openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Add OVN Kubernetes support"

Browse Source
This commit is contained in:
Zuul 2025-01-20 13:47:43 +00:00 committed by Gerrit Code Review
commit e25a201116
21 changed files with 470 additions and 305 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
ovn/templates/bin/_ovn-controller-init.sh.tpl
View File

@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
ANNOTATION_KEY="openstack-helm-infra/ovn-system-id"
function get_ip_address_from_interface { function get_ip_address_from_interface {
local interface=$1 local interface=$1
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}') local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
@ -75,6 +77,19 @@ function migrate_ip_from_nic {
set -e set -e
} }
function get_current_system_id {
ovs-vsctl --if-exists get Open_vSwitch . external_ids:system-id | tr -d '"'
}
function get_stored_system_id {
kubectl get node "$NODE_NAME" -o "jsonpath={.metadata.annotations.openstack-helm-infra/ovn-system-id}"
}
function store_system_id() {
local system_id=$1
kubectl annotate node "$NODE_NAME" "$ANNOTATION_KEY=$system_id"
}
# Detect tunnel interface # Detect tunnel interface
tunnel_interface="{{- .Values.network.interface.tunnel -}}" tunnel_interface="{{- .Values.network.interface.tunnel -}}"
if [ -z "${tunnel_interface}" ] ; then if [ -z "${tunnel_interface}" ] ; then
@ -89,13 +104,25 @@ if [ -z "${tunnel_interface}" ] ; then
fi fi
ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})" ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
# Configure system ID # Get the stored system-id from the Kubernetes node annotation
set +e stored_system_id=$(get_stored_system_id)
ovs-vsctl get open . external-ids:system-id
if [ $? -eq 1 ]; then # Get the current system-id set in OVS
ovs-vsctl set open . external-ids:system-id="$(uuidgen)" current_system_id=$(get_current_system_id)
if [ -n "$stored_system_id" ] && [ "$stored_system_id" != "$current_system_id" ]; then
# If the annotation exists and does not match the current system-id, set the system-id to the stored one
ovs-vsctl set Open_vSwitch . external_ids:system-id="$stored_system_id"
elif [ -z "$current_system_id" ]; then
# If no current system-id is set, generate a new one
current_system_id=$(uuidgen)
ovs-vsctl set Open_vSwitch . external_ids:system-id="$current_system_id"
# Store the new system-id in the Kubernetes node annotation
store_system_id "$current_system_id"
elif [ -z "$stored_system_id" ]; then
# If there is no stored system-id, store the current one
store_system_id "$current_system_id"
fi fi
set -e
# Configure OVN remote # Configure OVN remote
{{- if empty .Values.conf.ovn_remote -}} {{- if empty .Values.conf.ovn_remote -}}
@ -125,6 +152,10 @@ else
ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }} ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
fi fi
{{ if .Values.conf.ovn_bridge_datapath_type -}}
ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
{{- end }}
# Configure hostname # Configure hostname
{{- if .Values.pod.use_fqdn.compute }} {{- if .Values.pod.use_fqdn.compute }}
ovs-vsctl set open . external-ids:hostname="$(hostname -f)" ovs-vsctl set open . external-ids:hostname="$(hostname -f)"

39
ovn/templates/bin/_ovn-controller.sh.tpl
View File

@ -1,39 +0,0 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
function start () {
/usr/share/ovn/scripts/ovn-ctl start_controller \
--ovn-manage-ovsdb=no
tail --follow=name /var/log/ovn/ovn-controller.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_controller
pkill tail
}
function liveness () {
ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
}
function readiness () {
ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
}
$COMMAND

57
ovn/templates/bin/_ovn-northd.sh.tpl
View File

@ -1,57 +0,0 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- $nb_service_list := list -}}
{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
{{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
{{- end -}}
{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- $sb_service_list := list -}}
{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
{{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
{{- end }}
function start () {
/usr/share/ovn/scripts/ovn-ctl start_northd \
--ovn-manage-ovsdb=no \
--ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
--ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
tail --follow=name /var/log/ovn/ovn-northd.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_northd
pkill tail
}
function liveness () {
ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
}
function readiness () {
ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
}
$COMMAND

