[kube-ovn]: update version v1.10.7 (#9527)

* [kube-ovn]: update version * update readme

[kube-ovn]: update version v1.10.7 (#9527)
f1d0d1a9 · Samuel Liu · GitHub · c036a7d8 · f1d0d1a9 · f1d0d1a9
Unverified Commit f1d0d1a9 authored 2 years ago by Samuel Liu Committed by GitHub 2 years ago
--- a/README.md
+++ b/README.md
@@ -150,7 +150,7 @@ Note: Upstart/SysV init based OS types are not supported.
  - [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
  - [cilium](https://github.com/cilium/cilium) v1.12.1
  - [flannel](https://github.com/flannel-io/flannel) v0.19.2
-  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.9.7
+  - [kube-ovn](https://github.com/alauda/kube-ovn) v1.10.7
  - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.5.1
  - [multus](https://github.com/intel/multus-cni) v3.8
  - [weave](https://github.com/weaveworks/weave) v2.8.1

--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -120,7 +120,7 @@ cilium_version: "v1.12.1"
 cilium_cli_version: "v0.12.5"
 cilium_enable_hubble: false

-kube_ovn_version: "v1.9.7"
+kube_ovn_version: "v1.10.7"
 kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
 kube_router_version: "v1.5.1"
 multus_version: "v3.8-{{ image_arch }}"

--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -86,3 +86,13 @@ kube_ovn_enable_ssl: false

 ## dpdk
 kube_ovn_dpdk_enabled: false
+kube_ovn_dpdk_tunnel_iface: br-phy
+
+## eip snat
+kube_ovn_eip_snat_enabled: true
+
+## keep vm ip
+kube_ovn_keep_vm_ip: true
+
+## cni config priority, default: 01
+kube_ovn_cni_config_priority: 01
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -56,10 +56,13 @@ spec:
            - --pod-nic-type={{ kube_ovn_pod_nic_type }}
            - --enable-lb={{ kube_ovn_enable_lb|string }}
            - --enable-np={{ kube_ovn_enable_np|string }}
+            - --enable-eip-snat={{ kube_ovn_eip_snat_enabled }}
            - --enable-external-vpc={{ kube_ovn_enable_external_vpc|string }}
            - --logtostderr=false
            - --alsologtostderr=true
            - --log_file=/var/log/kube-ovn/kube-ovn-controller.log
+            - --log_file_max_size=0
+            - --keep-vm-ip={{ kube_ovn_keep_vm_ip }}
          env:
            - name: ENABLE_SSL
              value: "{{ kube_ovn_enable_ssl | lower }}"
@@ -166,14 +169,17 @@ spec:
          - --encap-checksum={{ kube_ovn_encap_checksum | lower }}
          - --service-cluster-ip-range={{ kube_service_addresses }}{% if enable_dual_stack_networks %},{{ kube_service_addresses_ipv6 }}{% endif %}{{''}}
          - --iface={{ kube_ovn_iface|default('') }}
+          - --dpdk-tunnel-iface={{ kube_ovn_dpdk_tunnel_iface }}
          - --network-type={{ kube_ovn_network_type }}
          - --default-interface-name={{ kube_ovn_default_interface_name|default('') }}
 {% if kube_ovn_mtu is defined %}
          - --mtu={{ kube_ovn_mtu }}
 {% endif %}
+          - --cni-conf-name={{ kube_ovn_cni_config_priority }}-kube-ovn.conflist
          - --logtostderr=false
          - --alsologtostderr=true
          - --log_file=/var/log/kube-ovn/kube-ovn-cni.log
+          - --log_file_max_size=0
        securityContext:
          runAsUser: 0
          privileged: true
@@ -188,13 +194,23 @@ spec:
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
+          - name: MODULES
+            value: kube_ovn_fastpath.ko
+          - name: RPMS
+            value: openvswitch-kmod
        volumeMounts:
+          - name: host-modules
+            mountPath: /lib/modules
+            readOnly: true
+          - name: shared-dir
+            mountPath: /var/lib/kubelet/pods
          - mountPath: /etc/openvswitch
            name: systemid
          - mountPath: /etc/cni/net.d
            name: cni-conf
          - mountPath: /run/openvswitch
            name: host-run-ovs
+            mountPropagation: Bidirectional
          - mountPath: /run/ovn
            name: host-run-ovn
          - mountPath: /var/run/netns
@@ -202,30 +218,30 @@ spec:
            mountPropagation: HostToContainer
          - mountPath: /var/log/kube-ovn
            name: kube-ovn-log
+          - mountPath: /var/log/openvswitch
+            name: host-log-ovs
+          - mountPath: /var/log/ovn
+            name: host-log-ovn
          - mountPath: /etc/localtime
            name: localtime
-        readinessProbe:
-          exec:
-            command:
-              - nc
-              - -z
-              - -w3
-              - 127.0.0.1
-              - "10665"
-          periodSeconds: 3
-          timeoutSeconds: 5
+          - mountPath: /tmp
+            name: tmp
        livenessProbe:
-          exec:
-            command:
-              - nc
-              - -z
-              - -w3
-              - 127.0.0.1
-              - "10665"
+          failureThreshold: 3
+          initialDelaySeconds: 30
+          periodSeconds: 7
+          successThreshold: 1
+          tcpSocket:
+            port: 10665
+          timeoutSeconds: 3
+        readinessProbe:
+          failureThreshold: 3
          initialDelaySeconds: 30
          periodSeconds: 7
-          failureThreshold: 5
-          timeoutSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 10665
+          timeoutSeconds: 3
        resources:
          requests:
            cpu: {{ kube_ovn_cni_server_cpu_request }}
@@ -236,6 +252,12 @@ spec:
      nodeSelector:
        kubernetes.io/os: "linux"
      volumes:
+        - name: host-modules
+          hostPath:
+            path: /lib/modules
+        - name: shared-dir
+          hostPath:
+            path: /var/lib/kubelet/pods
        - name: systemid
          hostPath:
            path: /etc/origin/openvswitch
@@ -254,13 +276,21 @@ spec:
        - name: host-ns
          hostPath:
            path: /var/run/netns
+        - name: host-log-ovs
+          hostPath:
+            path: /var/log/openvswitch
        - name: kube-ovn-log
          hostPath:
            path: /var/log/kube-ovn
+        - name: host-log-ovn
+          hostPath:
+            path: /var/log/ovn
        - name: localtime
          hostPath:
            path: /etc/localtime
-
+        - name: tmp
+          hostPath:
+            path: /tmp
 ---
 kind: DaemonSet
 apiVersion: apps/v1
@@ -297,6 +327,7 @@ spec:
          - --logtostderr=false
          - --alsologtostderr=true
          - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
+          - --log_file_max_size=0
          securityContext:
            runAsUser: 0
            privileged: false
@@ -466,14 +497,14 @@ spec:
            exec:
              command:
              - cat
-              - /var/run/ovn/ovnnb_db.pid
+              - /var/run/ovn/ovn-controller.pid
            periodSeconds: 10
            timeoutSeconds: 45
          livenessProbe:
            exec:
              command:
              - cat
-              - /var/run/ovn/ovnnb_db.pid
+              - /var/run/ovn/ovn-controller.pid
            initialDelaySeconds: 30
            periodSeconds: 10
            failureThreshold: 5

--- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: ovn-config
-  namespace: kube-system
-data:
-  defaultNetworkType: '{{ kube_ovn_network_type }}'
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -33,6 +26,8 @@ rules:
      - subnets
      - subnets/status
      - ips
+      - vips
+      - vips/status
      - vlans
      - vlans/status
      - provider-networks
@@ -40,6 +35,14 @@ rules:
      - security-groups
      - security-groups/status
      - htbqoses
+      - iptables-eips
+      - iptables-fip-rules
+      - iptables-dnat-rules
+      - iptables-snat-rules
+      - iptables-eips/status
+      - iptables-fip-rules/status
+      - iptables-dnat-rules/status
+      - iptables-snat-rules/status
    verbs:
      - "*"
  - apiGroups:
@@ -96,6 +99,12 @@ rules:
      - create
      - patch
      - update
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs:
+      - "*"
  - apiGroups:
      - "k8s.cni.cncf.io"
    resources:
@@ -279,7 +288,7 @@ spec:
            exec:
              command:
                - bash
-                - /kube-ovn/ovn-is-leader.sh
+                - /kube-ovn/ovn-healthcheck.sh
            periodSeconds: 15
            timeoutSeconds: 45
          livenessProbe:
@@ -378,6 +387,9 @@ spec:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
+            - mountPath: /var/run/netns
+              name: host-ns
+              mountPropagation: HostToContainer
            - mountPath: /lib/modules
              name: host-modules
              readOnly: true
@@ -451,6 +463,7 @@ spec:
 {% endif %}
      nodeSelector:
        kubernetes.io/os: "linux"
+        ovn.kubernetes.io/ovs_dp_type: "kernel"
      volumes:
        - name: host-modules
          hostPath:
@@ -464,6 +477,9 @@ spec:
        - name: host-sys
          hostPath:
            path: /sys
+        - name: host-ns
+          hostPath:
+            path: /var/run/netns
        - name: cni-conf
          hostPath:
            path: /etc/cni/net.d