Merge pull request #1589 from zshi-redhat/sync-microshift-ovnk-manife…

…sts-2022-10-17 NP-607: update microshift ovnk manifests
openshift · Nov 3, 2022 · f0fc42f · f0fc42f
2 parents 9f2e792 + c04d33c
commit f0fc42f
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 25 deletions.
diff --git a/bindata/network/ovn-kubernetes/microshift/clusterrole.yaml b/bindata/network/ovn-kubernetes/microshift/clusterrole.yaml
@@ -71,14 +71,6 @@ rules:
 - apiGroups: ['authorization.k8s.io']
   resources: ['subjectaccessreviews']
   verbs: ['create']
-- apiGroups: [certificates.k8s.io]
-  resources: ['certificatesigningrequests']
-  verbs:
-    - create
-    - get
-    - delete
-    - update
-    - list
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1

diff --git a/bindata/network/ovn-kubernetes/microshift/configmap.yaml b/bindata/network/ovn-kubernetes/microshift/configmap.yaml
@@ -27,7 +27,7 @@ data:
     enable-egress-qos=false
 
     [gateway]
-    mode=shared
+    mode=local
     nodeport=true
 
     [masterha]

diff --git a/bindata/network/ovn-kubernetes/microshift/master/daemonset.yaml b/bindata/network/ovn-kubernetes/microshift/master/daemonset.yaml
@@ -44,7 +44,7 @@ spec:
       containers:
       # ovn-northd: convert network objects in nbdb to flows in sbdb
       - name: northd
-        image: {{ .ReleaseImage.ovn_kubernetes }}
+        image: {{ .ReleaseImage.ovn_kubernetes_microshift }}
         command:
         - /bin/bash
         - -c
@@ -95,9 +95,9 @@ spec:
             memory: 10Mi
         terminationMessagePolicy: FallbackToLogsOnError
 
-      # nbdb: the northbound, or logical network object DB. In standalone mode
+      # nbdb: the northbound, or logical network object DB. In raft mode
       - name: nbdb
-        image: {{ .ReleaseImage.ovn_kubernetes }}
+        image: {{ .ReleaseImage.ovn_kubernetes_microshift }}
         command:
         - /bin/bash
         - -c
@@ -199,16 +199,14 @@ spec:
                 echo "$(date -Iseconds) - nbdb stopped"
                 rm -f /var/run/ovn/ovnnb_db.pid
         readinessProbe:
-          timeoutSeconds: 10
-          periodSeconds: 600
+          timeoutSeconds: 5
           exec:
             command:
             - /bin/bash
             - -c
             - |
               set -xeo pipefail
               /usr/bin/ovn-appctl -t /var/run/ovn/ovnnb_db.ctl --timeout=5 ovsdb-server/memory-trim-on-compaction on 2>/dev/null
-              /usr/bin/ovn-appctl -t /var/run/ovn/ovnnb_db.ctl --timeout=5 ovsdb-server/compact 2>/dev/null
 
         env:
         - name: OVN_LOG_LEVEL
@@ -228,9 +226,9 @@ spec:
             memory: 10Mi
         terminationMessagePolicy: FallbackToLogsOnError
 
-      # sbdb: The southbound, or flow DB. In standalone mode
+      # sbdb: The southbound, or flow DB. In raft mode
       - name: sbdb
-        image: {{ .ReleaseImage.ovn_kubernetes }}
+        image: {{ .ReleaseImage.ovn_kubernetes_microshift }}
         command:
         - /bin/bash
         - -c
@@ -301,17 +299,14 @@ spec:
                 echo "$(date -Iseconds) - sbdb stopped"
                 rm -f /var/run/ovn/ovnsb_db.pid
         readinessProbe:
-          timeoutSeconds: 10
-          periodSeconds: 600
+          timeoutSeconds: 5
           exec:
             command:
             - /bin/bash
             - -c
             - |
               set -xeo pipefail
               /usr/bin/ovn-appctl -t /var/run/ovn/ovnsb_db.ctl --timeout=5 ovsdb-server/memory-trim-on-compaction on 2>/dev/null
-              /usr/bin/ovn-appctl -t /var/run/ovn/ovnsb_db.ctl --timeout=5 ovsdb-server/compact 2>/dev/null
-
         env:
         - name: OVN_LOG_LEVEL
           value: info
@@ -330,7 +325,7 @@ spec:
 
