From 16bf3549c1d3eb3d60090a6a3b31f7d52f219e84 Mon Sep 17 00:00:00 2001 From: Florian Ruynat <16313165+floryut@users.noreply.github.com> Date: Thu, 14 Oct 2021 21:11:09 +0200 Subject: [PATCH] Update kube-ovn to 1.8.1 --- README.md | 2 +- roles/download/defaults/main.yml | 4 +- .../network_plugin/kube-ovn/defaults/main.yml | 4 + .../templates/cni-kube-ovn-crd.yml.j2 | 136 ++++++++++++++++-- .../kube-ovn/templates/cni-kube-ovn.yml.j2 | 10 ++ .../kube-ovn/templates/cni-ovn.yml.j2 | 2 + 6 files changed, 144 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 927b79a0f..e2f8134f1 100644 --- a/README.md +++ b/README.md @@ -143,7 +143,7 @@ Note: Upstart/SysV init based OS types are not supported. - [flanneld](https://github.com/flannel-io/flannel) v0.14.0 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.7.2 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.3.1 - - [multus](https://github.com/intel/multus-cni) v3.8.0 + - [multus](https://github.com/intel/multus-cni) v3.8 - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0 - [weave](https://github.com/weaveworks/weave) v2.8.1 - Application diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 19f854e67..176780214 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -83,9 +83,9 @@ cni_version: "v0.9.1" weave_version: 2.8.1 pod_infra_version: "3.3" cilium_version: "v1.9.10" -kube_ovn_version: "v1.7.2" +kube_ovn_version: "v1.8.1" kube_router_version: "v1.3.1" -multus_version: "v3.8.0" +multus_version: "v3.8" ovn4nfv_ovn_image_version: "v1.0.0" ovn4nfv_k8s_plugin_image_version: "v1.1.0" helm_version: "v3.7.0" diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml index d0eb52794..831c26bd4 100644 --- a/roles/network_plugin/kube-ovn/defaults/main.yml +++ b/roles/network_plugin/kube-ovn/defaults/main.yml @@ -7,6 +7,10 @@ kube_ovn_node_cpu_request: 200m kube_ovn_node_memory_request: 200Mi kube_ovn_node_cpu_limit: 1000m kube_ovn_node_memory_limit: 800Mi +kube_ovn_cni_server_cpu_request: 200m +kube_ovn_cni_server_memory_request: 200Mi +kube_ovn_cni_server_cpu_limit: 1000m +kube_ovn_cni_server_memory_limit: 1Gi kube_ovn_controller_cpu_request: 200m kube_ovn_controller_memory_request: 200Mi kube_ovn_controller_cpu_limit: 1000m diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 index 07866554e..9234006e2 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 @@ -100,15 +100,6 @@ spec: - name: NAT type: boolean jsonPath: .spec.natOutgoing - - name: ExternalEgressGateway - type: string - jsonPath: .spec.externalEgressGateway - - name: PolicyRoutingPriority - type: integer - jsonPath: .spec.policyRoutingPriority - - name: PolicyRoutingTableID - type: integer - jsonPath: .spec.policyRoutingTableID - name: Default type: boolean jsonPath: .spec.default @@ -127,6 +118,9 @@ spec: - name: V6Available type: number jsonPath: .status.v6availableIPs + - name: ExcludeIPs + type: string + jsonPath: .spec.excludeIps schema: openAPIV3Schema: type: object @@ -214,7 +208,7 @@ spec: type: boolean vlan: type: string - underlayGateway: + disableGatewayCheck: type: boolean disableInterConnection: type: boolean @@ -293,11 +287,23 @@ spec: openAPIV3Schema: type: object properties: + metadata: + type: object + properties: + name: + type: string + maxLength: 12 + not: + enum: + - int + - external spec: type: object properties: defaultInterface: type: string + maxLength: 15 + pattern: '^[^/\s]+$' customInterfaces: type: array items: @@ -305,6 +311,8 @@ spec: properties: interface: type: string + maxLength: 15 + pattern: '^[^/\s]+$' nodes: type: array items: @@ -375,6 +383,9 @@ spec: - jsonPath: .status.subnets name: Subnets type: string + - jsonPath: .spec.namespaces + name: Namespaces + type: string name: v1 schema: openAPIV3Schema: @@ -466,7 +477,17 @@ spec: listKind: VpcNatGatewayList scope: Cluster versions: - - name: v1 + - additionalPrinterColumns: + - jsonPath: .spec.vpc + name: Vpc + type: string + - jsonPath: .spec.subnet + name: Subnet + type: string + - jsonPath: .spec.lanIp + name: LanIP + type: string + name: v1 served: true storage: true schema: @@ -528,3 +549,96 @@ spec: status: {} conversion: strategy: None +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: security-groups.kubeovn.io +spec: + group: kubeovn.io + names: + plural: security-groups + singular: security-group + shortNames: + - sg + kind: SecurityGroup + listKind: SecurityGroupList + scope: Cluster + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + ingressRules: + type: array + items: + type: object + properties: + ipVersion: + type: string + protocol: + type: string + priority: + type: integer + remoteType: + type: string + remoteAddress: + type: string + remoteSecurityGroup: + type: string + portRangeMin: + type: integer + portRangeMax: + type: integer + policy: + type: string + egressRules: + type: array + items: + type: object + properties: + ipVersion: + type: string + protocol: + type: string + priority: + type: integer + remoteType: + type: string + remoteAddress: + type: string + remoteSecurityGroup: + type: string + portRangeMin: + type: integer + portRangeMax: + type: integer + policy: + type: string + allowSameGroupTraffic: + type: boolean + status: + type: object + properties: + portGroup: + type: string + allowSameGroupTraffic: + type: boolean + ingressMd5: + type: string + egressMd5: + type: string + ingressLastSyncSuccess: + type: boolean + egressLastSyncSuccess: + type: boolean + subresources: + status: {} + conversion: + strategy: None diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 index ec05e76c4..e9cadc2b9 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 @@ -45,6 +45,9 @@ spec: args: - --default-cidr={{ kube_pods_subnet }} - --pod-nic-type=veth-pair + - --enable-lb=true + - --enable-np=true + - --enable-external-vpc=true env: - name: ENABLE_SSL value: "{{ enable_ssl | lower }}" @@ -194,6 +197,13 @@ spec: initialDelaySeconds: 30 periodSeconds: 7 failureThreshold: 5 + resources: + requests: + cpu: {{ kube_ovn_cni_server_cpu_request }} + memory: {{ kube_ovn_cni_server_memory_request }} + limits: + cpu: {{ kube_ovn_cni_server_cpu_limit }} + memory: {{ kube_ovn_cni_server_memory_limit }} nodeSelector: kubernetes.io/os: "linux" volumes: diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 index b90175986..a8505df26 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 @@ -70,6 +70,8 @@ rules: - provider-networks - provider-networks/status - networks + - security-groups + - security-groups/status verbs: - "*" - apiGroups: