Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OVNKubernetes: introduce OVS anti-selector #357

Merged
merged 2 commits into from Jan 8, 2020
Merged

OVNKubernetes: introduce OVS anti-selector #357

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ccdfeb7
OVNKubernetes: introduce OVS anti-selector
Oct 21, 2019
b780e99
Merge branch 'master' into master
Jan 8, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
144 changes: 144 additions & 0 deletions bindata/network/ovn-kubernetes/006-ovs-node.yaml
View file
Open in desktop
@@ -0,0 +1,144 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovs-node
namespace: openshift-ovn-kubernetes
annotations:
kubernetes.io/description: |
This daemonset launches Open vSwitch per-node networking components.
release.openshift.io/version: "{{.ReleaseVersion}}"
spec:
selector:
matchLabels:
app: ovs-node
updateStrategy:
type: RollingUpdate
template:
metadata:
labels:
app: ovs-node
component: network
type: infra
openshift.io/component: network
kubernetes.io/os: "linux"
spec:
serviceAccountName: ovn-kubernetes-node
hostNetwork: true
hostPID: true
priorityClassName: "system-node-critical"
# volumes in all containers:
# (container) -> (host)
# /etc/openvswitch -> /var/lib/openvswitch/etc - ovsdb system id
# /var/lib/openvswitch -> /var/lib/openvswitch/data - ovsdb data
# /run/openvswitch -> tmpfs - ovsdb sockets
# /env -> configmap env-overrides - debug overrides
containers:
# ovsdb and ovs-vswitchd
- name: ovs-daemons
image: {{.OvnImage}}
command:
- /bin/bash
- -c
- |
#!/bin/bash
set -euo pipefail
if [[ -f "/env/${K8S_NODE}" ]]; then
set -o allexport
source "/env/${K8S_NODE}"
set +o allexport
fi
chown -R openvswitch:openvswitch /run/openvswitch
chown -R openvswitch:openvswitch /etc/openvswitch
function quit {
/usr/share/openvswitch/scripts/ovs-ctl stop
exit 0
}
trap quit SIGTERM
/usr/share/openvswitch/scripts/ovs-ctl start --ovs-user=openvswitch:openvswitch --system-id=random
ovs-appctl vlog/set "file:${OVS_LOG_LEVEL}"
/usr/share/openvswitch/scripts/ovs-ctl --protocol=udp --dport=6081 enable-protocol

tail -F --pid=$(cat /var/run/openvswitch/ovs-vswitchd.pid) /var/log/openvswitch/ovs-vswitchd.log &
tail -F --pid=$(cat /var/run/openvswitch/ovsdb-server.pid) /var/log/openvswitch/ovsdb-server.log &
wait
env:
- name: OVS_LOG_LEVEL
value: info
- name: K8S_NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
privileged: true
volumeMounts:
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /run/openvswitch
name: run-openvswitch
- mountPath: /etc/openvswitch
name: etc-openvswitch
- mountPath: /var/lib/openvswitch
name: var-lib-openvswitch
- mountPath: /env
name: env-overrides
resources:
requests:
cpu: 100m
memory: 300Mi
terminationMessagePolicy: FallbackToLogsOnError
livenessProbe:
exec:
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
initialDelaySeconds: 15
periodSeconds: 5
readinessProbe:
exec:
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
initialDelaySeconds: 15
periodSeconds: 5
lifecycle:
preStop:
exec:
command: ["/usr/share/openvswitch/scripts/ovs-ctl", "stop"]
terminationGracePeriodSeconds: 10