       # ovnkube master: convert kubernetes objects in to nbdb logical network components
       - name: ovnkube-master
-        image: {{ .ReleaseImage.ovn_kubernetes }}
+        image: {{ .ReleaseImage.ovn_kubernetes_microshift }}
         command:
         - /bin/bash
         - -c
@@ -355,7 +350,15 @@ spec:
           ip6tables -t raw -A OUTPUT -p udp --dport 6081 -j NOTRACK
           echo "I$(date "+%m%d %H:%M:%S.%N") - starting ovnkube-node"
 
-          gateway_mode_flags="--gateway-mode shared --gateway-interface br-ex"
+          gateway_mode_flags="--gateway-mode local --gateway-interface br-ex"
+
+          gw_interface_flag=
+          # if br-ex1 is configured on the node, we want to use it for external gateway traffic
+          if [ -d /sys/class/net/br-ex1 ]; then
+            gw_interface_flag="--exgw-interface=br-ex1"
+            # the functionality depends on ip_forwarding being enabled
+            sysctl net.ipv4.ip_forward=1
+          fi
 
           echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-master - start ovnkube --init-master ${K8S_NODE} --init-node ${K8S_NODE}"
           exec /usr/bin/ovnkube \
@@ -364,6 +367,7 @@ spec:
             --config-file=/run/ovnkube-config/ovnkube.conf \
             --loglevel "${OVN_KUBE_LOG_LEVEL}" \
             ${gateway_mode_flags} \
+            ${gw_interface_flag} \
             --inactivity-probe="180000" \
             --nb-address "" \
             --sb-address "" \

diff --git a/bindata/network/ovn-kubernetes/microshift/node/daemonset.yaml b/bindata/network/ovn-kubernetes/microshift/node/daemonset.yaml
@@ -40,7 +40,7 @@ spec:
       containers:
       # ovn-controller: programs the vswitch with flows from the sbdb
       - name: ovn-controller
-        image: {{ .ReleaseImage.ovn_kubernetes }}
+        image: {{ .ReleaseImage.ovn_kubernetes_microshift }}
         command:
         - /bin/bash
         - -c
@@ -52,7 +52,9 @@ spec:
             set +o allexport
           fi
 
-          echo "$(date -Iseconds) - starting ovn-controller"
+          # K8S_NODE_IP triggers reconcilation of this daemon when node IP changes
+          echo "$(date -Iseconds) - starting ovn-controller, Node: ${K8S_NODE} IP: ${K8S_NODE_IP}"
+
           exec ovn-controller unix:/var/run/openvswitch/db.sock -vfile:off \
             --no-chdir --pidfile=/var/run/ovn/ovn-controller.pid \
             --syslog-method="null" \
@@ -71,6 +73,10 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
+        - name: K8S_NODE_IP
+          valueFrom:
+            fieldRef:
+              fieldPath: status.hostIP
         volumeMounts:
         - mountPath: /run/openvswitch
           name: run-openvswitch

diff --git a/bindata/network/ovn-kubernetes/microshift/role.yaml b/bindata/network/ovn-kubernetes/microshift/role.yaml
@@ -12,6 +12,14 @@ rules:
   - get
   - list
   - watch
+- apiGroups: [certificates.k8s.io]
+  resources: ['certificatesigningrequests']
+  verbs:
+    - create
+    - get
+    - delete
+    - update
+    - list
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1