - name: kubeovn - namespace: cozy-kubeovn + {{- end }} +{{- end }} +{{- end }} diff --git a/packages/core/platform/templates/namespaces.yaml b/packages/core/platform/templates/namespaces.yaml index ad89c719..c9b7e6ad 100644 --- a/packages/core/platform/templates/namespaces.yaml +++ b/packages/core/platform/templates/namespaces.yaml @@ -1,13 +1,29 @@ -{{- range $ns := .Values.namespaces }} +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $bundleName := index $cozyConfig.data "bundle-name" }} +{{- $bundle := tpl (.Files.Get (printf "bundles/%s.yaml" $bundleName)) . | fromYaml }} +{{- $namespaces := dict }} + +{{/* collect namespaces from releases */}} +{{- range $x := $bundle.releases }} +{{- if not (hasKey $namespaces $x.namespace) }} +{{- $_ := set $namespaces $x.namespace false }} +{{- end }} +{{/* if at least one release requires a privileged namespace, then it should be privileged */}} +{{- if or $x.privileged (index $namespaces $x.namespace) }} +{{- $_ := set $namespaces $x.namespace true }} +{{- end }} +{{- end }} + +{{- range $namespace, $privileged := $namespaces }} --- apiVersion: v1 kind: Namespace metadata: annotations: "helm.sh/resource-policy": keep - {{- if $ns.privileged }} + {{- if $privileged }} labels: pod-security.kubernetes.io/enforce: privileged {{- end }} - name: {{ $ns.name }} + name: {{ $namespace }} {{- end }} diff --git a/packages/core/platform/values.yaml b/packages/core/platform/values.yaml deleted file mode 100644 index 8577555f..00000000 --- a/packages/core/platform/values.yaml +++ /dev/null @@ -1,30 +0,0 @@ -namespaces: -- name: cozy-public -- name: cozy-system - privileged: true -- name: cozy-cert-manager -- name: cozy-cilium - privileged: true -- name: cozy-fluxcd -- name: cozy-grafana-operator -- name: cozy-kamaji -- name: cozy-cluster-api - privileged: true # for capk only -- name: cozy-dashboard -- name: cozy-kubeovn - privileged: true -- name: cozy-kubevirt - privileged: true -- name: cozy-kubevirt-cdi -- name: cozy-linstor - privileged: true -- name: cozy-mariadb-operator -- name: cozy-metallb - privileged: true -- name: cozy-monitoring - privileged: true -- name: cozy-postgres-operator -- name: cozy-rabbitmq-operator -- name: cozy-redis-operator -- name: cozy-telepresence -- name: cozy-victoria-metrics-operator diff --git a/packages/system/kubeovn/Makefile b/packages/system/kubeovn/Makefile index fdef3f6c..aeeade86 100644 --- a/packages/system/kubeovn/Makefile +++ b/packages/system/kubeovn/Makefile @@ -14,4 +14,3 @@ update: rm -rf charts && mkdir -p charts/kube-ovn curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \ tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts - patch -p4 < patches/cozyconfig.diff diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml new file mode 100644 index 00000000..fce1b220 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: kube-ovn +description: Helm chart for Kube-OVN + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.13.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.13.0" diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md new file mode 100644 index 00000000..3af408e6 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md @@ -0,0 +1,42 @@ +# Kube-OVN-helm + +Currently supported version: 1.9 + +Installation : + +```bash +$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite +$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite +$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite + +# standard install +$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0} + +# high availability install +$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} + +# upgrade to this version +$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} +``` + +If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label + +### Talos Linux + +To install Kube-OVN on Talos Linux, declare openvswitch module in machine config: + +``` +machine: + kernel: + modules: + - name: openvswitch +``` + +and use the following options to install this Helm-chart: + +``` +--set cni_conf.MOUNT_LOCAL_BIN_DIR=false +--set OPENVSWITCH_DIR=/var/lib/openvswitch +--set OVN_DIR=/var/lib/ovn +--set DISABLE_MODULES_MANAGEMENT=true +``` diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl new file mode 100644 index 00000000..7b473941 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl @@ -0,0 +1,54 @@ +{{/* +Get IP-addresses of master nodes +*/}} +{{- define "kubeovn.nodeIPs" -}} +{{- $nodes := lookup "v1" "Node" "" "" -}} +{{- $ips := list -}} +{{- range $node := $nodes.items -}} + {{- $label := splitList "=" $.Values.MASTER_NODES_LABEL }} + {{- $key := index $label 0 }} + {{- $val := "" }} + {{- if eq (len $label) 2 }} + {{- $val = index $label 1 }} + {{- end }} + {{- if eq (index $node.metadata.labels $key) $val -}} + {{- range $address := $node.status.addresses -}} + {{- if eq $address.type "InternalIP" -}} + {{- $ips = append $ips $address.address -}} + {{- break -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{ join "," $ips }} +{{- end -}} + +{{/* +Number of master nodes +*/}} +{{- define "kubeovn.nodeCount" -}} + {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }} +{{- end -}} + +{{- define "kubeovn.ovs-ovn.updateStrategy" -}} + {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}} + {{- if $ds -}} + {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}} + RollingUpdate + {{- else -}} + {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}} + {{- $versionRegex := `^(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)` -}} + {{- if regexMatch $versionRegex $imageVersion -}} + {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}} + RollingUpdate + {{- else -}} + OnDelete + {{- end -}} + {{- else -}} + OnDelete + {{- end -}} + {{- end -}} + {{- else -}} + RollingUpdate + {{- end -}} +{{- end -}} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml new file mode 100644 index 00000000..0f4044b4 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml @@ -0,0 +1,161 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ovn-central + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + OVN components: northd, nb and sb. +spec: + replicas: {{ include "kubeovn.nodeCount" . }} + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: ovn-central + template: + metadata: + labels: + app: ovn-central + component: network + type: infra + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: ovn-central + topologyKey: kubernetes.io/hostname + priorityClassName: system-cluster-critical + serviceAccountName: ovn-ovs + hostNetwork: true + containers: + - name: ovn-central + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /kube-ovn/start-db.sh + securityContext: + capabilities: + add: ["SYS_NICE"] + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: NODE_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IPS + valueFrom: + fieldRef: + fieldPath: status.podIPs + - name: ENABLE_BIND_LOCAL_IP + value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" + - name: PROBE_INTERVAL + value: "{{ .Values.networking.PROBE_INTERVAL }}" + - name: OVN_NORTHD_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}" + - name: OVN_LEADER_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}" + - name: OVN_NORTHD_N_THREADS + value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}" + - name: ENABLE_COMPACT + value: "{{ .Values.networking.ENABLE_COMPACT }}" + {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }} + - name: OVN_VERSION_COMPATIBILITY + value: "21.06" + {{- end }} + resources: + requests: + cpu: {{ index .Values "ovn-central" "requests" "cpu" }} + memory: {{ index .Values "ovn-central" "requests" "memory" }} + limits: + cpu: {{ index .Values "ovn-central" "limits" "cpu" }} + memory: {{ index .Values "ovn-central" "limits" "memory" }} + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/run/tls + name: kube-ovn-tls + readinessProbe: + exec: + command: + - bash + - /kube-ovn/ovn-healthcheck.sh + periodSeconds: 15 + timeoutSeconds: 45 + livenessProbe: + exec: + command: + - bash + - /kube-ovn/ovn-healthcheck.sh + initialDelaySeconds: 30 + periodSeconds: 15 + failureThreshold: 5 + timeoutSeconds: 45 + nodeSelector: + kubernetes.io/os: "linux" + {{- with splitList "=" .Values.MASTER_NODES_LABEL }} + {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}" + {{- end }} + volumes: + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-config-openvswitch + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: + path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls + diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml new file mode 100644 index 00000000..cea79b7d --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml @@ -0,0 +1,190 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: kube-ovn-controller + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + kube-ovn controller +spec: + replicas: {{ include "kubeovn.nodeCount" . }} + selector: + matchLabels: + app: kube-ovn-controller + strategy: + rollingUpdate: + maxSurge: 0% + maxUnavailable: 100% + type: RollingUpdate + template: + metadata: + labels: + app: kube-ovn-controller + component: network + type: infra + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - preference: + matchExpressions: + - key: "ovn.kubernetes.io/ic-gw" + operator: NotIn + values: + - "true" + weight: 100 + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: kube-ovn-controller + topologyKey: kubernetes.io/hostname + priorityClassName: system-cluster-critical + serviceAccountName: ovn + hostNetwork: true + containers: + - name: kube-ovn-controller + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - /kube-ovn/start-controller.sh + - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} + - --default-cidr= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.POD_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.POD_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.POD_CIDR }} + {{- end }} + - --default-gateway= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.POD_GATEWAY }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.POD_GATEWAY }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.POD_GATEWAY }} + {{- end }} + - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} + - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} + - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} + - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} + - --cluster-router={{ .Values.networking.DEFAULT_VPC }} + - --node-switch={{ .Values.networking.NODE_SUBNET }} + - --node-switch-cidr= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.JOIN_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.JOIN_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.JOIN_CIDR }} + {{- end }} + - --service-cluster-ip-range= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.SVC_CIDR }} + {{- end }} + - --network-type={{- .Values.networking.NETWORK_TYPE }} + - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} + - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} + - --default-exchange-link-name={{- .Values.networking.EXCHANGE_LINK_NAME }} + - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }} + - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }} + - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }} + - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }} + - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }} + - --enable-lb={{- .Values.func.ENABLE_LB }} + - --enable-np={{- .Values.func.ENABLE_NP }} + - --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }} + - --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }} + - --enable-ecmp={{- .Values.networking.ENABLE_ECMP }} + - --logtostderr=false + - --alsologtostderr=true + - --gc-interval={{- .Values.performance.GC_INTERVAL }} + - --inspect-interval={{- .Values.performance.INSPECT_INTERVAL }} + - --log_file=/var/log/kube-ovn/kube-ovn-controller.log + - --log_file_max_size=0 + - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }} + - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }} + - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} + - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }} + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: KUBE_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: POD_IPS + valueFrom: + fieldRef: + fieldPath: status.podIPs + - name: ENABLE_BIND_LOCAL_IP + value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + # ovn-ic log directory + - mountPath: /var/log/ovn + name: ovn-log + - mountPath: /var/run/tls + name: kube-ovn-tls + readinessProbe: + exec: + command: + - /kube-ovn/kube-ovn-controller-healthcheck + periodSeconds: 3 + timeoutSeconds: 45 + livenessProbe: + exec: + command: + - /kube-ovn/kube-ovn-controller-healthcheck + initialDelaySeconds: 300 + periodSeconds: 7 + failureThreshold: 5 + timeoutSeconds: 45 + resources: + requests: + cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }} + memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }} + limits: + cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }} + memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }} + nodeSelector: + kubernetes.io/os: "linux" + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn + - name: ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls + diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml new file mode 100644 index 00000000..b4d39619 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml @@ -0,0 +1,16 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-controller + namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-controller +spec: + selector: + app: kube-ovn-controller + ports: + - port: 10660 + name: metrics + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml new file mode 100644 index 00000000..0d0f225f --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml @@ -0,0 +1,109 @@ +{{- if .Values.func.ENABLE_IC }} +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ovn-ic-controller + namespace: kube-system + annotations: + kubernetes.io/description: | + OVN IC Client +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: ovn-ic-controller + template: + metadata: + labels: + app: ovn-ic-controller + component: network + type: infra + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: ovn-ic-controller + topologyKey: kubernetes.io/hostname + priorityClassName: system-cluster-critical + serviceAccountName: ovn + hostNetwork: true + containers: + - name: ovn-ic-controller + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/start-ic-controller.sh"] + args: + - --log_file=/var/log/kube-ovn/kube-ovn-ic-controller.log + - --log_file_max_size=0 + - --logtostderr=false + - --alsologtostderr=true + securityContext: + capabilities: + add: ["SYS_NICE"] + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES }}" + resources: + requests: + cpu: 300m + memory: 200Mi + limits: + cpu: 3 + memory: 1Gi + volumeMounts: + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /etc/localtime + name: localtime + - mountPath: /var/run/tls + name: kube-ovn-tls + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + nodeSelector: + kubernetes.io/os: "linux" + kube-ovn/role: "master" + volumes: + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-config-ovn + hostPath: + path: /etc/origin/ovn + - name: host-log-ovn + hostPath: + path: /var/log/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-log + hostPath: + path: /var/log/kube-ovn + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls +{{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml new file mode 100644 index 00000000..a305a378 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml @@ -0,0 +1,2591 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vpc-dnses.kubeovn.io +spec: + group: kubeovn.io + names: + plural: vpc-dnses + singular: vpc-dns + shortNames: + - vpc-dns + kind: VpcDns + listKind: VpcDnsList + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.active + name: Active + type: boolean + - jsonPath: .spec.vpc + name: Vpc + type: string + - jsonPath: .spec.subnet + name: Subnet + type: string + name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + vpc: + type: string + subnet: + type: string + replicas: + type: integer + minimum: 1 + maximum: 3 + status: + type: object + properties: + active: + type: boolean + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: switch-lb-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: switch-lb-rules + singular: switch-lb-rule + shortNames: + - slr + kind: SwitchLBRule + listKind: SwitchLBRuleList + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.vip + name: vip + type: string + - jsonPath: .status.ports + name: port(s) + type: string + - jsonPath: .status.service + name: service + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + namespace: + type: string + vip: + type: string + sessionAffinity: + type: string + ports: + items: + properties: + name: + type: string + port: + type: integer + minimum: 1 + maximum: 65535 + protocol: + type: string + targetPort: + type: integer + minimum: 1 + maximum: 65535 + type: object + type: array + selector: + items: + type: string + type: array + endpoints: + items: + type: string + type: array + status: + type: object + properties: + ports: + type: string + service: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vpc-nat-gateways.kubeovn.io +spec: + group: kubeovn.io + names: + plural: vpc-nat-gateways + singular: vpc-nat-gateway + shortNames: + - vpc-nat-gw + kind: VpcNatGateway + listKind: VpcNatGatewayList + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .spec.vpc + name: Vpc + type: string + - jsonPath: .spec.subnet + name: Subnet + type: string + - jsonPath: .spec.lanIp + name: LanIP + type: string + name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + externalSubnets: + items: + type: string + type: array + selector: + type: array + items: + type: string + qosPolicy: + type: string + tolerations: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + enum: + - Equal + - Exists + value: + type: string + effect: + type: string + enum: + - NoExecute + - NoSchedule + - PreferNoSchedule + tolerationSeconds: + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + spec: + type: object + properties: + lanIp: + type: string + subnet: + type: string + externalSubnets: + items: + type: string + type: array + vpc: + type: string + selector: + type: array + items: + type: string + qosPolicy: + type: string + tolerations: + type: array + items: + type: object + properties: + key: + type: string + operator: + type: string + enum: + - Equal + - Exists + value: + type: string + effect: + type: string + enum: + - NoExecute + - NoSchedule + - PreferNoSchedule + tolerationSeconds: + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + x-kubernetes-patch-strategy: merge + x-kubernetes-patch-merge-key: key + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: iptables-eips.kubeovn.io +spec: + group: kubeovn.io + names: + plural: iptables-eips + singular: iptables-eip + shortNames: + - eip + kind: IptablesEIP + listKind: IptablesEIPList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.ip + name: IP + type: string + - jsonPath: .spec.macAddress + name: Mac + type: string + - jsonPath: .status.nat + name: Nat + type: string + - jsonPath: .spec.natGwDp + name: NatGwDp + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + ip: + type: string + nat: + type: string + redo: + type: string + qosPolicy: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + v4ip: + type: string + v6ip: + type: string + macAddress: + type: string + natGwDp: + type: string + qosPolicy: + type: string + externalSubnet: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: iptables-fip-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: iptables-fip-rules + singular: iptables-fip-rule + shortNames: + - fip + kind: IptablesFIPRule + listKind: IptablesFIPRuleList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.eip + name: Eip + type: string + - jsonPath: .status.v4ip + name: V4ip + type: string + - jsonPath: .spec.internalIp + name: InternalIp + type: string + - jsonPath: .status.v6ip + name: V6ip + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .status.natGwDp + name: NatGwDp + type: string + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4ip: + type: string + v6ip: + type: string + natGwDp: + type: string + redo: + type: string + internalIp: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + eip: + type: string + internalIp: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: iptables-dnat-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: iptables-dnat-rules + singular: iptables-dnat-rule + shortNames: + - dnat + kind: IptablesDnatRule + listKind: IptablesDnatRuleList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.eip + name: Eip + type: string + - jsonPath: .spec.protocol + name: Protocol + type: string + - jsonPath: .status.v4ip + name: V4ip + type: string + - jsonPath: .status.v6ip + name: V6ip + type: string + - jsonPath: .spec.internalIp + name: InternalIp + type: string + - jsonPath: .spec.externalPort + name: ExternalPort + type: string + - jsonPath: .spec.internalPort + name: InternalPort + type: string + - jsonPath: .status.natGwDp + name: NatGwDp + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4ip: + type: string + v6ip: + type: string + natGwDp: + type: string + redo: + type: string + protocol: + type: string + internalIp: + type: string + internalPort: + type: string + externalPort: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + eip: + type: string + externalPort: + type: string + protocol: + type: string + internalIp: + type: string + internalPort: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: iptables-snat-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: iptables-snat-rules + singular: iptables-snat-rule + shortNames: + - snat + kind: IptablesSnatRule + listKind: IptablesSnatRuleList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.eip + name: EIP + type: string + - jsonPath: .status.v4ip + name: V4ip + type: string + - jsonPath: .status.v6ip + name: V6ip + type: string + - jsonPath: .spec.internalCIDR + name: InternalCIDR + type: string + - jsonPath: .status.natGwDp + name: NatGwDp + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4ip: + type: string + v6ip: + type: string + natGwDp: + type: string + redo: + type: string + internalCIDR: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + eip: + type: string + internalCIDR: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ovn-eips.kubeovn.io +spec: + group: kubeovn.io + names: + plural: ovn-eips + singular: ovn-eip + shortNames: + - oeip + kind: OvnEip + listKind: OvnEipList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.v4Ip + name: V4IP + type: string + - jsonPath: .status.v6Ip + name: V6IP + type: string + - jsonPath: .status.macAddress + name: Mac + type: string + - jsonPath: .status.type + name: Type + type: string + - jsonPath: .status.nat + name: Nat + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + type: + type: string + nat: + type: string + ready: + type: boolean + v4Ip: + type: string + v6Ip: + type: string + macAddress: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + externalSubnet: + type: string + type: + type: string + v4Ip: + type: string + v6Ip: + type: string + macAddress: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ovn-fips.kubeovn.io +spec: + group: kubeovn.io + names: + plural: ovn-fips + singular: ovn-fip + shortNames: + - ofip + kind: OvnFip + listKind: OvnFipList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.vpc + name: Vpc + type: string + - jsonPath: .status.v4Eip + name: V4Eip + type: string + - jsonPath: .status.v4Ip + name: V4Ip + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .spec.ipType + name: IpType + type: string + - jsonPath: .spec.ipName + name: IpName + type: string + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4Eip: + type: string + v4Ip: + type: string + vpc: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + ovnEip: + type: string + ipType: + type: string + ipName: + type: string + vpc: + type: string + v4Ip: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ovn-snat-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: ovn-snat-rules + singular: ovn-snat-rule + shortNames: + - osnat + kind: OvnSnatRule + listKind: OvnSnatRuleList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.vpc + name: Vpc + type: string + - jsonPath: .status.v4Eip + name: V4Eip + type: string + - jsonPath: .status.v4IpCidr + name: V4IpCidr + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4Eip: + type: string + v4IpCidr: + type: string + vpc: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + ovnEip: + type: string + vpcSubnet: + type: string + ipName: + type: string + vpc: + type: string + v4IpCidr: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ovn-dnat-rules.kubeovn.io +spec: + group: kubeovn.io + names: + plural: ovn-dnat-rules + singular: ovn-dnat-rule + shortNames: + - odnat + kind: OvnDnatRule + listKind: OvnDnatRuleList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.vpc + name: Vpc + type: string + - jsonPath: .spec.ovnEip + name: Eip + type: string + - jsonPath: .status.protocol + name: Protocol + type: string + - jsonPath: .status.v4Eip + name: V4Eip + type: string + - jsonPath: .status.v4Ip + name: V4Ip + type: string + - jsonPath: .status.internalPort + name: InternalPort + type: string + - jsonPath: .status.externalPort + name: ExternalPort + type: string + - jsonPath: .spec.ipName + name: IpName + type: string + - jsonPath: .status.ready + name: Ready + type: boolean + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + ready: + type: boolean + v4Eip: + type: string + v4Ip: + type: string + vpc: + type: string + externalPort: + type: string + internalPort: + type: string + protocol: + type: string + ipName: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + ovnEip: + type: string + ipType: + type: string + ipName: + type: string + externalPort: + type: string + internalPort: + type: string + protocol: + type: string + vpc: + type: string + v4Ip: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vpcs.kubeovn.io +spec: + group: kubeovn.io + versions: + - additionalPrinterColumns: + - jsonPath: .status.enableExternal + name: EnableExternal + type: boolean + - jsonPath: .status.enableBfd + name: EnableBfd + type: boolean + - jsonPath: .status.standby + name: Standby + type: boolean + - jsonPath: .status.subnets + name: Subnets + type: string + - jsonPath: .status.extraExternalSubnets + name: ExtraExternalSubnets + type: string + - jsonPath: .spec.namespaces + name: Namespaces + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + enableExternal: + type: boolean + enableBfd: + type: boolean + namespaces: + items: + type: string + type: array + extraExternalSubnets: + items: + type: string + type: array + staticRoutes: + items: + properties: + policy: + type: string + cidr: + type: string + nextHopIP: + type: string + ecmpMode: + type: string + bfdId: + type: string + routeTable: + type: string + type: object + type: array + policyRoutes: + items: + properties: + priority: + type: integer + action: + type: string + match: + type: string + nextHopIP: + type: string + type: object + type: array + vpcPeerings: + items: + properties: + remoteVpc: + type: string + localConnectIP: + type: string + type: object + type: array + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + default: + type: boolean + defaultLogicalSwitch: + type: string + router: + type: string + standby: + type: boolean + enableExternal: + type: boolean + enableBfd: + type: boolean + subnets: + items: + type: string + type: array + extraExternalSubnets: + items: + type: string + type: array + vpcPeerings: + items: + type: string + type: array + tcpLoadBalancer: + type: string + tcpSessionLoadBalancer: + type: string + udpLoadBalancer: + type: string + udpSessionLoadBalancer: + type: string + sctpLoadBalancer: + type: string + sctpSessionLoadBalancer: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + names: + kind: Vpc + listKind: VpcList + plural: vpcs + shortNames: + - vpc + singular: vpc + scope: Cluster +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ips.kubeovn.io +spec: + group: kubeovn.io + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: V4IP + type: string + jsonPath: .spec.v4IpAddress + - name: V6IP + type: string + jsonPath: .spec.v6IpAddress + - name: Mac + type: string + jsonPath: .spec.macAddress + - name: Node + type: string + jsonPath: .spec.nodeName + - name: Subnet + type: string + jsonPath: .spec.subnet + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + podName: + type: string + namespace: + type: string + subnet: + type: string + attachSubnets: + type: array + items: + type: string + nodeName: + type: string + ipAddress: + type: string + v4IpAddress: + type: string + v6IpAddress: + type: string + attachIps: + type: array + items: + type: string + macAddress: + type: string + attachMacs: + type: array + items: + type: string + containerID: + type: string + podType: + type: string + scope: Cluster + names: + plural: ips + singular: ip + kind: IP + shortNames: + - ip +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vips.kubeovn.io +spec: + group: kubeovn.io + names: + plural: vips + singular: vip + shortNames: + - vip + kind: Vip + listKind: VipList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + additionalPrinterColumns: + - name: V4IP + type: string + jsonPath: .status.v4ip + - name: V6IP + type: string + jsonPath: .status.v6ip + - name: Mac + type: string + jsonPath: .status.mac + - name: PMac + type: string + jsonPath: .spec.parentMac + - name: Subnet + type: string + jsonPath: .spec.subnet + - jsonPath: .status.ready + name: Ready + type: boolean + - jsonPath: .status.type + name: Type + type: string + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + type: + type: string + ready: + type: boolean + v4ip: + type: string + v6ip: + type: string + mac: + type: string + pv4ip: + type: string + pv6ip: + type: string + pmac: + type: string + selector: + type: array + items: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + namespace: + type: string + subnet: + type: string + type: + type: string + attachSubnets: + type: array + items: + type: string + v4ip: + type: string + macAddress: + type: string + v6ip: + type: string + parentV4ip: + type: string + parentMac: + type: string + parentV6ip: + type: string + selector: + type: array + items: + type: string +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subnets.kubeovn.io +spec: + group: kubeovn.io + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Provider + type: string + jsonPath: .spec.provider + - name: Vpc + type: string + jsonPath: .spec.vpc + - name: Protocol + type: string + jsonPath: .spec.protocol + - name: CIDR + type: string + jsonPath: .spec.cidrBlock + - name: Private + type: boolean + jsonPath: .spec.private + - name: NAT + type: boolean + jsonPath: .spec.natOutgoing + - name: Default + type: boolean + jsonPath: .spec.default + - name: GatewayType + type: string + jsonPath: .spec.gatewayType + - name: V4Used + type: number + jsonPath: .status.v4usingIPs + - name: V4Available + type: number + jsonPath: .status.v4availableIPs + - name: V6Used + type: number + jsonPath: .status.v6usingIPs + - name: V6Available + type: number + jsonPath: .status.v6availableIPs + - name: ExcludeIPs + type: string + jsonPath: .spec.excludeIps + - name: U2OInterconnectionIP + type: string + jsonPath: .status.u2oInterconnectionIP + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + v4availableIPs: + type: number + v4usingIPs: + type: number + v6availableIPs: + type: number + v6usingIPs: + type: number + activateGateway: + type: string + dhcpV4OptionsUUID: + type: string + dhcpV6OptionsUUID: + type: string + u2oInterconnectionIP: + type: string + u2oInterconnectionVPC: + type: string + v4usingIPrange: + type: string + v4availableIPrange: + type: string + v6usingIPrange: + type: string + v6availableIPrange: + type: string + natOutgoingPolicyRules: + type: array + items: + type: object + properties: + ruleID: + type: string + action: + type: string + enum: + - nat + - forward + match: + type: object + properties: + srcIPs: + type: string + dstIPs: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + vpc: + type: string + default: + type: boolean + protocol: + type: string + enum: + - IPv4 + - IPv6 + - Dual + cidrBlock: + type: string + namespaces: + type: array + items: + type: string + gateway: + type: string + provider: + type: string + excludeIps: + type: array + items: + type: string + vips: + type: array + items: + type: string + gatewayType: + type: string + allowSubnets: + type: array + items: + type: string + gatewayNode: + type: string + natOutgoing: + type: boolean + externalEgressGateway: + type: string + policyRoutingPriority: + type: integer + minimum: 1 + maximum: 32765 + policyRoutingTableID: + type: integer + minimum: 1 + maximum: 2147483647 + not: + enum: + - 252 # compat + - 253 # default + - 254 # main + - 255 # local + mtu: + type: integer + minimum: 68 + maximum: 65535 + private: + type: boolean + vlan: + type: string + logicalGateway: + type: boolean + disableGatewayCheck: + type: boolean + disableInterConnection: + type: boolean + enableDHCP: + type: boolean + dhcpV4Options: + type: string + dhcpV6Options: + type: string + enableIPv6RA: + type: boolean + ipv6RAConfigs: + type: string + allowEWTraffic: + type: boolean + acls: + type: array + items: + type: object + properties: + direction: + type: string + enum: + - from-lport + - to-lport + priority: + type: integer + minimum: 0 + maximum: 32767 + match: + type: string + action: + type: string + enum: + - allow-related + - allow-stateless + - allow + - drop + - reject + natOutgoingPolicyRules: + type: array + items: + type: object + properties: + action: + type: string + enum: + - nat + - forward + match: + type: object + properties: + srcIPs: + type: string + dstIPs: + type: string + u2oInterconnection: + type: boolean + u2oInterconnectionIP: + type: string + enableLb: + type: boolean + enableEcmp: + type: boolean + enableMulticastSnoop: + type: boolean + routeTable: + type: string + scope: Cluster + names: + plural: subnets + singular: subnet + kind: Subnet + shortNames: + - subnet +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: ippools.kubeovn.io +spec: + group: kubeovn.io + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: Subnet + type: string + jsonPath: .spec.subnet + - name: IPs + type: string + jsonPath: .spec.ips + - name: V4Used + type: number + jsonPath: .status.v4UsingIPs + - name: V4Available + type: number + jsonPath: .status.v4AvailableIPs + - name: V6Used + type: number + jsonPath: .status.v6UsingIPs + - name: V6Available + type: number + jsonPath: .status.v6AvailableIPs + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + subnet: + type: string + x-kubernetes-validations: + - rule: "self == oldSelf" + message: "This field is immutable." + namespaces: + type: array + x-kubernetes-list-type: set + items: + type: string + ips: + type: array + minItems: 1 + x-kubernetes-list-type: set + items: + type: string + anyOf: + - format: ipv4 + - format: ipv6 + - format: cidr + - pattern: ^(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.\.(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])$ + - pattern: ^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))\.\.((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))$ + required: + - subnet + - ips + status: + type: object + properties: + v4AvailableIPs: + type: number + v4UsingIPs: + type: number + v6AvailableIPs: + type: number + v6UsingIPs: + type: number + v4AvailableIPRange: + type: string + v4UsingIPRange: + type: string + v6AvailableIPRange: + type: string + v6UsingIPRange: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + scope: Cluster + names: + plural: ippools + singular: ippool + kind: IPPool + shortNames: + - ippool +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vlans.kubeovn.io +spec: + group: kubeovn.io + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + id: + type: integer + minimum: 0 + maximum: 4095 + provider: + type: string + vlanId: + type: integer + description: Deprecated in favor of id + providerInterfaceName: + type: string + description: Deprecated in favor of provider + required: + - provider + status: + type: object + properties: + subnets: + type: array + items: + type: string + additionalPrinterColumns: + - name: ID + type: string + jsonPath: .spec.id + - name: Provider + type: string + jsonPath: .spec.provider + scope: Cluster + names: + plural: vlans + singular: vlan + kind: Vlan + shortNames: + - vlan +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: provider-networks.kubeovn.io +spec: + group: kubeovn.io + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 12 + not: + enum: + - int + spec: + type: object + properties: + defaultInterface: + type: string + maxLength: 15 + pattern: '^[^/\s]+$' + customInterfaces: + type: array + items: + type: object + properties: + interface: + type: string + maxLength: 15 + pattern: '^[^/\s]+$' + nodes: + type: array + items: + type: string + exchangeLinkName: + type: boolean + excludeNodes: + type: array + items: + type: string + required: + - defaultInterface + status: + type: object + properties: + ready: + type: boolean + readyNodes: + type: array + items: + type: string + notReadyNodes: + type: array + items: + type: string + vlans: + type: array + items: + type: string + conditions: + type: array + items: + type: object + properties: + node: + type: string + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + additionalPrinterColumns: + - name: DefaultInterface + type: string + jsonPath: .spec.defaultInterface + - name: Ready + type: boolean + jsonPath: .status.ready + scope: Cluster + names: + plural: provider-networks + singular: provider-network + kind: ProviderNetwork + listKind: ProviderNetworkList +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: security-groups.kubeovn.io +spec: + group: kubeovn.io + names: + plural: security-groups + singular: security-group + shortNames: + - sg + kind: SecurityGroup + listKind: SecurityGroupList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + ingressRules: + type: array + items: + type: object + properties: + ipVersion: + type: string + protocol: + type: string + priority: + type: integer + remoteType: + type: string + remoteAddress: + type: string + remoteSecurityGroup: + type: string + portRangeMin: + type: integer + portRangeMax: + type: integer + policy: + type: string + egressRules: + type: array + items: + type: object + properties: + ipVersion: + type: string + protocol: + type: string + priority: + type: integer + remoteType: + type: string + remoteAddress: + type: string + remoteSecurityGroup: + type: string + portRangeMin: + type: integer + portRangeMax: + type: integer + policy: + type: string + allowSameGroupTraffic: + type: boolean + status: + type: object + properties: + portGroup: + type: string + allowSameGroupTraffic: + type: boolean + ingressMd5: + type: string + egressMd5: + type: string + ingressLastSyncSuccess: + type: boolean + egressLastSyncSuccess: + type: boolean + subresources: + status: {} + conversion: + strategy: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: qos-policies.kubeovn.io +spec: + group: kubeovn.io + names: + plural: qos-policies + singular: qos-policy + shortNames: + - qos + kind: QoSPolicy + listKind: QoSPolicyList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .spec.shared + name: Shared + type: string + - jsonPath: .spec.bindingType + name: BindingType + type: string + schema: + openAPIV3Schema: + type: object + properties: + status: + type: object + properties: + shared: + type: boolean + bindingType: + type: string + bandwidthLimitRules: + type: array + items: + type: object + properties: + name: + type: string + interface: + type: string + rateMax: + type: string + burstMax: + type: string + priority: + type: integer + direction: + type: string + matchType: + type: string + matchValue: + type: string + conditions: + type: array + items: + type: object + properties: + type: + type: string + status: + type: string + reason: + type: string + message: + type: string + lastUpdateTime: + type: string + lastTransitionTime: + type: string + spec: + type: object + properties: + shared: + type: boolean + bindingType: + type: string + bandwidthLimitRules: + type: array + items: + type: object + properties: + name: + type: string + interface: + type: string + rateMax: + type: string + burstMax: + type: string + priority: + type: integer + direction: + type: string + matchType: + type: string + matchValue: + type: string + required: + - name + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml new file mode 100644 index 00000000..b938ebfe --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml @@ -0,0 +1,139 @@ +kind: Deployment +apiVersion: apps/v1 +metadata: + name: kube-ovn-monitor + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + Metrics for OVN components: northd, nb and sb. +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + selector: + matchLabels: + app: kube-ovn-monitor + template: + metadata: + labels: + app: kube-ovn-monitor + component: network + type: infra + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: kube-ovn-monitor + topologyKey: kubernetes.io/hostname + priorityClassName: system-cluster-critical + serviceAccountName: kube-ovn-app + hostNetwork: true + containers: + - name: kube-ovn-monitor + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/start-ovn-monitor.sh"] + args: + - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log + - --logtostderr=false + - --alsologtostderr=true + - --log_file_max_size=0 + securityContext: + runAsUser: 0 + privileged: false + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_IPS + valueFrom: + fieldRef: + fieldPath: status.podIPs + - name: ENABLE_BIND_LOCAL_IP + value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" + resources: + requests: + cpu: {{ index .Values "kube-ovn-monitor" "requests" "cpu" }} + memory: {{ index .Values "kube-ovn-monitor" "requests" "memory" }} + limits: + cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }} + memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }} + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/ovn + name: host-log-ovn + readOnly: true + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/run/tls + name: kube-ovn-tls + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 7 + successThreshold: 1 + tcpSocket: + port: 10661 + timeoutSeconds: 3 + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 7 + successThreshold: 1 + tcpSocket: + port: 10661 + timeoutSeconds: 3 + nodeSelector: + kubernetes.io/os: "linux" + {{- with splitList "=" .Values.MASTER_NODES_LABEL }} + {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}" + {{- end }} + volumes: + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-config-openvswitch + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: + path: {{ .Values.OVN_DIR }} + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml new file mode 100644 index 00000000..1ad1800d --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml @@ -0,0 +1,18 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-monitor + namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-monitor +spec: + ports: + - name: metrics + port: 10661 + type: ClusterIP + selector: + app: kube-ovn-monitor + sessionAffinity: None + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml new file mode 100644 index 00000000..43992e91 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml @@ -0,0 +1,19 @@ +kind: Service +apiVersion: v1 +metadata: + name: ovn-nb + namespace: {{ .Values.namespace }} +spec: + ports: + - name: ovn-nb + protocol: TCP + port: 6641 + targetPort: 6641 + type: ClusterIP + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} + selector: + app: ovn-central + ovn-nb-leader: "true" + sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml new file mode 100644 index 00000000..cec07233 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml @@ -0,0 +1,19 @@ +kind: Service +apiVersion: v1 +metadata: + name: ovn-northd + namespace: {{ .Values.namespace }} +spec: + ports: + - name: ovn-northd + protocol: TCP + port: 6643 + targetPort: 6643 + type: ClusterIP + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} + selector: + app: ovn-central + ovn-northd-leader: "true" + sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml new file mode 100644 index 00000000..69d46ad9 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml @@ -0,0 +1,256 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + name: system:ovn +rules: + - apiGroups: + - "kubeovn.io" + resources: + - vpcs + - vpcs/status + - vpc-nat-gateways + - vpc-nat-gateways/status + - subnets + - subnets/status + - ippools + - ippools/status + - ips + - vips + - vips/status + - vlans + - vlans/status + - provider-networks + - provider-networks/status + - security-groups + - security-groups/status + - iptables-eips + - iptables-fip-rules + - iptables-dnat-rules + - iptables-snat-rules + - iptables-eips/status + - iptables-fip-rules/status + - iptables-dnat-rules/status + - iptables-snat-rules/status + - ovn-eips + - ovn-fips + - ovn-snat-rules + - ovn-eips/status + - ovn-fips/status + - ovn-snat-rules/status + - ovn-dnat-rules + - ovn-dnat-rules/status + - switch-lb-rules + - switch-lb-rules/status + - vpc-dnses + - vpc-dnses/status + - qos-policies + - qos-policies/status + verbs: + - "*" + - apiGroups: + - "" + resources: + - pods + - namespaces + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "k8s.cni.cncf.io" + resources: + - network-attachment-definitions + verbs: + - get + - apiGroups: + - "" + - networking.k8s.io + resources: + - networkpolicies + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - apiGroups: + - "" + resources: + - services + - services/status + verbs: + - get + - list + - update + - create + - delete + - watch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - deployments + - deployments/scale + verbs: + - get + - list + - create + - delete + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - "*" + - apiGroups: + - "kubevirt.io" + resources: + - virtualmachines + - virtualmachineinstances + verbs: + - get + - list + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + name: system:ovn-ovs +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - patch + - apiGroups: + - "" + resources: + - services + - endpoints + verbs: + - get + - apiGroups: + - apps + resources: + - controllerrevisions + verbs: + - get + - list + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + name: system:kube-ovn-cni +rules: + - apiGroups: + - "kubeovn.io" + - "" + resources: + - subnets + - provider-networks + - pods + verbs: + - get + - list + - watch + - apiGroups: + - "" + - "kubeovn.io" + resources: + - ovn-eips + - ovn-eips/status + - nodes + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "kubeovn.io" + resources: + - ips + verbs: + - get + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + name: system:kube-ovn-app +rules: + - apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml new file mode 100644 index 00000000..9230d900 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ovn +roleRef: + name: system:ovn + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: ovn + namespace: {{ .Values.namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ovn-ovs +roleRef: + name: system:ovn-ovs + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: ovn-ovs + namespace: {{ .Values.namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-ovn-cni +roleRef: + name: system:kube-ovn-cni + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-ovn-app +roleRef: + name: system:kube-ovn-app + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kube-ovn-app + namespace: {{ .Values.namespace }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml new file mode 100644 index 00000000..1d799899 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml @@ -0,0 +1,164 @@ +{{- if .Values.HYBRID_DPDK }} +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ovs-ovn-dpdk + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + This daemon set launches the openvswitch daemon. +spec: + selector: + matchLabels: + app: ovs-dpdk + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: ovs-dpdk + component: network + type: infra + spec: + tolerations: + - operator: Exists + priorityClassName: system-node-critical + serviceAccountName: ovn-ovs + hostNetwork: true + hostPID: true + containers: + - name: openvswitch + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/start-ovs-dpdk-v2.sh"] + securityContext: + runAsUser: 0 + privileged: true + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HW_OFFLOAD + value: "{{- .Values.func.HW_OFFLOAD }}" + - name: TUNNEL_TYPE + value: "{{- .Values.networking.TUNNEL_TYPE }}" + - name: DPDK_TUNNEL_IFACE + value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: OVN_REMOTE_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" + - name: OVN_REMOTE_OPENFLOW_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}" + volumeMounts: + - mountPath: /opt/ovs-config + name: host-config-ovs + - name: shareddir + mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods + - name: hugepage + mountPath: /dev/hugepages + - mountPath: /lib/modules + name: host-modules + readOnly: true + - mountPath: /var/run/openvswitch + name: host-run-ovs + mountPropagation: HostToContainer + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /sys + name: host-sys + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/run/tls + name: kube-ovn-tls + readinessProbe: + exec: + command: + - bash + - -c + - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh + periodSeconds: 5 + timeoutSeconds: 45 + livenessProbe: + exec: + command: + - bash + - /kube-ovn/ovs-healthcheck.sh + initialDelaySeconds: 60 + periodSeconds: 5 + failureThreshold: 5 + timeoutSeconds: 45 + resources: + requests: + cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} + memory: {{ index .Values "ovs-ovn" "requests" "memory" }} + limits: + cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} + {{.Values.HUGEPAGE_SIZE_TYPE}}: {{.Values.HUGEPAGES}} + memory: {{ index .Values "ovs-ovn" "limits" "memory" }} + nodeSelector: + kubernetes.io/os: "linux" + ovn.kubernetes.io/ovs_dp_type: "userspace" + volumes: + - name: host-config-ovs + hostPath: + path: /opt/ovs-config + type: DirectoryOrCreate + - name: shareddir + hostPath: + path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods + type: '' + - name: hugepage + emptyDir: + medium: HugePages + - name: host-modules + hostPath: + path: /lib/modules + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-sys + hostPath: + path: /sys + - name: host-config-openvswitch + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: + path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls +{{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml new file mode 100644 index 00000000..17b4a92f --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml @@ -0,0 +1,34 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ovn + namespace: {{ .Values.namespace }} +{{- if .Values.global.registry.imagePullSecrets }} +imagePullSecrets: +{{- range $index, $secret := .Values.global.registry.imagePullSecrets }} +{{- if $secret }} +- name: {{ $secret | quote}} +{{- end }} +{{- end }} +{{- end }} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ovn-ovs + namespace: {{ .Values.namespace }} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-ovn-app + namespace: {{ .Values.namespace }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml new file mode 100644 index 00000000..dde40203 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml @@ -0,0 +1,23 @@ +{{- if .Values.networking.ENABLE_SSL }} +{{- $cn := "ovn" -}} +{{- $ca := genCA "ovn-ca" 3650 -}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: kube-ovn-tls + namespace: {{ .Values.namespace }} +data: +{{- $existingSecret := lookup "v1" "Secret" .Values.namespace "kube-ovn-tls" }} + {{- if $existingSecret }} + cacert: {{ index $existingSecret.data "cacert" }} + cert: {{ index $existingSecret.data "cert" }} + key: {{ index $existingSecret.data "key" }} + {{- else }} + {{- with genSignedCert $cn nil nil 3650 $ca }} + cacert: {{ b64enc $ca.Cert }} + cert: {{ b64enc .Cert }} + key: {{ b64enc .Key }} + {{- end }} + {{- end }} +{{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml new file mode 100644 index 00000000..1dfedf1a --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml @@ -0,0 +1,206 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + This daemon set launches the kube-ovn cni daemon. +spec: + selector: + matchLabels: + app: kube-ovn-cni + template: + metadata: + labels: + app: kube-ovn-cni + component: network + type: infra + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + priorityClassName: system-node-critical + serviceAccountName: kube-ovn-cni + hostNetwork: true + hostPID: true + initContainers: + - name: install-cni + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["/kube-ovn/install-cni.sh"] + securityContext: + runAsUser: 0 + privileged: true + volumeMounts: + - mountPath: /opt/cni/bin + name: cni-bin + {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + - mountPath: /usr/local/bin + name: local-bin + {{- end }} + containers: + - name: cni-server + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - bash + - /kube-ovn/start-cniserver.sh + args: + - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} + - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} + - --node-switch={{ .Values.networking.NODE_SUBNET }} + - --encap-checksum=true + - --service-cluster-ip-range= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.SVC_CIDR }} + {{- end }} + {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} + - --iface= + {{- else}} + - --iface={{- .Values.networking.IFACE }} + {{- end }} + - --dpdk-tunnel-iface={{- .Values.networking.DPDK_TUNNEL_IFACE }} + - --network-type={{- .Values.networking.TUNNEL_TYPE }} + - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} + - --cni-conf-dir={{ .Values.cni_conf.CNI_CONF_DIR }} + - --cni-conf-file={{ .Values.cni_conf.CNI_CONF_FILE }} + - --cni-conf-name={{- .Values.cni_conf.CNI_CONFIG_PRIORITY -}}-kube-ovn.conflist + - --logtostderr=false + - --alsologtostderr=true + - --log_file=/var/log/kube-ovn/kube-ovn-cni.log + - --log_file_max_size=0 + - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} + - --kubelet-dir={{ .Values.kubelet_conf.KUBELET_DIR }} + - --enable-tproxy={{ .Values.func.ENABLE_TPROXY }} + - --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }} + securityContext: + runAsUser: 0 + privileged: true + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_IPS + valueFrom: + fieldRef: + fieldPath: status.podIPs + - name: ENABLE_BIND_LOCAL_IP + value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" + - name: DBUS_SYSTEM_BUS_ADDRESS + value: "unix:path=/host/var/run/dbus/system_bus_socket" + volumeMounts: + - name: host-modules + mountPath: /lib/modules + readOnly: true + - name: shared-dir + mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods + - mountPath: /etc/openvswitch + name: systemid + readOnly: true + - mountPath: /etc/cni/net.d + name: cni-conf + - mountPath: /run/openvswitch + name: host-run-ovs + mountPropagation: Bidirectional + - mountPath: /run/ovn + name: host-run-ovn + - mountPath: /host/var/run/dbus + name: host-dbus + mountPropagation: HostToContainer + - mountPath: /var/run/netns + name: host-ns + mountPropagation: HostToContainer + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /etc/localtime + name: localtime + readOnly: true + readinessProbe: + failureThreshold: 3 + periodSeconds: 7 + successThreshold: 1 + tcpSocket: + port: 10665 + timeoutSeconds: 3 + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 7 + successThreshold: 1 + tcpSocket: + port: 10665 + timeoutSeconds: 3 + resources: + requests: + cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }} + memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }} + limits: + cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }} + memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }} + nodeSelector: + kubernetes.io/os: "linux" + volumes: + - name: host-modules + hostPath: + path: /lib/modules + - name: shared-dir + hostPath: + path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods + - name: systemid + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: cni-conf + hostPath: + path: {{ .Values.cni_conf.CNI_CONF_DIR }} + - name: cni-bin + hostPath: + path: {{ .Values.cni_conf.CNI_BIN_DIR }} + - name: host-ns + hostPath: + path: /var/run/netns + - name: host-dbus + hostPath: + path: /var/run/dbus + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + - name: local-bin + hostPath: + path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml new file mode 100644 index 00000000..e1c47c80 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml @@ -0,0 +1,16 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-cni +spec: + selector: + app: kube-ovn-cni + ports: + - port: 10665 + name: metrics + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml new file mode 100644 index 00000000..72a5eb40 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml @@ -0,0 +1,221 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ovs-ovn + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + This daemon set launches the openvswitch daemon. + chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" +spec: + selector: + matchLabels: + app: ovs + updateStrategy: + type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }} + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + labels: + app: ovs + component: network + type: infra + annotations: + chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + priorityClassName: system-node-critical + serviceAccountName: ovn-ovs + hostNetwork: true + hostPID: true + containers: + - name: openvswitch + {{- if .Values.DPDK }} + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }} + {{- else }} + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.DPDK }} + command: ["/kube-ovn/start-ovs-dpdk.sh"] + {{- else }} + command: + {{- if .Values.DISABLE_MODULES_MANAGEMENT }} + - /bin/sh + - -ec + - | + ln -sf /bin/true /usr/sbin/modprobe + ln -sf /bin/true /usr/sbin/modinfo + ln -sf /bin/true /usr/sbin/rmmod + exec /kube-ovn/start-ovs.sh + {{- else }} + - /kube-ovn/start-ovs.sh + {{- end }} + {{- end }} + securityContext: + runAsUser: 0 + privileged: true + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: HW_OFFLOAD + value: "{{- .Values.func.HW_OFFLOAD }}" + - name: TUNNEL_TYPE + value: "{{- .Values.networking.TUNNEL_TYPE }}" + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: OVN_REMOTE_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" + - name: OVN_REMOTE_OPENFLOW_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}" + volumeMounts: + - mountPath: /var/run/netns + name: host-ns + mountPropagation: HostToContainer + - mountPath: /lib/modules + name: host-modules + readOnly: true + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /etc/ovn + name: host-config-ovn + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/run/tls + name: kube-ovn-tls + - mountPath: /var/run/containerd + name: cruntime + readOnly: true + {{- if .Values.DPDK }} + - mountPath: /opt/ovs-config + name: host-config-ovs + - mountPath: /dev/hugepages + name: hugepage + {{- end }} + readinessProbe: + exec: + {{- if .Values.DPDK }} + command: + - bash + - /kube-ovn/ovs-dpdk-healthcheck.sh + {{- else }} + command: + - bash + - -c + - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 45 + livenessProbe: + exec: + {{- if .Values.DPDK }} + command: + - bash + - /kube-ovn/ovs-dpdk-healthcheck.sh + {{- else }} + command: + - bash + - /kube-ovn/ovs-healthcheck.sh + {{- end }} + initialDelaySeconds: 60 + periodSeconds: 5 + failureThreshold: 5 + timeoutSeconds: 45 + resources: + requests: + {{- if .Values.DPDK }} + cpu: {{ .Values.DPDK_CPU }} + memory: {{ .Values.DPDK_MEMORY }} + {{- else }} + cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} + memory: {{ index .Values "ovs-ovn" "requests" "memory" }} + {{- end }} + limits: + {{- if .Values.DPDK }} + cpu: {{ .Values.DPDK_CPU }} + memory: {{ .Values.DPDK_MEMORY }} + hugepages-1Gi: 1Gi + {{- else }} + cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} + memory: {{ index .Values "ovs-ovn" "limits" "memory" }} + {{- end }} + nodeSelector: + kubernetes.io/os: "linux" + volumes: + - name: host-modules + hostPath: + path: /lib/modules + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-config-openvswitch + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: + path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls + - name: host-ns + hostPath: + path: /var/run/netns + - hostPath: + path: /var/run/containerd + name: cruntime + {{- if .Values.DPDK }} + - name: host-config-ovs + hostPath: + path: /opt/ovs-config + type: DirectoryOrCreate + - name: hugepage + emptyDir: + medium: HugePages + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml new file mode 100644 index 00000000..f54b276a --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml @@ -0,0 +1,137 @@ +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: kube-ovn-pinger + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + This daemon set launches the openvswitch daemon. +spec: + selector: + matchLabels: + app: kube-ovn-pinger + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: kube-ovn-pinger + component: network + type: infra + spec: + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + serviceAccountName: kube-ovn-app + hostPID: true + containers: + - name: pinger + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + command: + - /kube-ovn/kube-ovn-pinger + args: + - --external-address= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.PINGER_EXTERNAL_ADDRESS }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.PINGER_EXTERNAL_ADDRESS }} + {{- end }} + - --external-dns= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.PINGER_EXTERNAL_DOMAIN }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.PINGER_EXTERNAL_DOMAIN }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }} + {{- end }} + - --ds-namespace={{ .Values.namespace }} + - --logtostderr=false + - --alsologtostderr=true + - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log + - --log_file_max_size=0 + - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 0 + privileged: false + env: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /var/log/openvswitch + name: host-log-ovs + readOnly: true + - mountPath: /var/log/ovn + name: host-log-ovn + readOnly: true + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /var/run/tls + name: kube-ovn-tls + resources: + requests: + cpu: {{ index .Values "kube-ovn-pinger" "requests" "cpu" }} + memory: {{ index .Values "kube-ovn-pinger" "requests" "memory" }} + limits: + cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }} + memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }} + nodeSelector: + kubernetes.io/os: "linux" + volumes: + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-config-openvswitch + hostPath: + path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn + - name: localtime + hostPath: + path: /etc/localtime + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml new file mode 100644 index 00000000..ef169e8e --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml @@ -0,0 +1,16 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-pinger + namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-pinger +spec: + selector: + app: kube-ovn-pinger + ports: + - port: 8080 + name: metrics + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml new file mode 100644 index 00000000..d81c5ca2 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml @@ -0,0 +1,123 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-ovn-pre-delete-hook + namespace: {{ .Values.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded + name: system:kube-ovn-pre-delete-hook +rules: + - apiGroups: + - kubeovn.io + resources: + - subnets + verbs: + - get + - list + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-ovn-pre-delete-hook + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + name: system:kube-ovn-pre-delete-hook + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kube-ovn-pre-delete-hook + namespace: {{ .Values.namespace }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Chart.Name }}-pre-delete-hook" + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-weight": "4" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + completions: 1 + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: kube-ovn-pre-delete-hook + component: job + spec: + tolerations: + - key: "" + operator: "Exists" + effect: "NoSchedule" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - kube-ovn-pre-delete-hook + - key: component + operator: In + values: + - job + restartPolicy: Never + hostNetwork: true + nodeSelector: + kubernetes.io/os: "linux" + serviceAccount: kube-ovn-pre-delete-hook + serviceAccountName: kube-ovn-pre-delete-hook + containers: + - name: remove-subnet-finalizer + image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - sh + - -c + - /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log + volumeMounts: + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + volumes: + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml new file mode 100644 index 00000000..36a4a27a --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml @@ -0,0 +1,19 @@ +kind: Service +apiVersion: v1 +metadata: + name: ovn-sb + namespace: {{ .Values.namespace }} +spec: + ports: + - name: ovn-sb + protocol: TCP + port: 6642 + targetPort: 6642 + type: ClusterIP + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} + selector: + app: ovn-central + ovn-sb-leader: "true" + sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml new file mode 100644 index 00000000..94c175fa --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml @@ -0,0 +1,163 @@ +{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ovs-ovn-upgrade + namespace: {{ .Values.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded + name: system:ovs-ovn-upgrade +rules: + - apiGroups: + - apps + resources: + - daemonsets + resourceNames: + - ovs-ovn + verbs: + - get + - apiGroups: + - apps + resources: + - deployments + resourceNames: + - ovn-central + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - apiGroups: + - "" + resources: + - pods + verbs: + - list + - get + - watch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ovs-ovn-upgrade + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "3" + "helm.sh/hook-delete-policy": hook-succeeded +roleRef: + name: system:ovs-ovn-upgrade + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: ovs-ovn-upgrade + namespace: {{ .Values.namespace }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Chart.Name }}-post-upgrade-hook" + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "4" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + completions: 1 + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + app: post-upgrade + component: job + spec: + tolerations: + - key: "" + operator: "Exists" + effect: "NoSchedule" + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - post-upgrade + - key: component + operator: In + values: + - job + restartPolicy: Never + hostNetwork: true + nodeSelector: + kubernetes.io/os: "linux" + serviceAccount: ovs-ovn-upgrade + serviceAccountName: ovs-ovn-upgrade + containers: + - name: ovs-ovn-upgrade + image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + command: + - bash + - -eo + - pipefail + - -c + - /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log + volumeMounts: + - mountPath: /var/log/kube-ovn + name: kube-ovn-log + - mountPath: /var/run/tls + name: kube-ovn-tls + volumes: + - name: kube-ovn-log + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls +{{ end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml new file mode 100755 index 00000000..0f9bd0f5 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml @@ -0,0 +1,10 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: ovn-vpc-nat-config + namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + kube-ovn vpc-nat common config +data: + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }} \ No newline at end of file diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml new file mode 100644 index 00000000..e65c8a85 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml @@ -0,0 +1,181 @@ +# Default values for kubeovn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + registry: + address: docker.io/kubeovn + imagePullSecrets: [] + images: + kubeovn: + repository: kube-ovn + dpdkRepository: kube-ovn-dpdk + vpcRepository: vpc-nat-gateway + tag: v1.13.0 + support_arm: true + thirdparty: true + +image: + pullPolicy: IfNotPresent + +namespace: kube-system +MASTER_NODES: "" +MASTER_NODES_LABEL: "kube-ovn/role=master" + +networking: + # NET_STACK could be dual_stack, ipv4, ipv6 + NET_STACK: ipv4 + ENABLE_SSL: false + # network type could be geneve or vlan + NETWORK_TYPE: geneve + # tunnel type could be geneve, vxlan or stt + TUNNEL_TYPE: geneve + IFACE: "" + DPDK_TUNNEL_IFACE: "br-phy" + EXCLUDE_IPS: "" + POD_NIC_TYPE: "veth-pair" + vlan: + PROVIDER_NAME: "provider" + VLAN_INTERFACE_NAME: "" + VLAN_NAME: "ovn-vlan" + VLAN_ID: "100" + EXCHANGE_LINK_NAME: false + ENABLE_EIP_SNAT: true + DEFAULT_SUBNET: "ovn-default" + DEFAULT_VPC: "ovn-cluster" + NODE_SUBNET: "join" + ENABLE_ECMP: false + ENABLE_METRICS: true + NODE_LOCAL_DNS_IP: "" + PROBE_INTERVAL: 180000 + OVN_NORTHD_PROBE_INTERVAL: 5000 + OVN_LEADER_PROBE_INTERVAL: 5 + OVN_REMOTE_PROBE_INTERVAL: 10000 + OVN_REMOTE_OPENFLOW_INTERVAL: 180 + OVN_NORTHD_N_THREADS: 1 + ENABLE_COMPACT: false + +func: + ENABLE_LB: true + ENABLE_NP: true + ENABLE_EIP_SNAT: true + ENABLE_EXTERNAL_VPC: true + HW_OFFLOAD: false + ENABLE_LB_SVC: false + ENABLE_KEEP_VM_IP: true + LS_DNAT_MOD_DL_DST: true + LS_CT_SKIP_DST_LPORT_IPS: true + CHECK_GATEWAY: true + LOGICAL_GATEWAY: false + ENABLE_BIND_LOCAL_IP: true + U2O_INTERCONNECTION: false + ENABLE_TPROXY: false + ENABLE_IC: false + +ipv4: + POD_CIDR: "10.16.0.0/16" + POD_GATEWAY: "10.16.0.1" + SVC_CIDR: "10.96.0.0/12" + JOIN_CIDR: "100.64.0.0/16" + PINGER_EXTERNAL_ADDRESS: "1.1.1.1" + PINGER_EXTERNAL_DOMAIN: "alauda.cn." + +ipv6: + POD_CIDR: "fd00:10:16::/112" + POD_GATEWAY: "fd00:10:16::1" + SVC_CIDR: "fd00:10:96::/112" + JOIN_CIDR: "fd00:100:64::/112" + PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111" + PINGER_EXTERNAL_DOMAIN: "google.com." + +dual_stack: + POD_CIDR: "10.16.0.0/16,fd00:10:16::/112" + POD_GATEWAY: "10.16.0.1,fd00:10:16::1" + SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112" + JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112" + PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111" + PINGER_EXTERNAL_DOMAIN: "google.com." + +performance: + GC_INTERVAL: 360 + INSPECT_INTERVAL: 20 + OVS_VSCTL_CONCURRENCY: 100 + +debug: + ENABLE_MIRROR: false + MIRROR_IFACE: "mirror0" + +cni_conf: + CNI_CONFIG_PRIORITY: "01" + CNI_CONF_DIR: "/etc/cni/net.d" + CNI_BIN_DIR: "/opt/cni/bin" + CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist" + LOCAL_BIN_DIR: "/usr/local/bin" + MOUNT_LOCAL_BIN_DIR: false + +kubelet_conf: + KUBELET_DIR: "/var/lib/kubelet" + +log_conf: + LOG_DIR: "/var/log" + +OPENVSWITCH_DIR: "/etc/origin/openvswitch" +OVN_DIR: "/etc/origin/ovn" +DISABLE_MODULES_MANAGEMENT: false + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +# hybrid dpdk +HYBRID_DPDK: false +HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default +HUGEPAGES: 1Gi + +# DPDK +DPDK: false +DPDK_VERSION: "19.11" +DPDK_CPU: "1000m" # Default CPU configuration +DPDK_MEMORY: "2Gi" # Default Memory configuration + +ovn-central: + requests: + cpu: "300m" + memory: "200Mi" + limits: + cpu: "3" + memory: "4Gi" +ovs-ovn: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "2" + memory: "1000Mi" +kube-ovn-controller: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "1000m" + memory: "1Gi" +kube-ovn-cni: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "1Gi" +kube-ovn-pinger: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "200m" + memory: "400Mi" +kube-ovn-monitor: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "200m" + memory: "200Mi" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml index 756eb7cc..0e694945 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml @@ -52,19 +52,46 @@ spec: image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: - {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - /kube-ovn/start-controller.sh - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} - - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }} - - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }} + - --default-cidr= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.POD_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.POD_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.POD_CIDR }} + {{- end }} + - --default-gateway= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.POD_GATEWAY }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.POD_GATEWAY }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.POD_GATEWAY }} + {{- end }} - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} - --cluster-router={{ .Values.networking.DEFAULT_VPC }} - --node-switch={{ .Values.networking.NODE_SUBNET }} - - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} - - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + - --node-switch-cidr= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.JOIN_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.JOIN_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.JOIN_CIDR }} + {{- end }} + - --service-cluster-ip-range= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.SVC_CIDR }} + {{- end }} - --network-type={{- .Values.networking.NETWORK_TYPE }} - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index b2e12dd1..d9a9a676 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -51,12 +51,18 @@ spec: - bash - /kube-ovn/start-cniserver.sh args: - {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - --node-switch={{ .Values.networking.NODE_SUBNET }} - --encap-checksum=true - - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + - --service-cluster-ip-range= + {{- if eq .Values.networking.NET_STACK "dual_stack" -}} + {{ .Values.dual_stack.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv4" -}} + {{ .Values.ipv4.SVC_CIDR }} + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.SVC_CIDR }} + {{- end }} {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - --iface= {{- else}} diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index b8807499..bfffc4d7 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -70,6 +70,10 @@ func: ENABLE_TPROXY: false ipv4: + POD_CIDR: "10.16.0.0/16" + POD_GATEWAY: "10.16.0.1" + SVC_CIDR: "10.96.0.0/12" + JOIN_CIDR: "100.64.0.0/16" PINGER_EXTERNAL_ADDRESS: "1.1.1.1" PINGER_EXTERNAL_DOMAIN: "alauda.cn." diff --git a/packages/system/kubeovn/patches/cozyconfig.diff b/packages/system/kubeovn/patches/cozyconfig.diff deleted file mode 100644 index c5a14190..00000000 --- a/packages/system/kubeovn/patches/cozyconfig.diff +++ /dev/null @@ -1,97 +0,0 @@ - -diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml -index d9a9a67..b2e12dd 100644 ---- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml -+++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml -@@ -51,18 +51,12 @@ spec: - - bash - - /kube-ovn/start-cniserver.sh - args: -+ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - - --node-switch={{ .Values.networking.NODE_SUBNET }} - - --encap-checksum=true -- - --service-cluster-ip-range= -- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} -- {{ .Values.dual_stack.SVC_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} -- {{ .Values.ipv4.SVC_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} -- {{ .Values.ipv6.SVC_CIDR }} -- {{- end }} -+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} - {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - - --iface= - {{- else}} -diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml -index 0e69494..756eb7c 100644 ---- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml -+++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml -@@ -52,46 +52,19 @@ spec: - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: -+ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - - /kube-ovn/start-controller.sh - - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} -- - --default-cidr= -- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} -- {{ .Values.dual_stack.POD_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} -- {{ .Values.ipv4.POD_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} -- {{ .Values.ipv6.POD_CIDR }} -- {{- end }} -- - --default-gateway= -- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} -- {{ .Values.dual_stack.POD_GATEWAY }} -- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} -- {{ .Values.ipv4.POD_GATEWAY }} -- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} -- {{ .Values.ipv6.POD_GATEWAY }} -- {{- end }} -+ - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }} -+ - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }} - - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} - - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} - - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} - - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} - - --cluster-router={{ .Values.networking.DEFAULT_VPC }} - - --node-switch={{ .Values.networking.NODE_SUBNET }} -- - --node-switch-cidr= -- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} -- {{ .Values.dual_stack.JOIN_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} -- {{ .Values.ipv4.JOIN_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} -- {{ .Values.ipv6.JOIN_CIDR }} -- {{- end }} -- - --service-cluster-ip-range= -- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} -- {{ .Values.dual_stack.SVC_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} -- {{ .Values.ipv4.SVC_CIDR }} -- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} -- {{ .Values.ipv6.SVC_CIDR }} -- {{- end }} -+ - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} -+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} - - --network-type={{- .Values.networking.NETWORK_TYPE }} - - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} -diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml -index bfffc4d..b880749 100644 ---- a/packages/system/kubeovn/charts/kube-ovn/values.yaml -+++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml -@@ -70,10 +70,6 @@ func: - ENABLE_TPROXY: false - - ipv4: -- POD_CIDR: "10.16.0.0/16" -- POD_GATEWAY: "10.16.0.1" -- SVC_CIDR: "10.96.0.0/12" -- JOIN_CIDR: "100.64.0.0/16" - PINGER_EXTERNAL_ADDRESS: "1.1.1.1" - PINGER_EXTERNAL_DOMAIN: "alauda.cn." - diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 421b14de..26e9203f 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -12,6 +12,12 @@ kube-ovn: func: ENABLE_NP: false + ipv4: + POD_CIDR: "10.244.0.0/16" + POD_GATEWAY: "10.244.0.1" + SVC_CIDR: "10.96.0.0/16" + JOIN_CIDR: "100.64.0.0/16" + MASTER_NODES_LABEL: "node-role.kubernetes.io/control-plane" networking: ENABLE_SSL: true