Update kube-ovn to 1.6.0

roles/download/defaults/main.yml

@@ -76,7 +76,7 @@ cni_version: "v0.9.0"
 weave_version: 2.8.1
 pod_infra_version: "3.3"
 cilium_version: "v1.8.6"
-kube_ovn_version: "v1.5.2"
+kube_ovn_version: "v1.6.0"
 kube_router_version: "v1.1.1"
 multus_version: "v3.6"
 ovn4nfv_ovn_image_version: "v1.0.0"

roles/network_plugin/kube-ovn/defaults/main.yml

@@ -1,14 +1,18 @@
 ---
-kube_ovn_db_cpu_request: 200m
-kube_ovn_db_memory_request: 300Mi
-kube_ovn_db_cpu_limit: 400m
-kube_ovn_db_memory_limit: 500Mi
-kube_ovn_node_cpu_request: 100m
-kube_ovn_node_memory_request: 300Mi
-kube_ovn_node_cpu_limit: 200m
-kube_ovn_node_memory_limit: 500Mi
+kube_ovn_db_cpu_request: 500m
+kube_ovn_db_memory_request: 200Mi
+kube_ovn_db_cpu_limit: 3000m
+kube_ovn_db_memory_limit: 3000Mi
+kube_ovn_node_cpu_request: 200m
+kube_ovn_node_memory_request: 200Mi
+kube_ovn_node_cpu_limit: 1000m
+kube_ovn_node_memory_limit: 800Mi
+kube_ovn_controller_cpu_request: 200m
+kube_ovn_controller_memory_request: 200Mi
+kube_ovn_controller_cpu_limit: 1000m
+kube_ovn_controller_memory_limit: 1Gi
 kube_ovn_pinger_cpu_request: 100m
-kube_ovn_pinger_memory_request: 300Mi
+kube_ovn_pinger_memory_request: 200Mi
 kube_ovn_pinger_cpu_limit: 200m
 kube_ovn_pinger_memory_limit: 400Mi
 

roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2

@@ -78,6 +78,12 @@ spec:
       subresources:
         status: {}
       additionalPrinterColumns:
+      - name: Provider
+        type: string
+        jsonPath: .spec.provider
+      - name: Vpc
+        type: string
+        jsonPath: .spec.vpc
       - name: Protocol
         type: string
         jsonPath: .spec.protocol
@@ -135,6 +141,8 @@ spec:
             spec:
               type: object
               properties:
+                vpc:
+                  type: string
                 default:
                   type: boolean
                 protocol:
@@ -169,6 +177,8 @@ spec:
                   type: string
                 underlayGateway:
                   type: boolean
+                disableInterConnection:
+                  type: boolean
   scope: Cluster
   names:
     plural: subnets
@@ -219,3 +229,93 @@ spec:
     kind: Vlan
     shortNames:
       - vlan
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: vpcs.kubeovn.io
+spec:
+  group: kubeovn.io
+  versions:
+    - additionalPrinterColumns:
+        - jsonPath: .status.standby
+          name: Standby
+          type: boolean
+        - jsonPath: .status.subnets
+          name: Subnets
+          type: string
+      name: v1
+      schema:
+        openAPIV3Schema:
+          properties:
+            spec:
+              properties:
+                namespaces:
+                  items:
+                    type: string
+                  type: array
+                staticRoutes:
+                  items:
+                    properties:
+                      policy:
+                        type: string
+                      cidr:
+                        type: string
+                      nextHopIP:
+                        type: string
+                    type: object
+                  type: array
+              type: object
+            status:
+              properties:
+                conditions:
+                  items:
+                    properties:
+                      lastTransitionTime:
+                        type: string
+                      lastUpdateTime:
+                        type: string
+                      message:
+                        type: string
+                      reason:
+                        type: string
+                      status:
+                        type: string
+                      type:
+                        type: string
+                    type: object
+                  type: array
+                default:
+                  type: boolean
+                defaultLogicalSwitch:
+                  type: string
+                router:
+                  type: string
+                standby:
+                  type: boolean
+                subnets:
+                  items:
+                    type: string
+                  type: array
+                tcpLoadBalancer:
+                  type: string
+                tcpSessionLoadBalancer:
+                  type: string
+                udpLoadBalancer:
+                  type: string
+                udpSessionLoadBalancer:
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
+  names:
+    kind: Vpc
+    listKind: VpcList
+    plural: vpcs
+    shortNames:
+      - vpc
+    singular: vpc
+  scope: Cluster

roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2

@@ -66,19 +66,26 @@ spec:
           readinessProbe:
             exec:
               command:
-                - sh
+                - bash
                 - /kube-ovn/kube-ovn-controller-healthcheck.sh
             periodSeconds: 3
             timeoutSeconds: 45
           livenessProbe:
             exec:
               command:
-                - sh
+                - bash
                 - /kube-ovn/kube-ovn-controller-healthcheck.sh
             initialDelaySeconds: 300
             periodSeconds: 7
             failureThreshold: 5
             timeoutSeconds: 45
+          resources:
+            requests:
+              cpu: {{ kube_ovn_controller_cpu_request }}
+              memory: {{ kube_ovn_controller_memory_request }}
+            limits:
+              cpu: {{ kube_ovn_controller_cpu_limit }}
+              memory: {{ kube_ovn_controller_memory_limit }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:
@@ -128,7 +135,7 @@ spec:
         image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
         imagePullPolicy: {{ k8s_image_pull_policy }}
         command:
-          - sh
+          - bash
           - /kube-ovn/start-cniserver.sh
         args:
           - --enable-mirror={{ traffic_mirror }}

roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2

@@ -48,11 +48,21 @@ metadata:
     rbac.authorization.k8s.io/system-only: "true"
   name: system:ovn
 rules:
+  - apiGroups:
+      - policy
+    resources:
+      - podsecuritypolicies
+    verbs:
+      - use
+    resourceNames:
+      - kube-ovn
   - apiGroups:
       - "kubeovn.io"
     resources:
       - subnets
       - subnets/status
+      - vpcs
+      - vpcs/status
       - ips
       - vlans
       - networks
@@ -157,8 +167,8 @@ spec:
   replicas: 1
   strategy:
     rollingUpdate:
-      maxSurge: 0%
-      maxUnavailable: 100%
+      maxSurge: 0
+      maxUnavailable: 1
     type: RollingUpdate
   selector:
     matchLabels:
@@ -234,14 +244,14 @@ spec:
           readinessProbe:
             exec:
               command:
-                - sh
+                - bash
                 - /kube-ovn/ovn-is-leader.sh
             periodSeconds: 3
             timeoutSeconds: 45
           livenessProbe:
             exec:
               command:
-              - sh
+              - bash
               - /kube-ovn/ovn-healthcheck.sh
             initialDelaySeconds: 30
             periodSeconds: 7
@@ -350,14 +360,14 @@ spec:
           readinessProbe:
             exec:
               command:
-              - sh
+              - bash
               - /kube-ovn/ovs-healthcheck.sh
             periodSeconds: 5
             timeoutSeconds: 45
           livenessProbe:
             exec:
               command:
-              - sh
+              - bash
               - /kube-ovn/ovs-healthcheck.sh
             initialDelaySeconds: 10
             periodSeconds: 5