C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

adding ovn4nfv in kubespray (#6381)

Browse source 
Signed-off-by: Kuralamudhan Ramakrishnan <kuralamudhan.ramakrishnan@intel.com>
This commit is contained in:
Kuralamudhan Ramakrishnan 2020-07-31 07:33:08 -07:00 committed by GitHub
parent bf6168fca8
commit 90e5f8ffe1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 1023 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.gitlab-ci/packet.yml
View file

@ -110,6 +110,11 @@ packet_opensuse-canal:
extends: .packet extends: .packet
when: on_success when: on_success
packet_ubuntu18-ovn4nfv:
stage: deploy-part2
extends: .packet
when: on_success
# Contiv does not work in k8s v1.16 # Contiv does not work in k8s v1.16
# packet_ubuntu16-contiv-sep: # packet_ubuntu16-contiv-sep:
# stage: deploy-part2 # stage: deploy-part2

3
README.md
View file

@ -130,6 +130,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.1 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.1
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.0.0 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.0.0
- [multus](https://github.com/intel/multus-cni) v3.6.0 - [multus](https://github.com/intel/multus-cni) v3.6.0
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.0.0
- [weave](https://github.com/weaveworks/weave) v2.6.5 - [weave](https://github.com/weaveworks/weave) v2.6.5
- Application - Application
- [ambassador](https://github.com/datawire/ambassador): v1.5 - [ambassador](https://github.com/datawire/ambassador): v1.5
@ -180,6 +181,8 @@ You can choose between 10 network plugins. (default: `calico`, except Vagrant us
- [contiv](docs/contiv.md): supports vlan, vxlan, bgp and Cisco SDN networking. This plugin is able to - [contiv](docs/contiv.md): supports vlan, vxlan, bgp and Cisco SDN networking. This plugin is able to
apply firewall policies, segregate containers in multiple network and bridging pods onto physical networks. apply firewall policies, segregate containers in multiple network and bridging pods onto physical networks.
- [ovn4nfv](docs/ovn4nfv.md): [ovn4nfv-k8s-plugins](https://github.com/opnfv/ovn4nfv-k8s-plugin) is the network controller, OVS agent and CNI server to offer basic SFC and OVN overlay networking.
- [weave](docs/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. - [weave](docs/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster.
(Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)). (Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)).

84
docs/ci.md
View file

@ -4,51 +4,51 @@ To generate this Matrix run `./tests/scripts/md-table/main.py`
## docker ## docker
| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | | OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave |
|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | |---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :white_check_mark: | centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |
centos8 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | centos8 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |
debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: |
fedora31 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | fedora31 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: |
opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: |
ubuntu18 | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | ubuntu18 | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :white_check_mark: |
ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
## crio ## crio
| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | | OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave |
|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | |---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu18 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu18 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
## containerd ## containerd
| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | | OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave |
|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | |---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
centos7 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | centos7 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian10 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian10 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
fedora32 | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | fedora32 | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: |
opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |
ubuntu18 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | ubuntu18 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: |
ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: |

49
docs/ovn4nfv.md Normal file
View file

@ -0,0 +1,49 @@
# OVN4NFV-k8S-Plugin
Intro to [ovn4nfv-k8s-plugin](https://github.com/opnfv/ovn4nfv-k8s-plugin)
## How to use it
* Enable ovn4nfv in `group_vars/k8s-cluster/k8s-cluster.yml`
```yml
...
kube_network_plugin: ovn4nfv
...
```
## Verifying ovn4nfv kube network plugin
* ovn4nfv install ovn control plan in the master and ovn daemonset in all nodes
* Network function Networking(nfn) operator is install in the master and nfn agent is installed in all the node
* ovn4nfv install `ovn4nfvk8s-cni` cni shim binary in `/opt/cni/bin/` and nfn agent act as the cni server
* All ovn4nfv pods are installed in the kube-system
```ShellSession
# From K8s client
# kubectl get pods -n kube-system -l app=ovn-control-plane -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ovn-control-plane-5f8b7bcc65-w759g 1/1 Running 0 3d18h 192.168.121.25 master <none> <none>
# kubectl get pods -n kube-system -l app=ovn-controller -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ovn-controller-54zzj 1/1 Running 0 3d18h 192.168.121.24 minion01 <none> <none>
ovn-controller-7cljt 1/1 Running 0 3d18h 192.168.121.25 master <none> <none>
ovn-controller-cx46g 1/1 Running 0 3d18h 192.168.121.15 minion02 <none> <none>
# kubectl get pods -n kube-system -l name=nfn-operator -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfn-operator-6dc44dbf48-xk9zl 1/1 Running 0 3d18h 192.168.121.25 master <none> <none>
# kubectl get pods -n kube-system -l app=nfn-agent -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nfn-agent-dzlpp 1/1 Running 0 3d18h 192.168.121.15 minion02 <none> <none>
nfn-agent-jcdbn 1/1 Running 0 3d18h 192.168.121.25 master <none> <none>
nfn-agent-lrkzk 1/1 Running 0 3d18h 192.168.121.24 minion01 <none> <none>
# kubectl get pods -n kube-system -l app=ovn4nfv -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
ovn4nfv-cni-5zdz2 1/1 Running 0 3d18h 192.168.121.24 minion01 <none> <none>
ovn4nfv-cni-k5wjp 1/1 Running 0 3d18h 192.168.121.25 master <none> <none>
ovn4nfv-cni-t6z5b 1/1 Running 0 3d18h 192.168.121.15 minion02 <none> <none>
```

15
roles/download/defaults/main.yml
View file

@ -83,6 +83,8 @@ cilium_version: "v1.8.1"
kube_ovn_version: "v1.2.1" kube_ovn_version: "v1.2.1"
kube_router_version: "v1.0.0" kube_router_version: "v1.0.0"
multus_version: "v3.6" multus_version: "v3.6"
ovn4nfv_ovn_image_version: "v1.0.0"
ovn4nfv_k8s_plugin_image_version: "v1.0.0"
# Get kubernetes major version (i.e. 1.17.4 => 1.17) # Get kubernetes major version (i.e. 1.17.4 => 1.17)
kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}" kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
@ -490,6 +492,10 @@ kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router"
kube_router_image_tag: "{{ kube_router_version }}" kube_router_image_tag: "{{ kube_router_version }}"
multus_image_repo: "{{ docker_image_repo }}/nfvpe/multus" multus_image_repo: "{{ docker_image_repo }}/nfvpe/multus"
multus_image_tag: "{{ multus_version }}" multus_image_tag: "{{ multus_version }}"
ovn4nfv_ovn_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn-images"
ovn4nfv_ovn_image_tag: "{{ ovn4nfv_ovn_image_version }}"
ovn4nfv_k8s_plugin_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn4nfv-k8s-plugin"
ovn4nfv_k8s_plugin_image_tag: "{{ ovn4nfv_k8s_plugin_image_version }}"
nginx_image_repo: "{{ docker_image_repo }}/library/nginx" nginx_image_repo: "{{ docker_image_repo }}/library/nginx"
nginx_image_tag: 1.19 nginx_image_tag: 1.19
@ -812,6 +818,15 @@ downloads:
groups: groups:
- k8s-cluster - k8s-cluster
ovn4nfv:
enabled: "{{ kube_network_plugin == 'ovn4nfv' }}"
container: true
repo: "{{ ovn4nfv_k8s_plugin_image_repo }}"
tag: "{{ ovn4nfv_k8s_plugin_image_tag }}"
sha256: "{{ ovn4nfv_k8s_plugin_digest_checksum|default(None) }}"
groups:
- k8s-cluster
contiv: contiv:
enabled: "{{ kube_network_plugin == 'contiv' }}" enabled: "{{ kube_network_plugin == 'contiv' }}"
container: true container: true

5
roles/kubernetes-apps/network_plugin/meta/main.yml
View file

@ -40,6 +40,11 @@ dependencies:
tags: tags:
- kube-router - kube-router
- role: kubernetes-apps/network_plugin/ovn4nfv
when: kube_network_plugin == 'ovn4nfv'
tags:
- ovn4nfv
- role: kubernetes-apps/network_plugin/multus - role: kubernetes-apps/network_plugin/multus
when: kube_network_plugin_multus when: kube_network_plugin_multus
tags: tags:

9
roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml Normal file
View file

@ -0,0 +1,9 @@
---
- name: ovn4nfv-k8s | Start Resources
kube:
name: "{{ item.item.name }}"
kubectl: "{{ bin_dir }}/kubectl"
filename: "{{ kube_config_dir }}/{{ item.item.file }}"
state: "latest"
with_items: "{{ ovn4nfv_node_manifests.results }}"
when: inventory_hostname == groups['kube-master'][0] and not item is skipped

2
roles/kubernetes/node/templates/kubelet.env.v1beta1.j2
View file

@ -37,7 +37,7 @@ KUBELET_ARGS="{{ kubelet_args_base }} {% if node_taints|default([]) %}--register
{% if kubelet_flexvolumes_plugins_dir is defined %} {% if kubelet_flexvolumes_plugins_dir is defined %}
KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}" KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}"
{% endif %} {% endif %}
{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-ovn", "kube-router", "macvlan"] %} {% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-ovn", "ovn4nfv", "kube-router", "macvlan"] %}
KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
{% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %} {% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %}
KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet" KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet"

2
roles/kubernetes/preinstall/tasks/0020-verify-settings.yml
View file

@ -22,7 +22,7 @@
- name: Stop if unknown network plugin - name: Stop if unknown network plugin
assert: assert:
that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'kube-ovn', 'kube-router', 'macvlan'] that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'ovn4nfv','kube-ovn', 'kube-router', 'macvlan']
msg: "{{ kube_network_plugin }} is not supported" msg: "{{ kube_network_plugin }} is not supported"
when: when:
- kube_network_plugin is defined - kube_network_plugin is defined

3
roles/kubernetes/preinstall/tasks/0050-create_directories.yml
View file

@ -52,7 +52,7 @@
- "/opt/cni/bin" - "/opt/cni/bin"
- "/var/lib/calico" - "/var/lib/calico"
when: when:
- kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium", "kube-ovn", "kube-router", "macvlan"] - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium", "kube-ovn", "ovn4nfv", "kube-router", "macvlan"]
- inventory_hostname in groups['k8s-cluster'] - inventory_hostname in groups['k8s-cluster']
tags: tags:
- network - network
@ -61,6 +61,7 @@
- weave - weave
- canal - canal
- contiv - contiv
- ovn4nfv
- kube-ovn - kube-ovn
- kube-router - kube-router
- bootstrap-os - bootstrap-os

5
roles/network_plugin/meta/main.yml
View file

@ -50,6 +50,11 @@ dependencies:
tags: tags:
- kube-router - kube-router
- role: network_plugin/ovn4nfv
when: kube_network_plugin == 'ovn4nfv'
tags:
- ovn4nfv
- role: network_plugin/multus - role: network_plugin/multus
when: kube_network_plugin_multus when: kube_network_plugin_multus
tags: tags:

15
roles/network_plugin/ovn4nfv/defaults/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
ovn_control_plane_cpu_request: 500m
ovn_control_plane_memory_request: 300Mi
ovn_controller_cpu_request: 200m
ovn_controller_memory_request: 300Mi
ovn_controller_cpu_limit: 1000m
ovn_controller_memory_limit: 800Mi
ovn4nfv_cni_cpu_request: 100m
ovn4nfv_cni_memory_request: 50Mi
ovn4nfv_cni_cpu_limit: 100m
ovn4nfv_cni_memory_limit: 50Mi
nfn_agent_cpu_request: 100m
nfn_agent_memory_request: 50Mi
nfn_agent_cpu_limit: 100m
nfn_agent_memory_limit: 50Mi

15
roles/network_plugin/ovn4nfv/tasks/main.yml Normal file
View file

@ -0,0 +1,15 @@
---
- name: ovn4nfv | Label control-plane node
command: >-
{{ bin_dir }}/kubectl label --overwrite node {{ groups['kube-master'] | first }} ovn4nfv-k8s-plugin=ovn-control-plane
when:
- inventory_hostname == groups['kube-master'][0]
- name: ovn4nfv | Create ovn4nfv-k8s manifests
template:
src: "{{ item.file }}.j2"
dest: "{{ kube_config_dir }}/{{ item.file }}"
with_items:
- {name: ovn-daemonset, file: ovn-daemonset.yml}
- {name: ovn4nfv-k8s-plugin, file: ovn4nfv-k8s-plugin.yml}
register: ovn4nfv_node_manifests

239
roles/network_plugin/ovn4nfv/templates/ovn-daemonset.yml.j2 Normal file
View file

@ -0,0 +1,239 @@
---
kind: Service
apiVersion: v1
metadata:
name: ovn-nb-tcp
namespace: kube-system
spec:
ports:
- name: ovn-nb-tcp
protocol: TCP
port: 6641
targetPort: 6641
type: ClusterIP
selector:
app: ovn-control-plane
sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
name: ovn-sb-tcp
namespace: kube-system
spec:
ports:
- name: ovn-sb-tcp
protocol: TCP
port: 6642
targetPort: 6642
type: ClusterIP
selector:
app: ovn-control-plane
sessionAffinity: None
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: ovn-control-plane
namespace: kube-system
annotations:
kubernetes.io/description: |
OVN control plane deployment using tcp: ovn-northd-tcp, ovn-nb-tcp and ovn-sb-tcp.
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0%
maxUnavailable: 100%
type: RollingUpdate
selector:
matchLabels:
app: ovn-control-plane
template:
metadata:
labels:
app: ovn-control-plane
spec:
tolerations:
- operator: Exists
effect: NoSchedule
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: ovn-control-plane
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
hostNetwork: true
containers:
- name: ovn-control-plane
image: {{ ovn4nfv_ovn_image_repo }}:{{ ovn4nfv_ovn_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command: ["ovn4nfv-k8s", "start_ovn_control_plane"]
securityContext:
capabilities:
add: ["SYS_NICE"]
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: {{ ovn_control_plane_cpu_request }}
memory: {{ ovn_control_plane_memory_request }}
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
readinessProbe:
exec:
command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
periodSeconds: 3
livenessProbe:
exec:
command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
initialDelaySeconds: 30
periodSeconds: 7
failureThreshold: 5
nodeSelector:
beta.kubernetes.io/os: "linux"
ovn4nfv-k8s-plugin: ovn-control-plane
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovn-controller
namespace: kube-system
annotations:
kubernetes.io/description: |
OVN controller: Start ovsdb-server & ovs-vswitchd components, and ovn controller
spec:
selector:
matchLabels:
app: ovn-controller
updateStrategy:
type: OnDelete
template:
metadata:
labels:
app: ovn-controller
spec:
tolerations:
- operator: Exists
effect: NoSchedule
priorityClassName: system-cluster-critical
hostNetwork: true
hostPID: true
containers:
- name: ovn-controller
image: {{ ovn4nfv_ovn_image_repo }}:{{ ovn4nfv_ovn_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command: ["ovn4nfv-k8s", "start_ovn_controller"]
securityContext:
runAsUser: 0
privileged: true
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
readinessProbe:
exec:
command: ["ovn4nfv-k8s", "check_ovn_controller"]
periodSeconds: 5
livenessProbe:
exec:
command: ["ovn4nfv-k8s", "check_ovn_controller"]
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 5
resources:
requests:
cpu: {{ ovn_controller_cpu_request }}
memory: {{ ovn_controller_memory_request }}
limits:
cpu: {{ ovn_controller_cpu_limit }}
memory: {{ ovn_controller_memory_limit }}
nodeSelector:
beta.kubernetes.io/os: "linux"
volumes:
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn

608
roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 Normal file
View file

