Update kube-ovn to 1.6.2

README.md

@@ -139,7 +139,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
   - [cilium](https://github.com/cilium/cilium) v1.8.8
   - [flanneld](https://github.com/coreos/flannel) v0.13.0
-  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.1
+  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.2
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.2.0
   - [multus](https://github.com/intel/multus-cni) v3.7.0
   - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0

roles/download/defaults/main.yml

@@ -78,7 +78,7 @@ cni_version: "v0.9.0"
 weave_version: 2.8.1
 pod_infra_version: "3.3"
 cilium_version: "v1.8.8"
-kube_ovn_version: "v1.6.1"
+kube_ovn_version: "v1.6.2"
 kube_router_version: "v1.2.0"
 multus_version: "v3.7"
 ovn4nfv_ovn_image_version: "v1.0.0"

roles/network_plugin/kube-ovn/defaults/main.yml

@@ -15,6 +15,9 @@ kube_ovn_pinger_cpu_request: 100m
 kube_ovn_pinger_memory_request: 200Mi
 kube_ovn_pinger_cpu_limit: 200m
 kube_ovn_pinger_memory_limit: 400Mi
+kube_ovn_monitor_cpu_request: 500m
+kube_ovn_monitor_memory_request: 300Mi
 
 traffic_mirror: true
-encap_checksum: true
+encap_checksum: false
+enable_ssl: false

roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2

@@ -47,7 +47,7 @@ spec:
           - --default-cidr={{ kube_pods_subnet }}
           env:
             - name: ENABLE_SSL
-              value: "false"
+              value: "{{ enable_ssl }}"
             - name: POD_NAME
               valueFrom:
                 fieldRef:
@@ -146,7 +146,7 @@ spec:
           privileged: true
         env:
           - name: ENABLE_SSL
-            value: "false"
+            value: "{{ enable_ssl }}"
           - name: POD_IP
             valueFrom:
               fieldRef:
@@ -240,7 +240,7 @@ spec:
             privileged: false
           env:
             - name: ENABLE_SSL
-              value: "false"
+              value: "{{ enable_ssl }}"
             - name: POD_IP
               valueFrom:
                 fieldRef:

roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2

@@ -155,6 +155,39 @@ spec:
     ovn-sb-leader: "true"
   sessionAffinity: None
 ---
+kind: Service
+apiVersion: v1
+metadata:
+  name: ovn-northd
+  namespace: kube-system
+spec:
+  ports:
+    - name: ovn-northd
+      protocol: TCP
+      port: 6643
+      targetPort: 6643
+  type: ClusterIP
+  selector:
+    app: ovn-central
+    ovn-northd-leader: "true"
+  sessionAffinity: None
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: kube-ovn-monitor
+  namespace:  kube-system
+  labels:
+    app: kube-ovn-monitor
+spec:
+  ports:
+    - name: metrics
+      port: 10661
+  type: ClusterIP
+  selector:
+    app: ovn-central
+  sessionAffinity: None
+---
 kind: Deployment
 apiVersion: apps/v1
 metadata:
@@ -193,6 +226,7 @@ spec:
       priorityClassName: system-cluster-critical
       serviceAccountName: ovn
       hostNetwork: true
+      shareProcessNamespace: true
       containers:
         - name: ovn-central
           image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
@@ -203,7 +237,7 @@ spec:
               add: ["SYS_NICE"]
           env:
             - name: ENABLE_SSL
-              value: "false"
+              value: "{{ enable_ssl }}"
             - name: POD_IP
               valueFrom:
                 fieldRef:
@@ -257,6 +291,63 @@ spec:
             periodSeconds: 7
             failureThreshold: 5
             timeoutSeconds: 45
+        - name: ovn-monitor
+          image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
+          imagePullPolicy: {{ k8s_image_pull_policy }}
+          command: ["/kube-ovn/start-ovn-monitor.sh"]
+          env:
+            - name: ENABLE_SSL
+              value: "{{ enable_ssl }}"
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          resources:
+            requests:
+              cpu: {{ kube_ovn_monitor_cpu_request }}
+              memory: {{ kube_ovn_monitor_memory_request }}
+          volumeMounts:
+            - mountPath: /var/run/openvswitch
+              name: host-run-ovs
+            - mountPath: /var/run/ovn
+              name: host-run-ovn
+            - mountPath: /sys
+              name: host-sys
+              readOnly: true
+            - mountPath: /etc/openvswitch
+              name: host-config-openvswitch
+            - mountPath: /etc/ovn
+              name: host-config-ovn
+            - mountPath: /var/log/openvswitch
+              name: host-log-ovs
+            - mountPath: /var/log/ovn
+              name: host-log-ovn
+            - mountPath: /var/run/tls
+              name: kube-ovn-tls
+          readinessProbe:
+            exec:
+              command:
+              - cat
+              - /var/run/ovn/ovnnb_db.pid
+            periodSeconds: 3
+            timeoutSeconds: 45
+          livenessProbe:
+            exec:
+              command:
+              - cat
+              - /var/run/ovn/ovn-nbctl.pid
+            initialDelaySeconds: 30
+            periodSeconds: 10
+            failureThreshold: 5
+            timeoutSeconds: 45
       nodeSelector:
         kubernetes.io/os: "linux"
         kube-ovn/role: "master"
@@ -325,7 +416,7 @@ spec:
             privileged: true
           env:
             - name: ENABLE_SSL
-              value: "false"
+              value: "{{ enable_ssl }}"
             - name: POD_IP
               valueFrom:
                 fieldRef: