From 6e2984bc663a197489907ea8aa7968bdaf641ce5 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Fri, 29 Dec 2023 16:52:42 +0100 Subject: [PATCH] upd kubeovn --- packages/core/kubeovn/Makefile | 16 +- .../core/kubeovn/charts/kube-ovn/Chart.yaml | 2 +- .../core/kubeovn/charts/kube-ovn/README.md | 28 +- .../kube-ovn-crd.yaml => crds/crd.yaml} | 12 + .../charts/kube-ovn/templates/_helpers.tpl | 24 + .../kube-ovn/templates/central-deploy.yaml | 18 +- .../kube-ovn/templates/controller-deploy.yaml | 18 +- .../kube-ovn/templates/controller-svc.yaml | 2 +- .../kube-ovn/templates/monitor-deploy.yaml | 4 +- .../kube-ovn/templates/monitor-svc.yaml | 2 +- .../charts/kube-ovn/templates/nb-svc.yaml | 2 +- .../charts/kube-ovn/templates/northd-svc.yaml | 2 +- .../charts/kube-ovn/templates/ovn-CRB.yaml | 8 +- .../kube-ovn/templates/ovn-dpdk-ds.yaml | 8 +- .../charts/kube-ovn/templates/ovn-sa.yaml | 8 +- .../charts/kube-ovn/templates/ovncni-ds.yaml | 20 +- .../charts/kube-ovn/templates/ovncni-svc.yaml | 2 +- .../charts/kube-ovn/templates/ovsovn-ds.yaml | 15 +- .../charts/kube-ovn/templates/pinger-ds.yaml | 11 +- .../charts/kube-ovn/templates/pinger-svc.yaml | 2 +- .../kube-ovn/templates/pre-delete-hook.yaml | 6 +- .../charts/kube-ovn/templates/sb-svc.yaml | 2 +- .../kube-ovn/templates/upgrade-ovs-ovn.yaml | 10 +- .../kube-ovn/templates/vpc-nat-config.yaml | 2 +- .../core/kubeovn/charts/kube-ovn/values.yaml | 22 +- packages/core/kubeovn/patches/talos.patch | 568 +++++++++++++++++- packages/core/kubeovn/values.yaml | 8 +- 27 files changed, 693 insertions(+), 129 deletions(-) rename packages/core/kubeovn/charts/kube-ovn/{templates/kube-ovn-crd.yaml => crds/crd.yaml} (99%) create mode 100644 packages/core/kubeovn/charts/kube-ovn/templates/_helpers.tpl diff --git a/packages/core/kubeovn/Makefile b/packages/core/kubeovn/Makefile index 8d1f0131..e6eb0957 100644 --- a/packages/core/kubeovn/Makefile +++ b/packages/core/kubeovn/Makefile @@ -2,24 +2,20 @@ NAMESPACE=cozy-kubeovn NAME=kubeovn show: - helm template -n $(NAMESPACE) $(NAME) . + helm template --dry-run=server -n $(NAMESPACE) $(NAME) . apply: kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite && \ MASTER_NODES=$$(kubectl get nodes -lkube-ovn/role=master -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}' | tr ' ' ',') && \ MASTER_COUNT=$$(echo "$$MASTER_NODES" | awk -F, '{ print NF }') && \ set -x && \ - helm upgrade -i -n $(NAMESPACE) $(NAME) . -f values-runtime.yaml + helm upgrade -i -n $(NAMESPACE) $(NAME) . diff: - helm diff upgrade --allow-unreleased -n $(NAMESPACE) $(NAME) . + helm diff upgrade --dry-run --allow-unreleased -n $(NAMESPACE) $(NAME) . update: rm -rf charts && mkdir -p charts/kube-ovn - tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/kubeovn/kube-ovn | awk -F'[/^]' 'END{print $$3}') && \ - curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/tags/$${tag}.tar.gz | \ - tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-$${tag#*v}/charts - sed -i 's/kube-system/cozy-kubeovn/g' `grep -lr kube-system charts | grep -v values.yaml` - sed -i ./charts/kube-ovn/templates/*.yaml \ - -e '/path:/ s|/etc/origin/|/var/lib/|' \ - -e '/mountPath:/ s|/usr/local/bin|/opt/bin|' + curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \ + tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts + cd charts/kube-ovn && patch -p2 < ../../patches/talos.patch diff --git a/packages/core/kubeovn/charts/kube-ovn/Chart.yaml b/packages/core/kubeovn/charts/kube-ovn/Chart.yaml index d8d7ec93..1cb8212f 100644 --- a/packages/core/kubeovn/charts/kube-ovn/Chart.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/Chart.yaml @@ -21,4 +21,4 @@ version: 0.1.0 # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.12.0" +appVersion: "1.13.0" diff --git a/packages/core/kubeovn/charts/kube-ovn/README.md b/packages/core/kubeovn/charts/kube-ovn/README.md index bd0d5c6c..f9295ca9 100644 --- a/packages/core/kubeovn/charts/kube-ovn/README.md +++ b/packages/core/kubeovn/charts/kube-ovn/README.md @@ -10,11 +10,33 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=mast $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite # standard install -$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}, +$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0} # high availability install -$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3 +$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} # upgrade to this version -$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3 +$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} +``` + +If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label + +### Talos Linux + +To install Kube-OVN on Talos Linux, declare openvswitch module in machine config: + +``` +machine: + kernel: + modules: + - name: openvswitch +``` + +and use the following options for install this Helm-chart: + +``` +--set cni_conf.MOUNT_LOCAL_BIN_DIR=false +--set OPENVSWITCH_DIR=/var/lib/openvswitch +--set OVN_DIR=/var/lib/ovn +--set DISABLE_MODULES_MANAGEMENT=true ``` diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml b/packages/core/kubeovn/charts/kube-ovn/crds/crd.yaml similarity index 99% rename from packages/core/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml rename to packages/core/kubeovn/charts/kube-ovn/crds/crd.yaml index 5071fe0e..2d545cc2 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/crds/crd.yaml @@ -1490,6 +1490,10 @@ spec: type: string pmac: type: string + selector: + type: array + items: + type: string conditions: type: array items: @@ -1532,6 +1536,10 @@ spec: type: string parentV6ip: type: string + selector: + type: array + items: + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -1738,6 +1746,8 @@ spec: type: boolean ipv6RAConfigs: type: string + allowEWTraffic: + type: boolean acls: type: array items: @@ -1787,6 +1797,8 @@ spec: type: boolean enableEcmp: type: boolean + enableMulticastSnoop: + type: boolean routeTable: type: string scope: Cluster diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/_helpers.tpl b/packages/core/kubeovn/charts/kube-ovn/templates/_helpers.tpl new file mode 100644 index 00000000..1341e99f --- /dev/null +++ b/packages/core/kubeovn/charts/kube-ovn/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* +Get IP-addresses of master nodes +*/}} +{{- define "kubeovn.nodeIPs" -}} +{{- $nodes := lookup "v1" "Node" "" "" -}} +{{- $ips := list -}} +{{- range $node := $nodes.items -}} + {{- if eq (index $node.metadata.labels "kube-ovn/role") "master" -}} + {{- range $address := $node.status.addresses -}} + {{- if eq $address.type "InternalIP" -}} + {{- $ips = append $ips $address.address -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{ join "," $ips }} +{{- end -}} + +{{/* +Number of master nodes +*/}} +{{- define "kubeovn.nodeCount" -}} + {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }} +{{- end -}} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/central-deploy.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/central-deploy.yaml index 17163722..cbdf87b7 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/central-deploy.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/central-deploy.yaml @@ -7,7 +7,7 @@ metadata: kubernetes.io/description: | OVN components: northd, nb and sb. spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ include "kubeovn.nodeCount" . }} strategy: rollingUpdate: maxSurge: 0 @@ -53,7 +53,7 @@ spec: - name: ENABLE_SSL value: "{{ .Values.networking.ENABLE_SSL }}" - name: NODE_IPS - value: "{{ .Values.MASTER_NODES }}" + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - name: POD_IP valueFrom: fieldRef: @@ -82,21 +82,11 @@ spec: value: "{{ .Values.networking.ENABLE_COMPACT }}" resources: requests: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.requests.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.requests.memory | quote }} - {{- else }} cpu: {{ index .Values "ovn-central" "requests" "cpu" }} memory: {{ index .Values "ovn-central" "requests" "memory" }} - {{- end }} limits: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.limits.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.limits.memory | quote }} - {{- else }} cpu: {{ index .Values "ovn-central" "limits" "cpu" }} memory: {{ index .Values "ovn-central" "limits" "memory" }} - {{- end }} volumeMounts: - mountPath: /var/run/openvswitch name: host-run-ovs @@ -149,10 +139,10 @@ spec: path: /sys - name: host-config-openvswitch hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-config-ovn hostPath: - path: /var/lib/ovn + path: {{ .Values.OVN_DIR }} - name: host-log-ovs hostPath: path: {{ .Values.log_conf.LOG_DIR }}/openvswitch diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml index 22c58a07..0e694945 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml @@ -7,7 +7,7 @@ metadata: kubernetes.io/description: | kube-ovn controller spec: - replicas: {{ .Values.replicaCount }} + replicas: {{ include "kubeovn.nodeCount" . }} selector: matchLabels: app: kube-ovn-controller @@ -70,8 +70,8 @@ spec: {{- else if eq .Values.networking.NET_STACK "ipv6" -}} {{ .Values.ipv6.POD_GATEWAY }} {{- end }} - - --default-gateway-check={{- .Values.cni_conf.CHECK_GATEWAY }} - - --default-logical-gateway={{- .Values.cni_conf.LOGICAL_GATEWAY }} + - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }} + - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }} - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }} - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }} - --cluster-router={{ .Values.networking.DEFAULT_VPC }} @@ -132,7 +132,7 @@ spec: fieldRef: fieldPath: spec.nodeName - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES }}" + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - name: POD_IPS valueFrom: fieldRef: @@ -166,21 +166,11 @@ spec: timeoutSeconds: 45 resources: requests: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.requests.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.requests.memory | quote }} - {{- else }} cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }} memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }} - {{- end }} limits: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.limits.