Update kube-ovn to 1.5.2 (#6610)
This commit is contained in:
Florian Ruynat
GitHub
parent
405692d793
commit
d40701463f
4 changed files with 80 additions and 12 deletions
|
|
@ -128,7 +128,7 @@ Note: Upstart/SysV init based OS types are not supported.
|
||||||
- [cilium](https://github.com/cilium/cilium) v1.8.5
|
- [cilium](https://github.com/cilium/cilium) v1.8.5
|
||||||
- [contiv](https://github.com/contiv/install) v1.2.1
|
- [contiv](https://github.com/contiv/install) v1.2.1
|
||||||
- [flanneld](https://github.com/coreos/flannel) v0.13.0
|
- [flanneld](https://github.com/coreos/flannel) v0.13.0
|
||||||
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.3.0
|
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.5.2
|
||||||
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.1.0
|
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.1.0
|
||||||
- [multus](https://github.com/intel/multus-cni) v3.6.0
|
- [multus](https://github.com/intel/multus-cni) v3.6.0
|
||||||
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
|
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
|
||||||
|
|
|
||||||
|
|
@ -80,7 +80,7 @@ weave_version: 2.7.0
|
||||||
pod_infra_version: "3.3"
|
pod_infra_version: "3.3"
|
||||||
contiv_version: 1.2.1
|
contiv_version: 1.2.1
|
||||||
cilium_version: "v1.8.5"
|
cilium_version: "v1.8.5"
|
||||||
kube_ovn_version: "v1.3.0"
|
kube_ovn_version: "v1.5.2"
|
||||||
kube_router_version: "v1.1.0"
|
kube_router_version: "v1.1.0"
|
||||||
multus_version: "v3.6"
|
multus_version: "v3.6"
|
||||||
ovn4nfv_ovn_image_version: "v1.0.0"
|
ovn4nfv_ovn_image_version: "v1.0.0"
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ metadata:
|
||||||
kubernetes.io/description: |
|
kubernetes.io/description: |
|
||||||
kube-ovn controller
|
kube-ovn controller
|
||||||
spec:
|
spec:
|
||||||
replicas: 2
|
replicas: 1
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: kube-ovn-controller
|
app: kube-ovn-controller
|
||||||
|
|
@ -46,6 +46,8 @@ spec:
|
||||||
args:
|
args:
|
||||||
- --default-cidr={{ kube_pods_subnet }}
|
- --default-cidr={{ kube_pods_subnet }}
|
||||||
env:
|
env:
|
||||||
|
- name: ENABLE_SSL
|
||||||
|
value: "false"
|
||||||
- name: POD_NAME
|
- name: POD_NAME
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
|
@ -58,12 +60,16 @@ spec:
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: spec.nodeName
|
fieldPath: spec.nodeName
|
||||||
|
volumeMounts:
|
||||||
|
- mountPath: /var/run/tls
|
||||||
|
name: kube-ovn-tls
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- /kube-ovn/kube-ovn-controller-healthcheck.sh
|
- /kube-ovn/kube-ovn-controller-healthcheck.sh
|
||||||
periodSeconds: 3
|
periodSeconds: 3
|
||||||
|
timeoutSeconds: 45
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
|
@ -72,9 +78,14 @@ spec:
|
||||||
initialDelaySeconds: 300
|
initialDelaySeconds: 300
|
||||||
periodSeconds: 7
|
periodSeconds: 7
|
||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
|
timeoutSeconds: 45
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: "linux"
|
kubernetes.io/os: "linux"
|
||||||
|
volumes:
|
||||||
|
- name: kube-ovn-tls
|
||||||
|
secret:
|
||||||
|
optional: true
|
||||||
|
secretName: kube-ovn-tls
|
||||||
---
|
---
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
|
|
@ -88,8 +99,6 @@ spec:
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: kube-ovn-cni
|
app: kube-ovn-cni
|
||||||
updateStrategy:
|
|
||||||
type: OnDelete
|
|
||||||
template:
|
template:
|
||||||
metadata:
|
metadata:
|
||||||
labels:
|
labels:
|
||||||
|
|
@ -112,8 +121,6 @@ spec:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /etc/cni/net.d
