From edc4bb4a4985753bac5bf527014c2925f7d843bf Mon Sep 17 00:00:00 2001
From: Florian Ruynat <16313165+floryut@users.noreply.github.com>
Date: Wed, 10 Feb 2021 11:25:01 +0100
Subject: [PATCH] Update kube-ovn to 1.6.0 (#7240)
---
roles/download/defaults/main.yml | 2 +-
.../network_plugin/kube-ovn/defaults/main.yml | 22 ++--
.../templates/cni-kube-ovn-crd.yml.j2 | 100 ++++++++++++++++++
.../kube-ovn/templates/cni-kube-ovn.yml.j2 | 13 ++-
.../kube-ovn/templates/cni-ovn.yml.j2 | 22 ++--
5 files changed, 140 insertions(+), 19 deletions(-)
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 2d5807665..870823e5b 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -76,7 +76,7 @@ cni_version: "v0.9.0"
weave_version: 2.8.1
pod_infra_version: "3.3"
cilium_version: "v1.8.6"
-kube_ovn_version: "v1.5.2"
+kube_ovn_version: "v1.6.0"
kube_router_version: "v1.1.1"
multus_version: "v3.6"
ovn4nfv_ovn_image_version: "v1.0.0"
diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml
index 8f02a8cf1..a4e43917e 100644
--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -1,14 +1,18 @@
---
-kube_ovn_db_cpu_request: 200m
-kube_ovn_db_memory_request: 300Mi
-kube_ovn_db_cpu_limit: 400m
-kube_ovn_db_memory_limit: 500Mi
-kube_ovn_node_cpu_request: 100m
-kube_ovn_node_memory_request: 300Mi
-kube_ovn_node_cpu_limit: 200m
-kube_ovn_node_memory_limit: 500Mi
+kube_ovn_db_cpu_request: 500m
+kube_ovn_db_memory_request: 200Mi
+kube_ovn_db_cpu_limit: 3000m
+kube_ovn_db_memory_limit: 3000Mi
+kube_ovn_node_cpu_request: 200m
+kube_ovn_node_memory_request: 200Mi
+kube_ovn_node_cpu_limit: 1000m
+kube_ovn_node_memory_limit: 800Mi
+kube_ovn_controller_cpu_request: 200m
+kube_ovn_controller_memory_request: 200Mi
+kube_ovn_controller_cpu_limit: 1000m
+kube_ovn_controller_memory_limit: 1Gi
kube_ovn_pinger_cpu_request: 100m
-kube_ovn_pinger_memory_request: 300Mi
+kube_ovn_pinger_memory_request: 200Mi
kube_ovn_pinger_cpu_limit: 200m
kube_ovn_pinger_memory_limit: 400Mi
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
index 28906be4f..44d683de5 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
@@ -78,6 +78,12 @@ spec:
subresources:
status: {}
additionalPrinterColumns:
+ - name: Provider
+ type: string
+ jsonPath: .spec.provider
+ - name: Vpc
+ type: string
+ jsonPath: .spec.vpc
- name: Protocol
type: string
jsonPath: .spec.protocol
@@ -135,6 +141,8 @@ spec:
spec:
type: object
properties:
+ vpc:
+ type: string
default:
type: boolean
protocol:
@@ -169,6 +177,8 @@ spec:
type: string
underlayGateway:
type: boolean
+ disableInterConnection:
+ type: boolean
scope: Cluster
names:
plural: subnets
@@ -219,3 +229,93 @@ spec:
kind: Vlan
shortNames:
- vlan
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: vpcs.kubeovn.io
+spec:
+ group: kubeovn.io
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.standby
+ name: Standby
+ type: boolean
+ - jsonPath: .status.subnets
+ name: Subnets
+ type: string
+ name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ namespaces:
+ items:
+ type: string
+ type: array
+ staticRoutes:
+ items:
+ properties:
+ policy:
+ type: string
+ cidr:
+ type: string
+ nextHopIP:
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ type: string
+ lastUpdateTime:
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ type: object
+ type: array
+ default:
+ type: boolean
+ defaultLogicalSwitch:
+ type: string
+ router:
+ type: string
+ standby:
+ type: boolean
+ subnets:
+ items:
+ type: string
+ type: array
+ tcpLoadBalancer:
+ type: string
+ tcpSessionLoadBalancer:
+ type: string
+ udpLoadBalancer:
+ type: string
+ udpSessionLoadBalancer:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ names:
+ kind: Vpc
+ listKind: VpcList
+ plural: vpcs
+ shortNames:
+ - vpc
+ singular: vpc
+ scope: Cluster
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
index d405336d1..c0a20449b 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -66,19 +66,26 @@ spec:
readinessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/kube-ovn-controller-healthcheck.sh
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/kube-ovn-controller-healthcheck.sh
initialDelaySeconds: 300
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
+ resources:
+ requests:
+ cpu: {{ kube_ovn_controller_cpu_request }}
+ memory: {{ kube_ovn_controller_memory_request }}
+ limits:
+ cpu: {{ kube_ovn_controller_cpu_limit }}
+ memory: {{ kube_ovn_controller_memory_limit }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
@@ -128,7 +135,7 @@ spec:
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- - sh
+ - bash
- /kube-ovn/start-cniserver.sh
args:
- --enable-mirror={{ traffic_mirror }}
diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
index dfaffca6c..1d6c64319 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
@@ -48,11 +48,21 @@ metadata:
rbac.authorization.k8s.io/system-only: "true"
name: system:ovn
rules:
+ - apiGroups:
+ - policy
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - kube-ovn
- apiGroups:
- "kubeovn.io"
resources:
- subnets
- subnets/status
+ - vpcs
+ - vpcs/status
- ips
- vlans
- networks
@@ -157,8 +167,8 @@ spec:
replicas: 1
strategy:
rollingUpdate:
- maxSurge: 0%
- maxUnavailable: 100%
+ maxSurge: 0
+ maxUnavailable: 1
type: RollingUpdate
selector:
matchLabels:
@@ -234,14 +244,14 @@ spec:
readinessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/ovn-is-leader.sh
periodSeconds: 3
timeoutSeconds: 45
livenessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/ovn-healthcheck.sh
initialDelaySeconds: 30
periodSeconds: 7
@@ -350,14 +360,14 @@ spec:
readinessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/ovs-healthcheck.sh
periodSeconds: 5
timeoutSeconds: 45
livenessProbe:
exec:
command:
- - sh
+ - bash
- /kube-ovn/ovs-healthcheck.sh
initialDelaySeconds: 10
periodSeconds: 5
--
GitLab