72
ovn/templates/bin/_ovsdb-server.sh.tpl
View File

@ -1,72 +0,0 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
OVSDB_HOST=$(hostname -f)
ARGS=(
--db-${OVS_DATABASE}-create-insecure-remote=yes
--db-${OVS_DATABASE}-cluster-local-proto=tcp
--db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
)
if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
ARGS+=(
--db-${OVS_DATABASE}-cluster-remote-proto=tcp
--db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
)
fi
function start () {
/usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
pkill tail
}
function liveness () {
if [[ $OVS_DATABASE == "nb" ]]; then
OVN_DATABASE="Northbound"
elif [[ $OVS_DATABASE == "sb" ]]; then
OVN_DATABASE="Southbound"
else
echo "OVS_DATABASE must be nb or sb"
exit 1
fi
ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
}
function readiness () {
if [[ $OVS_DATABASE == "nb" ]]; then
OVN_DATABASE="Northbound"
elif [[ $OVS_DATABASE == "sb" ]]; then
OVN_DATABASE="Southbound"
else
echo "OVS_DATABASE must be nb or sb"
exit 1
fi
ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
}
$COMMAND

28
ovn/templates/clusterrole-controller.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ovn-controller
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- patch
- list

27
ovn/templates/clusterrolebinding-controller.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ovn-controller
subjects:
- kind: ServiceAccount
name: ovn-controller
namespace: {{ .Release.Namespace }}

6
ovn/templates/configmap-bin.yaml
View File

@ -24,12 +24,6 @@ data:
image-repo-sync.sh: | image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }} {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }} {{- end }}
ovsdb-server.sh: |
{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-northd.sh: |
{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-controller-init.sh: | ovn-controller-init.sh: |
{{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-controller.sh: |
{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }} {{- end }}

71
ovn/templates/daemonset-controller.yaml
View File

@ -12,38 +12,22 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- define "controllerReadinessProbeTemplate" }}
exec:
command:
- /usr/bin/ovn-kube-util
- readiness-probe
- -t
- ovn-controller
{{- end }}
{{- if .Values.manifests.daemonset_ovn_controller }} {{- if .Values.manifests.daemonset_ovn_controller }}
{{- $envAll := . }} {{- $envAll := . }}
{{- $configMapName := "ovn-etc" }} {{- $configMapName := "ovn-etc" }}
{{- $serviceAccountName := "ovn-controller" }} {{- $serviceAccountName := "ovn-controller" }}
{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
{{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} {{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $serviceAccountNamespace }}
roleRef:
kind: ClusterRole
name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
apiGroup: rbac.authorization.k8s.io
--- ---
kind: DaemonSet kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1
@ -97,6 +81,11 @@ spec:
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command: command:
- /tmp/ovn-controller-init.sh - /tmp/ovn-controller-init.sh
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts: volumeMounts:
- name: ovn-bin - name: ovn-bin
mountPath: /tmp/ovn-controller-init.sh mountPath: /tmp/ovn-controller-init.sh
@ -117,24 +106,30 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovn_controller | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command: command:
- /tmp/ovn-controller.sh - /root/ovnkube.sh
- start - ovn-controller
lifecycle: {{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
preStop: env:
exec: - name: OVN_DAEMONSET_VERSION
command: value: "3"
- /tmp/ovn-controller.sh - name: OVN_LOGLEVEL_CONTROLLER
- stop value: "-vconsole:info -vfile:info"
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OVN_KUBERNETES_NB_STATEFULSET
value: ovn-ovsdb-nb
- name: OVN_KUBERNETES_SB_STATEFULSET
value: ovn-ovsdb-sb
- name: OVN_SSL_ENABLE
value: "no"
volumeMounts: volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-controller.sh
subPath: ovn-controller.sh
readOnly: true
- name: run-openvswitch - name: run-openvswitch
mountPath: /run/openvswitch mountPath: /run/openvswitch
- name: logs - name: logs
mountPath: /var/log/ovn mountPath: /var/log/ovn
- name: run-ovn - name: run-openvswitch
mountPath: /run/ovn mountPath: /run/ovn
volumes: volumes:
- name: ovn-bin - name: ovn-bin

56
ovn/templates/deployment-northd.yaml
View File

@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- define "livenessProbeTemplate" }} {{- define "northdReadinessProbeTemplate" }}
exec: exec:
command: command:
- /tmp/ovn-northd.sh - /usr/bin/ovn-kube-util
- liveness - readiness-probe
{{- end }} - -t
- ovn-northd
{{- define "readinessProbeTemplate" }}
exec:
command:
- /tmp/ovn-northd.sh
- readiness
{{- end }} {{- end }}
{{- if .Values.manifests.deployment_northd }} {{- if .Values.manifests.deployment_northd }}
@ -60,28 +55,27 @@ spec:
{{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers: containers:
- name: northd - name: northd
command:
- /root/ovnkube.sh
- run-ovn-northd
{{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ovn_northd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovn_northd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} {{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} {{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command: env:
- /tmp/ovn-northd.sh - name: OVN_DAEMONSET_VERSION
- start value: "3"
lifecycle: - name: OVN_LOGLEVEL_NORTHD
preStop: value: "-vconsole:info -vfile:info"
exec: - name: OVN_KUBERNETES_NAMESPACE
command: valueFrom:
- /tmp/ovn-northd.sh fieldRef:
- stop fieldPath: metadata.namespace
volumeMounts: - name: OVN_KUBERNETES_NB_STATEFULSET
- name: ovn-bin value: ovn-ovsdb-nb
mountPath: /tmp/ovn-northd.sh - name: OVN_KUBERNETES_SB_STATEFULSET
subPath: ovn-northd.sh value: ovn-ovsdb-sb
readOnly: true - name: OVN_SSL_ENABLE
volumes: value: "no"
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- end }} {{- end }}

27
ovn/templates/role-controller.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-controller
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list

27
ovn/templates/role-northd.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-northd
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list

35
ovn/templates/role-ovsdb.yaml Normal file
View File

@ -0,0 +1,35 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ovn-ovsdb
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- "apps"
resources:
- statefulsets
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- endpoints
verbs:
- list
- get

28
ovn/templates/rolebinding-controller.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-controller
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ovn-controller
subjects:
- kind: ServiceAccount
name: ovn-controller
namespace: {{ .Release.Namespace }}

28
ovn/templates/rolebinding-northd.yaml Normal file
View File

@ -0,0 +1,28 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-northd
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ovn-northd
subjects:
- kind: ServiceAccount
name: ovn-northd
namespace: {{ .Release.Namespace }}

31
ovn/templates/rolebinding-ovsdb.yaml Normal file
View File

@ -0,0 +1,31 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: ovn-ovsdb
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: ovn-ovsdb
subjects:
- kind: ServiceAccount
name: ovn-ovsdb-nb
namespace: {{ .Release.Namespace }}
- kind: ServiceAccount
name: ovn-ovsdb-sb
namespace: {{ .Release.Namespace }}

1
ovn/templates/service-ovsdb-nb.yaml
View File

@ -20,6 +20,7 @@ kind: Service
metadata: metadata:
name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec: spec:
publishNotReadyAddresses: true
ports: ports:
- name: ovsdb - name: ovsdb
port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}

1
ovn/templates/service-ovsdb-sb.yaml
View File

@ -20,6 +20,7 @@ kind: Service
metadata: metadata:
name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec: spec:
publishNotReadyAddresses: true
ports: ports:
- name: ovsdb - name: ovsdb
port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}

