diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index d7961a6df..2ec9dbfe2 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -78,7 +78,7 @@ cni_version: "v0.9.0" weave_version: 2.7.0 pod_infra_version: "3.3" cilium_version: "v1.8.6" -kube_ovn_version: "v1.5.2" +kube_ovn_version: "v1.6.0" kube_router_version: "v1.1.1" multus_version: "v3.6" ovn4nfv_ovn_image_version: "v1.0.0" diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml index 8f02a8cf1..a4e43917e 100644 --- a/roles/network_plugin/kube-ovn/defaults/main.yml +++ b/roles/network_plugin/kube-ovn/defaults/main.yml @@ -1,14 +1,18 @@ --- -kube_ovn_db_cpu_request: 200m -kube_ovn_db_memory_request: 300Mi -kube_ovn_db_cpu_limit: 400m -kube_ovn_db_memory_limit: 500Mi -kube_ovn_node_cpu_request: 100m -kube_ovn_node_memory_request: 300Mi -kube_ovn_node_cpu_limit: 200m -kube_ovn_node_memory_limit: 500Mi +kube_ovn_db_cpu_request: 500m +kube_ovn_db_memory_request: 200Mi +kube_ovn_db_cpu_limit: 3000m +kube_ovn_db_memory_limit: 3000Mi +kube_ovn_node_cpu_request: 200m +kube_ovn_node_memory_request: 200Mi +kube_ovn_node_cpu_limit: 1000m +kube_ovn_node_memory_limit: 800Mi +kube_ovn_controller_cpu_request: 200m +kube_ovn_controller_memory_request: 200Mi +kube_ovn_controller_cpu_limit: 1000m +kube_ovn_controller_memory_limit: 1Gi kube_ovn_pinger_cpu_request: 100m -kube_ovn_pinger_memory_request: 300Mi +kube_ovn_pinger_memory_request: 200Mi kube_ovn_pinger_cpu_limit: 200m kube_ovn_pinger_memory_limit: 400Mi diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 index 28906be4f..44d683de5 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 @@ -78,6 +78,12 @@ spec: subresources: status: {} additionalPrinterColumns: + - name: Provider + type: string + jsonPath: .spec.provider + - name: Vpc + type: string + jsonPath: .spec.vpc - name: Protocol type: string jsonPath: .spec.protocol @@ -135,6 +141,8 @@ spec: spec: type: object properties: + vpc: + type: string default: type: boolean protocol: @@ -169,6 +177,8 @@ spec: type: string underlayGateway: type: boolean + disableInterConnection: + type: boolean scope: Cluster names: plural: subnets @@ -219,3 +229,93 @@ spec: kind: Vlan shortNames: - vlan +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: vpcs.kubeovn.io +spec: + group: kubeovn.io + versions: + - additionalPrinterColumns: + - jsonPath: .status.standby + name: Standby + type: boolean + - jsonPath: .status.subnets + name: Subnets + type: string + name: v1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + namespaces: + items: + type: string + type: array + staticRoutes: + items: + properties: + policy: + type: string + cidr: + type: string + nextHopIP: + type: string + type: object + type: array + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + type: string + lastUpdateTime: + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + default: + type: boolean + defaultLogicalSwitch: + type: string + router: + type: string + standby: + type: boolean + subnets: + items: + type: string + type: array + tcpLoadBalancer: + type: string + tcpSessionLoadBalancer: + type: string + udpLoadBalancer: + type: string + udpSessionLoadBalancer: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + names: + kind: Vpc + listKind: VpcList + plural: vpcs + shortNames: + - vpc + singular: vpc + scope: Cluster diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 index d405336d1..c0a20449b 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 @@ -66,19 +66,26 @@ spec: readinessProbe: exec: command: - - sh + - bash - /kube-ovn/kube-ovn-controller-healthcheck.sh periodSeconds: 3 timeoutSeconds: 45 livenessProbe: exec: command: - - sh + - bash - /kube-ovn/kube-ovn-controller-healthcheck.sh initialDelaySeconds: 300 periodSeconds: 7 failureThreshold: 5 timeoutSeconds: 45 + resources: + requests: + cpu: {{ kube_ovn_controller_cpu_request }} + memory: {{ kube_ovn_controller_memory_request }} + limits: + cpu: {{ kube_ovn_controller_cpu_limit }} + memory: {{ kube_ovn_controller_memory_limit }} nodeSelector: kubernetes.io/os: "linux" volumes: @@ -128,7 +135,7 @@ spec: image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} imagePullPolicy: {{ k8s_image_pull_policy }} command: - - sh + - bash - /kube-ovn/start-cniserver.sh args: - --enable-mirror={{ traffic_mirror }} diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 index dfaffca6c..1d6c64319 100644 --- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 +++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 @@ -48,11 +48,21 @@ metadata: rbac.authorization.k8s.io/system-only: "true" name: system:ovn rules: + - apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - kube-ovn - apiGroups: - "kubeovn.io" resources: - subnets - subnets/status + - vpcs + - vpcs/status - ips - vlans - networks @@ -157,8 +167,8 @@ spec: replicas: 1 strategy: rollingUpdate: - maxSurge: 0% - maxUnavailable: 100% + maxSurge: 0 + maxUnavailable: 1 type: RollingUpdate selector: matchLabels: @@ -234,14 +244,14 @@ spec: readinessProbe: exec: command: - - sh + - bash - /kube-ovn/ovn-is-leader.sh periodSeconds: 3 timeoutSeconds: 45 livenessProbe: exec: command: - - sh + - bash - /kube-ovn/ovn-healthcheck.sh initialDelaySeconds: 30 periodSeconds: 7 @@ -350,14 +360,14 @@ spec: readinessProbe: exec: command: - - sh + - bash - /kube-ovn/ovs-healthcheck.sh periodSeconds: 5 timeoutSeconds: 45 livenessProbe: exec: command: - - sh + - bash - /kube-ovn/ovs-healthcheck.sh initialDelaySeconds: 10 periodSeconds: 5