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.limits.memory | quote }} - {{- else }} cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }} memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }} - {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/controller-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/controller-svc.yaml index 163e4b90..b4d39619 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/controller-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/controller-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: kube-ovn-controller - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app: kube-ovn-controller spec: diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml index 1aab7b8f..d28999b4 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml @@ -118,10 +118,10 @@ spec: path: /run/ovn - name: host-config-openvswitch hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-config-ovn hostPath: - path: /var/lib/ovn + path: {{ .Values.OVN_DIR }} - name: host-log-ovn hostPath: path: {{ .Values.log_conf.LOG_DIR }}/ovn diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/monitor-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/monitor-svc.yaml index 2f10bf0d..1ad1800d 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/monitor-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/monitor-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: kube-ovn-monitor - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app: kube-ovn-monitor spec: diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/nb-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/nb-svc.yaml index 70d6c78a..43992e91 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/nb-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/nb-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: ovn-nb - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} spec: ports: - name: ovn-nb diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/northd-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/northd-svc.yaml index 0c0af82c..cec07233 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/northd-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/northd-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: ovn-northd - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} spec: ports: - name: ovn-northd diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-CRB.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-CRB.yaml index 237b2e6c..9230d900 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-CRB.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-CRB.yaml @@ -9,7 +9,7 @@ roleRef: subjects: - kind: ServiceAccount name: ovn - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -23,7 +23,7 @@ roleRef: subjects: - kind: ServiceAccount name: ovn-ovs - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -37,7 +37,7 @@ roleRef: subjects: - kind: ServiceAccount name: kube-ovn-cni - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: rbac.authorization.k8s.io/v1 @@ -51,4 +51,4 @@ roleRef: subjects: - kind: ServiceAccount name: kube-ovn-app - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml index b1b564d5..1d799899 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml @@ -3,7 +3,7 @@ kind: DaemonSet apiVersion: apps/v1 metadata: name: ovs-ovn-dpdk - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} annotations: kubernetes.io/description: | This daemon set launches the openvswitch daemon. @@ -55,7 +55,7 @@ spec: fieldRef: fieldPath: spec.nodeName - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES }}" + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - name: OVN_REMOTE_PROBE_INTERVAL value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" - name: OVN_REMOTE_OPENFLOW_INTERVAL @@ -144,10 +144,10 @@ spec: path: /sys - name: host-config-openvswitch hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-config-ovn hostPath: - path: /var/lib/ovn + path: {{ .Values.OVN_DIR }} - name: host-log-ovs hostPath: path: {{ .Values.log_conf.LOG_DIR }}/openvswitch diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-sa.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-sa.yaml index d77e9765..17b4a92f 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovn-sa.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovn-sa.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: ovn - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} {{- if .Values.global.registry.imagePullSecrets }} imagePullSecrets: {{- range $index, $secret := .Values.global.registry.imagePullSecrets }} @@ -17,18 +17,18 @@ apiVersion: v1 kind: ServiceAccount metadata: name: ovn-ovs - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: kube-ovn-cni - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: kube-ovn-app - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml index 6688cc6f..d9a9a676 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml @@ -39,8 +39,10 @@ spec: volumeMounts: - mountPath: /opt/cni/bin name: cni-bin - - mountPath: /opt/bin + {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + - mountPath: /usr/local/bin name: local-bin + {{- end }} containers: - name: cni-server image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} @@ -156,21 +158,11 @@ spec: timeoutSeconds: 3 resources: requests: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.requests.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.requests.memory | quote }} - {{- else }} cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }} memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }} - {{- end }} limits: - {{- if .Release.IsUpgrade }} - cpu: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.limits.cpu | quote }} - memory: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.limits.memory | quote }} - {{- else }} cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }} memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }} - {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: @@ -182,7 +174,7 @@ spec: path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods - name: systemid hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-run-ovs hostPath: path: /run/openvswitch @@ -216,6 +208,8 @@ spec: - name: tmp hostPath: path: /tmp + {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} - name: local-bin hostPath: - path: /usr/local/bin + path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + {{- end }} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-svc.yaml index 3e8d8f29..e1c47c80 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovncni-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: kube-ovn-cni - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app: kube-ovn-cni spec: diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml index ffa7756f..e30d8aae 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml @@ -45,12 +45,17 @@ spec: command: ["/kube-ovn/start-ovs-dpdk.sh"] {{- else }} command: - - /bin/bash + {{- if .Values.DISABLE_MODULES_MANAGEMENT }} + - /bin/sh - -c - | - ln -sf /bin/true /usr/sbin/modinfo ln -sf /bin/true /usr/sbin/modprobe + ln -sf /bin/true /usr/sbin/modinfo + ln -sf /bin/true /usr/sbin/rmmod exec /kube-ovn/start-ovs.sh + {{- else }} + - /kube-ovn/start-ovs.sh + {{- end }} {{- end }} securityContext: runAsUser: 0 @@ -79,7 +84,7 @@ spec: fieldRef: fieldPath: spec.nodeName - name: OVN_DB_IPS - value: "{{ .Values.MASTER_NODES }}" + value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" - name: OVN_REMOTE_PROBE_INTERVAL value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" - name: OVN_REMOTE_OPENFLOW_INTERVAL @@ -185,10 +190,10 @@ spec: path: /sys - name: host-config-openvswitch hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-config-ovn hostPath: - path: /var/lib/ovn + path: {{ .Values.OVN_DIR }} - name: host-log-ovs hostPath: path: {{ .Values.log_conf.LOG_DIR }}/openvswitch diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml index 501a6687..f54b276a 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml @@ -20,6 +20,13 @@ spec: type: infra spec: priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + operator: Exists + - effect: NoExecute + operator: Exists + - key: CriticalAddonsOnly + operator: Exists serviceAccountName: kube-ovn-app hostPID: true containers: @@ -44,7 +51,7 @@ spec: {{- else if eq .Values.networking.NET_STACK "ipv6" -}} {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }} {{- end }} - - --ds-namespace=cozy-kubeovn + - --ds-namespace={{ .Values.namespace }} - --logtostderr=false - --alsologtostderr=true - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log @@ -111,7 +118,7 @@ spec: path: /run/ovn - name: host-config-openvswitch hostPath: - path: /var/lib/openvswitch + path: {{ .Values.OPENVSWITCH_DIR }} - name: host-log-ovs hostPath: path: {{ .Values.log_conf.LOG_DIR }}/openvswitch diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/pinger-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/pinger-svc.yaml index c386dd5e..ef169e8e 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/pinger-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/pinger-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: kube-ovn-pinger - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app: kube-ovn-pinger spec: diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml index 6d2b7737..d81c5ca2 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: kube-ovn-pre-delete-hook - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. @@ -48,13 +48,13 @@ roleRef: subjects: - kind: ServiceAccount name: kube-ovn-pre-delete-hook - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: batch/v1 kind: Job metadata: name: "{{ .Chart.Name }}-pre-delete-hook" - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app.kubernetes.io/managed-by: {{ .Release.Service | quote }} app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/sb-svc.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/sb-svc.yaml index 0e595618..36a4a27a 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/sb-svc.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/sb-svc.yaml @@ -2,7 +2,7 @@ kind: Service apiVersion: v1 metadata: name: ovn-sb - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} spec: ports: - name: ovn-sb diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml index ff8f801f..980354e6 100644 --- a/packages/core/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml @@ -1,11 +1,11 @@ -{{ if (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "ovs-ovn") }} -{{ if eq (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "ovs-ovn").spec.updateStrategy.type "OnDelete" }} +{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }} +{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }} --- apiVersion: v1 kind: ServiceAccount metadata: name: ovs-ovn-upgrade - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. @@ -65,13 +65,13 @@ roleRef: subjects: - kind: ServiceAccount name: ovs-ovn-upgrade - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} --- apiVersion: batch/v1 kind: Job metadata: name: "{{ .Chart.Name }}-post-upgrade-hook" - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} labels: app.kubernetes.io/managed-by: {{ .Release.Service | quote }} app.kubernetes.io/instance: {{ .Release.Name | quote }} diff --git a/packages/core/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml b/packages/core/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml index 6ea638a2..0f9bd0f5 100755 --- a/packages/core/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml @@ -2,7 +2,7 @@ kind: ConfigMap apiVersion: v1 metadata: name: ovn-vpc-nat-config - namespace: cozy-kubeovn + namespace: {{ .Values.namespace }} annotations: kubernetes.io/description: | kube-ovn vpc-nat common config diff --git a/packages/core/kubeovn/charts/kube-ovn/values.yaml b/packages/core/kubeovn/charts/kube-ovn/values.yaml index b25e8ebf..d7ad7da6 100644 --- a/packages/core/kubeovn/charts/kube-ovn/values.yaml +++ b/packages/core/kubeovn/charts/kube-ovn/values.yaml @@ -10,7 +10,7 @@ global: repository: kube-ovn dpdkRepository: kube-ovn-dpdk vpcRepository: vpc-nat-gateway - tag: v1.12.4 + tag: v1.13.0 support_arm: true thirdparty: true @@ -18,7 +18,6 @@ image: pullPolicy: IfNotPresent namespace: kube-system -replicaCount: 1 MASTER_NODES: "" networking: @@ -38,8 +37,8 @@ networking: VLAN_INTERFACE_NAME: "" VLAN_NAME: "ovn-vlan" VLAN_ID: "100" - ENABLE_EIP_SNAT: true EXCHANGE_LINK_NAME: false + ENABLE_EIP_SNAT: true POD_DEFAULT_FIP_TYPE: "" DEFAULT_SUBNET: "ovn-default" DEFAULT_VPC: "ovn-cluster" @@ -57,11 +56,14 @@ networking: func: ENABLE_LB: true ENABLE_NP: true + ENABLE_EIP_SNAT: true ENABLE_EXTERNAL_VPC: true HW_OFFLOAD: false ENABLE_LB_SVC: false ENABLE_KEEP_VM_IP: true LS_DNAT_MOD_DL_DST: true + CHECK_GATEWAY: true + LOGICAL_GATEWAY: false ENABLE_BIND_LOCAL_IP: true U2O_INTERCONNECTION: false ENABLE_TPROXY: false @@ -71,7 +73,7 @@ ipv4: POD_GATEWAY: "10.16.0.1" SVC_CIDR: "10.96.0.0/12" JOIN_CIDR: "100.64.0.0/16" - PINGER_EXTERNAL_ADDRESS: "114.114.114.114" + PINGER_EXTERNAL_ADDRESS: "1.1.1.1" PINGER_EXTERNAL_DOMAIN: "alauda.cn." ipv6: @@ -79,7 +81,7 @@ ipv6: POD_GATEWAY: "fd00:10:16::1" SVC_CIDR: "fd00:10:96::/112" JOIN_CIDR: "fd00:100:64::/112" - PINGER_EXTERNAL_ADDRESS: "2400:3200::1" + PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111" PINGER_EXTERNAL_DOMAIN: "google.com." dual_stack: @@ -87,7 +89,7 @@ dual_stack: POD_GATEWAY: "10.16.0.1,fd00:10:16::1" SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112" JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112" - PINGER_EXTERNAL_ADDRESS: "114.114.114.114,2400:3200::1" + PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111" PINGER_EXTERNAL_DOMAIN: "google.com." performance: @@ -102,12 +104,12 @@ debug: MIRROR_IFACE: "mirror0" cni_conf: - CHECK_GATEWAY: true - LOGICAL_GATEWAY: false CNI_CONFIG_PRIORITY: "01" CNI_CONF_DIR: "/etc/cni/net.d" CNI_BIN_DIR: "/opt/cni/bin" CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist" + LOCAL_BIN_DIR: "/usr/local/bin" + MOUNT_LOCAL_BIN_DIR: false kubelet_conf: KUBELET_DIR: "/var/lib/kubelet" @@ -115,6 +117,10 @@ kubelet_conf: log_conf: LOG_DIR: "/var/log" +OPENVSWITCH_DIR: "/etc/origin/openvswitch" +OVN_DIR: "/etc/origin/ovn" +DISABLE_MODULES_MANAGEMENT: false + imagePullSecrets: [] nameOverride: "" fullnameOverride: "" diff --git a/packages/core/kubeovn/patches/talos.patch b/packages/core/kubeovn/patches/talos.patch index 575ec392..37dc3006 100644 --- a/packages/core/kubeovn/patches/talos.patch +++ b/packages/core/kubeovn/patches/talos.patch @@ -1,39 +1,551 @@ -diff --git a/system/kubeovn/install.sh b/system/kubeovn/install.sh -index 6120c35..29a3146 100644 ---- a/system/kubeovn/install.sh -+++ b/system/kubeovn/install.sh -@@ -49,9 +49,9 @@ REGISTRY="docker.io/kubeovn" - VPC_NAT_IMAGE="vpc-nat-gateway" - VERSION="v1.12.3" - IMAGE_PULL_POLICY="IfNotPresent" --POD_CIDR="10.16.0.0/16" # Do NOT overlap with NODE/SVC/JOIN CIDR --POD_GATEWAY="10.16.0.1" --SVC_CIDR="10.96.0.0/12" # Do NOT overlap with NODE/POD/JOIN CIDR -+POD_CIDR="10.244.0.0/16" # Do NOT overlap with NODE/SVC/JOIN CIDR -+POD_GATEWAY="10.244.0.1" -+SVC_CIDR="10.96.0.0/16" # Do NOT overlap with NODE/POD/JOIN CIDR - JOIN_CIDR="100.64.0.0/16" # Do NOT overlap with NODE/POD/SVC CIDR - PINGER_EXTERNAL_ADDRESS="114.114.114.114" # Pinger check external ip probe - PINGER_EXTERNAL_DOMAIN="alauda.cn." # Pinger check external domain probe -@@ -3557,7 +3557,12 @@ spec: - image: "$REGISTRY/kube-ovn:$VERSION" - imagePullPolicy: $IMAGE_PULL_POLICY +diff --git a/charts/README.md b/charts/README.md +index bd0d5c6c..f9295ca9 100644 +--- a/charts/README.md ++++ b/charts/README.md +@@ -10,11 +10,33 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=mast + $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel --overwrite + + # standard install +-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}, ++$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0} + + # high availability install +-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3 ++$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} + + # upgrade to this version +-$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3 ++$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2} ++``` ++ ++If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label ++ ++### Talos Linux ++ ++To install Kube-OVN on Talos Linux, declare openvswitch module in machine config: ++ ++``` ++machine: ++ kernel: ++ modules: ++ - name: openvswitch ++``` ++ ++and use the following options for install this Helm-chart: ++ ++``` ++--set cni_conf.MOUNT_LOCAL_BIN_DIR=false ++--set OPENVSWITCH_DIR=/var/lib/openvswitch ++--set OVN_DIR=/var/lib/ovn ++--set DISABLE_MODULES_MANAGEMENT=true + ``` +diff --git a/charts/templates/_helpers.tpl b/charts/templates/_helpers.tpl +new file mode 100644 +index 00000000..1341e99f +--- /dev/null ++++ b/charts/templates/_helpers.tpl +@@ -0,0 +1,24 @@ ++{{/* ++Get IP-addresses of master nodes ++*/}} ++{{- define "kubeovn.nodeIPs" -}} ++{{- $nodes := lookup "v1" "Node" "" "" -}} ++{{- $ips := list -}} ++{{- range $node := $nodes.items -}} ++ {{- if eq (index $node.metadata.labels "kube-ovn/role") "master" -}} ++ {{- range $address := $node.status.addresses -}} ++ {{- if eq $address.type "InternalIP" -}} ++ {{- $ips = append $ips $address.address -}} ++ {{- end -}} ++ {{- end -}} ++ {{- end -}} ++{{- end -}} ++{{ join "," $ips }} ++{{- end -}} ++ ++{{/* ++Number of master nodes ++*/}} ++{{- define "kubeovn.nodeCount" -}} ++ {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }} ++{{- end -}} +diff --git a/charts/templates/central-deploy.yaml b/charts/templates/central-deploy.yaml +index 3a854930..cbdf87b7 100644 +--- a/charts/templates/central-deploy.yaml ++++ b/charts/templates/central-deploy.yaml +@@ -7,7 +7,7 @@ metadata: + kubernetes.io/description: | + OVN components: northd, nb and sb. + spec: +- replicas: {{ .Values.replicaCount }} ++ replicas: {{ include "kubeovn.nodeCount" . }} + strategy: + rollingUpdate: + maxSurge: 0 +@@ -53,7 +53,7 @@ spec: + - name: ENABLE_SSL + value: "{{ .Values.networking.ENABLE_SSL }}" + - name: NODE_IPS +- value: "{{ .Values.MASTER_NODES }}" ++ value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: POD_IP + valueFrom: + fieldRef: +@@ -139,10 +139,10 @@ spec: + path: /sys + - name: host-config-openvswitch + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: +- path: /etc/origin/ovn ++ path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch +diff --git a/charts/templates/controller-deploy.yaml b/charts/templates/controller-deploy.yaml +index bb18f48b..0e694945 100644 +--- a/charts/templates/controller-deploy.yaml ++++ b/charts/templates/controller-deploy.yaml +@@ -7,7 +7,7 @@ metadata: + kubernetes.io/description: | + kube-ovn controller + spec: +- replicas: {{ .Values.replicaCount }} ++ replicas: {{ include "kubeovn.nodeCount" . }} + selector: + matchLabels: + app: kube-ovn-controller +@@ -132,7 +132,7 @@ spec: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS +- value: "{{ .Values.MASTER_NODES }}" ++ value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: POD_IPS + valueFrom: + fieldRef: +diff --git a/charts/templates/controller-svc.yaml b/charts/templates/controller-svc.yaml +index 93e60e53..b4d39619 100644 +--- a/charts/templates/controller-svc.yaml ++++ b/charts/templates/controller-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: kube-ovn-controller +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-controller + spec: +diff --git a/charts/templates/monitor-deploy.yaml b/charts/templates/monitor-deploy.yaml +index cbdecba6..d28999b4 100644 +--- a/charts/templates/monitor-deploy.yaml ++++ b/charts/templates/monitor-deploy.yaml +@@ -118,10 +118,10 @@ spec: + path: /run/ovn + - name: host-config-openvswitch + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: +- path: /etc/origin/ovn ++ path: {{ .Values.OVN_DIR }} + - name: host-log-ovn + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/ovn +diff --git a/charts/templates/monitor-svc.yaml b/charts/templates/monitor-svc.yaml +index fec1fbb3..1ad1800d 100644 +--- a/charts/templates/monitor-svc.yaml ++++ b/charts/templates/monitor-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: kube-ovn-monitor +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-monitor + spec: +diff --git a/charts/templates/nb-svc.yaml b/charts/templates/nb-svc.yaml +index 7ec1595c..43992e91 100644 +--- a/charts/templates/nb-svc.yaml ++++ b/charts/templates/nb-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: ovn-nb +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + spec: + ports: + - name: ovn-nb +diff --git a/charts/templates/northd-svc.yaml