C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update kube-ovn to 1.7.0 (#7686)

Browse source
This commit is contained in:
Florian Ruynat 2021-06-16 17:10:00 +02:00 committed by GitHub
parent 7f7e83a4d9
commit e77b9bf3ee
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 328 additions and 97 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -141,7 +141,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions) - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- [cilium](https://github.com/cilium/cilium) v1.8.9 - [cilium](https://github.com/cilium/cilium) v1.8.9
- [flanneld](https://github.com/coreos/flannel) v0.13.0 - [flanneld](https://github.com/coreos/flannel) v0.13.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.2 - [kube-ovn](https://github.com/alauda/kube-ovn) v1.7.0
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.2.2 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.2.2
- [multus](https://github.com/intel/multus-cni) v3.7.0 - [multus](https://github.com/intel/multus-cni) v3.7.0
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0 - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0

2
roles/download/defaults/main.yml
View file

@ -79,7 +79,7 @@ cni_version: "v0.9.1"
weave_version: 2.8.1 weave_version: 2.8.1
pod_infra_version: "3.3" pod_infra_version: "3.3"
cilium_version: "v1.8.9" cilium_version: "v1.8.9"
kube_ovn_version: "v1.6.2" kube_ovn_version: "v1.7.0"
kube_router_version: "v1.2.2" kube_router_version: "v1.2.2"
multus_version: "v3.7" multus_version: "v3.7"
ovn4nfv_ovn_image_version: "v1.0.0" ovn4nfv_ovn_image_version: "v1.0.0"

6
roles/network_plugin/kube-ovn/defaults/main.yml
View file

@ -15,8 +15,10 @@ kube_ovn_pinger_cpu_request: 100m
kube_ovn_pinger_memory_request: 200Mi kube_ovn_pinger_memory_request: 200Mi
kube_ovn_pinger_cpu_limit: 200m kube_ovn_pinger_cpu_limit: 200m
kube_ovn_pinger_memory_limit: 400Mi kube_ovn_pinger_memory_limit: 400Mi
kube_ovn_monitor_cpu_request: 500m kube_ovn_monitor_memory_request: 200Mi
kube_ovn_monitor_memory_request: 300Mi kube_ovn_monitor_cpu_request: 200m
kube_ovn_monitor_memory_limit: 200Mi
kube_ovn_monitor_cpu_limit: 200m
traffic_mirror: true traffic_mirror: true
encap_checksum: false encap_checksum: false

136
roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
View file

@ -9,9 +9,12 @@ spec:
served: true served: true
storage: true storage: true
additionalPrinterColumns: additionalPrinterColumns:
- name: IP - name: V4IP
type: string type: string
jsonPath: .spec.ipAddress jsonPath: .spec.v4IpAddress
- name: V6IP
type: string
jsonPath: .spec.v6IpAddress
- name: Mac - name: Mac
type: string type: string
jsonPath: .spec.macAddress jsonPath: .spec.macAddress
@ -42,6 +45,10 @@ spec:
type: string type: string
ipAddress: ipAddress:
type: string type: string
v4IpAddress:
type: string
v6IpAddress:
type: string
attachIps: attachIps:
type: array type: array
items: items:
@ -93,18 +100,33 @@ spec:
- name: NAT - name: NAT
type: boolean type: boolean
jsonPath: .spec.natOutgoing jsonPath: .spec.natOutgoing
- name: ExternalEgressGateway
type: string
jsonPath: .spec.externalEgressGateway
- name: PolicyRoutingPriority
type: integer
jsonPath: .spec.policyRoutingPriority
- name: PolicyRoutingTableID
type: integer
jsonPath: .spec.policyRoutingTableID
- name: Default - name: Default
type: boolean type: boolean
jsonPath: .spec.default jsonPath: .spec.default
- name: GatewayType - name: GatewayType
type: string type: string
jsonPath: .spec.gatewayType jsonPath: .spec.gatewayType
- name: Used - name: V4Used
type: number type: number
jsonPath: .status.usingIPs jsonPath: .status.v4usingIPs
- name: Available - name: V4Available
type: number type: number
jsonPath: .status.availableIPs jsonPath: .status.v4availableIPs
- name: V6Used
type: number
jsonPath: .status.v6usingIPs
- name: V6Available
type: number
jsonPath: .status.v6availableIPs
schema: schema:
openAPIV3Schema: openAPIV3Schema:
type: object type: object
@ -112,9 +134,13 @@ spec:
status: status:
type: object type: object
properties: properties:
availableIPs: v4availableIPs:
type: number type: number
usingIPs: v4usingIPs:
type: number
v6availableIPs:
type: number
v6usingIPs:
type: number type: number
activateGateway: activateGateway:
type: string type: string
@ -168,6 +194,22 @@ spec:
type: string type: string
natOutgoing: natOutgoing:
type: boolean type: boolean
externalEgressGateway:
type: string
policyRoutingPriority:
type: integer
minimum: 1
maximum: 32765
policyRoutingTableID:
type: integer
minimum: 1
maximum: 2147483647
not:
enum:
- 252 # compat
- 253 # default
- 254 # main
- 255 # local
private: private:
type: boolean type: boolean
vlan: vlan:
@ -316,3 +358,81 @@ spec:
- vpc - vpc
singular: vpc singular: vpc
scope: Cluster scope: Cluster
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: vpc-nat-gateways.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vpc-nat-gateways
singular: vpc-nat-gateway
shortNames:
- vpc-nat-gw
kind: VpcNatGateway
listKind: VpcNatGatewayList
scope: Cluster
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
dnatRules:
type: array
items:
type: object
properties:
eip:
type: string
externalPort:
type: string
internalIp:
type: string
internalPort:
type: string
protocol:
type: string
eips:
type: array
items:
type: object
properties:
eipCIDR:
type: string
gateway:
type: string
floatingIpRules:
type: array
items:
type: object
properties:
eip:
type: string
internalIp:
type: string
lanIp:
type: string
snatRules:
type: array
items:
type: object
properties:
eip:
type: string
internalCIDR:
type: string
subnet:
type: string
vpc:
type: string
subresources:
status: {}
conversion:
strategy: None

159
roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
View file

@ -44,6 +44,7 @@ spec:
- /kube-ovn/start-controller.sh - /kube-ovn/start-controller.sh
args: args:
- --default-cidr={{ kube_pods_subnet }} - --default-cidr={{ kube_pods_subnet }}
- --pod-nic-type=veth-pair
env: env:
- name: ENABLE_SSL - name: ENABLE_SSL
value: "{{ enable_ssl | lower }}" value: "{{ enable_ssl | lower }}"
@ -60,6 +61,8 @@ spec:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
volumeMounts: volumeMounts:
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls - mountPath: /var/run/tls
name: kube-ovn-tls name: kube-ovn-tls
readinessProbe: readinessProbe:
@ -88,6 +91,9 @@ spec:
nodeSelector: nodeSelector:
kubernetes.io/os: "linux" kubernetes.io/os: "linux"
volumes: volumes:
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls - name: kube-ovn-tls
secret: secret:
optional: true optional: true
@ -166,6 +172,8 @@ spec:
- mountPath: /var/run/netns - mountPath: /var/run/netns
name: host-ns name: host-ns
mountPropagation: HostToContainer mountPropagation: HostToContainer
- mountPath: /etc/localtime
name: localtime
readinessProbe: readinessProbe:
exec: exec:
command: command:
@ -207,6 +215,9 @@ spec:
- name: host-ns - name: host-ns
hostPath: hostPath:
path: /var/run/netns path: /var/run/netns
- name: localtime
hostPath:
path: /etc/localtime
--- ---
kind: DaemonSet kind: DaemonSet
@ -280,6 +291,8 @@ spec:
name: host-log-ovs name: host-log-ovs
- mountPath: /var/log/ovn - mountPath: /var/log/ovn
name: host-log-ovn name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls - mountPath: /var/run/tls
name: kube-ovn-tls name: kube-ovn-tls
resources: resources:
@ -313,11 +326,157 @@ spec:
- name: host-log-ovn - name: host-log-ovn
hostPath: hostPath:
path: /var/log/ovn path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls - name: kube-ovn-tls
secret: secret:
optional: true optional: true
secretName: kube-ovn-tls secretName: kube-ovn-tls
--- ---
kind: Deployment
apiVersion: apps/v1
metadata:
name: kube-ovn-monitor
namespace: kube-system
annotations:
kubernetes.io/description: |
Metrics for OVN components: northd, nb and sb.
spec:
replicas: 1
strategy:
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
app: kube-ovn-monitor
template:
metadata:
labels:
app: kube-ovn-monitor
component: network
type: infra
spec:
tolerations:
- operator: Exists
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
app: kube-ovn-monitor
topologyKey: kubernetes.io/hostname
priorityClassName: system-cluster-critical
serviceAccountName: ovn
containers:
- name: kube-ovn-monitor
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command: ["/kube-ovn/start-ovn-monitor.sh"]
securityContext:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "{{ enable_ssl | lower }}"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
resources:
requests:
cpu: {{ kube_ovn_monitor_cpu_request }}
memory: {{ kube_ovn_monitor_memory_request }}
limits:
cpu: {{ kube_ovn_monitor_cpu_limit }}
memory: {{ kube_ovn_monitor_memory_limit }}
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- cat
- /var/run/ovn/ovnnb_db.pid
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- cat
- /var/run/ovn/ovn-nbctl.pid
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
volumes:
- name: host-run-ovs
hostPath:
path: /run/openvswitch
- name: host-run-ovn
hostPath:
path: /run/ovn
- name: host-sys
hostPath:
path: /sys
- name: host-config-openvswitch
hostPath:
path: /etc/origin/openvswitch
- name: host-config-ovn
hostPath:
path: /etc/origin/ovn
- name: host-log-ovs
hostPath:
path: /var/log/openvswitch
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-monitor
namespace: kube-system
labels:
app: kube-ovn-monitor
spec:
ports:
- name: metrics
port: 10661
type: ClusterIP
selector:
app: kube-ovn-monitor
sessionAffinity: None
---
kind: Service kind: Service
apiVersion: v1 apiVersion: v1
metadata: metadata:

120
roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
View file

@ -27,19 +27,18 @@ spec:
rule: 'RunAsAny' rule: 'RunAsAny'
--- ---
apiVersion: v1 apiVersion: v1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: ovn-config name: ovn-config
namespace: kube-system namespace: kube-system
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: ovn name: ovn
namespace: kube-system namespace: kube-system
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@ -63,6 +62,7 @@ rules:
- subnets/status - subnets/status
- vpcs - vpcs
- vpcs/status - vpcs/status
- vpc-nat-gateways
- ips - ips
- vlans - vlans
- networks - networks
@ -72,6 +72,7 @@ rules:
- "" - ""
resources: resources:
- pods - pods
- pods/exec
- namespaces - namespaces
- nodes - nodes
- configmaps - configmaps
@ -82,6 +83,16 @@ rules:
- watch - watch
- patch - patch
- update - update
- apiGroups:
- "k8s.cni.cncf.io"
resources:
- network-attachment-definitions
verbs:
- create
- delete
- get
- list
- update
- apiGroups: - apiGroups:
- "" - ""
- networking.k8s.io - networking.k8s.io
@ -95,6 +106,10 @@ rules:
- daemonsets - daemonsets
- deployments - deployments
verbs: verbs:
- create
- delete
- update
- patch
- get - get
- list - list
- watch - watch
@ -106,7 +121,6 @@ rules:
- create - create
- patch - patch
- update - update
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@ -172,22 +186,6 @@ spec:
ovn-northd-leader: "true" ovn-northd-leader: "true"
sessionAffinity: None sessionAffinity: None
--- ---
kind: Service
apiVersion: v1
metadata:
name: kube-ovn-monitor
namespace: kube-system
labels:
app: kube-ovn-monitor
spec:
ports:
- name: metrics
port: 10661
type: ClusterIP
selector:
app: ovn-central
sessionAffinity: None
---
kind: Deployment kind: Deployment
apiVersion: apps/v1 apiVersion: apps/v1
metadata: metadata:
@ -214,7 +212,7 @@ spec:
type: infra type: infra
spec: spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
affinity: affinity:
podAntiAffinity: podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution: requiredDuringSchedulingIgnoredDuringExecution:
@ -225,7 +223,6 @@ spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
serviceAccountName: ovn serviceAccountName: ovn
hostNetwork: true hostNetwork: true
shareProcessNamespace: true
containers: containers:
- name: ovn-central - name: ovn-central
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }} image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
@ -272,6 +269,8 @@ spec:
name: host-log-ovs name: host-log-ovs
- mountPath: /var/log/ovn - mountPath: /var/log/ovn
name: host-log-ovn name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls - mountPath: /var/run/tls
name: kube-ovn-tls name: kube-ovn-tls
readinessProbe: readinessProbe:
@ -284,69 +283,12 @@ spec:
livenessProbe: livenessProbe:
exec: exec:
command: command:
- bash - bash
- /kube-ovn/ovn-healthcheck.sh - /kube-ovn/ovn-healthcheck.sh
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 7 periodSeconds: 7
failureThreshold: 5 failureThreshold: 5
timeoutSeconds: 45 timeoutSeconds: 45
- name: ovn-monitor
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command: ["/kube-ovn/start-ovn-monitor.sh"]
env:
- name: ENABLE_SSL
value: "{{ enable_ssl | lower }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
resources:
requests:
cpu: {{ kube_ovn_monitor_cpu_request }}
memory: {{ kube_ovn_monitor_memory_request }}
volumeMounts:
- mountPath: /var/run/openvswitch
name: host-run-ovs
- mountPath: /var/run/ovn
name: host-run-ovn
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /etc/openvswitch
name: host-config-openvswitch
- mountPath: /etc/ovn
name: host-config-ovn
- mountPath: /var/log/openvswitch
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- cat
- /var/run/ovn/ovnnb_db.pid
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- cat
- /var/run/ovn/ovn-nbctl.pid
initialDelaySeconds: 30
periodSeconds: 10
failureThreshold: 5
timeoutSeconds: 45
nodeSelector: nodeSelector:
kubernetes.io/os: "linux" kubernetes.io/os: "linux"
kube-ovn/role: "master" kube-ovn/role: "master"
@ -372,6 +314,9 @@ spec:
- name: host-log-ovn - name: host-log-ovn
hostPath: hostPath:
path: /var/log/ovn path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls - name: kube-ovn-tls
secret: secret:
optional: true optional: true
@ -399,7 +344,7 @@ spec:
type: infra type: infra
spec: spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
serviceAccountName: ovn serviceAccountName: ovn
hostNetwork: true hostNetwork: true
@ -444,20 +389,22 @@ spec:
name: host-log-ovs name: host-log-ovs
- mountPath: /var/log/ovn - mountPath: /var/log/ovn
name: host-log-ovn name: host-log-ovn
- mountPath: /etc/localtime
name: localtime
- mountPath: /var/run/tls - mountPath: /var/run/tls
name: kube-ovn-tls name: kube-ovn-tls
readinessProbe: readinessProbe:
exec: exec:
command: command:
- bash - bash
- /kube-ovn/ovs-healthcheck.sh - /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5 periodSeconds: 5
timeoutSeconds: 45 timeoutSeconds: 45
livenessProbe: livenessProbe:
exec: exec:
command: command:
- bash - bash
- /kube-ovn/ovs-healthcheck.sh - /kube-ovn/ovs-healthcheck.sh
initialDelaySeconds: 10 initialDelaySeconds: 10
periodSeconds: 5 periodSeconds: 5
failureThreshold: 5 failureThreshold: 5
@ -496,6 +443,9 @@ spec:
- name: host-log-ovn - name: host-log-ovn
hostPath: hostPath:
path: /var/log/ovn path: /var/log/ovn
- name: localtime
hostPath:
path: /etc/localtime
- name: kube-ovn-tls - name: kube-ovn-tls
secret: secret:
optional: true optional: true