|
|
||||||
name: cni-conf
|
|
||||||
- mountPath: /opt/cni/bin
|
- mountPath: /opt/cni/bin
|
||||||
name: cni-bin
|
name: cni-bin
|
||||||
containers:
|
containers:
|
||||||
|
|
@ -131,6 +138,8 @@ spec:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
|
- name: ENABLE_SSL
|
||||||
|
value: "false"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
|
@ -140,6 +149,8 @@ spec:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: spec.nodeName
|
fieldPath: spec.nodeName
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- mountPath: /etc/cni/net.d
|
||||||
|
name: cni-conf
|
||||||
- mountPath: /run/openvswitch
|
- mountPath: /run/openvswitch
|
||||||
name: host-run-ovs
|
name: host-run-ovs
|
||||||
- mountPath: /run/ovn
|
- mountPath: /run/ovn
|
||||||
|
|
@ -221,6 +232,8 @@ spec:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: false
|
privileged: false
|
||||||
env:
|
env:
|
||||||
|
- name: ENABLE_SSL
|
||||||
|
value: "false"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
|
@ -256,6 +269,8 @@ spec:
|
||||||
name: host-log-ovs
|
name: host-log-ovs
|
||||||
- mountPath: /var/log/ovn
|
- mountPath: /var/log/ovn
|
||||||
name: host-log-ovn
|
name: host-log-ovn
|
||||||
|
- mountPath: /var/run/tls
|
||||||
|
name: kube-ovn-tls
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ kube_ovn_pinger_cpu_request }}
|
cpu: {{ kube_ovn_pinger_cpu_request }}
|
||||||
|
|
@ -287,6 +302,10 @@ spec:
|
||||||
- name: host-log-ovn
|
- name: host-log-ovn
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/log/ovn
|
path: /var/log/ovn
|
||||||
|
- name: kube-ovn-tls
|
||||||
|
secret:
|
||||||
|
optional: true
|
||||||
|
secretName: kube-ovn-tls
|
||||||
---
|
---
|
||||||
kind: Service
|
kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,31 @@
|
||||||
|
apiVersion: policy/v1beta1
|
||||||
|
kind: PodSecurityPolicy
|
||||||
|
metadata:
|
||||||
|
name: kube-ovn
|
||||||
|
annotations:
|
||||||
|
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
|
||||||
|
spec:
|
||||||
|
privileged: true
|
||||||
|
allowPrivilegeEscalation: true
|
||||||
|
allowedCapabilities:
|
||||||
|
- '*'
|
||||||
|
volumes:
|
||||||
|
- '*'
|
||||||
|
hostNetwork: true
|
||||||
|
hostPorts:
|
||||||
|
- min: 0
|
||||||
|
max: 65535
|
||||||
|
hostIPC: true
|
||||||
|
hostPID: true
|
||||||
|
runAsUser:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
seLinux:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
supplementalGroups:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
fsGroup:
|
||||||
|
rule: 'RunAsAny'
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: ConfigMap
|
kind: ConfigMap
|
||||||
|
|
@ -27,6 +55,7 @@ rules:
|
||||||
- subnets/status
|
- subnets/status
|
||||||
- ips
|
- ips
|
||||||
- vlans
|
- vlans
|
||||||
|
- networks
|
||||||
verbs:
|
verbs:
|
||||||
- "*"
|
- "*"
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
|
|
@ -81,7 +110,6 @@ subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: ovn
|
name: ovn
|
||||||
namespace: kube-system
|
namespace: kube-system
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: Service
|
kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
@ -99,7 +127,6 @@ spec:
|
||||||
app: ovn-central
|
app: ovn-central
|
||||||
ovn-nb-leader: "true"
|
ovn-nb-leader: "true"
|
||||||
sessionAffinity: None
|
sessionAffinity: None
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: Service
|
kind: Service
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
|
|
@ -117,7 +144,6 @@ spec:
|
||||||
app: ovn-central
|
app: ovn-central
|
||||||
ovn-sb-leader: "true"
|
ovn-sb-leader: "true"
|
||||||
sessionAffinity: None
|
sessionAffinity: None
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: Deployment
|
kind: Deployment
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
|
|
@ -166,6 +192,8 @@ spec:
|
||||||
capabilities:
|
capabilities:
|
||||||
add: ["SYS_NICE"]
|
add: ["SYS_NICE"]
|
||||||
env:
|
env:
|
||||||
|
- name: ENABLE_SSL
|
||||||
|
value: "false"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
|
|
@ -201,12 +229,15 @@ spec:
|
||||||
name: host-log-ovs
|
name: host-log-ovs
|
||||||
- mountPath: /var/log/ovn
|
- mountPath: /var/log/ovn
|
||||||
name: host-log-ovn
|
name: host-log-ovn
|
||||||
|
- mountPath: /var/run/tls
|
||||||
|
name: kube-ovn-tls
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- /kube-ovn/ovn-is-leader.sh
|
- /kube-ovn/ovn-is-leader.sh
|
||||||
periodSeconds: 3
|
periodSeconds: 3
|
||||||
|
timeoutSeconds: 45
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
|
@ -215,6 +246,7 @@ spec:
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
periodSeconds: 7
|
periodSeconds: 7
|
||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
|
timeoutSeconds: 45
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
kubernetes.io/os: "linux"
|
kubernetes.io/os: "linux"
|
||||||
kube-ovn/role: "master"
|
kube-ovn/role: "master"
|
||||||
|
|
@ -240,7 +272,10 @@ spec:
|
||||||
- name: host-log-ovn
|
- name: host-log-ovn
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/log/ovn
|
path: /var/log/ovn
|
||||||
|
- name: kube-ovn-tls
|
||||||
|
secret:
|
||||||
|
optional: true
|
||||||
|
secretName: kube-ovn-tls
|
||||||
---
|
---
|
||||||
kind: DaemonSet
|
kind: DaemonSet
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
|
|
@ -279,12 +314,18 @@ spec:
|
||||||
runAsUser: 0
|
runAsUser: 0
|
||||||
privileged: true
|
privileged: true
|
||||||
env:
|
env:
|
||||||
|
- name: ENABLE_SSL
|
||||||
|
value: "false"
|
||||||
- name: POD_IP
|
- name: POD_IP
|
||||||
valueFrom:
|
valueFrom:
|
||||||
fieldRef:
|
fieldRef:
|
||||||
fieldPath: status.podIP
|
fieldPath: status.podIP
|
||||||
- name: HW_OFFLOAD
|
- name: HW_OFFLOAD
|
||||||
value: "false"
|
value: "false"
|
||||||
|
- name: KUBE_NODE_NAME
|
||||||
|
valueFrom:
|
||||||
|
fieldRef:
|
||||||
|
fieldPath: spec.nodeName
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- mountPath: /lib/modules
|
- mountPath: /lib/modules
|
||||||
name: host-modules
|
name: host-modules
|
||||||
|
|
@ -304,12 +345,15 @@ spec:
|
||||||
name: host-log-ovs
|
name: host-log-ovs
|
||||||
- mountPath: /var/log/ovn
|
- mountPath: /var/log/ovn
|
||||||
name: host-log-ovn
|
name: host-log-ovn
|
||||||
|
- mountPath: /var/run/tls
|
||||||
|
name: kube-ovn-tls
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
- sh
|
- sh
|
||||||
- /kube-ovn/ovs-healthcheck.sh
|
- /kube-ovn/ovs-healthcheck.sh
|
||||||
periodSeconds: 5
|
periodSeconds: 5
|
||||||
|
timeoutSeconds: 45
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command:
|
||||||
|
|
@ -318,6 +362,7 @@ spec:
|
||||||
initialDelaySeconds: 10
|
initialDelaySeconds: 10
|
||||||
periodSeconds: 5
|
periodSeconds: 5
|
||||||
failureThreshold: 5
|
failureThreshold: 5
|
||||||
|
timeoutSeconds: 45
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: {{ kube_ovn_node_cpu_request }}
|
cpu: {{ kube_ovn_node_cpu_request }}
|
||||||
|
|
@ -352,3 +397,7 @@ spec:
|
||||||
- name: host-log-ovn
|
- name: host-log-ovn
|
||||||
hostPath:
|
hostPath:
|
||||||
path: /var/log/ovn
|
path: /var/log/ovn
|
||||||
|
- name: kube-ovn-tls
|
||||||
|
secret:
|
||||||
|
optional: true
|
||||||
|
secretName: kube-ovn-tls
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue