From e89926cca6187432ea480c5c2cb43e6bf813fc5b Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Sun, 26 May 2024 18:11:36 +0200 Subject: [PATCH] Update kube-ovn v1.13.0-ge1310e17 and enable image building (#149) Signed-off-by: Andrei Kvapil --- Makefile | 1 + packages/system/kubeovn/Makefile | 21 +- .../system/kubeovn/charts/kube-ovn/Chart.yaml | 4 +- .../system/kubeovn/charts/kube-ovn/README.md | 8 +- .../kubeovn/charts/kube-ovn/crds/crd.yaml | 2278 ----------------- .../system/kubeovn/charts/kube-ovn/images | 1 + .../charts/kube-ovn/kube-ovn/Chart.yaml | 24 - .../charts/kube-ovn/kube-ovn/README.md | 42 - .../kube-ovn/kube-ovn/templates/_helpers.tpl | 54 - .../kube-ovn/templates/central-deploy.yaml | 161 -- .../kube-ovn/templates/controller-deploy.yaml | 190 -- .../kube-ovn/templates/controller-svc.yaml | 16 - .../kube-ovn/templates/monitor-deploy.yaml | 139 - .../kube-ovn/templates/monitor-svc.yaml | 18 - .../kube-ovn/kube-ovn/templates/nb-svc.yaml | 19 - .../kube-ovn/templates/northd-svc.yaml | 19 - .../kube-ovn/kube-ovn/templates/ovn-CR.yaml | 256 -- .../kube-ovn/kube-ovn/templates/ovn-CRB.yaml | 54 - .../kube-ovn/templates/ovn-dpdk-ds.yaml | 164 -- .../kube-ovn/kube-ovn/templates/ovn-sa.yaml | 34 - .../kube-ovn/templates/ovn-tls-secret.yaml | 23 - .../kube-ovn/templates/ovncni-ds.yaml | 206 -- .../kube-ovn/templates/ovncni-svc.yaml | 16 - .../kube-ovn/templates/ovsovn-ds.yaml | 221 -- .../kube-ovn/templates/pinger-ds.yaml | 137 - .../kube-ovn/templates/pinger-svc.yaml | 16 - .../kube-ovn/templates/pre-delete-hook.yaml | 123 - .../kube-ovn/kube-ovn/templates/sb-svc.yaml | 19 - .../kube-ovn/templates/upgrade-ovs-ovn.yaml | 163 -- .../kube-ovn/templates/vpc-nat-config.yaml | 10 - .../charts/kube-ovn/kube-ovn/values.yaml | 181 -- .../charts/kube-ovn/templates/_helpers.tpl | 25 + .../kube-ovn/templates/central-deploy.yaml | 14 +- .../kube-ovn/templates/controller-deploy.yaml | 41 +- .../templates/ic-controller-deploy.yaml | 2 +- .../templates/kube-ovn-crd.yaml | 37 + .../kube-ovn/templates/monitor-deploy.yaml | 2 +- .../charts/kube-ovn/templates/ovn-CR.yaml | 86 +- .../kube-ovn/templates/ovn-dpdk-ds.yaml | 2 +- .../charts/kube-ovn/templates/ovncni-ds.yaml | 23 +- .../charts/kube-ovn/templates/ovsovn-ds.yaml | 15 +- .../charts/kube-ovn/templates/pinger-ds.yaml | 2 +- .../kube-ovn/templates/pre-delete-hook.yaml | 2 +- .../kube-ovn/templates/upgrade-ovs-ovn.yaml | 31 +- .../kube-ovn/templates/vpc-nat-config.yaml | 2 +- .../kubeovn/charts/kube-ovn/values.yaml | 14 +- packages/system/kubeovn/images/kubeovn.json | 4 + packages/system/kubeovn/images/kubeovn.tag | 1 + .../system/kubeovn/images/kubeovn/Dockerfile | 43 + .../system/kubeovn/patches/cozyconfig.diff | 97 + .../system/kubeovn/templates/_helpers.tpl | 3 + packages/system/kubeovn/values.yaml | 8 - 52 files changed, 359 insertions(+), 4713 deletions(-) delete mode 100644 packages/system/kubeovn/charts/kube-ovn/crds/crd.yaml create mode 120000 packages/system/kubeovn/charts/kube-ovn/images delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml delete mode 100755 packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml delete mode 100644 packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml rename packages/system/kubeovn/charts/kube-ovn/{kube-ovn => }/templates/ic-controller-deploy.yaml (95%) rename packages/system/kubeovn/charts/kube-ovn/{kube-ovn => }/templates/kube-ovn-crd.yaml (98%) create mode 100644 packages/system/kubeovn/images/kubeovn.json create mode 100644 packages/system/kubeovn/images/kubeovn.tag create mode 100644 packages/system/kubeovn/images/kubeovn/Dockerfile create mode 100644 packages/system/kubeovn/patches/cozyconfig.diff create mode 100644 packages/system/kubeovn/templates/_helpers.tpl diff --git a/Makefile b/Makefile index e60ea514..0ef2d210 100644 --- a/Makefile +++ b/Makefile @@ -3,6 +3,7 @@ build: make -C packages/apps/http-cache image make -C packages/apps/kubernetes image + make -C packages/system/kubeovn image make -C packages/system/dashboard image make -C packages/core/installer image make manifests diff --git a/packages/system/kubeovn/Makefile b/packages/system/kubeovn/Makefile index 8ab3423c..9f0d8b98 100644 --- a/packages/system/kubeovn/Makefile +++ b/packages/system/kubeovn/Makefile @@ -1,9 +1,28 @@ +KUBEOVN_TAG = v1.13.0 + NAME=kubeovn NAMESPACE=cozy-$(NAME) +include ../../../scripts/common-envs.mk include ../../../scripts/package-system.mk update: rm -rf charts && mkdir -p charts/kube-ovn curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \ - tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts + tar xzvf - --strip 1 kube-ovn-master/charts + patch -p4 --no-backup-if-mismatch < patches/cozyconfig.diff + ln -s ../../images charts/kube-ovn/images + sed -i '/image:/ s/{{.*}}/{{ include "kubeovn.image" . }}/g' `grep -rl image: charts/kube-ovn/templates/` + +image: + docker buildx build images/kubeovn \ + --provenance false \ + --tag $(REGISTRY)/kubeovn:$(call settag,$(TAG)) \ + --tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)) \ + --tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)-$(TAG)) \ + --cache-from type=registry,ref=$(REGISTRY)/kubeovn:latest \ + --cache-to type=inline \ + --metadata-file images/kubeovn.json \ + --push=$(PUSH) \ + --load=$(LOAD) + echo "$(REGISTRY)/kubeovn:$(call settag,$(TAG))" > images/kubeovn.tag diff --git a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml index 1cb8212f..0978817b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/Chart.yaml @@ -15,10 +15,12 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 1.13.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. appVersion: "1.13.0" + +kubeVersion: ">= 1.23.0-0" diff --git a/packages/system/kubeovn/charts/kube-ovn/README.md b/packages/system/kubeovn/charts/kube-ovn/README.md index f9295ca9..3af408e6 100644 --- a/packages/system/kubeovn/charts/kube-ovn/README.md +++ b/packages/system/kubeovn/charts/kube-ovn/README.md @@ -10,13 +10,13 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=mast $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite # standard install -$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0} +$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0} # high availability install -$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} +$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} # upgrade to this version -$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} +$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} ``` If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label @@ -32,7 +32,7 @@ machine: - name: openvswitch ``` -and use the following options for install this Helm-chart: +and use the following options to install this Helm-chart: ``` --set cni_conf.MOUNT_LOCAL_BIN_DIR=false diff --git a/packages/system/kubeovn/charts/kube-ovn/crds/crd.yaml b/packages/system/kubeovn/charts/kube-ovn/crds/crd.yaml deleted file mode 100644 index 2d545cc2..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/crds/crd.yaml +++ /dev/null @@ -1,2278 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-dnses.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-dnses - singular: vpc-dns - shortNames: - - vpc-dns - kind: VpcDns - listKind: VpcDnsList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.active - name: Active - type: boolean - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - vpc: - type: string - subnet: - type: string - replicas: - type: integer - minimum: 1 - maximum: 3 - status: - type: object - properties: - active: - type: boolean - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: switch-lb-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: switch-lb-rules - singular: switch-lb-rule - shortNames: - - slr - kind: SwitchLBRule - listKind: SwitchLBRuleList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vip - name: vip - type: string - - jsonPath: .status.ports - name: port(s) - type: string - - jsonPath: .status.service - name: service - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - namespace: - type: string - vip: - type: string - sessionAffinity: - type: string - ports: - items: - properties: - name: - type: string - port: - type: integer - minimum: 1 - maximum: 65535 - protocol: - type: string - targetPort: - type: integer - minimum: 1 - maximum: 65535 - type: object - type: array - selector: - items: - type: string - type: array - status: - type: object - properties: - ports: - type: string - service: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-nat-gateways.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-nat-gateways - singular: vpc-nat-gateway - shortNames: - - vpc-nat-gw - kind: VpcNatGateway - listKind: VpcNatGatewayList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - - jsonPath: .spec.lanIp - name: LanIP - type: string - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - lanIp: - type: string - subnet: - type: string - externalSubnets: - items: - type: string - type: array - vpc: - type: string - selector: - type: array - items: - type: string - tolerations: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - enum: - - Equal - - Exists - value: - type: string - effect: - type: string - enum: - - NoExecute - - NoSchedule - - PreferNoSchedule - tolerationSeconds: - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-eips - singular: iptables-eip - shortNames: - - eip - kind: IptablesEIP - listKind: IptablesEIPList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.ip - name: IP - type: string - - jsonPath: .spec.macAddress - name: Mac - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .spec.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - ip: - type: string - nat: - type: string - redo: - type: string - qosPolicy: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - v4ip: - type: string - v6ip: - type: string - macAddress: - type: string - natGwDp: - type: string - qosPolicy: - type: string - externalSubnet: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-fip-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-fip-rules - singular: iptables-fip-rule - shortNames: - - fip - kind: IptablesFIPRule - listKind: IptablesFIPRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalIp: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalIp: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-dnat-rules - singular: iptables-dnat-rule - shortNames: - - dnat - kind: IptablesDnatRule - listKind: IptablesDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .spec.protocol - name: Protocol - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .spec.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.internalPort - name: InternalPort - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string - externalPort: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - externalPort: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-snat-rules - singular: iptables-snat-rule - shortNames: - - snat - kind: IptablesSnatRule - listKind: IptablesSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: EIP - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalCIDR - name: InternalCIDR - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalCIDR: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalCIDR: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-eips - singular: ovn-eip - shortNames: - - oeip - kind: OvnEip - listKind: OvnEipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.v4Ip - name: V4IP - type: string - - jsonPath: .status.v6Ip - name: V6IP - type: string - - jsonPath: .status.macAddress - name: Mac - type: string - - jsonPath: .status.type - name: Type - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - nat: - type: string - ready: - type: boolean - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - externalSubnet: - type: string - type: - type: string - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-fips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-fips - singular: ovn-fip - shortNames: - - ofip - kind: OvnFip - listKind: OvnFipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .spec.ipType - name: IpType - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v4Ip: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - vpc: - type: string - v4Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-snat-rules - singular: ovn-snat-rule - shortNames: - - osnat - kind: OvnSnatRule - listKind: OvnSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v4IpCidr - name: V4IpCidr - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v4IpCidr: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - vpcSubnet: - type: string - ipName: - type: string - vpc: - type: string - v4IpCidr: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-dnat-rules - singular: ovn-dnat-rule - shortNames: - - odnat - kind: OvnDnatRule - listKind: OvnDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .spec.ovnEip - name: Eip - type: string - - jsonPath: .status.protocol - name: Protocol - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.internalPort - name: InternalPort - type: string - - jsonPath: .status.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v4Ip: - type: string - vpc: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - ipName: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - vpc: - type: string - v4Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpcs.kubeovn.io -spec: - group: kubeovn.io - versions: - - additionalPrinterColumns: - - jsonPath: .status.enableExternal - name: EnableExternal - type: boolean - - jsonPath: .status.enableBfd - name: EnableBfd - type: boolean - - jsonPath: .status.standby - name: Standby - type: boolean - - jsonPath: .status.subnets - name: Subnets - type: string - - jsonPath: .status.extraExternalSubnets - name: ExtraExternalSubnets - type: string - - jsonPath: .spec.namespaces - name: Namespaces - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - enableExternal: - type: boolean - enableBfd: - type: boolean - namespaces: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - staticRoutes: - items: - properties: - policy: - type: string - cidr: - type: string - nextHopIP: - type: string - ecmpMode: - type: string - bfdId: - type: string - routeTable: - type: string - type: object - type: array - policyRoutes: - items: - properties: - priority: - type: integer - action: - type: string - match: - type: string - nextHopIP: - type: string - type: object - type: array - vpcPeerings: - items: - properties: - remoteVpc: - type: string - localConnectIP: - type: string - type: object - type: array - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - type: string - lastUpdateTime: - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - default: - type: boolean - defaultLogicalSwitch: - type: string - router: - type: string - standby: - type: boolean - enableExternal: - type: boolean - enableBfd: - type: boolean - subnets: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - vpcPeerings: - items: - type: string - type: array - tcpLoadBalancer: - type: string - tcpSessionLoadBalancer: - type: string - udpLoadBalancer: - type: string - udpSessionLoadBalancer: - type: string - sctpLoadBalancer: - type: string - sctpSessionLoadBalancer: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - names: - kind: Vpc - listKind: VpcList - plural: vpcs - shortNames: - - vpc - singular: vpc - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ips.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .spec.v4IpAddress - - name: V6IP - type: string - jsonPath: .spec.v6IpAddress - - name: Mac - type: string - jsonPath: .spec.macAddress - - name: Node - type: string - jsonPath: .spec.nodeName - - name: Subnet - type: string - jsonPath: .spec.subnet - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - podName: - type: string - namespace: - type: string - subnet: - type: string - attachSubnets: - type: array - items: - type: string - nodeName: - type: string - ipAddress: - type: string - v4IpAddress: - type: string - v6IpAddress: - type: string - attachIps: - type: array - items: - type: string - macAddress: - type: string - attachMacs: - type: array - items: - type: string - containerID: - type: string - podType: - type: string - scope: Cluster - names: - plural: ips - singular: ip - kind: IP - shortNames: - - ip ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vips - singular: vip - shortNames: - - vip - kind: Vip - listKind: VipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .status.v4ip - - name: V6IP - type: string - jsonPath: .status.v6ip - - name: Mac - type: string - jsonPath: .status.mac - - name: PMac - type: string - jsonPath: .spec.parentMac - - name: Subnet - type: string - jsonPath: .spec.subnet - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.type - name: Type - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - mac: - type: string - pv4ip: - type: string - pv6ip: - type: string - pmac: - type: string - selector: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - namespace: - type: string - subnet: - type: string - type: - type: string - attachSubnets: - type: array - items: - type: string - v4ip: - type: string - macAddress: - type: string - v6ip: - type: string - parentV4ip: - type: string - parentMac: - type: string - parentV6ip: - type: string - selector: - type: array - items: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subnets.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Provider - type: string - jsonPath: .spec.provider - - name: Vpc - type: string - jsonPath: .spec.vpc - - name: Protocol - type: string - jsonPath: .spec.protocol - - name: CIDR - type: string - jsonPath: .spec.cidrBlock - - name: Private - type: boolean - jsonPath: .spec.private - - name: NAT - type: boolean - jsonPath: .spec.natOutgoing - - name: Default - type: boolean - jsonPath: .spec.default - - name: GatewayType - type: string - jsonPath: .spec.gatewayType - - name: V4Used - type: number - jsonPath: .status.v4usingIPs - - name: V4Available - type: number - jsonPath: .status.v4availableIPs - - name: V6Used - type: number - jsonPath: .status.v6usingIPs - - name: V6Available - type: number - jsonPath: .status.v6availableIPs - - name: ExcludeIPs - type: string - jsonPath: .spec.excludeIps - - name: U2OInterconnectionIP - type: string - jsonPath: .status.u2oInterconnectionIP - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - v4availableIPs: - type: number - v4usingIPs: - type: number - v6availableIPs: - type: number - v6usingIPs: - type: number - activateGateway: - type: string - dhcpV4OptionsUUID: - type: string - dhcpV6OptionsUUID: - type: string - u2oInterconnectionIP: - type: string - u2oInterconnectionVPC: - type: string - v4usingIPrange: - type: string - v4availableIPrange: - type: string - v6usingIPrange: - type: string - v6availableIPrange: - type: string - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - ruleID: - type: string - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - vpc: - type: string - default: - type: boolean - protocol: - type: string - enum: - - IPv4 - - IPv6 - - Dual - cidrBlock: - type: string - namespaces: - type: array - items: - type: string - gateway: - type: string - provider: - type: string - excludeIps: - type: array - items: - type: string - vips: - type: array - items: - type: string - gatewayType: - type: string - allowSubnets: - type: array - items: - type: string - gatewayNode: - type: string - natOutgoing: - type: boolean - externalEgressGateway: - type: string - policyRoutingPriority: - type: integer - minimum: 1 - maximum: 32765 - policyRoutingTableID: - type: integer - minimum: 1 - maximum: 2147483647 - not: - enum: - - 252 # compat - - 253 # default - - 254 # main - - 255 # local - mtu: - type: integer - minimum: 68 - maximum: 65535 - private: - type: boolean - vlan: - type: string - logicalGateway: - type: boolean - disableGatewayCheck: - type: boolean - disableInterConnection: - type: boolean - enableDHCP: - type: boolean - dhcpV4Options: - type: string - dhcpV6Options: - type: string - enableIPv6RA: - type: boolean - ipv6RAConfigs: - type: string - allowEWTraffic: - type: boolean - acls: - type: array - items: - type: object - properties: - direction: - type: string - enum: - - from-lport - - to-lport - priority: - type: integer - minimum: 0 - maximum: 32767 - match: - type: string - action: - type: string - enum: - - allow-related - - allow-stateless - - allow - - drop - - reject - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - u2oInterconnection: - type: boolean - u2oInterconnectionIP: - type: string - enableLb: - type: boolean - enableEcmp: - type: boolean - enableMulticastSnoop: - type: boolean - routeTable: - type: string - scope: Cluster - names: - plural: subnets - singular: subnet - kind: Subnet - shortNames: - - subnet ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Subnet - type: string - jsonPath: .spec.subnet - - name: IPs - type: string - jsonPath: .spec.ips - - name: V4Used - type: number - jsonPath: .status.v4UsingIPs - - name: V4Available - type: number - jsonPath: .status.v4AvailableIPs - - name: V6Used - type: number - jsonPath: .status.v6UsingIPs - - name: V6Available - type: number - jsonPath: .status.v6AvailableIPs - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - subnet: - type: string - x-kubernetes-validations: - - rule: "self == oldSelf" - message: "This field is immutable." - namespaces: - type: array - x-kubernetes-list-type: set - items: - type: string - ips: - type: array - minItems: 1 - x-kubernetes-list-type: set - items: - type: string - anyOf: - - format: ipv4 - - format: ipv6 - - format: cidr - - pattern: ^(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.\.(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])$ - - pattern: ^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))\.\.((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))$ - required: - - subnet - - ips - status: - type: object - properties: - v4AvailableIPs: - type: number - v4UsingIPs: - type: number - v6AvailableIPs: - type: number - v6UsingIPs: - type: number - v4AvailableIPRange: - type: string - v4UsingIPRange: - type: string - v6AvailableIPRange: - type: string - v6UsingIPRange: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - scope: Cluster - names: - plural: ippools - singular: ippool - kind: IPPool - shortNames: - - ippool ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vlans.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - id: - type: integer - minimum: 0 - maximum: 4095 - provider: - type: string - vlanId: - type: integer - description: Deprecated in favor of id - providerInterfaceName: - type: string - description: Deprecated in favor of provider - required: - - provider - status: - type: object - properties: - subnets: - type: array - items: - type: string - additionalPrinterColumns: - - name: ID - type: string - jsonPath: .spec.id - - name: Provider - type: string - jsonPath: .spec.provider - scope: Cluster - names: - plural: vlans - singular: vlan - kind: Vlan - shortNames: - - vlan ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: provider-networks.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - metadata: - type: object - properties: - name: - type: string - maxLength: 12 - not: - enum: - - int - spec: - type: object - properties: - defaultInterface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - customInterfaces: - type: array - items: - type: object - properties: - interface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - nodes: - type: array - items: - type: string - exchangeLinkName: - type: boolean - excludeNodes: - type: array - items: - type: string - required: - - defaultInterface - status: - type: object - properties: - ready: - type: boolean - readyNodes: - type: array - items: - type: string - notReadyNodes: - type: array - items: - type: string - vlans: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - node: - type: string - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - additionalPrinterColumns: - - name: DefaultInterface - type: string - jsonPath: .spec.defaultInterface - - name: Ready - type: boolean - jsonPath: .status.ready - scope: Cluster - names: - plural: provider-networks - singular: provider-network - kind: ProviderNetwork - listKind: ProviderNetworkList ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: security-groups.kubeovn.io -spec: - group: kubeovn.io - names: - plural: security-groups - singular: security-group - shortNames: - - sg - kind: SecurityGroup - listKind: SecurityGroupList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - ingressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - egressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - allowSameGroupTraffic: - type: boolean - status: - type: object - properties: - portGroup: - type: string - allowSameGroupTraffic: - type: boolean - ingressMd5: - type: string - egressMd5: - type: string - ingressLastSyncSuccess: - type: boolean - egressLastSyncSuccess: - type: boolean - subresources: - status: {} - conversion: - strategy: None ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: qos-policies.kubeovn.io -spec: - group: kubeovn.io - names: - plural: qos-policies - singular: qos-policy - shortNames: - - qos - kind: QoSPolicy - listKind: QoSPolicyList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.shared - name: Shared - type: string - - jsonPath: .spec.bindingType - name: BindingType - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - required: - - name - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map diff --git a/packages/system/kubeovn/charts/kube-ovn/images b/packages/system/kubeovn/charts/kube-ovn/images new file mode 120000 index 00000000..5fa69870 --- /dev/null +++ b/packages/system/kubeovn/charts/kube-ovn/images @@ -0,0 +1 @@ +../../images \ No newline at end of file diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml deleted file mode 100644 index fce1b220..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v2 -name: kube-ovn -description: Helm chart for Kube-OVN - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.13.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -# It is recommended to use it with quotes. -appVersion: "1.13.0" diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md deleted file mode 100644 index 3af408e6..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md +++ /dev/null @@ -1,42 +0,0 @@ -# Kube-OVN-helm - -Currently supported version: 1.9 - -Installation : - -```bash -$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite -$ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite -$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite - -# standard install -$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0} - -# high availability install -$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} - -# upgrade to this version -$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2} -``` - -If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label - -### Talos Linux - -To install Kube-OVN on Talos Linux, declare openvswitch module in machine config: - -``` -machine: - kernel: - modules: - - name: openvswitch -``` - -and use the following options to install this Helm-chart: - -``` ---set cni_conf.MOUNT_LOCAL_BIN_DIR=false ---set OPENVSWITCH_DIR=/var/lib/openvswitch ---set OVN_DIR=/var/lib/ovn ---set DISABLE_MODULES_MANAGEMENT=true -``` diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl deleted file mode 100644 index 7b473941..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Get IP-addresses of master nodes -*/}} -{{- define "kubeovn.nodeIPs" -}} -{{- $nodes := lookup "v1" "Node" "" "" -}} -{{- $ips := list -}} -{{- range $node := $nodes.items -}} - {{- $label := splitList "=" $.Values.MASTER_NODES_LABEL }} - {{- $key := index $label 0 }} - {{- $val := "" }} - {{- if eq (len $label) 2 }} - {{- $val = index $label 1 }} - {{- end }} - {{- if eq (index $node.metadata.labels $key) $val -}} - {{- range $address := $node.status.addresses -}} - {{- if eq $address.type "InternalIP" -}} - {{- $ips = append $ips $address.address -}} - {{- break -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{ join "," $ips }} -{{- end -}} - -{{/* -Number of master nodes -*/}} -{{- define "kubeovn.nodeCount" -}} - {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }} -{{- end -}} - -{{- define "kubeovn.ovs-ovn.updateStrategy" -}} - {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}} - {{- if $ds -}} - {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}} - RollingUpdate - {{- else -}} - {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}} - {{- $versionRegex := `^(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)` -}} - {{- if regexMatch $versionRegex $imageVersion -}} - {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}} - RollingUpdate - {{- else -}} - OnDelete - {{- end -}} - {{- else -}} - OnDelete - {{- end -}} - {{- end -}} - {{- else -}} - RollingUpdate - {{- end -}} -{{- end -}} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml deleted file mode 100644 index 0f4044b4..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml +++ /dev/null @@ -1,161 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: ovn-central - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - OVN components: northd, nb and sb. -spec: - replicas: {{ include "kubeovn.nodeCount" . }} - strategy: - rollingUpdate: - maxSurge: 0 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: ovn-central - template: - metadata: - labels: - app: ovn-central - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: ovn-central - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn-ovs - hostNetwork: true - containers: - - name: ovn-central - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /kube-ovn/start-db.sh - securityContext: - capabilities: - add: ["SYS_NICE"] - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: NODE_IPS - value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" - - name: PROBE_INTERVAL - value: "{{ .Values.networking.PROBE_INTERVAL }}" - - name: OVN_NORTHD_PROBE_INTERVAL - value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}" - - name: OVN_LEADER_PROBE_INTERVAL - value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}" - - name: OVN_NORTHD_N_THREADS - value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}" - - name: ENABLE_COMPACT - value: "{{ .Values.networking.ENABLE_COMPACT }}" - {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }} - - name: OVN_VERSION_COMPATIBILITY - value: "21.06" - {{- end }} - resources: - requests: - cpu: {{ index .Values "ovn-central" "requests" "cpu" }} - memory: {{ index .Values "ovn-central" "requests" "memory" }} - limits: - cpu: {{ index .Values "ovn-central" "limits" "cpu" }} - memory: {{ index .Values "ovn-central" "limits" "memory" }} - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - periodSeconds: 15 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovn-healthcheck.sh - initialDelaySeconds: 30 - periodSeconds: 15 - failureThreshold: 5 - timeoutSeconds: 45 - nodeSelector: - kubernetes.io/os: "linux" - {{- with splitList "=" .Values.MASTER_NODES_LABEL }} - {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}" - {{- end }} - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-config-ovn - hostPath: - path: {{ .Values.OVN_DIR }} - - name: host-log-ovs - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/openvswitch - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml deleted file mode 100644 index cea79b7d..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml +++ /dev/null @@ -1,190 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-controller - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - kube-ovn controller -spec: - replicas: {{ include "kubeovn.nodeCount" . }} - selector: - matchLabels: - app: kube-ovn-controller - strategy: - rollingUpdate: - maxSurge: 0% - maxUnavailable: 100% - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-controller - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: "ovn.kubernetes.io/ic-gw" - operator: NotIn - values: - - "true" - weight: 100 - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-controller - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: ovn - hostNetwork: true - containers: - - name: kube-ovn-controller - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - /kube-ovn/start-controller.sh - - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} - - --default-cidr= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.POD_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.POD_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.POD_CIDR }} - {{- end }} - - --default-gateway= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.POD_GATEWAY }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.POD_GATEWAY }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.POD_GATEWAY }} - {{- end }} - - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} - - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} - - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} - - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} - - --cluster-router={{ .Values.networking.DEFAULT_VPC }} - - --node-switch={{ .Values.networking.NODE_SUBNET }} - - --node-switch-cidr= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.JOIN_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.JOIN_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.JOIN_CIDR }} - {{- end }} - - --service-cluster-ip-range= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.SVC_CIDR }} - {{- end }} - - --network-type={{- .Values.networking.NETWORK_TYPE }} - - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} - - --default-exchange-link-name={{- .Values.networking.EXCHANGE_LINK_NAME }} - - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }} - - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }} - - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }} - - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }} - - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }} - - --enable-lb={{- .Values.func.ENABLE_LB }} - - --enable-np={{- .Values.func.ENABLE_NP }} - - --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }} - - --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }} - - --enable-ecmp={{- .Values.networking.ENABLE_ECMP }} - - --logtostderr=false - - --alsologtostderr=true - - --gc-interval={{- .Values.performance.GC_INTERVAL }} - - --inspect-interval={{- .Values.performance.INSPECT_INTERVAL }} - - --log_file=/var/log/kube-ovn/kube-ovn-controller.log - - --log_file_max_size=0 - - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }} - - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }} - - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} - - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }} - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: KUBE_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" - volumeMounts: - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - # ovn-ic log directory - - mountPath: /var/log/ovn - name: ovn-log - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - periodSeconds: 3 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - /kube-ovn/kube-ovn-controller-healthcheck - initialDelaySeconds: 300 - periodSeconds: 7 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }} - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn - - name: ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml deleted file mode 100644 index b4d39619..