diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index cf67c7d9..7444af6a 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,12 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: v1.13.8 +version: v1.13.11 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.13.8" +appVersion: "1.13.11" kubeVersion: ">= 1.23.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml index 5c6afffa..2f5ef406 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml @@ -83,6 +83,9 @@ spec: - --node-switch={{ .Values.networking.NODE_SUBNET }} - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + {{- if .Values.global.logVerbosity }} + - --v={{ .Values.global.logVerbosity }} + {{- end }} - --network-type={{- .Values.networking.NETWORK_TYPE }} - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index 3d9a7e88..00d3f8af 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -35,11 +35,7 @@ spec: command: - sh - -xec - - {{ if not .Values.DISABLE_MODULES_MANAGEMENT -}} - iptables -V - {{- else -}} - echo "nothing to do" - {{- end }} + - iptables -V securityContext: allowPrivilegeEscalation: true capabilities: @@ -93,6 +89,9 @@ spec: - --node-switch={{ .Values.networking.NODE_SUBNET }} - --encap-checksum=true - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + {{- if .Values.global.logVerbosity }} + - --v={{ .Values.global.logVerbosity }} + {{- end }} {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - --iface= {{- else}} @@ -125,9 +124,6 @@ spec: - NET_RAW - SYS_ADMIN - SYS_PTRACE - {{- if not .Values.DISABLE_MODULES_MANAGEMENT }} - - SYS_MODULE - {{- end }} - SYS_NICE env: - name: ENABLE_SSL diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml index 33fa06d3..003d0c71 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -49,8 +49,9 @@ spec: - -xec - | chown -R nobody: /var/run/ovn /var/log/ovn /etc/openvswitch /var/run/openvswitch /var/log/openvswitch - {{- if not .Values.DISABLE_MODULES_MANAGEMENT }} iptables -V + {{- if not .Values.DISABLE_MODULES_MANAGEMENT }} + /usr/share/openvswitch/scripts/ovs-ctl load-kmod {{- else }} ln -sf /bin/true /usr/local/sbin/modprobe ln -sf /bin/true /usr/local/sbin/modinfo @@ -64,6 +65,9 @@ spec: privileged: true runAsUser: 0 volumeMounts: + - mountPath: /lib/modules + name: host-modules + readOnly: true - mountPath: /usr/local/sbin name: usr-local-sbin - mountPath: /var/log/ovn @@ -96,9 +100,7 @@ spec: add: - NET_ADMIN - NET_BIND_SERVICE - {{- if not .Values.DISABLE_MODULES_MANAGEMENT }} - - SYS_MODULE - {{- end }} + - NET_RAW - SYS_NICE - SYS_ADMIN env: diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index 98c6bb2c..d6185a9c 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -10,7 +10,7 @@ global: repository: kube-ovn dpdkRepository: kube-ovn-dpdk vpcRepository: vpc-nat-gateway - tag: v1.13.8 + tag: v1.13.11 support_arm: true thirdparty: true diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile index be05d4b8..a3e85382 100644 --- a/packages/system/kubeovn/images/kubeovn/Dockerfile +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -1,54 +1,2 @@ -# syntax = docker/dockerfile:experimental -ARG VERSION=v1.13.8 -ARG BASE_TAG=$VERSION - -FROM golang:1.23-bookworm as builder - -ARG TAG=v1.13.8 -RUN git clone --branch ${TAG} --depth 1 https://github.com/kubeovn/kube-ovn /source - -WORKDIR /source - -COPY patches /patches -RUN git apply /patches/*.diff -RUN make build-go - -WORKDIR /source/dist/images - -# imported from https://github.com/kubeovn/kube-ovn/blob/master/dist/images/Dockerfile -FROM kubeovn/kube-ovn-base:$BASE_TAG AS setcap - -COPY --from=builder /source/dist/images/*.sh /kube-ovn/ -COPY --from=builder /source/dist/images/kubectl-ko /kube-ovn/kubectl-ko -COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist - -COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn -COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd -COPY --from=builder /source/dist/images/kube-ovn-daemon /kube-ovn/kube-ovn-daemon -COPY --from=builder /source/dist/images/kube-ovn-controller /kube-ovn/kube-ovn-controller -RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-webhook && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \ - ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller && \ - ln -s /kube-ovn/kube-ovn-controller /kube-ovn/kube-ovn-pinger && \ - setcap CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-cmd && \ - setcap CAP_NET_RAW,CAP_NET_BIND_SERVICE+eip /kube-ovn/kube-ovn-controller && \ - setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /kube-ovn/kube-ovn-daemon - -FROM kubeovn/kube-ovn-base:$BASE_TAG - -COPY --chmod=0644 --from=builder /source/dist/images/logrotate/* /etc/logrotate.d/ -COPY --from=builder /source/dist/images/grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller - -COPY --from=setcap /kube-ovn /kube-ovn -RUN /kube-ovn/iptables-wrapper-installer.sh --no-sanity-check - -WORKDIR /kube-ovn - -# Fix https://github.com/kubeovn/kube-ovn/issues/4526 -RUN setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/lib/openvswitch-switch/ovs-vswitchd \ - && setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-legacy-multi \ - && setcap CAP_NET_ADMIN,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/xtables-nft-multi \ - && setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_NET_BIND_SERVICE,CAP_SYS_ADMIN+eip /usr/sbin/ipset \ - && setcap CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN+eip /usr/bin/ip +ARG VERSION=v1.13.11 +FROM kubeovn/kube-ovn:${VERSION} diff --git a/packages/system/kubeovn/patches/cozyconfig.diff b/packages/system/kubeovn/patches/cozyconfig.diff index c5a14190..f7a683f7 100644 --- a/packages/system/kubeovn/patches/cozyconfig.diff +++ b/packages/system/kubeovn/patches/cozyconfig.diff @@ -3,7 +3,7 @@ diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/ index d9a9a67..b2e12dd 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml -@@ -51,18 +51,12 @@ spec: +@@ -51,18 +51,15 @@ spec: - bash - /kube-ovn/start-cniserver.sh args: @@ -21,6 +21,9 @@ index d9a9a67..b2e12dd 100644 - {{ .Values.ipv6.SVC_CIDR }} - {{- end }} + - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} ++ {{- if .Values.global.logVerbosity }} ++ - --v={{ .Values.global.logVerbosity }} ++ {{- end }} {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - --iface= {{- else}} @@ -28,7 +31,7 @@ diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy index 0e69494..756eb7c 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml -@@ -52,46 +52,19 @@ spec: +@@ -52,46 +52,22 @@ spec: image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: @@ -77,6 +80,9 @@ index 0e69494..756eb7c 100644 - {{- end }} + - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} + - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} ++ {{- if .Values.global.logVerbosity }} ++ - --v={{ .Values.global.logVerbosity }} ++ {{- end }} - --network-type={{- .Values.networking.NETWORK_TYPE }} - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}