71
ovn/templates/statefulset-ovsdb-nb.yaml
View File

@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- define "ovnnbReadinessProbeTemplate" }}
exec:
command:
- /usr/bin/ovn-kube-util
- readiness-probe
- -t
{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
- ovnnb-db-raft
{{- else }}
- ovnnb-db
{{- end }}
{{- end }}
{{- if .Values.manifests.statefulset_ovn_ovsdb_nb }} {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
{{- $envAll := . }} {{- $envAll := . }}
@ -28,6 +41,7 @@ metadata:
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec: spec:
serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
podManagementPolicy: Parallel
replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }} replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
selector: selector:
matchLabels: matchLabels:
@ -49,43 +63,56 @@ spec:
{{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers: containers:
- name: ovsdb - name: ovsdb
command:
- /root/ovnkube.sh
{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
- nb-ovsdb-raft
{{- else }}
- nb-ovsdb
{{- end }}
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_nb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_nb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
ports: ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env: env:
- name: OVS_DATABASE - name: OVN_DAEMONSET_VERSION
value: nb value: "3"
- name: OVS_PORT - name: OVN_LOGLEVEL_NB
value: "-vconsole:info -vfile:info"
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OVN_KUBERNETES_STATEFULSET
value: ovn-ovsdb-nb
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OVN_SSL_ENABLE
value: "no"
- name: ENABLE_IPSEC
value: "false"
- name: OVN_NB_RAFT_ELECTION_TIMER
value: "1000"
- name: OVN_NB_PORT
value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
command: - name: OVN_NB_RAFT_PORT
- /tmp/ovsdb-server.sh value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovsdb-server.sh
- stop
volumeMounts: volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovsdb-server.sh
subPath: ovsdb-server.sh
readOnly: true
- name: run-openvswitch - name: run-openvswitch
mountPath: /run/openvswitch mountPath: /var/run/openvswitch
- name: run-openvswitch
mountPath: /var/run/ovn
- name: data - name: data
mountPath: {{ $envAll.Values.volume.ovn_ovsdb_nb.path }} mountPath: /etc/ovn
volumes: volumes:
- name: run-openvswitch - name: run-openvswitch
hostPath: hostPath:
path: /run/openvswitch path: /run/openvswitch
type: DirectoryOrCreate type: DirectoryOrCreate
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }} {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data - name: data
emptyDir: {} emptyDir: {}

73
ovn/templates/statefulset-ovsdb-sb.yaml
View File

@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License. limitations under the License.
*/}} */}}
{{- define "ovnsbReadinessProbeTemplate" }}
exec:
command:
- /usr/bin/ovn-kube-util
- readiness-probe
- -t
{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
- ovnsb-db-raft
{{- else }}
- ovnsb-db
{{- end }}
{{- end }}
{{- if .Values.manifests.statefulset_ovn_ovsdb_sb }} {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
{{- $envAll := . }} {{- $envAll := . }}
@ -28,6 +41,7 @@ metadata:
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec: spec:
serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }} serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
podManagementPolicy: Parallel
replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }} replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
selector: selector:
matchLabels: matchLabels:
@ -49,43 +63,56 @@ spec:
{{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers: containers:
- name: ovsdb - name: ovsdb
command:
- /root/ovnkube.sh
{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
- sb-ovsdb-raft
{{- else }}
- sb-ovsdb
{{- end }}
{{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_sb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovn_ovsdb_sb | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
ports: ports:
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env: env:
- name: OVS_DATABASE - name: OVN_DAEMONSET_VERSION
value: sb value: "3"
- name: OVS_PORT - name: OVN_LOGLEVEL_SB
value: "-vconsole:info -vfile:info"
- name: OVN_KUBERNETES_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: OVN_KUBERNETES_STATEFULSET
value: ovn-ovsdb-sb
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OVN_SSL_ENABLE
value: "no"
- name: ENABLE_IPSEC
value: "false"
- name: OVN_SB_RAFT_ELECTION_TIMER
value: "1000"
- name: OVN_SB_PORT
value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
command: - name: OVN_SB_RAFT_PORT
- /tmp/ovsdb-server.sh value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovsdb-server.sh
- stop
volumeMounts: volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovsdb-server.sh
subPath: ovsdb-server.sh
readOnly: true
- name: run-openvswitch - name: run-openvswitch
mountPath: /run/openvswitch mountPath: /var/run/openvswitch
- name: run-openvswitch
mountPath: /var/run/ovn
- name: data - name: data
mountPath: {{ $envAll.Values.volume.ovn_ovsdb_sb.path }} mountPath: /etc/ovn
volumes: volumes:
- name: run-openvswitch - name: run-openvswitch
hostPath: hostPath:
path: /run/openvswitch path: /run/openvswitch
type: DirectoryOrCreate type: DirectoryOrCreate
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }} {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data - name: data
emptyDir: {} emptyDir: {}
@ -95,10 +122,10 @@ spec:
name: data name: data
spec: spec:
accessModes: ["ReadWriteOnce"] accessModes: ["ReadWriteOnce"]
storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
resources: resources:
requests: requests:
storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }} storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
{{- end }} {{- end }}
{{- end }} {{- end }}

50
ovn/values.yaml
View File

@ -53,12 +53,10 @@ labels:
volume: volume:
ovn_ovsdb_nb: ovn_ovsdb_nb:
path: /var/lib/ovn
enabled: true enabled: true
class_name: general class_name: general
size: 5Gi size: 5Gi
ovn_ovsdb_sb: ovn_ovsdb_sb:
path: /var/lib/ovn
enabled: true enabled: true
class_name: general class_name: general
size: 5Gi size: 5Gi
@ -77,6 +75,8 @@ conf:
ovn_encap_type: geneve ovn_encap_type: geneve
ovn_bridge: br-int ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex ovn_bridge_mappings: external:br-ex
# For DPDK enabled environments, enable netdev datapath type for br-int
# ovn_bridge_datapath_type: netdev
# auto_bridge_add: # auto_bridge_add:
# br-private: eth0 # br-private: eth0
@ -126,13 +126,41 @@ pod:
readiness: readiness:
enabled: true enabled: true
params: params:
initialDelaySeconds: 5 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 30
liveness: periodSeconds: 60
ovn_ovsdb_nb:
ovsdb:
readiness:
enabled: true enabled: true
params: params:
initialDelaySeconds: 5 initialDelaySeconds: 30
timeoutSeconds: 10 timeoutSeconds: 30
periodSeconds: 60
ovn_ovsdb_sb:
ovsdb:
readiness:
enabled: true
params:
initialDelaySeconds: 30
timeoutSeconds: 30
periodSeconds: 60
ovn_controller:
controller:
readiness:
enabled: true
params:
initialDelaySeconds: 30
timeoutSeconds: 30
periodSeconds: 60
ovn_controller_gw:
controller:
readiness:
enabled: true
params:
initialDelaySeconds: 30
timeoutSeconds: 30
periodSeconds: 60
dns_policy: "ClusterFirstWithHostNet" dns_policy: "ClusterFirstWithHostNet"
replicas: replicas:
ovn_ovsdb_nb: 1 ovn_ovsdb_nb: 1
@ -162,18 +190,18 @@ pod:
enabled: false enabled: false
ovn_ovsdb_nb: ovn_ovsdb_nb:
requests: requests:
memory: "128Mi" memory: "384Mi"
cpu: "100m" cpu: "100m"
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "1000m"
ovn_ovsdb_sb: ovn_ovsdb_sb:
requests: requests:
memory: "128Mi" memory: "384Mi"
cpu: "100m" cpu: "100m"
limits: limits:
memory: "1024Mi" memory: "1024Mi"
cpu: "2000m" cpu: "1000m"
ovn_northd: ovn_northd:
requests: requests:
memory: "128Mi" memory: "128Mi"

4
releasenotes/notes/ovn-50ba6d3611decff9.yaml Normal file
View File

@ -0,0 +1,4 @@
---
ovn:
- Add OVN Kubernetes support
...