summaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra/helm/ovn4nfv/templates/ovn
diff options
context:
space:
mode:
authorTodd Malsbary <todd.malsbary@intel.com>2021-03-01 15:13:08 -0800
committerTodd Malsbary <todd.malsbary@intel.com>2021-05-04 14:41:48 -0700
commit61dc8e7b3aa13852dfde84dad4e6152178dd298d (patch)
tree52ef38d3b13df5355517ae54a51736a8a6d919ff /kud/deployment_infra/helm/ovn4nfv/templates/ovn
parentc7cc63c3e76d5739c67314008b01f6fe70289641 (diff)
Add ovn4nfv addon helm chart
This chart follows the upstream installation guide with the following exceptions: - The node-role.kubernetes.io/master:NoSchedule taint is not removed. The YAML files already included the necessary tolerations. - No node labeling is done. Instead, the ovn-control-plane node selector is for the master role, and the nfn-operator pod affinity is for "role: ovn-control-plane". This ensures that the ovn-control-plane and nfn-operator run are scheduled on the same master node, equivalent to the labelling approach used upstream. Also, additional allowed capabilities are needed to run the pods with the restricted PodSecurityPolicy. These capabilities are requested by the Pods, but not available in the default set of allowed capabilities. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary <todd.malsbary@intel.com> Change-Id: I54ae12434572e2e2dd1fe2ec9298d04557331d94
Diffstat (limited to 'kud/deployment_infra/helm/ovn4nfv/templates/ovn')
-rw-r--r--kud/deployment_infra/helm/ovn4nfv/templates/ovn/daemonset.yaml102
-rw-r--r--kud/deployment_infra/helm/ovn4nfv/templates/ovn/deployment.yaml107
-rw-r--r--kud/deployment_infra/helm/ovn4nfv/templates/ovn/service.yaml37
3 files changed, 246 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/ovn4nfv/templates/ovn/daemonset.yaml b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/daemonset.yaml
new file mode 100644
index 00000000..2b71a9dd
--- /dev/null
+++ b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/daemonset.yaml
@@ -0,0 +1,102 @@
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: {{ include "ovn4nfv.fullname" . }}-ovn-controller
+ labels:
+ {{- include "ovn4nfv.labels" . | nindent 4 }}
+ role: ovn-controller
+spec:
+ selector:
+ matchLabels:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 6 }}
+ role: ovn-controller
+ updateStrategy:
+ type: OnDelete
+ template:
+ metadata:
+ labels:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 8 }}
+ role: ovn-controller
+ spec:
+ {{- with .Values.ovn.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ hostNetwork: true
+ hostPID: true
+ {{- with .Values.ovnController.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.ovnController.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.ovnController.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ priorityClassName: system-cluster-critical
+ containers:
+ - name: ovn-controller
+ image: "{{ .Values.ovn.image.repository }}:{{ .Values.ovn.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.ovn.image.pullPolicy }}
+ command: ["ovn4nfv-k8s", "start_ovn_controller"]
+ resources:
+ {{- toYaml .Values.ovnController.resources | nindent 12 }}
+ securityContext:
+ {{- toYaml .Values.ovnController.securityContext | nindent 12 }}
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - mountPath: /lib/modules
+ name: host-modules
+ readOnly: true
+ - mountPath: /var/run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/ovn
+ name: host-run-ovn
+ - mountPath: /sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /etc/openvswitch
+ name: host-config-openvswitch
+ - mountPath: /var/log/openvswitch
+ name: host-log-ovs
+ - mountPath: /var/log/ovn
+ name: host-log-ovn
+ readinessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_controller"]
+ periodSeconds: 5
+ livenessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_controller"]
+ initialDelaySeconds: 10
+ periodSeconds: 5
+ failureThreshold: 5
+ volumes:
+ - name: host-modules
+ hostPath:
+ path: /lib/modules
+ - name: host-run-ovs
+ hostPath:
+ path: /run/openvswitch
+ - name: host-run-ovn
+ hostPath:
+ path: /run/ovn
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: host-config-openvswitch
+ hostPath:
+ path: /etc/origin/openvswitch
+ - name: host-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-log-ovn
+ hostPath:
+ path: /var/log/ovn
diff --git a/kud/deployment_infra/helm/ovn4nfv/templates/ovn/deployment.yaml b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/deployment.yaml
new file mode 100644
index 00000000..a9dd4288
--- /dev/null
+++ b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/deployment.yaml
@@ -0,0 +1,107 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+ name: {{ include "ovn4nfv.fullname" . }}-ovn-control-plane
+ labels:
+ {{- include "ovn4nfv.labels" . | nindent 4 }}
+ role: ovn-control-plane
+spec:
+ replicas: 1
+ strategy:
+ rollingUpdate:
+ maxSurge: 0%
+ maxUnavailable: 100%
+ type: RollingUpdate
+ selector:
+ matchLabels:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 6 }}
+ role: ovn-control-plane
+ template:
+ metadata:
+ labels:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 8 }}
+ role: ovn-control-plane
+ spec:
+ {{- with .Values.ovn.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ hostNetwork: true
+ {{- with .Values.ovnControlPlane.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.ovnControlPlane.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.ovnControlPlane.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ priorityClassName: system-cluster-critical
+ containers:
+ - name: ovn-control-plane
+ image: "{{ .Values.ovn.image.repository }}:{{ .Values.ovn.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.ovn.image.pullPolicy }}
+ command: ["ovn4nfv-k8s", "start_ovn_control_plane"]
+ resources:
+ {{- toYaml .Values.ovnControlPlane.resources | nindent 12 }}
+ securityContext:
+ {{- toYaml .Values.ovnControlPlane.securityContext | nindent 12 }}
+ env:
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ volumeMounts:
+ - mountPath: /var/run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/ovn
+ name: host-run-ovn
+ - mountPath: /sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /etc/openvswitch
+ name: host-config-openvswitch
+ - mountPath: /var/log/openvswitch
+ name: host-log-ovs
+ - mountPath: /var/log/ovn
+ name: host-log-ovn
+ readinessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
+ periodSeconds: 3
+ livenessProbe:
+ exec:
+ command: ["ovn4nfv-k8s", "check_ovn_control_plane"]
+ initialDelaySeconds: 30
+ periodSeconds: 7
+ failureThreshold: 5
+ volumes:
+ - name: host-run-ovs
+ hostPath:
+ path: /run/openvswitch
+ - name: host-run-ovn
+ hostPath:
+ path: /run/ovn
+ - name: host-sys
+ hostPath:
+ path: /sys
+ - name: host-config-openvswitch
+ hostPath:
+ path: /etc/origin/openvswitch
+ - name: host-log-ovs
+ hostPath:
+ path: /var/log/openvswitch
+ - name: host-log-ovn
+ hostPath:
+ path: /var/log/ovn
diff --git a/kud/deployment_infra/helm/ovn4nfv/templates/ovn/service.yaml b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/service.yaml
new file mode 100644
index 00000000..c6d96e49
--- /dev/null
+++ b/kud/deployment_infra/helm/ovn4nfv/templates/ovn/service.yaml
@@ -0,0 +1,37 @@
+kind: Service
+apiVersion: v1
+metadata:
+ name: ovn-nb-tcp
+ labels:
+ {{- include "ovn4nfv.labels" . | nindent 4 }}
+ role: ovn-control-plane
+spec:
+ ports:
+ - name: ovn-nb-tcp
+ protocol: TCP
+ port: {{ .Values.ovnControlPlane.nbService.port }}
+ targetPort: 6641
+ type: {{ .Values.ovnControlPlane.nbService.type }}
+ selector:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 4 }}
+ role: ovn-control-plane
+ sessionAffinity: None
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: ovn-sb-tcp
+ labels:
+ {{- include "ovn4nfv.labels" . | nindent 4 }}
+ role: ovn-control-plane
+spec:
+ ports:
+ - name: ovn-sb-tcp
+ protocol: TCP
+ port: {{ .Values.ovnControlPlane.sbService.port }}
+ targetPort: 6642
+ type: {{ .Values.ovnControlPlane.sbService.type }}
+ selector:
+ {{- include "ovn4nfv.selectorLabels" . | nindent 4 }}
+ role: ovn-control-plane
+ sessionAffinity: None