nodeSelector:
beta.kubernetes.io/os: "linux"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: network.operator.openshift.io/external-openvswitch
operator: DoesNotExist
volumes:
# used for iptables wrapper scripts
- name: host-modules
hostPath:
path: /lib/modules
- name: var-lib-openvswitch
hostPath:
path: /var/lib/openvswitch/data
- name: etc-openvswitch
hostPath:
path: /var/lib/openvswitch/etc
- name: run-openvswitch
hostPath:
path: /run/openvswitch
- name: host-sys
hostPath:
path: /sys
- name: env-overrides
configMap:
name: env-overrides
optional: true
tolerations:
- operator: "Exists"
94 changes: 2 additions & 92 deletions bindata/network/ovn-kubernetes/ovnkube-node.yaml
View file
Open in desktop
Expand Up @@ -33,88 +33,6 @@ spec:
# /run/openvswitch -> tmpfs - ovsdb sockets
# /env -> configmap env-overrides - debug overrides
containers:
# ovsdb and ovs-vswitchd
- name: ovs-daemons
image: {{.OvnImage}}
command:
- /bin/bash
- -c
- |
#!/bin/bash
set -e
if [[ -f "/env/${K8S_NODE}" ]]; then
set -o allexport
source "/env/${K8S_NODE}"
set +o allexport
fi
if [[ -f "/old/openvswitch/conf.db" && ! -f "/etc/openvswitch/conf.db" ]]; then
mv /old/openvswitch/conf.db /etc/openvswitch/conf.db
fi
chown -R openvswitch:openvswitch /run/openvswitch
chown -R openvswitch:openvswitch /etc/openvswitch
function quit {
/usr/share/openvswitch/scripts/ovs-ctl stop
exit 0
}
trap quit SIGTERM
/usr/share/openvswitch/scripts/ovs-ctl start --ovs-user=openvswitch:openvswitch --system-id=random
ovs-appctl vlog/set "file:${OVS_LOG_LEVEL}"
/usr/share/openvswitch/scripts/ovs-ctl --protocol=udp --dport=6081 enable-protocol

tail -F --pid=$(cat /var/run/openvswitch/ovs-vswitchd.pid) /var/log/openvswitch/ovs-vswitchd.log &
tail -F --pid=$(cat /var/run/openvswitch/ovsdb-server.pid) /var/log/openvswitch/ovsdb-server.log &
wait
env:
- name: OVS_LOG_LEVEL
value: info
- name: K8S_NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
privileged: true
volumeMounts:
- mountPath: /lib/modules
name: host-modules
readOnly: true
- mountPath: /sys
name: host-sys
readOnly: true
- mountPath: /run/openvswitch
name: run-openvswitch
- mountPath: /etc/openvswitch
name: etc-openvswitch
- mountPath: /old/openvswitch
name: old-openvswitch-database
- mountPath: /var/lib/openvswitch
name: var-lib-openvswitch
- mountPath: /env
name: env-overrides
resources:
requests:
cpu: 100m
memory: 300Mi
terminationMessagePolicy: FallbackToLogsOnError
livenessProbe:
exec:
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
initialDelaySeconds: 15
periodSeconds: 5
readinessProbe:
exec:
command:
- /usr/share/openvswitch/scripts/ovs-ctl
- status
initialDelaySeconds: 15
periodSeconds: 5
lifecycle:
preStop:
exec:
command: ["/usr/share/openvswitch/scripts/ovs-ctl", "stop"]
terminationGracePeriodSeconds: 10

# ovn-controller: programs the vswitch with flows from the sbdb
- name: ovn-controller
image: {{.OvnImage}}
Expand Down Expand Up @@ -281,9 +199,6 @@ spec:
- name: host-slash
hostPath:
path: /
- name: host-modules
hostPath:
path: /lib/modules
- name: host-run-netns
hostPath:
path: /run/netns
Expand All @@ -294,17 +209,12 @@ spec:
hostPath:
path: /var/lib/openvswitch/etc
- name: run-openvswitch
emptyDir: {}
# commit 0ac2cd changed the location of the ovs database, mount and check if a database already exists
- name: old-openvswitch-database
path: /etc/origin/openvswitch
hostPath:
path: /run/openvswitch
mmirecki marked this conversation as resolved.
Show resolved Hide resolved
# For CNI server
- name: host-run-ovn-kubernetes
hostPath:
path: /run/ovn-kubernetes
- name: host-sys
hostPath:
path: /sys
- name: host-cni-bin
hostPath:
path: {{.CNIBinDir}}
Expand Down