@ -0,0 +1,608 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networks.k8s.plugin.opnfv.org
spec:
group: k8s.plugin.opnfv.org
names:
kind: Network
listKind: NetworkList
plural: networks
singular: network
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
properties:
cniType:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
dns:
properties:
domain:
type: string
nameservers:
items:
type: string
type: array
options:
items:
type: string
type: array
search:
items:
type: string
type: array
type: object
ipv4Subnets:
items:
properties:
excludeIps:
type: string
gateway:
type: string
name:
type: string
subnet:
type: string
required:
- name
- subnet
type: object
type: array
ipv6Subnets:
items:
properties:
excludeIps:
type: string
gateway:
type: string
name:
type: string
subnet:
type: string
required:
- name
- subnet
type: object
type: array
routes:
items:
properties:
dst:
type: string
gw:
type: string
required:
- dst
type: object
type: array
required:
- cniType
- ipv4Subnets
type: object
status:
properties:
state:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "operator-sdk generate k8s" to regenerate
code after modifying this file Add custom validation using kubebuilder
tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
required:
- state
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: providernetworks.k8s.plugin.opnfv.org
spec:
group: k8s.plugin.opnfv.org
names:
kind: ProviderNetwork
listKind: ProviderNetworkList
plural: providernetworks
singular: providernetwork
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: ProviderNetwork is the Schema for the providernetworks API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProviderNetworkSpec defines the desired state of ProviderNetwork
properties:
cniType:
description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
Important: Run "operator-sdk generate k8s" to regenerate code after
modifying this file Add custom validation using kubebuilder tags:
https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
direct:
properties:
directNodeSelector:
type: string
nodeLabelList:
items:
type: string
type: array
providerInterfaceName:
type: string
required:
- directNodeSelector
- providerInterfaceName
type: object
dns:
properties:
domain:
type: string
nameservers:
items:
type: string
type: array
options:
items:
type: string
type: array
search:
items:
type: string
type: array
type: object
ipv4Subnets:
items:
properties:
excludeIps:
type: string
gateway:
type: string
name:
type: string
subnet:
type: string
required:
- name
- subnet
type: object
type: array
ipv6Subnets:
items:
properties:
excludeIps:
type: string
gateway:
type: string
name:
type: string
subnet:
type: string
required:
- name
- subnet
type: object
type: array
providerNetType:
type: string
routes:
items:
properties:
dst:
type: string
gw:
type: string
required:
- dst
type: object
type: array
vlan:
properties:
logicalInterfaceName:
type: string
nodeLabelList:
items:
type: string
type: array
providerInterfaceName:
type: string
vlanId:
type: string
vlanNodeSelector:
type: string
required:
- providerInterfaceName
- vlanId
- vlanNodeSelector
type: object
required:
- cniType
- ipv4Subnets
- providerNetType
type: object
status:
description: ProviderNetworkStatus defines the observed state of ProviderNetwork
properties:
state:
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
of cluster Important: Run "operator-sdk generate k8s" to regenerate
code after modifying this file Add custom validation using kubebuilder
tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
type: string
required:
- state
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: k8s-nfn-sa
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: k8s-nfn-cr
rules:
- apiGroups:
- ""
resources:
- pods
- pods/status
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
- nodes
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- apps
resourceNames:
- nfn-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- k8s.plugin.opnfv.org
resources:
- '*'
- providernetworks
verbs:
- '*'
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: k8s-nfn-crb
subjects:
- kind: Group
name: system:serviceaccounts
apiGroup: rbac.authorization.k8s.io
roleRef:
kind: ClusterRole
name: k8s-nfn-cr
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: Service
metadata:
name: nfn-operator
namespace: kube-system
spec:
type: NodePort
ports:
- port: 50000
protocol: TCP
targetPort: 50000
selector:
name: nfn-operator
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ovn-controller-network
namespace: kube-system
data:
OVN_SUBNET: "{{ kube_pods_subnet }}"
OVN_GATEWAYIP: "{{ kube_pods_subnet|ipaddr('net')|ipaddr(1) }}"
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nfn-operator
namespace: kube-system
spec:
replicas: 1
selector:
matchLabels:
name: nfn-operator
template:
metadata:
labels:
name: nfn-operator
spec:
hostNetwork: true
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: ovn4nfv-k8s-plugin
operator: In
values:
- ovn-control-plane
tolerations:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
operator: "Exists"
serviceAccountName: k8s-nfn-sa
containers:
- name: nfn-operator
image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
command: ["/usr/local/bin/entrypoint", "operator"]
imagePullPolicy: {{ k8s_image_pull_policy }}
envFrom:
- configMapRef:
name: ovn-controller-network
ports:
- containerPort: 50000
protocol: TCP
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: OPERATOR_NAME
value: "nfn-operator"
---
kind: ConfigMap
apiVersion: v1
metadata:
name: ovn4nfv-cni-config
namespace: kube-system
labels:
app: ovn4nfv
data:
ovn4nfv_k8s.conf: |
[logging]
loglevel=5
logfile=/var/log/openvswitch/ovn4k8s.log
[cni]
conf-dir=/etc/cni/net.d
plugin=ovn4nfvk8s-cni
[kubernetes]
kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
00-network.conf: |
{
"name": "ovn4nfv-k8s-plugin",
"type": "ovn4nfvk8s-cni",
"cniVersion": "0.3.1"
}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ovn4nfv-cni
namespace: kube-system
labels:
app: ovn4nfv
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: ovn4nfv
template:
metadata:
labels:
app: ovn4nfv
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: k8s-nfn-sa
containers:
- name: ovn4nfv
image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
command: ["/usr/local/bin/entrypoint", "cni"]
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
requests:
cpu: {{ ovn4nfv_cni_cpu_request }}
memory: {{ ovn4nfv_cni_memory_request }}
limits:
cpu: {{ ovn4nfv_cni_cpu_limit }}
memory: {{ ovn4nfv_cni_memory_limit }}
securityContext:
privileged: true
volumeMounts:
- name: cni
mountPath: /host/etc/cni/net.d
- name: cnibin
mountPath: /host/opt/cni/bin
- name: cniconf
mountPath: /host/etc/openvswitch
- name: ovn4nfv-cfg
mountPath: /tmp/ovn4nfv-conf
- name: ovn4nfv-cni-net-conf
mountPath: /tmp/ovn4nfv-cni
volumes:
- name: cni
hostPath:
path: /etc/cni/net.d
- name: cnibin
hostPath:
path: /opt/cni/bin
- name: cniconf
hostPath:
path: /etc/openvswitch
- name: ovn4nfv-cfg
configMap:
name: ovn4nfv-cni-config
items:
- key: ovn4nfv_k8s.conf
path: ovn4nfv_k8s.conf
- name: ovn4nfv-cni-net-conf
configMap:
name: ovn4nfv-cni-config
items:
- key: 00-network.conf
path: 00-network.conf
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nfn-agent
namespace: kube-system
labels:
app: nfn-agent
spec:
selector:
matchLabels:
app: nfn-agent
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: nfn-agent
spec:
hostNetwork: true
hostPID: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: k8s-nfn-sa
containers:
- name: nfn-agent
image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
command: ["/usr/local/bin/entrypoint", "agent"]
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
requests:
cpu: {{ nfn_agent_cpu_request }}
memory: {{ nfn_agent_memory_request }}
limits:
cpu: {{ nfn_agent_cpu_limit }}
memory: {{ nfn_agent_memory_limit }}
env:
- name: NFN_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
runAsUser: 0
capabilities:
add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
privileged: true
volumeMounts:
- mountPath: /var/run/dbus/
name: host-var-run-dbus
readOnly: true
- mountPath: /run/openvswitch
name: host-run-ovs
- mountPath: /var/run/openvswitch
name: host-var-run-ovs
- mountPath: /var/run/ovn4nfv-k8s-plugin
name: host-var-cniserver-socket-dir
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-var-run-ovs
hostPath:
path: /var/run/openvswitch
- name: host-var-run-dbus
hostPath:
path: /var/run/dbus
- name: host-var-cniserver-socket-dir
hostPath:
path: /var/run/ovn4nfv-k8s-plugin

9
tests/files/packet_ubuntu18-ovn4nfv.yml Normal file
View file

@ -0,0 +1,9 @@
---
# Instance settings
cloud_image: ubuntu-1804
mode: default
# Kubespray settings
kube_network_plugin: ovn4nfv
deploy_netchecker: true
dns_min_replicas: 1