github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-01-27 10:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update kube-ovn v1.13.0-ge1310e17 and enable image building (#149)

Browse Source 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
This commit is contained in:
Andrei Kvapil
2024-05-26 18:11:36 +02:00
committed by GitHub
parent 48df98230f
commit e89926cca6
52 changed files with 359 additions and 4713 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Makefile
View File

@@ -3,6 +3,7 @@
build:
make -C packages/apps/http-cache image
make -C packages/apps/kubernetes image
make -C packages/system/kubeovn image
make -C packages/system/dashboard image
make -C packages/core/installer image
make manifests

21
packages/system/kubeovn/Makefile
View File

@@ -1,9 +1,28 @@
KUBEOVN_TAG = v1.13.0
NAME=kubeovn
NAMESPACE=cozy-$(NAME)
include ../../../scripts/common-envs.mk
include ../../../scripts/package-system.mk
update:
rm -rf charts && mkdir -p charts/kube-ovn
curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \
tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts
tar xzvf - --strip 1 kube-ovn-master/charts
patch -p4 --no-backup-if-mismatch < patches/cozyconfig.diff
ln -s ../../images charts/kube-ovn/images
sed -i '/image:/ s/{{.*}}/{{ include "kubeovn.image" . }}/g' `grep -rl image: charts/kube-ovn/templates/`
image:
docker buildx build images/kubeovn \
--provenance false \
--tag $(REGISTRY)/kubeovn:$(call settag,$(TAG)) \
--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)) \
--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)-$(TAG)) \
--cache-from type=registry,ref=$(REGISTRY)/kubeovn:latest \
--cache-to type=inline \
--metadata-file images/kubeovn.json \
--push=$(PUSH) \
--load=$(LOAD)
echo "$(REGISTRY)/kubeovn:$(call settag,$(TAG))" > images/kubeovn.tag

4
packages/system/kubeovn/charts/kube-ovn/Chart.yaml
View File

@@ -15,10 +15,12 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
version: 1.13.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.13.0"
kubeVersion: ">= 1.23.0-0"

8
packages/system/kubeovn/charts/kube-ovn/README.md
View File

@@ -10,13 +10,13 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=mast
$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite
# standard install
$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}
$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0}
# high availability install
$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
# upgrade to this version
$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
```
If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
@@ -32,7 +32,7 @@ machine:
- name: openvswitch
```
and use the following options for install this Helm-chart:
and use the following options to install this Helm-chart:
```
--set cni_conf.MOUNT_LOCAL_BIN_DIR=false

2278
packages/system/kubeovn/charts/kube-ovn/crds/crd.yaml
View File

File diff suppressed because it is too large Load Diff

1
packages/system/kubeovn/charts/kube-ovn/images Symbolic link
View File

@@ -0,0 +1 @@
../../images

24
packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: v2
name: kube-ovn
description: Helm chart for Kube-OVN
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.13.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "1.13.0"

42
packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md
View File

@@ -1,42 +0,0 @@
# Kube-OVN-helm
Currently supported version: 1.9
Installation :
```bash
$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite
$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite
$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite
# standard install
$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0}
# high availability install
$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
# upgrade to this version
$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
```
If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
### Talos Linux
To install Kube-OVN on Talos Linux, declare openvswitch module in machine config:
```
machine:
kernel:
modules:
- name: openvswitch
```
and use the following options to install this Helm-chart:
```
--set cni_conf.MOUNT_LOCAL_BIN_DIR=false
--set OPENVSWITCH_DIR=/var/lib/openvswitch
--set OVN_DIR=/var/lib/ovn
--set DISABLE_MODULES_MANAGEMENT=true
```

54
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl
View File

@@ -1,54 +0,0 @@
{{/*
Get IP-addresses of master nodes
*/}}
{{- define "kubeovn.nodeIPs" -}}
{{- $nodes := lookup "v1" "Node" "" "" -}}
{{- $ips := list -}}
{{- range $node := $nodes.items -}}
{{- $label := splitList "=" $.Values.MASTER_NODES_LABEL }}
{{- $key := index $label 0 }}
{{- $val := "" }}
{{- if eq (len $label) 2 }}
{{- $val = index $label 1 }}
{{- end }}
{{- if eq (index $node.metadata.labels $key) $val -}}
{{- range $address := $node.status.addresses -}}
{{- if eq $address.type "InternalIP" -}}
{{- $ips = append $ips $address.address -}}
{{- break -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{ join "," $ips }}
{{- end -}}
{{/*
Number of master nodes
*/}}
{{- define "kubeovn.nodeCount" -}}
{{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
{{- end -}}
{{- define "kubeovn.ovs-ovn.updateStrategy" -}}
{{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
{{- if $ds -}}
{{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}}
RollingUpdate
{{- else -}}
{{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
{{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
{{- if regexMatch $versionRegex $imageVersion -}}
{{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
RollingUpdate
{{- else -}}
OnDelete
{{- end -}}
{{- else -}}
OnDelete
{{- end -}}
{{- end -}}
{{- else -}}
RollingUpdate
{{- end -}}
{{- end -}}

161
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml
View File

@@ -1,161 +0,0 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: ovn-central
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
OVN components: northd, nb and sb.
spec:
replicas: {{ include "kubeovn.nodeCount" . }}
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: ovn-central
template:
metadata:
labels:
app: ovn-central
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: ovn-central
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn-ovs
hostNetwork: true
containers:
- name: ovn-central
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /kube-ovn/start-db.sh
securityContext:
capabilities:
add: ["SYS_NICE"]
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: NODE_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
- name: PROBE_INTERVAL
value: "{{ .Values.networking.PROBE_INTERVAL }}"
- name: OVN_NORTHD_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}"
- name: OVN_LEADER_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}"
- name: OVN_NORTHD_N_THREADS
value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
- name: ENABLE_COMPACT
value: "{{ .Values.networking.ENABLE_COMPACT }}"
{{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
- name: OVN_VERSION_COMPATIBILITY
value: "21.06"
{{- end }}
resources:
requests:
cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
memory: {{ index .Values "ovn-central" "requests" "memory" }}
limits:
cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
memory: {{ index .Values "ovn-central" "limits" "memory" }}
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
periodSeconds: 15
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovn-healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 15
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
{{- with splitList "=" .Values.MASTER_NODES_LABEL }}
{{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}"
{{- end }}
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-config-ovn
hostPath:
path: {{ .Values.OVN_DIR }}
- name: host-log-ovs
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls

190
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml
View File

@@ -1,190 +0,0 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: kube-ovn-controller
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
kube-ovn controller
spec:
replicas: {{ include "kubeovn.nodeCount" . }}
selector:
matchLabels:
app: kube-ovn-controller
strategy:
rollingUpdate:
maxSurge: 0%
maxUnavailable: 100%
type: RollingUpdate
template:
metadata:
labels:
app: kube-ovn-controller
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- preference:
matchExpressions:
- key: "ovn.kubernetes.io/ic-gw"
operator: NotIn
values:
- "true"
weight: 100
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: kube-ovn-controller
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
containers:
- name: kube-ovn-controller
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- /kube-ovn/start-controller.sh
- --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
- --default-cidr=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.POD_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.POD_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.POD_CIDR }}
{{- end }}
- --default-gateway=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.POD_GATEWAY }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.POD_GATEWAY }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.POD_GATEWAY }}
{{- end }}
- --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
- --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
- --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
- --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
- --cluster-router={{ .Values.networking.DEFAULT_VPC }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- --node-switch-cidr=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.JOIN_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.JOIN_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.JOIN_CIDR }}
{{- end }}
- --service-cluster-ip-range=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.SVC_CIDR }}
{{- end }}
- --network-type={{- .Values.networking.NETWORK_TYPE }}
- --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
- --default-exchange-link-name={{- .Values.networking.EXCHANGE_LINK_NAME }}
- --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }}
- --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }}
- --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }}
- --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }}
- --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
- --enable-lb={{- .Values.func.ENABLE_LB }}
- --enable-np={{- .Values.func.ENABLE_NP }}
- --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }}
- --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }}
- --enable-ecmp={{- .Values.networking.ENABLE_ECMP }}
- --logtostderr=false
- --alsologtostderr=true
- --gc-interval={{- .Values.performance.GC_INTERVAL }}
- --inspect-interval={{- .Values.performance.INSPECT_INTERVAL }}
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
- --log_file_max_size=0
- --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }}
- --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
- --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
- --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: KUBE_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
volumeMounts:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
# ovn-ic log directory
- mountPath: /var/log/ovn
name: ovn-log
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- /kube-ovn/kube-ovn-controller-healthcheck
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- /kube-ovn/kube-ovn-controller-healthcheck
initialDelaySeconds: 300
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }}
memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }}
limits:
cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }}
memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
- name: ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls

16
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml
View File

@@ -1,16 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-controller
namespace: {{ .Values.namespace }}
labels:
app: kube-ovn-controller
spec:
selector:
app: kube-ovn-controller
ports:
- port: 10660
name: metrics
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}

139
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml
View File

@@ -1,139 +0,0 @@
kind: Deployment
apiVersion: apps/v1
metadata:
name: kube-ovn-monitor
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
Metrics for OVN components: northd, nb and sb.
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: kube-ovn-monitor
template:
metadata:
labels:
app: kube-ovn-monitor
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: kube-ovn-monitor
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: kube-ovn-app
hostNetwork: true
containers:
- name: kube-ovn-monitor
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ovn-monitor.sh"]
args:
- --log_file=/var/log/kube-ovn/kube-ovn-monitor.log
- --logtostderr=false
- --alsologtostderr=true
- --log_file_max_size=0
securityContext:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
resources:
requests:
cpu: {{ index .Values "kube-ovn-monitor" "requests" "cpu" }}
memory: {{ index .Values "kube-ovn-monitor" "requests" "memory" }}
limits:
cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }}
memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }}
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/ovn
name: host-log-ovn
readOnly: true
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/tls
name: kube-ovn-tls
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10661
timeoutSeconds: 3
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10661
timeoutSeconds: 3
nodeSelector:
kubernetes.io/os: "linux"
{{- with splitList "=" .Values.MASTER_NODES_LABEL }}
{{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}"
{{- end }}
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-config-ovn
hostPath:
path: {{ .Values.OVN_DIR }}
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn

18
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml
View File

@@ -1,18 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-monitor
namespace: {{ .Values.namespace }}
labels:
app: kube-ovn-monitor
spec:
ports:
- name: metrics
port: 10661
type: ClusterIP
selector:
app: kube-ovn-monitor
sessionAffinity: None
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}

19
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml
View File

@@ -1,19 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: ovn-nb
namespace: {{ .Values.namespace }}
spec:
ports:
- name: ovn-nb
protocol: TCP
port: 6641
targetPort: 6641
type: ClusterIP
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}
selector:
app: ovn-central
ovn-nb-leader: "true"
sessionAffinity: None

19
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml
View File

@@ -1,19 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: ovn-northd
namespace: {{ .Values.namespace }}
spec:
ports:
- name: ovn-northd
protocol: TCP
port: 6643
targetPort: 6643
type: ClusterIP
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}
selector:
app: ovn-central
ovn-northd-leader: "true"
sessionAffinity: None

256
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml
View File

@@ -1,256 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn
rules:
- apiGroups:
- "kubeovn.io"
resources:
- vpcs
- vpcs/status
- vpc-nat-gateways
- vpc-nat-gateways/status
- subnets
- subnets/status
- ippools
- ippools/status
- ips
- vips
- vips/status
- vlans
- vlans/status
- provider-networks
- provider-networks/status
- security-groups
- security-groups/status
- iptables-eips
- iptables-fip-rules
- iptables-dnat-rules
- iptables-snat-rules
- iptables-eips/status
- iptables-fip-rules/status
- iptables-dnat-rules/status
- iptables-snat-rules/status
- ovn-eips
- ovn-fips
- ovn-snat-rules
- ovn-eips/status
- ovn-fips/status
- ovn-snat-rules/status
- ovn-dnat-rules
- ovn-dnat-rules/status
- switch-lb-rules
- switch-lb-rules/status
- vpc-dnses
- vpc-dnses/status
- qos-policies
- qos-policies/status
verbs:
- "*"
- apiGroups:
- ""
resources:
- pods
- namespaces
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- "k8s.cni.cncf.io"
resources:
- network-attachment-definitions
verbs:
- get
- apiGroups:
- ""
- networking.k8s.io
resources:
- networkpolicies
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- apiGroups:
- ""
resources:
- services
- services/status
verbs:
- get
- list
- update
- create
- delete
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- update
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- deployments/scale
verbs:
- get
- list
- create
- delete
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- "*"
- apiGroups:
- "kubevirt.io"
resources:
- virtualmachines
- virtualmachineinstances
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn-ovs
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- patch
- apiGroups:
- ""
resources:
- services
- endpoints
verbs:
- get
- apiGroups:
- apps
resources:
- controllerrevisions
verbs:
- get
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:kube-ovn-cni
rules:
- apiGroups:
- "kubeovn.io"
- ""
resources:
- subnets
- provider-networks
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
- "kubeovn.io"
resources:
- ovn-eips
- ovn-eips/status
- nodes
verbs:
- get
- list
- patch
- watch
- apiGroups:
- "kubeovn.io"
resources:
- ips
verbs:
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
name: system:kube-ovn-app
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get

54
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml
View File

@@ -1,54 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn
roleRef:
name: system:ovn
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn
namespace: {{ .Values.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-ovs
roleRef:
name: system:ovn-ovs
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovn-ovs
namespace: {{ .Values.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-ovn-cni
roleRef:
name: system:kube-ovn-cni
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kube-ovn-cni
namespace: {{ .Values.namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-ovn-app
roleRef:
name: system:kube-ovn-app
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kube-ovn-app
namespace: {{ .Values.namespace }}

164
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml
View File

@@ -1,164 +0,0 @@
{{- if .Values.HYBRID_DPDK }}
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-ovn-dpdk
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: ovs-dpdk
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ovs-dpdk
component: network
type: infra
spec:
tolerations:
- operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn-ovs
hostNetwork: true
hostPID: true
containers:
- name: openvswitch
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ovs-dpdk-v2.sh"]
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HW_OFFLOAD
value: "{{- .Values.func.HW_OFFLOAD }}"
- name: TUNNEL_TYPE
value: "{{- .Values.networking.TUNNEL_TYPE }}"
- name: DPDK_TUNNEL_IFACE
value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
- name: OVN_REMOTE_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
- name: OVN_REMOTE_OPENFLOW_INTERVAL
value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}"
volumeMounts:
- mountPath: /opt/ovs-config
name: host-config-ovs
- name: shareddir
mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
- name: hugepage
mountPath: /dev/hugepages
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
mountPropagation: HostToContainer
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- bash
- -c
- LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
- bash
- /kube-ovn/ovs-healthcheck.sh
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }}
memory: {{ index .Values "ovs-ovn" "requests" "memory" }}
limits:
cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }}
{{.Values.HUGEPAGE_SIZE_TYPE}}: {{.Values.HUGEPAGES}}
memory: {{ index .Values "ovs-ovn" "limits" "memory" }}
nodeSelector:
kubernetes.io/os: "linux"
ovn.kubernetes.io/ovs_dp_type: "userspace"
volumes:
- name: host-config-ovs
hostPath:
path: /opt/ovs-config
type: DirectoryOrCreate
- name: shareddir
hostPath:
path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
type: ''
- name: hugepage
emptyDir:
medium: HugePages
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-config-ovn
hostPath:
path: {{ .Values.OVN_DIR }}
- name: host-log-ovs
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
{{- end }}

34
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml
View File

@@ -1,34 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovn
namespace: {{ .Values.namespace }}
{{- if .Values.global.registry.imagePullSecrets }}
imagePullSecrets:
{{- range $index, $secret := .Values.global.registry.imagePullSecrets }}
{{- if $secret }}
- name: {{ $secret | quote}}
{{- end }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovn-ovs
namespace: {{ .Values.namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-ovn-cni
namespace: {{ .Values.namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-ovn-app
namespace: {{ .Values.namespace }}

23
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml
View File

@@ -1,23 +0,0 @@
{{- if .Values.networking.ENABLE_SSL }}
{{- $cn := "ovn" -}}
{{- $ca := genCA "ovn-ca" 3650 -}}
---
apiVersion: v1
kind: Secret
metadata:
name: kube-ovn-tls
namespace: {{ .Values.namespace }}
data:
{{- $existingSecret := lookup "v1" "Secret" .Values.namespace "kube-ovn-tls" }}
{{- if $existingSecret }}
cacert: {{ index $existingSecret.data "cacert" }}
cert: {{ index $existingSecret.data "cert" }}
key: {{ index $existingSecret.data "key" }}
{{- else }}
{{- with genSignedCert $cn nil nil 3650 $ca }}
cacert: {{ b64enc $ca.Cert }}
cert: {{ b64enc .Cert }}
key: {{ b64enc .Key }}
{{- end }}
{{- end }}
{{- end }}

206
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml
View File

@@ -1,206 +0,0 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kube-ovn-cni
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
This daemon set launches the kube-ovn cni daemon.
spec:
selector:
matchLabels:
app: kube-ovn-cni
template:
metadata:
labels:
app: kube-ovn-cni
component: network
type: infra
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: kube-ovn-cni
hostNetwork: true
hostPID: true
initContainers:
- name: install-cni
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/install-cni.sh"]
securityContext:
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /opt/cni/bin
name: cni-bin
{{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
- mountPath: /usr/local/bin
name: local-bin
{{- end }}
containers:
- name: cni-server
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- /kube-ovn/start-cniserver.sh
args:
- --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
- --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- --encap-checksum=true
- --service-cluster-ip-range=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.SVC_CIDR }}
{{- end }}
{{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
- --iface=
{{- else}}
- --iface={{- .Values.networking.IFACE }}
{{- end }}
- --dpdk-tunnel-iface={{- .Values.networking.DPDK_TUNNEL_IFACE }}
- --network-type={{- .Values.networking.TUNNEL_TYPE }}
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
- --cni-conf-dir={{ .Values.cni_conf.CNI_CONF_DIR }}
- --cni-conf-file={{ .Values.cni_conf.CNI_CONF_FILE }}
- --cni-conf-name={{- .Values.cni_conf.CNI_CONFIG_PRIORITY -}}-kube-ovn.conflist
- --logtostderr=false
- --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-cni.log
- --log_file_max_size=0
- --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
- --kubelet-dir={{ .Values.kubelet_conf.KUBELET_DIR }}
- --enable-tproxy={{ .Values.func.ENABLE_TPROXY }}
- --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }}
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_IPS
valueFrom:
fieldRef:
fieldPath: status.podIPs
- name: ENABLE_BIND_LOCAL_IP
value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
- name: DBUS_SYSTEM_BUS_ADDRESS
value: "unix:path=/host/var/run/dbus/system_bus_socket"
volumeMounts:
- name: host-modules
mountPath: /lib/modules
readOnly: true
- name: shared-dir
mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
- mountPath: /etc/openvswitch
name: systemid
readOnly: true
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /run/openvswitch
name: host-run-ovs
mountPropagation: Bidirectional
- mountPath: /run/ovn
name: host-run-ovn
- mountPath: /host/var/run/dbus
name: host-dbus
mountPropagation: HostToContainer
- mountPath: /var/run/netns
name: host-ns
mountPropagation: HostToContainer
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
readOnly: true
readinessProbe:
failureThreshold: 3
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10665
timeoutSeconds: 3
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 7
successThreshold: 1
tcpSocket:
port: 10665
timeoutSeconds: 3
resources:
requests:
cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }}
memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }}
limits:
cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }}
memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: shared-dir
hostPath:
path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
- name: systemid
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: cni-conf
hostPath:
path: {{ .Values.cni_conf.CNI_CONF_DIR }}
- name: cni-bin
hostPath:
path: {{ .Values.cni_conf.CNI_BIN_DIR }}
- name: host-ns
hostPath:
path: /var/run/netns
- name: host-dbus
hostPath:
path: /var/run/dbus
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: host-log-ovs
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
{{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
- name: local-bin
hostPath:
path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
{{- end }}

16
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml
View File

@@ -1,16 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-cni
namespace: {{ .Values.namespace }}
labels:
app: kube-ovn-cni
spec:
selector:
app: kube-ovn-cni
ports:
- port: 10665
name: metrics
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}

221
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml
View File

@@ -1,221 +0,0 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-ovn
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
selector:
matchLabels:
app: ovs
updateStrategy:
type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }}
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
template:
metadata:
labels:
app: ovs
component: network
type: infra
annotations:
chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
priorityClassName: system-node-critical
serviceAccountName: ovn-ovs
hostNetwork: true
hostPID: true
containers:
- name: openvswitch
{{- if .Values.DPDK }}
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }}
{{- else }}
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.DPDK }}
command: ["/kube-ovn/start-ovs-dpdk.sh"]
{{- else }}
command:
{{- if .Values.DISABLE_MODULES_MANAGEMENT }}
- /bin/sh
- -ec
- |
ln -sf /bin/true /usr/sbin/modprobe
ln -sf /bin/true /usr/sbin/modinfo
ln -sf /bin/true /usr/sbin/rmmod
exec /kube-ovn/start-ovs.sh
{{- else }}
- /kube-ovn/start-ovs.sh
{{- end }}
{{- end }}
securityContext:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: HW_OFFLOAD
value: "{{- .Values.func.HW_OFFLOAD }}"
- name: TUNNEL_TYPE
value: "{{- .Values.networking.TUNNEL_TYPE }}"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
- name: OVN_REMOTE_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
- name: OVN_REMOTE_OPENFLOW_INTERVAL
value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}"
volumeMounts:
- mountPath: /var/run/netns
name: host-ns
mountPropagation: HostToContainer
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/tls
name: kube-ovn-tls
- mountPath: /var/run/containerd
name: cruntime
readOnly: true
{{- if .Values.DPDK }}
- mountPath: /opt/ovs-config
name: host-config-ovs
- mountPath: /dev/hugepages
name: hugepage
{{- end }}
readinessProbe:
exec:
{{- if .Values.DPDK }}
command:
- bash
- /kube-ovn/ovs-dpdk-healthcheck.sh
{{- else }}
command:
- bash
- -c
- LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
{{- end }}
initialDelaySeconds: 10
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
{{- if .Values.DPDK }}
command:
- bash
- /kube-ovn/ovs-dpdk-healthcheck.sh
{{- else }}
command:
- bash
- /kube-ovn/ovs-healthcheck.sh
{{- end }}
initialDelaySeconds: 60
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
{{- if .Values.DPDK }}
cpu: {{ .Values.DPDK_CPU }}
memory: {{ .Values.DPDK_MEMORY }}
{{- else }}
cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }}
memory: {{ index .Values "ovs-ovn" "requests" "memory" }}
{{- end }}
limits:
{{- if .Values.DPDK }}
cpu: {{ .Values.DPDK_CPU }}
memory: {{ .Values.DPDK_MEMORY }}
hugepages-1Gi: 1Gi
{{- else }}
cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }}
memory: {{ index .Values "ovs-ovn" "limits" "memory" }}
{{- end }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-config-ovn
hostPath:
path: {{ .Values.OVN_DIR }}
- name: host-log-ovs
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
- name: host-ns
hostPath:
path: /var/run/netns
- hostPath:
path: /var/run/containerd
name: cruntime
{{- if .Values.DPDK }}
- name: host-config-ovs
hostPath:
path: /opt/ovs-config
type: DirectoryOrCreate
- name: hugepage
emptyDir:
medium: HugePages
{{- end }}

137
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml
View File

@@ -1,137 +0,0 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: kube-ovn-pinger
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
spec:
selector:
matchLabels:
app: kube-ovn-pinger
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: kube-ovn-pinger
component: network
type: infra
spec:
priorityClassName: system-node-critical
tolerations:
- effect: NoSchedule
operator: Exists
- effect: NoExecute
operator: Exists
- key: CriticalAddonsOnly
operator: Exists
serviceAccountName: kube-ovn-app
hostPID: true
containers:
- name: pinger
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
command:
- /kube-ovn/kube-ovn-pinger
args:
- --external-address=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.PINGER_EXTERNAL_ADDRESS }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.PINGER_EXTERNAL_ADDRESS }}
{{- end }}
- --external-dns=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.PINGER_EXTERNAL_DOMAIN }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.PINGER_EXTERNAL_DOMAIN }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }}
{{- end }}
- --ds-namespace={{ .Values.namespace }}
- --logtostderr=false
- --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
- --log_file_max_size=0
- --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /var/log/openvswitch
name: host-log-ovs
readOnly: true
- mountPath: /var/log/ovn
name: host-log-ovn
readOnly: true
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/tls
name: kube-ovn-tls
resources:
requests:
cpu: {{ index .Values "kube-ovn-pinger" "requests" "cpu" }}
memory: {{ index .Values "kube-ovn-pinger" "requests" "memory" }}
limits:
cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }}
memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}
- name: host-log-ovs
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls

16
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml
View File

@@ -1,16 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-pinger
namespace: {{ .Values.namespace }}
labels:
app: kube-ovn-pinger
spec:
selector:
app: kube-ovn-pinger
ports:
- port: 8080
name: metrics
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}

123
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml
View File

@@ -1,123 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: kube-ovn-pre-delete-hook
namespace: {{ .Values.namespace }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": hook-succeeded
name: system:kube-ovn-pre-delete-hook
rules:
- apiGroups:
- kubeovn.io
resources:
- subnets
verbs:
- get
- list
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kube-ovn-pre-delete-hook
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": hook-succeeded
roleRef:
name: system:kube-ovn-pre-delete-hook
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: kube-ovn-pre-delete-hook
namespace: {{ .Values.namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ .Chart.Name }}-pre-delete-hook"
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "4"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
completions: 1
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: kube-ovn-pre-delete-hook
component: job
spec:
tolerations:
- key: ""
operator: "Exists"
effect: "NoSchedule"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- kube-ovn-pre-delete-hook
- key: component
operator: In
values:
- job
restartPolicy: Never
hostNetwork: true
nodeSelector:
kubernetes.io/os: "linux"
serviceAccount: kube-ovn-pre-delete-hook
serviceAccountName: kube-ovn-pre-delete-hook
containers:
- name: remove-subnet-finalizer
image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- sh
- -c
- /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log
volumeMounts:
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
volumes:
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn

19
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml
View File

@@ -1,19 +0,0 @@
kind: Service
apiVersion: v1
metadata:
name: ovn-sb
namespace: {{ .Values.namespace }}
spec:
ports:
- name: ovn-sb
protocol: TCP
port: 6642
targetPort: 6642
type: ClusterIP
{{- if eq .Values.networking.NET_STACK "dual_stack" }}
ipFamilyPolicy: PreferDualStack
{{- end }}
selector:
app: ovn-central
ovn-sb-leader: "true"
sessionAffinity: None

163
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml
View File

@@ -1,163 +0,0 @@
{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovs-ovn-upgrade
namespace: {{ .Values.namespace }}
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.k8s.io/system-only: "true"
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": hook-succeeded
name: system:ovs-ovn-upgrade
rules:
- apiGroups:
- apps
resources:
- daemonsets
resourceNames:
- ovs-ovn
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- ovn-central
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- list
- get
- watch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovs-ovn-upgrade
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": hook-succeeded
roleRef:
name: system:ovs-ovn-upgrade
kind: ClusterRole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: ovs-ovn-upgrade
namespace: {{ .Values.namespace }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ .Chart.Name }}-post-upgrade-hook"
namespace: {{ .Values.namespace }}
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "4"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
completions: 1
template:
metadata:
name: "{{ .Release.Name }}"
labels:
app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
app.kubernetes.io/instance: {{ .Release.Name | quote }}
helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
app: post-upgrade
component: job
spec:
tolerations:
- key: ""
operator: "Exists"
effect: "NoSchedule"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: app
operator: In
values:
- post-upgrade
- key: component
operator: In
values:
- job
restartPolicy: Never
hostNetwork: true
nodeSelector:
kubernetes.io/os: "linux"
serviceAccount: ovs-ovn-upgrade
serviceAccountName: ovs-ovn-upgrade
containers:
- name: ovs-ovn-upgrade
image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
command:
- bash
- -eo
- pipefail
- -c
- /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log
volumeMounts:
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /var/run/tls
name: kube-ovn-tls
volumes:
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
{{ end }}

10
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml
View File

@@ -1,10 +0,0 @@
kind: ConfigMap
apiVersion: v1
metadata:
name: ovn-vpc-nat-config
namespace: {{ .Values.namespace }}
annotations:
kubernetes.io/description: |
kube-ovn vpc-nat common config
data:
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }}

181
packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml
View File

@@ -1,181 +0,0 @@
# Default values for kubeovn.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
registry:
address: docker.io/kubeovn
imagePullSecrets: []
images:
kubeovn:
repository: kube-ovn
dpdkRepository: kube-ovn-dpdk
vpcRepository: vpc-nat-gateway
tag: v1.13.0
support_arm: true
thirdparty: true
image:
pullPolicy: IfNotPresent
namespace: kube-system
MASTER_NODES: ""
MASTER_NODES_LABEL: "kube-ovn/role=master"
networking:
# NET_STACK could be dual_stack, ipv4, ipv6
NET_STACK: ipv4
ENABLE_SSL: false
# network type could be geneve or vlan
NETWORK_TYPE: geneve
# tunnel type could be geneve, vxlan or stt
TUNNEL_TYPE: geneve
IFACE: ""
DPDK_TUNNEL_IFACE: "br-phy"
EXCLUDE_IPS: ""
POD_NIC_TYPE: "veth-pair"
vlan:
PROVIDER_NAME: "provider"
VLAN_INTERFACE_NAME: ""
VLAN_NAME: "ovn-vlan"
VLAN_ID: "100"
EXCHANGE_LINK_NAME: false
ENABLE_EIP_SNAT: true
DEFAULT_SUBNET: "ovn-default"
DEFAULT_VPC: "ovn-cluster"
NODE_SUBNET: "join"
ENABLE_ECMP: false
ENABLE_METRICS: true
NODE_LOCAL_DNS_IP: ""
PROBE_INTERVAL: 180000
OVN_NORTHD_PROBE_INTERVAL: 5000
OVN_LEADER_PROBE_INTERVAL: 5
OVN_REMOTE_PROBE_INTERVAL: 10000
OVN_REMOTE_OPENFLOW_INTERVAL: 180
OVN_NORTHD_N_THREADS: 1
ENABLE_COMPACT: false
func:
ENABLE_LB: true
ENABLE_NP: true
ENABLE_EIP_SNAT: true
ENABLE_EXTERNAL_VPC: true
HW_OFFLOAD: false
ENABLE_LB_SVC: false
ENABLE_KEEP_VM_IP: true
LS_DNAT_MOD_DL_DST: true
LS_CT_SKIP_DST_LPORT_IPS: true
CHECK_GATEWAY: true
LOGICAL_GATEWAY: false
ENABLE_BIND_LOCAL_IP: true
U2O_INTERCONNECTION: false
ENABLE_TPROXY: false
ENABLE_IC: false
ipv4:
POD_CIDR: "10.16.0.0/16"
POD_GATEWAY: "10.16.0.1"
SVC_CIDR: "10.96.0.0/12"
JOIN_CIDR: "100.64.0.0/16"
PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
PINGER_EXTERNAL_DOMAIN: "alauda.cn."
ipv6:
POD_CIDR: "fd00:10:16::/112"
POD_GATEWAY: "fd00:10:16::1"
SVC_CIDR: "fd00:10:96::/112"
JOIN_CIDR: "fd00:100:64::/112"
PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111"
PINGER_EXTERNAL_DOMAIN: "google.com."
dual_stack:
POD_CIDR: "10.16.0.0/16,fd00:10:16::/112"
POD_GATEWAY: "10.16.0.1,fd00:10:16::1"
SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112"
JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112"
PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111"
PINGER_EXTERNAL_DOMAIN: "google.com."
performance:
GC_INTERVAL: 360
INSPECT_INTERVAL: 20
OVS_VSCTL_CONCURRENCY: 100
debug:
ENABLE_MIRROR: false
MIRROR_IFACE: "mirror0"
cni_conf:
CNI_CONFIG_PRIORITY: "01"
CNI_CONF_DIR: "/etc/cni/net.d"
CNI_BIN_DIR: "/opt/cni/bin"
CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist"
LOCAL_BIN_DIR: "/usr/local/bin"
MOUNT_LOCAL_BIN_DIR: false
kubelet_conf:
KUBELET_DIR: "/var/lib/kubelet"
log_conf:
LOG_DIR: "/var/log"
OPENVSWITCH_DIR: "/etc/origin/openvswitch"
OVN_DIR: "/etc/origin/ovn"
DISABLE_MODULES_MANAGEMENT: false
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# hybrid dpdk
HYBRID_DPDK: false
HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default
HUGEPAGES: 1Gi
# DPDK
DPDK: false
DPDK_VERSION: "19.11"
DPDK_CPU: "1000m" # Default CPU configuration
DPDK_MEMORY: "2Gi" # Default Memory configuration
ovn-central:
requests:
cpu: "300m"
memory: "200Mi"
limits:
cpu: "3"
memory: "4Gi"
ovs-ovn:
requests:
cpu: "200m"
memory: "200Mi"
limits:
cpu: "2"
memory: "1000Mi"
kube-ovn-controller:
requests:
cpu: "200m"
memory: "200Mi"
limits:
cpu: "1000m"
memory: "1Gi"
kube-ovn-cni:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "1000m"
memory: "1Gi"
kube-ovn-pinger:
requests:
cpu: "100m"
memory: "100Mi"
limits:
cpu: "200m"
memory: "400Mi"
kube-ovn-monitor:
requests:
cpu: "200m"
memory: "200Mi"
limits:
cpu: "200m"
memory: "200Mi"

25
packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl
View File

@@ -29,3 +29,28 @@ Number of master nodes
{{- define "kubeovn.nodeCount" -}}
{{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
{{- end -}}
{{- define "kubeovn.ovs-ovn.updateStrategy" -}}
{{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
{{- if $ds -}}
{{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}}
RollingUpdate
{{- else -}}
{{- $chartVersion := index $ds.metadata.annotations "chart-version" }}
{{- $newChartVersion := printf "%s-%s" .Chart.Name .Chart.Version }}
{{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
{{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
{{- if and (ne $newChartVersion $chartVersion) (regexMatch $versionRegex $imageVersion) -}}
{{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
RollingUpdate
{{- else -}}
OnDelete
{{- end -}}
{{- else -}}
OnDelete
{{- end -}}
{{- end -}}
{{- else -}}
RollingUpdate
{{- end -}}
{{- end -}}

14
packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml
View File

@@ -42,7 +42,7 @@ spec:
hostNetwork: true
containers:
- name: ovn-central
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- /kube-ovn/start-db.sh
@@ -74,12 +74,18 @@ spec:
value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
- name: PROBE_INTERVAL
value: "{{ .Values.networking.PROBE_INTERVAL }}"
- name: OVN_NORTHD_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}"
- name: OVN_LEADER_PROBE_INTERVAL
value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}"
- name: OVN_NORTHD_N_THREADS
value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
- name: ENABLE_COMPACT
value: "{{ .Values.networking.ENABLE_COMPACT }}"
{{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
- name: OVN_VERSION_COMPATIBILITY
value: "21.06"
{{- end }}
resources:
requests:
cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
@@ -92,9 +98,6 @@ spec:
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
@@ -136,9 +139,6 @@ spec:
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}

41
packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
View File

@@ -49,49 +49,22 @@ spec:
hostNetwork: true
containers:
- name: kube-ovn-controller
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
- /kube-ovn/start-controller.sh
- --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
- --default-cidr=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.POD_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.POD_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.POD_CIDR }}
{{- end }}
- --default-gateway=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.POD_GATEWAY }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.POD_GATEWAY }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.POD_GATEWAY }}
{{- end }}
- --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }}
- --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }}
- --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
- --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
- --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
- --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
- --cluster-router={{ .Values.networking.DEFAULT_VPC }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- --node-switch-cidr=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.JOIN_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.JOIN_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.JOIN_CIDR }}
{{- end }}
- --service-cluster-ip-range=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.SVC_CIDR }}
{{- end }}
- --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
- --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
- --network-type={{- .Values.networking.NETWORK_TYPE }}
- --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
@@ -99,6 +72,7 @@ spec:
- --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }}
- --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }}
- --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }}
- --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }}
- --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
- --enable-lb={{- .Values.func.ENABLE_LB }}
- --enable-np={{- .Values.func.ENABLE_NP }}
@@ -113,7 +87,6 @@ spec:
- --log_file_max_size=0
- --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }}
- --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
- --pod-default-fip-type={{- .Values.networking.POD_DEFAULT_FIP_TYPE }}
- --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
- --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
env:

2
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml → packages/system/kubeovn/charts/kube-ovn/templates/ic-controller-deploy.yaml
View File

@@ -43,7 +43,7 @@ spec:
hostNetwork: true
containers:
- name: ovn-ic-controller
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ic-controller.sh"]
args:

37
packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml → packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml
View File

@@ -1268,9 +1268,15 @@ spec:
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v6Eip
name: V6Eip
type: string
- jsonPath: .status.v4Ip
name: V4Ip
type: string
- jsonPath: .status.v6Ip
name: V6Ip
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
@@ -1325,6 +1331,8 @@ spec:
type: string
v4Ip:
type: string
v6Ip:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -1353,9 +1361,15 @@ spec:
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v6Eip
name: V6Eip
type: string
- jsonPath: .status.v4IpCidr
name: V4IpCidr
type: string
- jsonPath: .status.v6IpCidr
name: V6IpCidr
type: string
- jsonPath: .status.ready
name: Ready
type: boolean
@@ -1370,8 +1384,12 @@ spec:
type: boolean
v4Eip:
type: string
v6Eip:
type: string
v4IpCidr:
type: string
v6IpCidr:
type: string
vpc:
type: string
conditions:
@@ -1404,6 +1422,8 @@ spec:
type: string
v4IpCidr:
type: string
v6IpCidr:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -1438,9 +1458,15 @@ spec:
- jsonPath: .status.v4Eip
name: V4Eip
type: string
- jsonPath: .status.v6Eip
name: V6Eip
type: string
- jsonPath: .status.v4Ip
name: V4Ip
type: string
- jsonPath: .status.v6Ip
name: V6Ip
type: string
- jsonPath: .status.internalPort
name: InternalPort
type: string
@@ -1512,6 +1538,8 @@ spec:
type: string
v4Ip:
type: string
v6Ip:
type: string
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -1873,6 +1901,9 @@ spec:
- name: Vpc
type: string
jsonPath: .spec.vpc
- name: Vlan
type: string
jsonPath: .spec.vlan
- name: Protocol
type: string
jsonPath: .spec.protocol
@@ -1913,6 +1944,12 @@ spec:
openAPIV3Schema:
type: object
properties:
metadata:
type: object
properties:
name:
type: string
pattern: ^[^0-9]
status:
type: object
properties:

2
packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml
View File

@@ -40,7 +40,7 @@ spec:
hostNetwork: true
containers:
- name: kube-ovn-monitor
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ovn-monitor.sh"]
args:

86
packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml
View File

@@ -54,17 +54,28 @@ rules:
- ""
resources:
- pods
- pods/exec
- namespaces
- nodes
- configmaps
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods/exec
verbs:
- create
- apiGroups:
- "k8s.cni.cncf.io"
resources:
@@ -74,40 +85,53 @@ rules:
- apiGroups:
- ""
- networking.k8s.io
- apps
resources:
- networkpolicies
- daemonsets
- configmaps
verbs:
- get
- list
- watch
- apiGroups:
- ""
- apps
resources:
- services/status
- daemonsets
verbs:
- update
- get
- apiGroups:
- ""
- networking.k8s.io
- apps
- extensions
resources:
- services
- services/status
verbs:
- get
- list
- update
- create
- delete
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- update
- get
- list
- watch
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- deployments/scale
verbs:
- get
- list
- create
- delete
- update
- patch
- get
- list
- watch
- apiGroups:
- ""
resources:
@@ -148,8 +172,6 @@ rules:
- patch
- apiGroups:
- ""
- networking.k8s.io
- apps
resources:
- services
- endpoints
@@ -176,26 +198,30 @@ rules:
resources:
- subnets
- provider-networks
- ovn-eips
- ovn-eips/status
- ips
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
- "kubeovn.io"
resources:
- pods
- ovn-eips
- ovn-eips/status
- nodes
- configmaps
- pods
verbs:
- get
- list
- patch
- watch
- apiGroups:
- "kubeovn.io"
resources:
- ips
verbs:
- get
- update
- apiGroups:
- ""
resources:
@@ -204,6 +230,14 @@ rules:
- create
- patch
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -222,8 +256,6 @@ rules:
- get
- list
- apiGroups:
- ""
- networking.k8s.io
- apps
resources:
- daemonsets

2
packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml
View File

@@ -31,7 +31,7 @@ spec:
hostPID: true
containers:
- name: openvswitch
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk
image: {{ include "kubeovn.image" . }}-dpdk
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/start-ovs-dpdk-v2.sh"]
securityContext:

23
packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
View File

@@ -30,7 +30,7 @@ spec:
hostPID: true
initContainers:
- name: install-cni
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command: ["/kube-ovn/install-cni.sh"]
securityContext:
@@ -45,24 +45,18 @@ spec:
{{- end }}
containers:
- name: cni-server
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- bash
- /kube-ovn/start-cniserver.sh
args:
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
- --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
- --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- --encap-checksum=true
- --service-cluster-ip-range=
{{- if eq .Values.networking.NET_STACK "dual_stack" -}}
{{ .Values.dual_stack.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv4" -}}
{{ .Values.ipv4.SVC_CIDR }}
{{- else if eq .Values.networking.NET_STACK "ipv6" -}}
{{ .Values.ipv6.SVC_CIDR }}
{{- end }}
- --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
{{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
- --iface=
{{- else}}
@@ -96,10 +90,6 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MODULES
value: "{{- .Values.performance.MODULES }}"
- name: RPMS
value: "{{- .Values.performance.RPMS }}"
- name: POD_IPS
valueFrom:
fieldRef:
@@ -139,8 +129,6 @@ spec:
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /tmp
name: tmp
readinessProbe:
failureThreshold: 3
periodSeconds: 7
@@ -205,9 +193,6 @@ spec:
- name: host-log-ovn
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/ovn
- name: tmp
hostPath:
path: /tmp
{{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
- name: local-bin
hostPath:

15
packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml
View File

@@ -6,12 +6,13 @@ metadata:
annotations:
kubernetes.io/description: |
This daemon set launches the openvswitch daemon.
chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
selector:
matchLabels:
app: ovs
updateStrategy:
type: RollingUpdate
type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }}
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
@@ -21,6 +22,8 @@ spec:
app: ovs
component: network
type: infra
annotations:
chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
spec:
tolerations:
- effect: NoSchedule
@@ -36,9 +39,9 @@ spec:
containers:
- name: openvswitch
{{- if .Values.DPDK }}
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
{{- else }}
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.DPDK }}
@@ -100,9 +103,6 @@ spec:
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
@@ -185,9 +185,6 @@ spec:
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: {{ .Values.OPENVSWITCH_DIR }}

2
packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml
View File

@@ -31,7 +31,7 @@ spec:
hostPID: true
containers:
- name: pinger
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}
command:
- /kube-ovn/kube-ovn-pinger
args:

2
packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml
View File

@@ -104,7 +104,7 @@ spec:
serviceAccountName: kube-ovn-pre-delete-hook
containers:
- name: remove-subnet-finalizer
image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
image: "{{ include "kubeovn.image" . }}"
env:
- name: POD_NAMESPACE
valueFrom:

31
packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml
View File

@@ -1,5 +1,4 @@
{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }}
{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }}
---
apiVersion: v1
kind: ServiceAccount
@@ -33,6 +32,16 @@ rules:
- ovs-ovn
verbs:
- get
- apiGroups:
- apps
resources:
- deployments
resourceNames:
- ovn-central
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
@@ -46,6 +55,7 @@ rules:
verbs:
- list
- get
- watch
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -121,22 +131,33 @@ spec:
serviceAccountName: ovs-ovn-upgrade
containers:
- name: ovs-ovn-upgrade
image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
image: "{{ include "kubeovn.image" . }}"
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: ENABLE_SSL
value: "{{ .Values.networking.ENABLE_SSL }}"
- name: OVN_DB_IPS
value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
command:
- sh
- bash
- -eo
- pipefail
- -c
- /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log
volumeMounts:
- mountPath: /var/log/kube-ovn
name: kube-ovn-log
- mountPath: /var/run/tls
name: kube-ovn-tls
volumes:
- name: kube-ovn-log
hostPath:
path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
{{ end }}
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
{{ end }}

2
packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml
View File

@@ -7,4 +7,4 @@ metadata:
kubernetes.io/description: |
kube-ovn vpc-nat common config
data:
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }}
image: {{ include "kubeovn.image" . }}

14
packages/system/kubeovn/charts/kube-ovn/values.yaml
View File

@@ -40,7 +40,6 @@ networking:
VLAN_ID: "100"
EXCHANGE_LINK_NAME: false
ENABLE_EIP_SNAT: true
POD_DEFAULT_FIP_TYPE: ""
DEFAULT_SUBNET: "ovn-default"
DEFAULT_VPC: "ovn-cluster"
NODE_SUBNET: "join"
@@ -48,6 +47,7 @@ networking:
ENABLE_METRICS: true
NODE_LOCAL_DNS_IP: ""
PROBE_INTERVAL: 180000
OVN_NORTHD_PROBE_INTERVAL: 5000
OVN_LEADER_PROBE_INTERVAL: 5
OVN_REMOTE_PROBE_INTERVAL: 10000
OVN_REMOTE_OPENFLOW_INTERVAL: 180
@@ -63,19 +63,17 @@ func:
ENABLE_LB_SVC: false
ENABLE_KEEP_VM_IP: true
LS_DNAT_MOD_DL_DST: true
LS_CT_SKIP_DST_LPORT_IPS: true
CHECK_GATEWAY: true
LOGICAL_GATEWAY: false
ENABLE_BIND_LOCAL_IP: true
U2O_INTERCONNECTION: false
ENABLE_TPROXY: false
ENABLE_IC: false
ipv4:
POD_CIDR: "10.16.0.0/16"
POD_GATEWAY: "10.16.0.1"
SVC_CIDR: "10.96.0.0/12"
JOIN_CIDR: "100.64.0.0/16"
PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
PINGER_EXTERNAL_DOMAIN: "alauda.cn."
PINGER_EXTERNAL_DOMAIN: "kube-ovn.io."
ipv6:
POD_CIDR: "fd00:10:16::/112"
@@ -94,8 +92,6 @@ dual_stack:
PINGER_EXTERNAL_DOMAIN: "google.com."
performance:
MODULES: "kube_ovn_fastpath.ko"
RPMS: "openvswitch-kmod"
GC_INTERVAL: 360
INSPECT_INTERVAL: 20
OVS_VSCTL_CONCURRENCY: 100
@@ -149,7 +145,7 @@ ovs-ovn:
cpu: "200m"
memory: "200Mi"
limits:
cpu: "1000m"
cpu: "2"
memory: "1000Mi"
kube-ovn-controller:
requests:

4
packages/system/kubeovn/images/kubeovn.json Normal file
View File

@@ -0,0 +1,4 @@
{
"containerimage.config.digest": "sha256:f83db05cfc7228a02d1308721de535e90e355d1b147b2d36bb98e10a848c3ef6",
"containerimage.digest": "sha256:440075488baba3610d7f8be6283f89ab3862ff3a9556c51a0e99ec6d46315192"
}

1
packages/system/kubeovn/images/kubeovn.tag Normal file
View File

@@ -0,0 +1 @@
ghcr.io/aenix-io/cozystack/kubeovn:latest

43
packages/system/kubeovn/images/kubeovn/Dockerfile Normal file
View File

@@ -0,0 +1,43 @@
ARG VERSION=v1.13.0
ARG BASE_TAG=$VERSION
FROM golang:1.22-bookworm as builder
ARG COMMIT_REF=e1310e1
WORKDIR /source
RUN wget -O- https://github.com/kubeovn/kube-ovn/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
RUN sed -i 's|-z now|-z now -static|' Makefile
RUN make build-go
WORKDIR /source/dist/images
# imported from https://github.com/kubeovn/kube-ovn/blob/master/dist/images/Dockerfile
FROM kubeovn/kube-ovn-base:$BASE_TAG
COPY --from=builder /source/dist/images/*.sh /kube-ovn/
COPY --from=builder /source/dist/images/kubectl-ko /kube-ovn/kubectl-ko
COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist
COPY --from=builder /source/dist/images/logrotate/* /etc/logrotate.d/
COPY --from=builder /source/dist/images/grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller
WORKDIR /kube-ovn
RUN /kube-ovn/iptables-wrapper-installer.sh --no-sanity-check
RUN rm -f /usr/bin/nc &&\
rm -f /usr/bin/netcat &&\
rm -f /usr/lib/apt/methods/mirror
RUN deluser sync
COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn
COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd
COPY --from=builder /source/dist/images/kube-ovn-webhook /kube-ovn/kube-ovn-webhook
RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-daemon && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-pinger && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller-healthcheck && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \
ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller

97
packages/system/kubeovn/patches/cozyconfig.diff Normal file
View File

@@ -0,0 +1,97 @@
diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
index d9a9a67..b2e12dd 100644
--- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
+++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
@@ -51,18 +51,12 @@ spec:
- bash
- /kube-ovn/start-cniserver.sh
args:
+ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
- --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
- --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- --encap-checksum=true
- - --service-cluster-ip-range=
- {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
- {{ .Values.dual_stack.SVC_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
- {{ .Values.ipv4.SVC_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
- {{ .Values.ipv6.SVC_CIDR }}
- {{- end }}
+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
{{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
- --iface=
{{- else}}
diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
index 0e69494..756eb7c 100644
--- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
+++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
@@ -52,46 +52,19 @@ spec:
image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
+ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
- /kube-ovn/start-controller.sh
- --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
- - --default-cidr=
- {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
- {{ .Values.dual_stack.POD_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
- {{ .Values.ipv4.POD_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
- {{ .Values.ipv6.POD_CIDR }}
- {{- end }}
- - --default-gateway=
- {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
- {{ .Values.dual_stack.POD_GATEWAY }}
- {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
- {{ .Values.ipv4.POD_GATEWAY }}
- {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
- {{ .Values.ipv6.POD_GATEWAY }}
- {{- end }}
+ - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }}
+ - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }}
- --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
- --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
- --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
- --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
- --cluster-router={{ .Values.networking.DEFAULT_VPC }}
- --node-switch={{ .Values.networking.NODE_SUBNET }}
- - --node-switch-cidr=
- {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
- {{ .Values.dual_stack.JOIN_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
- {{ .Values.ipv4.JOIN_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
- {{ .Values.ipv6.JOIN_CIDR }}
- {{- end }}
- - --service-cluster-ip-range=
- {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
- {{ .Values.dual_stack.SVC_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
- {{ .Values.ipv4.SVC_CIDR }}
- {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
- {{ .Values.ipv6.SVC_CIDR }}
- {{- end }}
+ - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
+ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
- --network-type={{- .Values.networking.NETWORK_TYPE }}
- --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
- --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml
index bfffc4d..b880749 100644
--- a/packages/system/kubeovn/charts/kube-ovn/values.yaml
+++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml
@@ -70,10 +70,6 @@ func:
ENABLE_TPROXY: false
ipv4:
- POD_CIDR: "10.16.0.0/16"
- POD_GATEWAY: "10.16.0.1"
- SVC_CIDR: "10.96.0.0/12"
- JOIN_CIDR: "100.64.0.0/16"
PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
PINGER_EXTERNAL_DOMAIN: "alauda.cn."

3
packages/system/kubeovn/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,3 @@
{{- define "kubeovn.image" -}}
{{ .Files.Get "images/kubeovn.tag" | trim }}@{{ index (.Files.Get "images/kubeovn.json" | fromJson) "containerimage.digest" }}
{{- end -}}

8
packages/system/kubeovn/values.yaml
View File

@@ -1,12 +1,4 @@
kube-ovn:
global:
registry:
address: ghcr.io/kvaps
images:
kubeovn:
repository: test
tag: kube-ovn-static-v1.13.0-cozystack2
namespace: cozy-kubeovn
func: