[kube-ovn]: some feature

kube-ovn vlan mode
ipv6/ipv4 dual stack
...

inventory/sample/group_vars/k8s_cluster/k8s-cluster.yml

@@ -62,7 +62,7 @@ credentials_dir: "{{ inventory_dir }}/credentials"
 # kube_webhook_authorization_url: https://...
 # kube_webhook_authorization_url_skip_tls_verify: false
 
-# Choose network plugin (cilium, calico, weave or flannel. Use cni for generic cni plugin)
+# Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin)
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 

inventory/sample/group_vars/k8s_cluster/k8s-net-kube-ovn.yml

@@ -0,0 +1,61 @@
+---
+
+# geneve or vlan
+kube_ovn_network_type: geneve
+
+# geneve, vxlan or stt. ATTENTION: some networkpolicy cannot take effect when using vxlan and stt need custom compile ovs kernel module
+kube_ovn_tunnel_type: geneve
+
+## The nic to support container network can be a nic name or a group of regex separated by comma e.g: 'enp6s0f0,eth.*', if empty will use the nic that the default route use.
+# kube_ovn_iface: eth1
+## The MTU used by pod iface in overlay networks (default iface MTU - 100)
+# kube_ovn_mtu: 1333
+
+## Enable hw-offload, disable traffic mirror and set the iface to the physical port. Make sure that there is an IP address bind to the physical port.
+kube_ovn_hw_offload: false
+# traffic mirror
+kube_ovn_traffic_mirror: false
+
+# kube_ovn_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
+# kube_ovn_default_interface_name: eth0
+
+kube_ovn_external_address: 8.8.8.8
+kube_ovn_external_address_ipv6: 2400:3200::1
+kube_ovn_external_dns: alauda.cn
+
+# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
+kube_ovn_default_gateway_check: true
+kube_ovn_default_logical_gateway: false
+# kube_ovn_default_exclude_ips: 10.16.0.1
+kube_ovn_node_switch_cidr: 100.64.0.0/16
+kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
+
+## vlan config, set default interface name and vlan id
+kube_ovn_vlan_mode_enabled: false
+# kube_ovn_default_interface_name: eth0
+kube_ovn_default_vlan_id: 100
+kube_ovn_vlan_name: product
+
+kube_ovn_cidr: 10.100.0.0/16
+kube_ovn_gateway: 10.100.0.1
+
+## pod nic type, support: veth-pair or internal-port
+kube_ovn_pod_nic_type: veth_pair
+
+## Enable load balancer
+kube_ovn_enable_lb: true
+
+## Enable network policy support
+kube_ovn_enable_np: true
+
+## Enable external vpc support
+kube_ovn_enable_external_vpc: true
+
+## Enable checksum
+kube_ovn_encap_checksum: true
+
+## enable ssl
+kube_ovn_enable_ssl: false
+
+## dpdk
+kube_ovn_dpdk_enabled: false

roles/download/defaults/main.yml

@@ -111,7 +111,8 @@ cni_version: "v1.0.1"
 weave_version: 2.8.1
 pod_infra_version: "3.3"
 cilium_version: "v1.11.1"
-kube_ovn_version: "v1.8.1"
+kube_ovn_version: "v1.9.2"
+kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
 kube_router_version: "v1.4.0"
 multus_version: "v3.8"
 helm_version: "v3.8.2"
@@ -901,8 +902,10 @@ cilium_hubble_ui_backend_image_repo: "{{ quay_image_repo }}/cilium/hubble-ui-bac
 cilium_hubble_ui_backend_image_tag: "v0.7.3"
 cilium_hubble_envoy_image_repo: "{{ docker_image_repo }}/envoyproxy/envoy"
 cilium_hubble_envoy_image_tag: "v1.14.5"
-kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn"
-kube_ovn_container_image_tag: "{{ kube_ovn_version }}"
+kube_ovn_dpdk_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn"
+kube_ovn_dpdk_container_image_tag: "{{ kube_ovn_version }}"
+kube_ovn_container_image_repo: "{{ docker_image_repo }}/kubeovn/kube-ovn-dpdk"
+kube_ovn_container_image_tag: "{{ kube_ovn_dpdk_version }}"
 kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router"
 kube_router_image_tag: "{{ kube_router_version }}"
 multus_image_repo: "{{ github_image_repo }}/k8snetworkplumbingwg/multus-cni"

roles/kubespray-defaults/defaults/main.yaml

@@ -166,7 +166,7 @@ kube_external_ca_mode: false
 # Cluster Loglevel configuration
 kube_log_level: 2
 
-# Choose network plugin (cilium, calico, weave or flannel)
+# Choose network plugin (cilium, calico, kube-ovn, weave or flannel. Use cni for generic cni plugin)
 # Can also be set to 'cloud', which lets the cloud provider setup appropriate routing
 kube_network_plugin: calico
 kube_network_plugin_multus: false

roles/network_plugin/kube-ovn/defaults/main.yml

@@ -23,7 +23,70 @@ kube_ovn_monitor_memory_request: 200Mi
 kube_ovn_monitor_cpu_request: 200m
 kube_ovn_monitor_memory_limit: 200Mi
 kube_ovn_monitor_cpu_limit: 200m
+kube_ovn_dpdk_node_cpu_request: 1000m
+kube_ovn_dpdk_node_memory_request: 2Gi
+kube_ovn_dpdk_node_cpu_limit: 1000m
+kube_ovn_dpdk_node_memory_limit: 2Gi
 
-traffic_mirror: true
-encap_checksum: false
-enable_ssl: false
+kube_ovn_central_replics: 1
+kube_ovn_controller_replics: 1
+
+# geneve or vlan
+kube_ovn_network_type: geneve
+
+# geneve, vxlan or stt. ATTENTION: some networkpolicy cannot take effect when using vxlan and stt need custom compile ovs kernel module
+kube_ovn_tunnel_type: geneve
+
+## The nic to support container network can be a nic name or a group of regex separated by comma e.g: 'enp6s0f0,eth.*', if empty will use the nic that the default route use.
+# kube_ovn_iface: eth1
+## The MTU used by pod iface in overlay networks (default iface MTU - 100)
+# kube_ovn_mtu: 1333
+
+## Enable hw-offload, disable traffic mirror and set the iface to the physical port. Make sure that there is an IP address bind to the physical port.
+kube_ovn_hw_offload: false
+# traffic mirror
+kube_ovn_traffic_mirror: false
+
+# kube_ovn_pool_cidr_ipv6: fd85:ee78:d8a6:8607::1:0000/112
+# kube_ovn_default_interface_name: eth0
+
+kube_ovn_external_address: 8.8.8.8
+kube_ovn_external_address_ipv6: 2400:3200::1
+kube_ovn_external_dns: alauda.cn
+
+# kube_ovn_default_gateway: 10.233.64.1,fd85:ee78:d8a6:8607::1:0
+kube_ovn_default_gateway_check: true
+kube_ovn_default_logical_gateway: false
+# kube_ovn_default_exclude_ips: 10.16.0.1
+kube_ovn_node_switch_cidr: 100.64.0.0/16
+kube_ovn_node_switch_cidr_ipv6: fd00:100:64::/64
+
+## vlan config, set default interface name and vlan id
+kube_ovn_vlan_mode_enabled: false
+# kube_ovn_default_interface_name: eth0
+kube_ovn_default_vlan_id: 100
+kube_ovn_vlan_name: product
+
+kube_ovn_cidr: 10.100.0.0/16
+kube_ovn_gateway: 10.100.0.1
+
+## pod nic type, support: veth-pair or internal-port
+kube_ovn_pod_nic_type: veth_pair
+
+## Enable load balancer
+kube_ovn_enable_lb: true
+
+## Enable network policy support
+kube_ovn_enable_np: true
+
+## Enable external vpc support
+kube_ovn_enable_external_vpc: true
+
+## Enable checksum
+kube_ovn_encap_checksum: true
+
+## enable ssl
+kube_ovn_enable_ssl: false
+
+## dpdk
+kube_ovn_dpdk_enabled: false

roles/network_plugin/kube-ovn/tasks/main.yml

@@ -5,13 +5,26 @@
   when:
     - inventory_hostname == groups['kube_control_plane'][0]
 
-- name: Kube-OVN | Create Kube-OVN manifests
+- name: Kube-OVN | | Templates list
+  set_fact:
+    kube_ovn_node_templates:
+      - {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
+      - {name: ovn, file: cni-ovn.yml}
+      - {name: kube-ovn, file: cni-kube-ovn.yml}
+    kube_ovn_node_templates_for_vlan:
+      - {name: cni-vlan, file: cni-vlan.yml}
+
+- name: Kube-OVN | | Append extra templates to kube-ovn Templates list for vlan
+  set_fact:
+    kube_ovn_node_templates: "{{ kube_ovn_node_templates_for_vlan + kube_ovn_node_templates }}"
+  when: kube_ovn_vlan_mode_enabled
+
+- name: Kube-OVN | | Create manifests
   template:
     src: "{{ item.file }}.j2"
     dest: "{{ kube_config_dir }}/{{ item.file }}"
     mode: 0644
-  with_items:
-    - {name: kube-ovn-crd, file: cni-kube-ovn-crd.yml}
-    - {name: ovn, file: cni-ovn.yml}
-    - {name: kube-ovn, file: cni-kube-ovn.yml}
+  with_items: "{{ kube_ovn_node_templates }}"
   register: kube_ovn_node_manifests
+  when:
+    - inventory_hostname == groups['kube_control_plane'][0]