From d617712e689585800a5e85b67fd53d5ee58d5fe2 Mon Sep 17 00:00:00 2001 From: ricolin Date: Wed, 2 Oct 2024 14:26:36 +0800 Subject: [PATCH] Add Support for OVN octavia provider * Add OVN support * Add Octavia Driver Agent service With this, we're allow to using OVN with Octavia just by adding OVN to following configs: * [api_settings]/enabled_provider_drivers * [driver_agent]/enabled_provider_agents Change-Id: I735c572fff80793806a9232c86e69059d0eda838 --- .../bin/_octavia-driver-agent.sh.tpl | 31 ++++++++++++ octavia/templates/configmap-bin.yaml | 2 + octavia/templates/deployment-api.yaml | 50 ++++++++++++++++++- .../templates/deployment-housekeeping.yaml | 3 +- octavia/templates/deployment-worker.yaml | 5 +- octavia/values.yaml | 36 +++++++++++-- 6 files changed, 117 insertions(+), 10 deletions(-) create mode 100644 octavia/templates/bin/_octavia-driver-agent.sh.tpl diff --git a/octavia/templates/bin/_octavia-driver-agent.sh.tpl b/octavia/templates/bin/_octavia-driver-agent.sh.tpl new file mode 100644 index 0000000000..056d34f07e --- /dev/null +++ b/octavia/templates/bin/_octavia-driver-agent.sh.tpl @@ -0,0 +1,31 @@ +#!/bin/bash + +{{/* +Copyright 2024 Vexxhost Co., Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +set -ex +COMMAND="${@:-start}" + +function start () { + exec octavia-driver-agent \ + --config-file /etc/octavia/octavia.conf +} + +function stop () { + kill -TERM 1 +} + +$COMMAND diff --git a/octavia/templates/configmap-bin.yaml b/octavia/templates/configmap-bin.yaml index be9a95dec2..f3f90fb285 100644 --- a/octavia/templates/configmap-bin.yaml +++ b/octavia/templates/configmap-bin.yaml @@ -47,6 +47,8 @@ data: {{- include "helm-toolkit.scripts.keystone_user" . | indent 4 }} octavia-api.sh: | {{ tuple "bin/_octavia-api.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} + octavia-driver-agent.sh: | +{{ tuple "bin/_octavia-driver-agent.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} octavia-health-manager.sh: | {{ tuple "bin/_octavia-health-manager.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }} octavia-health-manager-nic-init.sh: | diff --git a/octavia/templates/deployment-api.yaml b/octavia/templates/deployment-api.yaml index 8029d5bdda..e6e2f019ca 100644 --- a/octavia/templates/deployment-api.yaml +++ b/octavia/templates/deployment-api.yaml @@ -18,6 +18,7 @@ limitations under the License. {{- $envAll := . }} {{- $mounts_octavia_api := .Values.pod.mounts.octavia_api.octavia_api }} +{{- $mounts_octavia_driver_agent := .Values.pod.mounts.octavia_api.octavia_driver_agent }} {{- $mounts_octavia_api_init := .Values.pod.mounts.octavia_api.init_container }} {{- $serviceAccountName := "octavia-api" }} @@ -58,8 +59,7 @@ spec: - name: octavia-api {{ tuple $envAll "octavia_api" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.octavia.uid }} +{{ dict "envAll" $envAll "application" "octavia_api" "container" "octavia_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/octavia-api.sh - start @@ -78,6 +78,8 @@ spec: path: / port: {{ tuple "load_balancer" "internal" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }} volumeMounts: + - name: run-openvswitch + mountPath: /var/run/ovn - name: pod-etc-octavia mountPath: /etc/octavia - name: octavia-bin @@ -98,10 +100,54 @@ spec: subPath: {{ base .Values.conf.octavia.DEFAULT.log_config_append }} readOnly: true {{- end }} + - name: octavia-driver-agents + mountPath: /var/run/octavia {{ if $mounts_octavia_api.volumeMounts }}{{ toYaml $mounts_octavia_api.volumeMounts | indent 12 }}{{ end }} + - name: octavia-driver-agent +{{ tuple $envAll "octavia_driver_agent" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.driver_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "application" "octavia_api" "container" "octavia_driver_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + command: + - /tmp/octavia-driver-agent.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/octavia-driver-agent.sh + - stop + volumeMounts: + - name: pod-etc-octavia + mountPath: /etc/octavia + readOnly: true + - name: octavia-bin + mountPath: /tmp/octavia-driver-agent.sh + subPath: octavia-driver-agent.sh + readOnly: true + - name: octavia-etc + mountPath: /etc/octavia/octavia.conf + subPath: octavia.conf + readOnly: true + {{- if .Values.conf.octavia.DEFAULT.log_config_append }} + - name: octavia-etc + mountPath: {{ .Values.conf.octavia.DEFAULT.log_config_append }} + subPath: {{ base .Values.conf.octavia.DEFAULT.log_config_append }} + readOnly: true + {{- end }} + - name: octavia-driver-agents + mountPath: /var/run/octavia + - name: run-openvswitch + mountPath: /var/run/ovn +{{ if $mounts_octavia_driver_agent.volumeMounts }}{{ toYaml $mounts_octavia_driver_agent.volumeMounts | indent 12 }}{{ end }} volumes: - name: pod-etc-octavia emptyDir: {} + - name: run-openvswitch + hostPath: + path: /run/openvswitch + type: DirectoryOrCreate + - name: octavia-driver-agents + emptyDir: {} - name: octavia-bin configMap: name: octavia-bin diff --git a/octavia/templates/deployment-housekeeping.yaml b/octavia/templates/deployment-housekeeping.yaml index 95b42271b0..9d0f8765f5 100644 --- a/octavia/templates/deployment-housekeeping.yaml +++ b/octavia/templates/deployment-housekeeping.yaml @@ -59,8 +59,7 @@ spec: - name: octavia-housekeeping {{ tuple $envAll "octavia_housekeeping" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.housekeeping | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.octavia.uid }} +{{ dict "envAll" $envAll "application" "octavia_housekeeping" "container" "octavia_housekeeping" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/octavia-housekeeping.sh - start diff --git a/octavia/templates/deployment-worker.yaml b/octavia/templates/deployment-worker.yaml index 61da197422..6972941b29 100644 --- a/octavia/templates/deployment-worker.yaml +++ b/octavia/templates/deployment-worker.yaml @@ -59,8 +59,7 @@ spec: - name: octavia-worker {{ tuple $envAll "octavia_worker" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.worker | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - securityContext: - runAsUser: {{ .Values.pod.user.octavia.uid }} +{{ dict "envAll" $envAll "application" "octavia_worker" "container" "octavia_worker" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/octavia-worker.sh - start @@ -100,4 +99,4 @@ spec: secretName: octavia-etc defaultMode: 0444 {{ if $mounts_octavia_worker.volumes }}{{ toYaml $mounts_octavia_worker.volumes | indent 8 }}{{ end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/octavia/values.yaml b/octavia/values.yaml index dae71766b9..3d48c1e000 100644 --- a/octavia/values.yaml +++ b/octavia/values.yaml @@ -51,6 +51,7 @@ images: dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal image_repo_sync: docker.io/docker:17.07.0 octavia_api: docker.io/loci/octavia:master-ubuntu + octavia_driver_agent: docker.io/loci/octavia:master-ubuntu octavia_worker: docker.io/loci/octavia:master-ubuntu octavia_housekeeping: docker.io/loci/octavia:master-ubuntu octavia_health_manager: docker.io/loci/octavia:master-ubuntu @@ -208,6 +209,9 @@ conf: octavia: DEFAULT: log_config_append: /etc/octavia/logging.conf + ovn: + ovn_nb_connection: unix:/run/ovn/ovnnb_db.sock + ovn_sb_connection: unix:/run/ovn/ovnsb_db.sock api_settings: api_handler: queue_producer bind_host: 0.0.0.0 @@ -521,9 +525,25 @@ endpoints: public: 80 pod: - user: - octavia: - uid: 42424 + security_context: + octavia_api: + container: + octavia_api: + capabilities: + add: + - SYS_NICE + octavia_driver_agent: + capabilities: + add: + - SYS_NICE + octavia_worker: + container: + octavia_worker: + runAsUser: 42424 + octavia_housekeeping: + container: + octavia_housekeeping: + runAsUser: 42424 affinity: anti: type: @@ -536,6 +556,9 @@ pod: octavia_api: volumeMounts: volumes: + octavia_driver_agent: + volumeMounts: + volumes: octavia_worker: init_container: null octavia_worker: @@ -589,6 +612,13 @@ pod: limits: memory: "1024Mi" cpu: "2000m" + driver_agent: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "1024Mi" + cpu: "2000m" worker: requests: memory: "128Mi"