b/charts/templates/northd-svc.yaml +index 494f57e2..cec07233 100644 +--- a/charts/templates/northd-svc.yaml ++++ b/charts/templates/northd-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: ovn-northd +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + spec: + ports: + - name: ovn-northd +diff --git a/charts/templates/ovn-CRB.yaml b/charts/templates/ovn-CRB.yaml +index aa84b43f..9230d900 100644 +--- a/charts/templates/ovn-CRB.yaml ++++ b/charts/templates/ovn-CRB.yaml +@@ -9,7 +9,7 @@ roleRef: + subjects: + - kind: ServiceAccount + name: ovn +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + + --- + apiVersion: rbac.authorization.k8s.io/v1 +@@ -23,7 +23,7 @@ roleRef: + subjects: + - kind: ServiceAccount + name: ovn-ovs +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + + --- + apiVersion: rbac.authorization.k8s.io/v1 +@@ -37,7 +37,7 @@ roleRef: + subjects: + - kind: ServiceAccount + name: kube-ovn-cni +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + + --- + apiVersion: rbac.authorization.k8s.io/v1 +@@ -51,4 +51,4 @@ roleRef: + subjects: + - kind: ServiceAccount + name: kube-ovn-app +- namespace: kube-system ++ namespace: {{ .Values.namespace }} +diff --git a/charts/templates/ovn-dpdk-ds.yaml b/charts/templates/ovn-dpdk-ds.yaml +index 88865224..1d799899 100644 +--- a/charts/templates/ovn-dpdk-ds.yaml ++++ b/charts/templates/ovn-dpdk-ds.yaml +@@ -3,7 +3,7 @@ kind: DaemonSet + apiVersion: apps/v1 + metadata: + name: ovs-ovn-dpdk +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + This daemon set launches the openvswitch daemon. +@@ -55,7 +55,7 @@ spec: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS +- value: "{{ .Values.MASTER_NODES }}" ++ value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: OVN_REMOTE_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" + - name: OVN_REMOTE_OPENFLOW_INTERVAL +@@ -144,10 +144,10 @@ spec: + path: /sys + - name: host-config-openvswitch + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: +- path: /etc/origin/ovn ++ path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch +diff --git a/charts/templates/ovn-sa.yaml b/charts/templates/ovn-sa.yaml +index 0400b90b..17b4a92f 100644 +--- a/charts/templates/ovn-sa.yaml ++++ b/charts/templates/ovn-sa.yaml +@@ -2,7 +2,7 @@ apiVersion: v1 + kind: ServiceAccount + metadata: + name: ovn +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + {{- if .Values.global.registry.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.global.registry.imagePullSecrets }} +@@ -17,18 +17,18 @@ apiVersion: v1 + kind: ServiceAccount + metadata: + name: ovn-ovs +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: kube-ovn-cni +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: kube-ovn-app +- namespace: kube-system ++ namespace: {{ .Values.namespace }} +diff --git a/charts/templates/ovncni-ds.yaml b/charts/templates/ovncni-ds.yaml +index 3cee0233..d9a9a676 100644 +--- a/charts/templates/ovncni-ds.yaml ++++ b/charts/templates/ovncni-ds.yaml +@@ -39,8 +39,10 @@ spec: + volumeMounts: + - mountPath: /opt/cni/bin + name: cni-bin ++ {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + - mountPath: /usr/local/bin + name: local-bin ++ {{- end }} + containers: + - name: cni-server + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} +@@ -172,7 +174,7 @@ spec: + path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods + - name: systemid + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-run-ovs + hostPath: + path: /run/openvswitch +@@ -206,6 +208,8 @@ spec: + - name: tmp + hostPath: + path: /tmp ++ {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} + - name: local-bin + hostPath: +- path: /usr/local/bin ++ path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }} ++ {{- end }} +diff --git a/charts/templates/ovncni-svc.yaml b/charts/templates/ovncni-svc.yaml +index 13b18c4d..e1c47c80 100644 +--- a/charts/templates/ovncni-svc.yaml ++++ b/charts/templates/ovncni-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: kube-ovn-cni +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-cni + spec: +diff --git a/charts/templates/ovsovn-ds.yaml b/charts/templates/ovsovn-ds.yaml +index 61139d23..e30d8aae 100644 +--- a/charts/templates/ovsovn-ds.yaml ++++ b/charts/templates/ovsovn-ds.yaml +@@ -45,8 +45,18 @@ spec: + command: ["/kube-ovn/start-ovs-dpdk.sh"] + {{- else }} command: -- - /kube-ovn/start-ovs.sh -+ - /bin/bash ++ {{- if .Values.DISABLE_MODULES_MANAGEMENT }} ++ - /bin/sh + - -c + - | -+ ln -sf /bin/true /usr/sbin/modinfo + ln -sf /bin/true /usr/sbin/modprobe ++ ln -sf /bin/true /usr/sbin/modinfo ++ ln -sf /bin/true /usr/sbin/rmmod + exec /kube-ovn/start-ovs.sh ++ {{- else }} + - /kube-ovn/start-ovs.sh + {{- end }} ++ {{- end }} securityContext: runAsUser: 0 privileged: true -@@ -4263,6 +4268,7 @@ spec: - args: - - --external-address=$PINGER_EXTERNAL_ADDRESS - - --external-dns=$PINGER_EXTERNAL_DOMAIN -+ - --ds-namespace=cozy-kubeovn +@@ -74,7 +84,7 @@ spec: + fieldRef: + fieldPath: spec.nodeName + - name: OVN_DB_IPS +- value: "{{ .Values.MASTER_NODES }}" ++ value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}" + - name: OVN_REMOTE_PROBE_INTERVAL + value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}" + - name: OVN_REMOTE_OPENFLOW_INTERVAL +@@ -180,10 +190,10 @@ spec: + path: /sys + - name: host-config-openvswitch + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-config-ovn + hostPath: +- path: /etc/origin/ovn ++ path: {{ .Values.OVN_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch +diff --git a/charts/templates/pinger-ds.yaml b/charts/templates/pinger-ds.yaml +index 91df855b..f54b276a 100644 +--- a/charts/templates/pinger-ds.yaml ++++ b/charts/templates/pinger-ds.yaml +@@ -51,6 +51,7 @@ spec: + {{- else if eq .Values.networking.NET_STACK "ipv6" -}} + {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }} + {{- end }} ++ - --ds-namespace={{ .Values.namespace }} - --logtostderr=false - --alsologtostderr=true - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log +@@ -117,7 +118,7 @@ spec: + path: /run/ovn + - name: host-config-openvswitch + hostPath: +- path: /etc/origin/openvswitch ++ path: {{ .Values.OPENVSWITCH_DIR }} + - name: host-log-ovs + hostPath: + path: {{ .Values.log_conf.LOG_DIR }}/openvswitch +diff --git a/charts/templates/pinger-svc.yaml b/charts/templates/pinger-svc.yaml +index 0301407e..ef169e8e 100644 +--- a/charts/templates/pinger-svc.yaml ++++ b/charts/templates/pinger-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: kube-ovn-pinger +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app: kube-ovn-pinger + spec: +diff --git a/charts/templates/pre-delete-hook.yaml b/charts/templates/pre-delete-hook.yaml +index 9fd2a788..d81c5ca2 100644 +--- a/charts/templates/pre-delete-hook.yaml ++++ b/charts/templates/pre-delete-hook.yaml +@@ -2,7 +2,7 @@ apiVersion: v1 + kind: ServiceAccount + metadata: + name: kube-ovn-pre-delete-hook +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. +@@ -48,13 +48,13 @@ roleRef: + subjects: + - kind: ServiceAccount + name: kube-ovn-pre-delete-hook +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + --- + apiVersion: batch/v1 + kind: Job + metadata: + name: "{{ .Chart.Name }}-pre-delete-hook" +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} +diff --git a/charts/templates/sb-svc.yaml b/charts/templates/sb-svc.yaml +index 5f8fcca4..36a4a27a 100644 +--- a/charts/templates/sb-svc.yaml ++++ b/charts/templates/sb-svc.yaml +@@ -2,7 +2,7 @@ kind: Service + apiVersion: v1 + metadata: + name: ovn-sb +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + spec: + ports: + - name: ovn-sb +diff --git a/charts/templates/upgrade-ovs-ovn.yaml b/charts/templates/upgrade-ovs-ovn.yaml +index 487eb218..980354e6 100644 +--- a/charts/templates/upgrade-ovs-ovn.yaml ++++ b/charts/templates/upgrade-ovs-ovn.yaml +@@ -1,11 +1,11 @@ +-{{ if (lookup "apps/v1" "DaemonSet" "kube-system" "ovs-ovn") }} +-{{ if eq (lookup "apps/v1" "DaemonSet" "kube-system" "ovs-ovn").spec.updateStrategy.type "OnDelete" }} ++{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }} ++{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + name: ovs-ovn-upgrade +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. +@@ -65,13 +65,13 @@ roleRef: + subjects: + - kind: ServiceAccount + name: ovs-ovn-upgrade +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + --- + apiVersion: batch/v1 + kind: Job + metadata: + name: "{{ .Chart.Name }}-post-upgrade-hook" +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} +diff --git a/charts/templates/vpc-nat-config.yaml b/charts/templates/vpc-nat-config.yaml +index 486ffe32..0f9bd0f5 100755 +--- a/charts/templates/vpc-nat-config.yaml ++++ b/charts/templates/vpc-nat-config.yaml +@@ -2,7 +2,7 @@ kind: ConfigMap + apiVersion: v1 + metadata: + name: ovn-vpc-nat-config +- namespace: kube-system ++ namespace: {{ .Values.namespace }} + annotations: + kubernetes.io/description: | + kube-ovn vpc-nat common config +diff --git a/charts/values.yaml b/charts/values.yaml +index 69f07c4b..d7ad7da6 100644 +--- a/charts/values.yaml ++++ b/charts/values.yaml +@@ -18,7 +18,6 @@ image: + pullPolicy: IfNotPresent + + namespace: kube-system +-replicaCount: 1 + MASTER_NODES: "" + + networking: +@@ -109,12 +108,18 @@ cni_conf: + CNI_CONF_DIR: "/etc/cni/net.d" + CNI_BIN_DIR: "/opt/cni/bin" + CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist" ++ LOCAL_BIN_DIR: "/usr/local/bin" ++ MOUNT_LOCAL_BIN_DIR: false + + kubelet_conf: + KUBELET_DIR: "/var/lib/kubelet" + + log_conf: + LOG_DIR: "/var/log" ++ ++OPENVSWITCH_DIR: "/etc/origin/openvswitch" ++OVN_DIR: "/etc/origin/ovn" ++DISABLE_MODULES_MANAGEMENT: false + + imagePullSecrets: [] + nameOverride: "" diff --git a/packages/core/kubeovn/values.yaml b/packages/core/kubeovn/values.yaml index d837893e..fe80f0b2 100644 --- a/packages/core/kubeovn/values.yaml +++ b/packages/core/kubeovn/values.yaml @@ -5,9 +5,10 @@ kube-ovn: images: kubeovn: repository: test - tag: kube-ovn-static-v1.13.0-5 + tag: kube-ovn-static-v1.13.0-cozystack2 namespace: cozy-kubeovn + ipv4: POD_CIDR: "10.244.0.0/16" POD_GATEWAY: "10.244.0.1" @@ -18,3 +19,8 @@ kube-ovn: cni_conf: CNI_CONFIG_PRIORITY: "10" + MOUNT_LOCAL_BIN_DIR: false + + OPENVSWITCH_DIR: "/var/lib/openvswitch" + OVN_DIR: "/var/lib/ovn" + DISABLE_MODULES_MANAGEMENT: true