Skip to content

Commit

Permalink
Update kube-ovn to 1.5.2 (#6610)
Browse files Browse the repository at this point in the history
  • Loading branch information
floryut authored Nov 26, 2020
1 parent 405692d commit d407014
Show file tree
Hide file tree
Showing 4 changed files with 80 additions and 12 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [cilium](https://github.com/cilium/cilium) v1.8.5
- [contiv](https://github.com/contiv/install) v1.2.1
- [flanneld](https://github.com/coreos/flannel) v0.13.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.3.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.5.2
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.1.0
- [multus](https://github.com/intel/multus-cni) v3.6.0
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
Expand Down
2 changes: 1 addition & 1 deletion roles/download/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -80,7 +80,7 @@ weave_version: 2.7.0
pod_infra_version: "3.3"
contiv_version: 1.2.1
cilium_version: "v1.8.5"
kube_ovn_version: "v1.3.0"
kube_ovn_version: "v1.5.2"
kube_router_version: "v1.1.0"
multus_version: "v3.6"
ovn4nfv_ovn_image_version: "v1.0.0"
Expand Down
31 changes: 25 additions & 6 deletions roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ metadata:
kubernetes.io/description: |
kube-ovn controller
spec:
replicas: 2
replicas: 1
selector:
matchLabels:
app: kube-ovn-controller
Expand Down Expand Up @@ -46,6 +46,8 @@ spec:
args:
- --default-cidr={{ kube_pods_subnet }}
env:
- name: ENABLE_SSL
value: "false"
- name: POD_NAME
valueFrom:
fieldRef:
Expand All @@ -58,12 +60,16 @@ spec:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- sh
- /kube-ovn/kube-ovn-controller-healthcheck.sh
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
Expand All @@ -72,9 +78,14 @@ spec:
initialDelaySeconds: 300
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"

volumes:
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
Expand All @@ -88,8 +99,6 @@ spec:
selector:
matchLabels:
app: kube-ovn-cni
updateStrategy:
type: OnDelete
template:
metadata:
labels:
Expand All @@ -112,8 +121,6 @@ spec:
runAsUser: 0
privileged: true
volumeMounts:
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /opt/cni/bin
name: cni-bin
containers:
Expand All @@ -131,6 +138,8 @@ spec:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "false"
- name: POD_IP
valueFrom:
fieldRef:
Expand All @@ -140,6 +149,8 @@ spec:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /etc/cni/net.d
name: cni-conf
- mountPath: /run/openvswitch
name: host-run-ovs
- mountPath: /run/ovn
Expand Down Expand Up @@ -221,6 +232,8 @@ spec:
runAsUser: 0
privileged: false
env:
- name: ENABLE_SSL
value: "false"
- name: POD_IP
valueFrom:
fieldRef:
Expand Down Expand Up @@ -256,6 +269,8 @@ spec:
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /var/run/tls
name: kube-ovn-tls
resources:
requests:
cpu: {{ kube_ovn_pinger_cpu_request }}
Expand Down Expand Up @@ -287,6 +302,10 @@ spec:
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: Service
apiVersion: v1
Expand Down
57 changes: 53 additions & 4 deletions roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
Original file line number Diff line number Diff line change
@@ -1,3 +1,31 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: kube-ovn
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
privileged: true
allowPrivilegeEscalation: true
allowedCapabilities:
- '*'
volumes:
- '*'
hostNetwork: true
hostPorts:
- min: 0
max: 65535
hostIPC: true
hostPID: true
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'RunAsAny'
fsGroup:
rule: 'RunAsAny'

---
apiVersion: v1
kind: ConfigMap
Expand Down Expand Up @@ -27,6 +55,7 @@ rules:
- subnets/status
- ips
- vlans
- networks
verbs:
- "*"
- apiGroups:
Expand Down Expand Up @@ -81,7 +110,6 @@ subjects:
- kind: ServiceAccount
name: ovn
namespace: kube-system

---
kind: Service
apiVersion: v1
Expand All @@ -99,7 +127,6 @@ spec:
app: ovn-central
ovn-nb-leader: "true"
sessionAffinity: None

---
kind: Service
apiVersion: v1
Expand All @@ -117,7 +144,6 @@ spec:
app: ovn-central
ovn-sb-leader: "true"
sessionAffinity: None

---
kind: Deployment
apiVersion: apps/v1
Expand Down Expand Up @@ -166,6 +192,8 @@ spec:
capabilities:
add: ["SYS_NICE"]
env:
- name: ENABLE_SSL
value: "false"
- name: POD_IP
valueFrom:
fieldRef:
Expand Down Expand Up @@ -201,12 +229,15 @@ spec:
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- sh
- /kube-ovn/ovn-is-leader.sh
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
Expand All @@ -215,6 +246,7 @@ spec:
initialDelaySeconds: 30
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
Expand All @@ -240,7 +272,10 @@ spec:
- name: host-log-ovn
hostPath:
path: /var/log/ovn

- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
Expand Down Expand Up @@ -279,12 +314,18 @@ spec:
runAsUser: 0
privileged: true
env:
- name: ENABLE_SSL
value: "false"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: HW_OFFLOAD
value: "false"
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- mountPath: /lib/modules
name: host-modules
Expand All @@ -304,12 +345,15 @@ spec:
name: host-log-ovs
- mountPath: /var/log/ovn
name: host-log-ovn
- mountPath: /var/run/tls
name: kube-ovn-tls
readinessProbe:
exec:
command:
- sh
- /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
Expand All @@ -318,6 +362,7 @@ spec:
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 5
timeoutSeconds: 45
resources:
requests:
cpu: {{ kube_ovn_node_cpu_request }}
Expand Down Expand Up @@ -352,3 +397,7 @@ spec:
- name: host-log-ovn
hostPath:
path: /var/log/ovn
- name: kube-ovn-tls
secret:
optional: true
secretName: kube-ovn-tls

0 comments on commit d407014

Please sign in to comment.