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-controller - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-controller -spec: - selector: - app: kube-ovn-controller - ports: - - port: 10660 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml deleted file mode 100644 index b938ebfe..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml +++ /dev/null @@ -1,139 +0,0 @@ -kind: Deployment -apiVersion: apps/v1 -metadata: - name: kube-ovn-monitor - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - Metrics for OVN components: northd, nb and sb. -spec: - replicas: 1 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 1 - type: RollingUpdate - selector: - matchLabels: - app: kube-ovn-monitor - template: - metadata: - labels: - app: kube-ovn-monitor - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app: kube-ovn-monitor - topologyKey: kubernetes.io/hostname - priorityClassName: system-cluster-critical - serviceAccountName: kube-ovn-app - hostNetwork: true - containers: - - name: kube-ovn-monitor - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/kube-ovn/start-ovn-monitor.sh"] - args: - - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log - - --logtostderr=false - - --alsologtostderr=true - - --log_file_max_size=0 - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" - resources: - requests: - cpu: {{ index .Values "kube-ovn-monitor" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-monitor" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }} - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10661 - timeoutSeconds: 3 - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10661 - timeoutSeconds: 3 - nodeSelector: - kubernetes.io/os: "linux" - {{- with splitList "=" .Values.MASTER_NODES_LABEL }} - {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}" - {{- end }} - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-config-ovn - hostPath: - path: {{ .Values.OVN_DIR }} - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml deleted file mode 100644 index 1ad1800d..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-monitor - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-monitor -spec: - ports: - - name: metrics - port: 10661 - type: ClusterIP - selector: - app: kube-ovn-monitor - sessionAffinity: None - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml deleted file mode 100644 index 43992e91..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ovn-nb - namespace: {{ .Values.namespace }} -spec: - ports: - - name: ovn-nb - protocol: TCP - port: 6641 - targetPort: 6641 - type: ClusterIP - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} - selector: - app: ovn-central - ovn-nb-leader: "true" - sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml deleted file mode 100644 index cec07233..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ovn-northd - namespace: {{ .Values.namespace }} -spec: - ports: - - name: ovn-northd - protocol: TCP - port: 6643 - targetPort: 6643 - type: ClusterIP - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} - selector: - app: ovn-central - ovn-northd-leader: "true" - sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml deleted file mode 100644 index 69d46ad9..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml +++ /dev/null @@ -1,256 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:ovn -rules: - - apiGroups: - - "kubeovn.io" - resources: - - vpcs - - vpcs/status - - vpc-nat-gateways - - vpc-nat-gateways/status - - subnets - - subnets/status - - ippools - - ippools/status - - ips - - vips - - vips/status - - vlans - - vlans/status - - provider-networks - - provider-networks/status - - security-groups - - security-groups/status - - iptables-eips - - iptables-fip-rules - - iptables-dnat-rules - - iptables-snat-rules - - iptables-eips/status - - iptables-fip-rules/status - - iptables-dnat-rules/status - - iptables-snat-rules/status - - ovn-eips - - ovn-fips - - ovn-snat-rules - - ovn-eips/status - - ovn-fips/status - - ovn-snat-rules/status - - ovn-dnat-rules - - ovn-dnat-rules/status - - switch-lb-rules - - switch-lb-rules/status - - vpc-dnses - - vpc-dnses/status - - qos-policies - - qos-policies/status - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - namespaces - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - - apiGroups: - - "k8s.cni.cncf.io" - resources: - - network-attachment-definitions - verbs: - - get - - apiGroups: - - "" - - networking.k8s.io - resources: - - networkpolicies - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - apiGroups: - - "" - resources: - - services - - services/status - verbs: - - get - - list - - update - - create - - delete - - watch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - create - - update - - get - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - - deployments - - deployments/scale - verbs: - - get - - list - - create - - delete - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - "*" - - apiGroups: - - "kubevirt.io" - resources: - - virtualmachines - - virtualmachineinstances - verbs: - - get - - list - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:ovn-ovs -rules: - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - patch - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - apiGroups: - - apps - resources: - - controllerrevisions - verbs: - - get - - list - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:kube-ovn-cni -rules: - - apiGroups: - - "kubeovn.io" - - "" - resources: - - subnets - - provider-networks - - pods - verbs: - - get - - list - - watch - - apiGroups: - - "" - - "kubeovn.io" - resources: - - ovn-eips - - ovn-eips/status - - nodes - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "kubeovn.io" - resources: - - ips - verbs: - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:kube-ovn-app -rules: - - apiGroups: - - "" - resources: - - pods - - nodes - verbs: - - get - - list - - apiGroups: - - apps - resources: - - daemonsets - verbs: - - get diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml deleted file mode 100644 index 9230d900..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovn -roleRef: - name: system:ovn - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovn - namespace: {{ .Values.namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovn-ovs -roleRef: - name: system:ovn-ovs - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovn-ovs - namespace: {{ .Values.namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kube-ovn-cni -roleRef: - name: system:kube-ovn-cni - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kube-ovn-app -roleRef: - name: system:kube-ovn-app - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-app - namespace: {{ .Values.namespace }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml deleted file mode 100644 index 1d799899..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml +++ /dev/null @@ -1,164 +0,0 @@ -{{- if .Values.HYBRID_DPDK }} -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ovs-ovn-dpdk - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - selector: - matchLabels: - app: ovs-dpdk - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: ovs-dpdk - component: network - type: infra - spec: - tolerations: - - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: ovn-ovs - hostNetwork: true - hostPID: true - containers: - - name: openvswitch - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/kube-ovn/start-ovs-dpdk-v2.sh"] - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HW_OFFLOAD - value: "{{- .Values.func.HW_OFFLOAD }}" - - name: TUNNEL_TYPE - value: "{{- .Values.networking.TUNNEL_TYPE }}" - - name: DPDK_TUNNEL_IFACE - value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - - name: OVN_REMOTE_PROBE_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" - - name: OVN_REMOTE_OPENFLOW_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}" - volumeMounts: - - mountPath: /opt/ovs-config - name: host-config-ovs - - name: shareddir - mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods - - name: hugepage - mountPath: /dev/hugepages - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /var/run/openvswitch - name: host-run-ovs - mountPropagation: HostToContainer - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /sys - name: host-sys - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - readinessProbe: - exec: - command: - - bash - - -c - - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh - periodSeconds: 5 - timeoutSeconds: 45 - livenessProbe: - exec: - command: - - bash - - /kube-ovn/ovs-healthcheck.sh - initialDelaySeconds: 60 - periodSeconds: 5 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} - memory: {{ index .Values "ovs-ovn" "requests" "memory" }} - limits: - cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} - {{.Values.HUGEPAGE_SIZE_TYPE}}: {{.Values.HUGEPAGES}} - memory: {{ index .Values "ovs-ovn" "limits" "memory" }} - nodeSelector: - kubernetes.io/os: "linux" - ovn.kubernetes.io/ovs_dp_type: "userspace" - volumes: - - name: host-config-ovs - hostPath: - path: /opt/ovs-config - type: DirectoryOrCreate - - name: shareddir - hostPath: - path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods - type: '' - - name: hugepage - emptyDir: - medium: HugePages - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-sys - hostPath: - path: /sys - - name: host-config-openvswitch - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-config-ovn - hostPath: - path: {{ .Values.OVN_DIR }} - - name: host-log-ovs - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/openvswitch - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls -{{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml deleted file mode 100644 index 17b4a92f..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovn - namespace: {{ .Values.namespace }} -{{- if .Values.global.registry.imagePullSecrets }} -imagePullSecrets: -{{- range $index, $secret := .Values.global.registry.imagePullSecrets }} -{{- if $secret }} -- name: {{ $secret | quote}} -{{- end }} -{{- end }} -{{- end }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovn-ovs - namespace: {{ .Values.namespace }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-app - namespace: {{ .Values.namespace }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml deleted file mode 100644 index dde40203..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.networking.ENABLE_SSL }} -{{- $cn := "ovn" -}} -{{- $ca := genCA "ovn-ca" 3650 -}} ---- -apiVersion: v1 -kind: Secret -metadata: - name: kube-ovn-tls - namespace: {{ .Values.namespace }} -data: -{{- $existingSecret := lookup "v1" "Secret" .Values.namespace "kube-ovn-tls" }} - {{- if $existingSecret }} - cacert: {{ index $existingSecret.data "cacert" }} - cert: {{ index $existingSecret.data "cert" }} - key: {{ index $existingSecret.data "key" }} - {{- else }} - {{- with genSignedCert $cn nil nil 3650 $ca }} - cacert: {{ b64enc $ca.Cert }} - cert: {{ b64enc .Cert }} - key: {{ b64enc .Key }} - {{- end }} - {{- end }} -{{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml deleted file mode 100644 index 1dfedf1a..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml +++ /dev/null @@ -1,206 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - This daemon set launches the kube-ovn cni daemon. -spec: - selector: - matchLabels: - app: kube-ovn-cni - template: - metadata: - labels: - app: kube-ovn-cni - component: network - type: infra - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: kube-ovn-cni - hostNetwork: true - hostPID: true - initContainers: - - name: install-cni - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: ["/kube-ovn/install-cni.sh"] - securityContext: - runAsUser: 0 - privileged: true - volumeMounts: - - mountPath: /opt/cni/bin - name: cni-bin - {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} - - mountPath: /usr/local/bin - name: local-bin - {{- end }} - containers: - - name: cni-server - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - bash - - /kube-ovn/start-cniserver.sh - args: - - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - - --node-switch={{ .Values.networking.NODE_SUBNET }} - - --encap-checksum=true - - --service-cluster-ip-range= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.SVC_CIDR }} - {{- end }} - {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - - --iface= - {{- else}} - - --iface={{- .Values.networking.IFACE }} - {{- end }} - - --dpdk-tunnel-iface={{- .Values.networking.DPDK_TUNNEL_IFACE }} - - --network-type={{- .Values.networking.TUNNEL_TYPE }} - - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} - - --cni-conf-dir={{ .Values.cni_conf.CNI_CONF_DIR }} - - --cni-conf-file={{ .Values.cni_conf.CNI_CONF_FILE }} - - --cni-conf-name={{- .Values.cni_conf.CNI_CONFIG_PRIORITY -}}-kube-ovn.conflist - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-cni.log - - --log_file_max_size=0 - - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} - - --kubelet-dir={{ .Values.kubelet_conf.KUBELET_DIR }} - - --enable-tproxy={{ .Values.func.ENABLE_TPROXY }} - - --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }} - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_IPS - valueFrom: - fieldRef: - fieldPath: status.podIPs - - name: ENABLE_BIND_LOCAL_IP - value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" - - name: DBUS_SYSTEM_BUS_ADDRESS - value: "unix:path=/host/var/run/dbus/system_bus_socket" - volumeMounts: - - name: host-modules - mountPath: /lib/modules - readOnly: true - - name: shared-dir - mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods - - mountPath: /etc/openvswitch - name: systemid - readOnly: true - - mountPath: /etc/cni/net.d - name: cni-conf - - mountPath: /run/openvswitch - name: host-run-ovs - mountPropagation: Bidirectional - - mountPath: /run/ovn - name: host-run-ovn - - mountPath: /host/var/run/dbus - name: host-dbus - mountPropagation: HostToContainer - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - readinessProbe: - failureThreshold: 3 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 7 - successThreshold: 1 - tcpSocket: - port: 10665 - timeoutSeconds: 3 - resources: - requests: - cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }} - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: shared-dir - hostPath: - path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods - - name: systemid - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: cni-conf - hostPath: - path: {{ .Values.cni_conf.CNI_CONF_DIR }} - - name: cni-bin - hostPath: - path: {{ .Values.cni_conf.CNI_BIN_DIR }} - - name: host-ns - hostPath: - path: /var/run/netns - - name: host-dbus - hostPath: - path: /var/run/dbus - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: host-log-ovs - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/openvswitch - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} - - name: local-bin - hostPath: - path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml deleted file mode 100644 index e1c47c80..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-cni -spec: - selector: - app: kube-ovn-cni - ports: - - port: 10665 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml deleted file mode 100644 index 72a5eb40..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml +++ /dev/null @@ -1,221 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: ovs-ovn - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. - chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" -spec: - selector: - matchLabels: - app: ovs - updateStrategy: - type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }} - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - template: - metadata: - labels: - app: ovs - component: network - type: infra - annotations: - chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" - spec: - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - priorityClassName: system-node-critical - serviceAccountName: ovn-ovs - hostNetwork: true - hostPID: true - containers: - - name: openvswitch - {{- if .Values.DPDK }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }} - {{- else }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - {{- end }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.DPDK }} - command: ["/kube-ovn/start-ovs-dpdk.sh"] - {{- else }} - command: - {{- if .Values.DISABLE_MODULES_MANAGEMENT }} - - /bin/sh - - -ec - - | - ln -sf /bin/true /usr/sbin/modprobe - ln -sf /bin/true /usr/sbin/modinfo - ln -sf /bin/true /usr/sbin/rmmod - exec /kube-ovn/start-ovs.sh - {{- else }} - - /kube-ovn/start-ovs.sh - {{- end }} - {{- end }} - securityContext: - runAsUser: 0 - privileged: true - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HW_OFFLOAD - value: "{{- .Values.func.HW_OFFLOAD }}" - - name: TUNNEL_TYPE - value: "{{- .Values.networking.TUNNEL_TYPE }}" - - name: KUBE_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - - name: OVN_REMOTE_PROBE_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" - - name: OVN_REMOTE_OPENFLOW_INTERVAL - value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}" - volumeMounts: - - mountPath: /var/run/netns - name: host-ns - mountPropagation: HostToContainer - - mountPath: /lib/modules - name: host-modules - readOnly: true - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /etc/ovn - name: host-config-ovn - - mountPath: /var/log/openvswitch - name: host-log-ovs - - mountPath: /var/log/ovn - name: host-log-ovn - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - - mountPath: /var/run/containerd - name: cruntime - readOnly: true - {{- if .Values.DPDK }} - - mountPath: /opt/ovs-config - name: host-config-ovs - - mountPath: /dev/hugepages - name: hugepage - {{- end }} - readinessProbe: - exec: - {{- if .Values.DPDK }} - command: - - bash - - /kube-ovn/ovs-dpdk-healthcheck.sh - {{- else }} - command: - - bash - - -c - - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh - {{- end }} - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 45 - livenessProbe: - exec: - {{- if .Values.DPDK }} - command: - - bash - - /kube-ovn/ovs-dpdk-healthcheck.sh - {{- else }} - command: - - bash - - /kube-ovn/ovs-healthcheck.sh - {{- end }} - initialDelaySeconds: 60 - periodSeconds: 5 - failureThreshold: 5 - timeoutSeconds: 45 - resources: - requests: - {{- if .Values.DPDK }} - cpu: {{ .Values.DPDK_CPU }} - memory: {{ .Values.DPDK_MEMORY }} - {{- else }} - cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} - memory: {{ index .Values "ovs-ovn" "requests" "memory" }} - {{- end }} - limits: - {{- if .Values.DPDK }} - cpu: {{ .Values.DPDK_CPU }} - memory: {{ .Values.DPDK_MEMORY }} - hugepages-1Gi: 1Gi - {{- else }} - cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} - memory: {{ index .Values "ovs-ovn" "limits" "memory" }} - {{- end }} - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-modules - hostPath: - path: /lib/modules - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-config-ovn - hostPath: - path: {{ .Values.OVN_DIR }} - - name: host-log-ovs - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/openvswitch - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls - - name: host-ns - hostPath: - path: /var/run/netns - - hostPath: - path: /var/run/containerd - name: cruntime - {{- if .Values.DPDK }} - - name: host-config-ovs - hostPath: - path: /opt/ovs-config - type: DirectoryOrCreate - - name: hugepage - emptyDir: - medium: HugePages - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml deleted file mode 100644 index f54b276a..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml +++ /dev/null @@ -1,137 +0,0 @@ -kind: DaemonSet -apiVersion: apps/v1 -metadata: - name: kube-ovn-pinger - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. -spec: - selector: - matchLabels: - app: kube-ovn-pinger - updateStrategy: - type: RollingUpdate - template: - metadata: - labels: - app: kube-ovn-pinger - component: network - type: infra - spec: - priorityClassName: system-node-critical - tolerations: - - effect: NoSchedule - operator: Exists - - effect: NoExecute - operator: Exists - - key: CriticalAddonsOnly - operator: Exists - serviceAccountName: kube-ovn-app - hostPID: true - containers: - - name: pinger - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} - command: - - /kube-ovn/kube-ovn-pinger - args: - - --external-address= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.PINGER_EXTERNAL_ADDRESS }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.PINGER_EXTERNAL_ADDRESS }} - {{- end }} - - --external-dns= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.PINGER_EXTERNAL_DOMAIN }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.PINGER_EXTERNAL_DOMAIN }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }} - {{- end }} - - --ds-namespace={{ .Values.namespace }} - - --logtostderr=false - - --alsologtostderr=true - - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log - - --log_file_max_size=0 - - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 0 - privileged: false - env: - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - volumeMounts: - - mountPath: /var/run/openvswitch - name: host-run-ovs - - mountPath: /var/run/ovn - name: host-run-ovn - - mountPath: /etc/openvswitch - name: host-config-openvswitch - - mountPath: /var/log/openvswitch - name: host-log-ovs - readOnly: true - - mountPath: /var/log/ovn - name: host-log-ovn - readOnly: true - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /etc/localtime - name: localtime - readOnly: true - - mountPath: /var/run/tls - name: kube-ovn-tls - resources: - requests: - cpu: {{ index .Values "kube-ovn-pinger" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-pinger" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }} - nodeSelector: - kubernetes.io/os: "linux" - volumes: - - name: host-run-ovs - hostPath: - path: /run/openvswitch - - name: host-run-ovn - hostPath: - path: /run/ovn - - name: host-config-openvswitch - hostPath: - path: {{ .Values.OPENVSWITCH_DIR }} - - name: host-log-ovs - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/openvswitch - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn - - name: host-log-ovn - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: localtime - hostPath: - path: /etc/localtime - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml deleted file mode 100644 index ef169e8e..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-pinger - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-pinger -spec: - selector: - app: kube-ovn-pinger - ports: - - port: 8080 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml deleted file mode 100644 index d81c5ca2..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml +++ /dev/null @@ -1,123 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-pre-delete-hook - namespace: {{ .Values.namespace }} - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": hook-succeeded - name: system:kube-ovn-pre-delete-hook -rules: - - apiGroups: - - kubeovn.io - resources: - - subnets - verbs: - - get - - list - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kube-ovn-pre-delete-hook - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "3" - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - name: system:kube-ovn-pre-delete-hook - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-pre-delete-hook - namespace: {{ .Values.namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Chart.Name }}-pre-delete-hook" - namespace: {{ .Values.namespace }} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": pre-delete - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - completions: 1 - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: kube-ovn-pre-delete-hook - component: job - spec: - tolerations: - - key: "" - operator: "Exists" - effect: "NoSchedule" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - kube-ovn-pre-delete-hook - - key: component - operator: In - values: - - job - restartPolicy: Never - hostNetwork: true - nodeSelector: - kubernetes.io/os: "linux" - serviceAccount: kube-ovn-pre-delete-hook - serviceAccountName: kube-ovn-pre-delete-hook - containers: - - name: remove-subnet-finalizer - image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - command: - - sh - - -c - - /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log - volumeMounts: - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - volumes: - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml deleted file mode 100644 index 36a4a27a..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml +++ /dev/null @@ -1,19 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: ovn-sb - namespace: {{ .Values.namespace }} -spec: - ports: - - name: ovn-sb - protocol: TCP - port: 6642 - targetPort: 6642 - type: ClusterIP - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} - selector: - app: ovn-central - ovn-sb-leader: "true" - sessionAffinity: None diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml deleted file mode 100644 index 94c175fa..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml +++ /dev/null @@ -1,163 +0,0 @@ -{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: ovs-ovn-upgrade - namespace: {{ .Values.namespace }} - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "1" - "helm.sh/hook-delete-policy": hook-succeeded ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": hook-succeeded - name: system:ovs-ovn-upgrade -rules: - - apiGroups: - - apps - resources: - - daemonsets - resourceNames: - - ovs-ovn - verbs: - - get - - apiGroups: - - apps - resources: - - deployments - resourceNames: - - ovn-central - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - get - - watch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: ovs-ovn-upgrade - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "3" - "helm.sh/hook-delete-policy": hook-succeeded -roleRef: - name: system:ovs-ovn-upgrade - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: ovs-ovn-upgrade - namespace: {{ .Values.namespace }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Chart.Name }}-post-upgrade-hook" - namespace: {{ .Values.namespace }} - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": post-upgrade - "helm.sh/hook-weight": "4" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - completions: 1 - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - app: post-upgrade - component: job - spec: - tolerations: - - key: "" - operator: "Exists" - effect: "NoSchedule" - affinity: - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - topologyKey: kubernetes.io/hostname - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - post-upgrade - - key: component - operator: In - values: - - job - restartPolicy: Never - hostNetwork: true - nodeSelector: - kubernetes.io/os: "linux" - serviceAccount: ovs-ovn-upgrade - serviceAccountName: ovs-ovn-upgrade - containers: - - name: ovs-ovn-upgrade - image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: ENABLE_SSL - value: "{{ .Values.networking.ENABLE_SSL }}" - - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - command: - - bash - - -eo - - pipefail - - -c - - /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log - volumeMounts: - - mountPath: /var/log/kube-ovn - name: kube-ovn-log - - mountPath: /var/run/tls - name: kube-ovn-tls - volumes: - - name: kube-ovn-log - hostPath: - path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn - - name: kube-ovn-tls - secret: - optional: true - secretName: kube-ovn-tls -{{ end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml deleted file mode 100755 index 0f9bd0f5..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml +++ /dev/null @@ -1,10 +0,0 @@ -kind: ConfigMap -apiVersion: v1 -metadata: - name: ovn-vpc-nat-config - namespace: {{ .Values.namespace }} - annotations: - kubernetes.io/description: | - kube-ovn vpc-nat common config -data: - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }} \ No newline at end of file diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml deleted file mode 100644 index e65c8a85..00000000 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml +++ /dev/null @@ -1,181 +0,0 @@ -# Default values for kubeovn. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - registry: - address: docker.io/kubeovn - imagePullSecrets: [] - images: - kubeovn: - repository: kube-ovn - dpdkRepository: kube-ovn-dpdk - vpcRepository: vpc-nat-gateway - tag: v1.13.0 - support_arm: true - thirdparty: true - -image: - pullPolicy: IfNotPresent - -namespace: kube-system -MASTER_NODES: "" -MASTER_NODES_LABEL: "kube-ovn/role=master" - -networking: - # NET_STACK could be dual_stack, ipv4, ipv6 - NET_STACK: ipv4 - ENABLE_SSL: false - # network type could be geneve or vlan - NETWORK_TYPE: geneve - # tunnel type could be geneve, vxlan or stt - TUNNEL_TYPE: geneve - IFACE: "" - DPDK_TUNNEL_IFACE: "br-phy" - EXCLUDE_IPS: "" - POD_NIC_TYPE: "veth-pair" - vlan: - PROVIDER_NAME: "provider" - VLAN_INTERFACE_NAME: "" - VLAN_NAME: "ovn-vlan" - VLAN_ID: "100" - EXCHANGE_LINK_NAME: false - ENABLE_EIP_SNAT: true - DEFAULT_SUBNET: "ovn-default" - DEFAULT_VPC: "ovn-cluster" - NODE_SUBNET: "join" - ENABLE_ECMP: false - ENABLE_METRICS: true - NODE_LOCAL_DNS_IP: "" - PROBE_INTERVAL: 180000 - OVN_NORTHD_PROBE_INTERVAL: 5000 - OVN_LEADER_PROBE_INTERVAL: 5 - OVN_REMOTE_PROBE_INTERVAL: 10000 - OVN_REMOTE_OPENFLOW_INTERVAL: 180 - OVN_NORTHD_N_THREADS: 1 - ENABLE_COMPACT: false - -func: - ENABLE_LB: true - ENABLE_NP: true - ENABLE_EIP_SNAT: true - ENABLE_EXTERNAL_VPC: true - HW_OFFLOAD: false - ENABLE_LB_SVC: false - ENABLE_KEEP_VM_IP: true - LS_DNAT_MOD_DL_DST: true - LS_CT_SKIP_DST_LPORT_IPS: true - CHECK_GATEWAY: true - LOGICAL_GATEWAY: false - ENABLE_BIND_LOCAL_IP: true - U2O_INTERCONNECTION: false - ENABLE_TPROXY: false - ENABLE_IC: false - -ipv4: - POD_CIDR: "10.16.0.0/16" - POD_GATEWAY: "10.16.0.1" - SVC_CIDR: "10.96.0.0/12" - JOIN_CIDR: "100.64.0.0/16" - PINGER_EXTERNAL_ADDRESS: "1.1.1.1" - PINGER_EXTERNAL_DOMAIN: "alauda.cn." - -ipv6: - POD_CIDR: "fd00:10:16::/112" - POD_GATEWAY: "fd00:10:16::1" - SVC_CIDR: "fd00:10:96::/112" - JOIN_CIDR: "fd00:100:64::/112" - PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111" - PINGER_EXTERNAL_DOMAIN: "google.com." - -dual_stack: - POD_CIDR: "10.16.0.0/16,fd00:10:16::/112" - POD_GATEWAY: "10.16.0.1,fd00:10:16::1" - SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112" - JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112" - PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111" - PINGER_EXTERNAL_DOMAIN: "google.com." - -performance: - GC_INTERVAL: 360 - INSPECT_INTERVAL: 20 - OVS_VSCTL_CONCURRENCY: 100 - -debug: - ENABLE_MIRROR: false - MIRROR_IFACE: "mirror0" - -cni_conf: - CNI_CONFIG_PRIORITY: "01" - CNI_CONF_DIR: "/etc/cni/net.d" - CNI_BIN_DIR: "/opt/cni/bin" - CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist" - LOCAL_BIN_DIR: "/usr/local/bin" - MOUNT_LOCAL_BIN_DIR: false - -kubelet_conf: - KUBELET_DIR: "/var/lib/kubelet" - -log_conf: - LOG_DIR: "/var/log" - -OPENVSWITCH_DIR: "/etc/origin/openvswitch" -OVN_DIR: "/etc/origin/ovn" -DISABLE_MODULES_MANAGEMENT: false - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -# hybrid dpdk -HYBRID_DPDK: false -HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default -HUGEPAGES: 1Gi - -# DPDK -DPDK: false -DPDK_VERSION: "19.11" -DPDK_CPU: "1000m" # Default CPU configuration -DPDK_MEMORY: "2Gi" # Default Memory configuration - -ovn-central: - requests: - cpu: "300m" - memory: "200Mi" - limits: - cpu: "3" - memory: "4Gi" -ovs-ovn: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "2" - memory: "1000Mi" -kube-ovn-controller: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "1000m" - memory: "1Gi" -kube-ovn-cni: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "1Gi" -kube-ovn-pinger: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "200m" - memory: "400Mi" -kube-ovn-monitor: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "200m" - memory: "200Mi" diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl b/packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl index 8be2462d..9a216a38 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl +++ b/packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl @@ -29,3 +29,28 @@ Number of master nodes {{- define "kubeovn.nodeCount" -}} {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }} {{- end -}} + +{{- define "kubeovn.ovs-ovn.updateStrategy" -}} + {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}} + {{- if $ds -}} + {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}} + RollingUpdate + {{- else -}} + {{- $chartVersion := index $ds.metadata.annotations "chart-version" }} + {{- $newChartVersion := printf "%s-%s" .Chart.Name .Chart.Version }} + {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}} + {{- $versionRegex := `^(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)\.(?P0|[1-9]\d*)` -}} + {{- if and (ne $newChartVersion $chartVersion) (regexMatch $versionRegex $imageVersion) -}} + {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}} + RollingUpdate + {{- else -}} + OnDelete + {{- end -}} + {{- else -}} + OnDelete + {{- end -}} + {{- end -}} + {{- else -}} + RollingUpdate + {{- end -}} +{{- end -}} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml index bf234e11..cd0d94f1 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml @@ -42,7 +42,7 @@ spec: hostNetwork: true containers: - name: ovn-central - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - /kube-ovn/start-db.sh @@ -74,12 +74,18 @@ spec: value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" - name: PROBE_INTERVAL value: "{{ .Values.networking.PROBE_INTERVAL }}" + - name: OVN_NORTHD_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}" - name: OVN_LEADER_PROBE_INTERVAL value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}" - name: OVN_NORTHD_N_THREADS value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}" - name: ENABLE_COMPACT value: "{{ .Values.networking.ENABLE_COMPACT }}" + {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }} + - name: OVN_VERSION_COMPATIBILITY + value: "21.06" + {{- end }} resources: requests: cpu: {{ index .Values "ovn-central" "requests" "cpu" }} @@ -92,9 +98,6 @@ spec: name: host-run-ovs - mountPath: /var/run/ovn name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - mountPath: /etc/openvswitch name: host-config-openvswitch - mountPath: /etc/ovn @@ -136,9 +139,6 @@ spec: - name: host-run-ovn hostPath: path: /run/ovn - - name: host-sys - hostPath: - path: /sys - name: host-config-openvswitch hostPath: path: {{ .Values.OPENVSWITCH_DIR }} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml index 0e694945..80ecd53a 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml @@ -49,49 +49,22 @@ spec: hostNetwork: true containers: - name: kube-ovn-controller - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: + {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - /kube-ovn/start-controller.sh - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} - - --default-cidr= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.POD_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.POD_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.POD_CIDR }} - {{- end }} - - --default-gateway= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.POD_GATEWAY }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.POD_GATEWAY }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.POD_GATEWAY }} - {{- end }} + - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }} + - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }} - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} - --cluster-router={{ .Values.networking.DEFAULT_VPC }} - --node-switch={{ .Values.networking.NODE_SUBNET }} - - --node-switch-cidr= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.JOIN_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.JOIN_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.JOIN_CIDR }} - {{- end }} - - --service-cluster-ip-range= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.SVC_CIDR }} - {{- end }} + - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} + - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} - --network-type={{- .Values.networking.NETWORK_TYPE }} - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} @@ -99,6 +72,7 @@ spec: - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }} - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }} - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }} + - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }} - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }} - --enable-lb={{- .Values.func.ENABLE_LB }} - --enable-np={{- .Values.func.ENABLE_NP }} @@ -113,7 +87,6 @@ spec: - --log_file_max_size=0 - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }} - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }} - - --pod-default-fip-type={{- .Values.networking.POD_DEFAULT_FIP_TYPE }} - --enable-metrics={{- .Values.networking.ENABLE_METRICS }} - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }} env: diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ic-controller-deploy.yaml similarity index 95% rename from packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml rename to packages/system/kubeovn/charts/kube-ovn/templates/ic-controller-deploy.yaml index 0d0f225f..64b086c4 100644 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ic-controller-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ic-controller-deploy.yaml @@ -43,7 +43,7 @@ spec: hostNetwork: true containers: - name: ovn-ic-controller - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/kube-ovn/start-ic-controller.sh"] args: diff --git a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml similarity index 98% rename from packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml rename to packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml index a305a378..dd087552 100644 --- a/packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/kube-ovn-crd.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml @@ -1268,9 +1268,15 @@ spec: - jsonPath: .status.v4Eip name: V4Eip type: string + - jsonPath: .status.v6Eip + name: V6Eip + type: string - jsonPath: .status.v4Ip name: V4Ip type: string + - jsonPath: .status.v6Ip + name: V6Ip + type: string - jsonPath: .status.ready name: Ready type: boolean @@ -1325,6 +1331,8 @@ spec: type: string v4Ip: type: string + v6Ip: + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1353,9 +1361,15 @@ spec: - jsonPath: .status.v4Eip name: V4Eip type: string + - jsonPath: .status.v6Eip + name: V6Eip + type: string - jsonPath: .status.v4IpCidr name: V4IpCidr type: string + - jsonPath: .status.v6IpCidr + name: V6IpCidr + type: string - jsonPath: .status.ready name: Ready type: boolean @@ -1370,8 +1384,12 @@ spec: type: boolean v4Eip: type: string + v6Eip: + type: string v4IpCidr: type: string + v6IpCidr: + type: string vpc: type: string conditions: @@ -1404,6 +1422,8 @@ spec: type: string v4IpCidr: type: string + v6IpCidr: + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1438,9 +1458,15 @@ spec: - jsonPath: .status.v4Eip name: V4Eip type: string + - jsonPath: .status.v6Eip + name: V6Eip + type: string - jsonPath: .status.v4Ip name: V4Ip type: string + - jsonPath: .status.v6Ip + name: V6Ip + type: string - jsonPath: .status.internalPort name: InternalPort type: string @@ -1512,6 +1538,8 @@ spec: type: string v4Ip: type: string + v6Ip: + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1873,6 +1901,9 @@ spec: - name: Vpc type: string jsonPath: .spec.vpc + - name: Vlan + type: string + jsonPath: .spec.vlan - name: Protocol type: string jsonPath: .spec.protocol @@ -1913,6 +1944,12 @@ spec: openAPIV3Schema: type: object properties: + metadata: + type: object + properties: + name: + type: string + pattern: ^[^0-9] status: type: object properties: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml index b938ebfe..af9bcfe9 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml @@ -40,7 +40,7 @@ spec: hostNetwork: true containers: - name: kube-ovn-monitor - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/kube-ovn/start-ovn-monitor.sh"] args: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml index 2aa39184..54e69a5b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml @@ -54,17 +54,28 @@ rules: - "" resources: - pods - - pods/exec - namespaces - - nodes - - configmaps verbs: - - create - get - list + - patch - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list - patch - update + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create - apiGroups: - "k8s.cni.cncf.io" resources: @@ -74,40 +85,53 @@ rules: - apiGroups: - "" - networking.k8s.io - - apps resources: - networkpolicies - - daemonsets + - configmaps verbs: - get - list - watch - apiGroups: - - "" - apps resources: - - services/status + - daemonsets verbs: - - update + - get - apiGroups: - "" - - networking.k8s.io - - apps - - extensions resources: - services + - services/status + verbs: + - get + - list + - update + - create + - delete + - watch + - apiGroups: + - "" + resources: - endpoints + verbs: + - create + - update + - get + - list + - watch + - apiGroups: + - apps + resources: - statefulsets - deployments - deployments/scale verbs: + - get + - list - create - delete - update - - patch - - get - - list - - watch - apiGroups: - "" resources: @@ -148,8 +172,6 @@ rules: - patch - apiGroups: - "" - - networking.k8s.io - - apps resources: - services - endpoints @@ -176,26 +198,30 @@ rules: resources: - subnets - provider-networks - - ovn-eips - - ovn-eips/status - - ips verbs: - get - list - - patch - - update - watch - apiGroups: - "" + - "kubeovn.io" resources: - - pods + - ovn-eips + - ovn-eips/status - nodes - - configmaps + - pods verbs: - get - list - patch - watch + - apiGroups: + - "kubeovn.io" + resources: + - ips + verbs: + - get + - update - apiGroups: - "" resources: @@ -204,6 +230,14 @@ rules: - create - patch - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 @@ -222,8 +256,6 @@ rules: - get - list - apiGroups: - - "" - - networking.k8s.io - apps resources: - daemonsets diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml index 1d799899..e1cb0a4b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml @@ -31,7 +31,7 @@ spec: hostPID: true containers: - name: openvswitch - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk + image: {{ include "kubeovn.image" . }}-dpdk imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/kube-ovn/start-ovs-dpdk-v2.sh"] securityContext: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index d9a9a676..94c0ebc2 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -30,7 +30,7 @@ spec: hostPID: true initContainers: - name: install-cni - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: ["/kube-ovn/install-cni.sh"] securityContext: @@ -45,24 +45,18 @@ spec: {{- end }} containers: - name: cni-server - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} command: - bash - /kube-ovn/start-cniserver.sh args: + {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} - --node-switch={{ .Values.networking.NODE_SUBNET }} - --encap-checksum=true - - --service-cluster-ip-range= - {{- if eq .Values.networking.NET_STACK "dual_stack" -}} - {{ .Values.dual_stack.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv4" -}} - {{ .Values.ipv4.SVC_CIDR }} - {{- else if eq .Values.networking.NET_STACK "ipv6" -}} - {{ .Values.ipv6.SVC_CIDR }} - {{- end }} + - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} - --iface= {{- else}} @@ -96,10 +90,6 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - - name: MODULES - value: "{{- .Values.performance.MODULES }}" - - name: RPMS - value: "{{- .Values.performance.RPMS }}" - name: POD_IPS valueFrom: fieldRef: @@ -139,8 +129,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /tmp - name: tmp readinessProbe: failureThreshold: 3 periodSeconds: 7 @@ -205,9 +193,6 @@ spec: - name: host-log-ovn hostPath: path: {{ .Values.log_conf.LOG_DIR }}/ovn - - name: tmp - hostPath: - path: /tmp {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} - name: local-bin hostPath: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml index 319d74a9..b7176d18 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -6,12 +6,13 @@ metadata: annotations: kubernetes.io/description: | This daemon set launches the openvswitch daemon. + chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" spec: selector: matchLabels: app: ovs updateStrategy: - type: RollingUpdate + type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }} rollingUpdate: maxSurge: 1 maxUnavailable: 0 @@ -21,6 +22,8 @@ spec: app: ovs component: network type: infra + annotations: + chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" spec: tolerations: - effect: NoSchedule @@ -36,9 +39,9 @@ spec: containers: - name: openvswitch {{- if .Values.DPDK }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} {{- else }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.DPDK }} @@ -100,9 +103,6 @@ spec: name: host-run-ovs - mountPath: /var/run/ovn name: host-run-ovn - - mountPath: /sys - name: host-sys - readOnly: true - mountPath: /etc/openvswitch name: host-config-openvswitch - mountPath: /etc/ovn @@ -185,9 +185,6 @@ spec: - name: host-run-ovn hostPath: path: /run/ovn - - name: host-sys - hostPath: - path: /sys - name: host-config-openvswitch hostPath: path: {{ .Values.OPENVSWITCH_DIR }} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml index f54b276a..f6eb84fd 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml @@ -31,7 +31,7 @@ spec: hostPID: true containers: - name: pinger - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + image: {{ include "kubeovn.image" . }} command: - /kube-ovn/kube-ovn-pinger args: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml index d81c5ca2..f6dbca82 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml @@ -104,7 +104,7 @@ spec: serviceAccountName: kube-ovn-pre-delete-hook containers: - name: remove-subnet-finalizer - image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" + image: "{{ include "kubeovn.image" . }}" env: - name: POD_NAMESPACE valueFrom: diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml index 980354e6..bfc5eede 100644 --- a/packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml @@ -1,5 +1,4 @@ -{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }} -{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }} +{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }} --- apiVersion: v1 kind: ServiceAccount @@ -33,6 +32,16 @@ rules: - ovs-ovn verbs: - get + - apiGroups: + - apps + resources: + - deployments + resourceNames: + - ovn-central + verbs: + - get + - list + - watch - apiGroups: - "" resources: @@ -46,6 +55,7 @@ rules: verbs: - list - get + - watch - delete --- apiVersion: rbac.authorization.k8s.io/v1 @@ -121,22 +131,33 @@ spec: serviceAccountName: ovs-ovn-upgrade containers: - name: ovs-ovn-upgrade - image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}" + image: "{{ include "kubeovn.image" . }}" env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: OVN_DB_IPS + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" command: - - sh + - bash + - -eo + - pipefail - -c - /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log volumeMounts: - mountPath: /var/log/kube-ovn name: kube-ovn-log + - mountPath: /var/run/tls + name: kube-ovn-tls volumes: - name: kube-ovn-log hostPath: path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn -{{ end }} + - name: kube-ovn-tls + secret: + optional: true + secretName: kube-ovn-tls {{ end }} diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml index 0f9bd0f5..70460d2f 100755 --- a/packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml @@ -7,4 +7,4 @@ metadata: kubernetes.io/description: | kube-ovn vpc-nat common config data: - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }} \ No newline at end of file + image: {{ include "kubeovn.image" . }} \ No newline at end of file diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml index bfffc4d7..77be5a8b 100644 --- a/packages/system/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml @@ -40,7 +40,6 @@ networking: VLAN_ID: "100" EXCHANGE_LINK_NAME: false ENABLE_EIP_SNAT: true - POD_DEFAULT_FIP_TYPE: "" DEFAULT_SUBNET: "ovn-default" DEFAULT_VPC: "ovn-cluster" NODE_SUBNET: "join" @@ -48,6 +47,7 @@ networking: ENABLE_METRICS: true NODE_LOCAL_DNS_IP: "" PROBE_INTERVAL: 180000 + OVN_NORTHD_PROBE_INTERVAL: 5000 OVN_LEADER_PROBE_INTERVAL: 5 OVN_REMOTE_PROBE_INTERVAL: 10000 OVN_REMOTE_OPENFLOW_INTERVAL: 180 @@ -63,19 +63,17 @@ func: ENABLE_LB_SVC: false ENABLE_KEEP_VM_IP: true LS_DNAT_MOD_DL_DST: true + LS_CT_SKIP_DST_LPORT_IPS: true CHECK_GATEWAY: true LOGICAL_GATEWAY: false ENABLE_BIND_LOCAL_IP: true U2O_INTERCONNECTION: false ENABLE_TPROXY: false + ENABLE_IC: false ipv4: - POD_CIDR: "10.16.0.0/16" - POD_GATEWAY: "10.16.0.1" - SVC_CIDR: "10.96.0.0/12" - JOIN_CIDR: "100.64.0.0/16" PINGER_EXTERNAL_ADDRESS: "1.1.1.1" - PINGER_EXTERNAL_DOMAIN: "alauda.cn." + PINGER_EXTERNAL_DOMAIN: "kube-ovn.io." ipv6: POD_CIDR: "fd00:10:16::/112" @@ -94,8 +92,6 @@ dual_stack: PINGER_EXTERNAL_DOMAIN: "google.com." performance: - MODULES: "kube_ovn_fastpath.ko" - RPMS: "openvswitch-kmod" GC_INTERVAL: 360 INSPECT_INTERVAL: 20 OVS_VSCTL_CONCURRENCY: 100 @@ -149,7 +145,7 @@ ovs-ovn: cpu: "200m" memory: "200Mi" limits: - cpu: "1000m" + cpu: "2" memory: "1000Mi" kube-ovn-controller: requests: diff --git a/packages/system/kubeovn/images/kubeovn.json b/packages/system/kubeovn/images/kubeovn.json new file mode 100644 index 00000000..f482cd71 --- /dev/null +++ b/packages/system/kubeovn/images/kubeovn.json @@ -0,0 +1,4 @@ +{ + "containerimage.config.digest": "sha256:f83db05cfc7228a02d1308721de535e90e355d1b147b2d36bb98e10a848c3ef6", + "containerimage.digest": "sha256:440075488baba3610d7f8be6283f89ab3862ff3a9556c51a0e99ec6d46315192" +} \ No newline at end of file diff --git a/packages/system/kubeovn/images/kubeovn.tag b/packages/system/kubeovn/images/kubeovn.tag new file mode 100644 index 00000000..13402f01 --- /dev/null +++ b/packages/system/kubeovn/images/kubeovn.tag @@ -0,0 +1 @@ +ghcr.io/aenix-io/cozystack/kubeovn:latest diff --git a/packages/system/kubeovn/images/kubeovn/Dockerfile b/packages/system/kubeovn/images/kubeovn/Dockerfile new file mode 100644 index 00000000..632a76da --- /dev/null +++ b/packages/system/kubeovn/images/kubeovn/Dockerfile @@ -0,0 +1,43 @@ +ARG VERSION=v1.13.0 +ARG BASE_TAG=$VERSION + +FROM golang:1.22-bookworm as builder + +ARG COMMIT_REF=e1310e1 + +WORKDIR /source + +RUN wget -O- https://github.com/kubeovn/kube-ovn/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1 +RUN sed -i 's|-z now|-z now -static|' Makefile +RUN make build-go + +WORKDIR /source/dist/images + +# imported from https://github.com/kubeovn/kube-ovn/blob/master/dist/images/Dockerfile +FROM kubeovn/kube-ovn-base:$BASE_TAG + +COPY --from=builder /source/dist/images/*.sh /kube-ovn/ +COPY --from=builder /source/dist/images/kubectl-ko /kube-ovn/kubectl-ko +COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist +COPY --from=builder /source/dist/images/logrotate/* /etc/logrotate.d/ +COPY --from=builder /source/dist/images/grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller + +WORKDIR /kube-ovn + +RUN /kube-ovn/iptables-wrapper-installer.sh --no-sanity-check +RUN rm -f /usr/bin/nc &&\ + rm -f /usr/bin/netcat &&\ + rm -f /usr/lib/apt/methods/mirror +RUN deluser sync + +COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn +COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd +COPY --from=builder /source/dist/images/kube-ovn-webhook /kube-ovn/kube-ovn-webhook +RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-daemon && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-pinger && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller-healthcheck && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \ + ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller diff --git a/packages/system/kubeovn/patches/cozyconfig.diff b/packages/system/kubeovn/patches/cozyconfig.diff new file mode 100644 index 00000000..c5a14190 --- /dev/null +++ b/packages/system/kubeovn/patches/cozyconfig.diff @@ -0,0 +1,97 @@ + +diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +index d9a9a67..b2e12dd 100644 +--- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml ++++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +@@ -51,18 +51,12 @@ spec: + - bash + - /kube-ovn/start-cniserver.sh + args: ++ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }} + - --mirror-iface={{- .Values.debug.MIRROR_IFACE }} + - --node-switch={{ .Values.networking.NODE_SUBNET }} + - --encap-checksum=true +- - --service-cluster-ip-range= +- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} +- {{ .Values.dual_stack.SVC_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} +- {{ .Values.ipv4.SVC_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} +- {{ .Values.ipv6.SVC_CIDR }} +- {{- end }} ++ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + {{- if eq .Values.networking.NETWORK_TYPE "vlan" }} + - --iface= + {{- else}} +diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +index 0e69494..756eb7c 100644 +--- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml ++++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +@@ -52,46 +52,19 @@ spec: + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ++ {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} + - /kube-ovn/start-controller.sh + - --default-ls={{ .Values.networking.DEFAULT_SUBNET }} +- - --default-cidr= +- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} +- {{ .Values.dual_stack.POD_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} +- {{ .Values.ipv4.POD_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} +- {{ .Values.ipv6.POD_CIDR }} +- {{- end }} +- - --default-gateway= +- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} +- {{ .Values.dual_stack.POD_GATEWAY }} +- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} +- {{ .Values.ipv4.POD_GATEWAY }} +- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} +- {{ .Values.ipv6.POD_GATEWAY }} +- {{- end }} ++ - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }} ++ - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }} + - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} + - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} + - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} + - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} + - --cluster-router={{ .Values.networking.DEFAULT_VPC }} + - --node-switch={{ .Values.networking.NODE_SUBNET }} +- - --node-switch-cidr= +- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} +- {{ .Values.dual_stack.JOIN_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} +- {{ .Values.ipv4.JOIN_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} +- {{ .Values.ipv6.JOIN_CIDR }} +- {{- end }} +- - --service-cluster-ip-range= +- {{- if eq .Values.networking.NET_STACK "dual_stack" -}} +- {{ .Values.dual_stack.SVC_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv4" -}} +- {{ .Values.ipv4.SVC_CIDR }} +- {{- else if eq .Values.networking.NET_STACK "ipv6" -}} +- {{ .Values.ipv6.SVC_CIDR }} +- {{- end }} ++ - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }} ++ - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }} + - --network-type={{- .Values.networking.NETWORK_TYPE }} + - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }} + - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }} +diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml +index bfffc4d..b880749 100644 +--- a/packages/system/kubeovn/charts/kube-ovn/values.yaml ++++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml +@@ -70,10 +70,6 @@ func: + ENABLE_TPROXY: false + + ipv4: +- POD_CIDR: "10.16.0.0/16" +- POD_GATEWAY: "10.16.0.1" +- SVC_CIDR: "10.96.0.0/12" +- JOIN_CIDR: "100.64.0.0/16" + PINGER_EXTERNAL_ADDRESS: "1.1.1.1" + PINGER_EXTERNAL_DOMAIN: "alauda.cn." + diff --git a/packages/system/kubeovn/templates/_helpers.tpl b/packages/system/kubeovn/templates/_helpers.tpl new file mode 100644 index 00000000..83e3b907 --- /dev/null +++ b/packages/system/kubeovn/templates/_helpers.tpl @@ -0,0 +1,3 @@ +{{- define "kubeovn.image" -}} +{{ .Files.Get "images/kubeovn.tag" | trim }}@{{ index (.Files.Get "images/kubeovn.json" | fromJson) "containerimage.digest" }} +{{- end -}} diff --git a/packages/system/kubeovn/values.yaml b/packages/system/kubeovn/values.yaml index 26e9203f..cc904a5e 100644 --- a/packages/system/kubeovn/values.yaml +++ b/packages/system/kubeovn/values.yaml @@ -1,12 +1,4 @@ kube-ovn: - global: - registry: - address: ghcr.io/kvaps - images: - kubeovn: - repository: test - tag: kube-ovn-static-v1.13.0-cozystack2 - namespace: cozy-kubeovn func: