Blame - ovsplugin/templates/ovs-cni.yaml - helm-charts

blob: af6ebe83b226a4f9d9e3121f6f1944687d47955a [file] [log] [blame]

Gopinath Taget	c1cee5c	2018-08-01 16:16:06 -0700	[diff] [blame]	1	---
				2	# Copyright 2017-present Open Networking Foundation
				3	#
				4	# Licensed under the Apache License, Version 2.0 (the "License");
				5	# you may not use this file except in compliance with the License.
				6	# You may obtain a copy of the License at
				7	#
				8	# http://www.apache.org/licenses/LICENSE-2.0
				9	#
				10	# Unless required by applicable law or agreed to in writing, software
				11	# distributed under the License is distributed on an "AS IS" BASIS,
				12	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	# See the License for the specific language governing permissions and
				14	# limitations under the License.
				15
				16	kind: ClusterRole
Matteo Scandolo	5628d4b	2021-01-11 11:46:12 -0800	[diff] [blame^]	17	apiVersion: rbac.authorization.k8s.io/v1
Gopinath Taget	c1cee5c	2018-08-01 16:16:06 -0700	[diff] [blame]	18	metadata:
				19	name: ovs-plugin
				20	rules:
				21	- apiGroups:
				22	- ""
				23	resources:
				24	- pods
				25	verbs:
				26	- get
				27	- update
				28	- patch
				29	- apiGroups:
				30	- "alpha.network.k8s.io"
				31	resources:
				32	- logicalnetworks
				33	verbs:
				34	- get
				35	- update
				36	- patch
				37	- apiGroups:
				38	- "alpha.network.k8s.io"
				39	resources:
				40	- physicalnetworks
				41	verbs:
				42	- get
				43	- update
				44	- patch
				45	- apiGroups:
				46	- ""
				47	resources:
				48	- configmaps
				49	verbs:
				50	- get
				51	- apiGroups:
				52	- "admissionregistration.k8s.io"
				53	resources:
				54	- validatingwebhookconfigurations
				55	verbs:
				56	- get
				57	- update
				58	- create
				59	- delete
				60
				61	---
				62	kind: ClusterRoleBinding
Matteo Scandolo	5628d4b	2021-01-11 11:46:12 -0800	[diff] [blame^]	63	apiVersion: rbac.authorization.k8s.io/v1
Gopinath Taget	c1cee5c	2018-08-01 16:16:06 -0700	[diff] [blame]	64	metadata:
				65	name: ovs-plugin
				66	roleRef:
				67	apiGroup: rbac.authorization.k8s.io
				68	kind: ClusterRole
				69	name: ovs-plugin
				70	subjects:
				71	- kind: ServiceAccount
				72	name: ovs-plugin
				73	namespace: kube-system
				74	- kind: Group
				75	name: system:authenticated
				76	apiGroup: rbac.authorization.k8s.io
				77
				78	---
				79	apiVersion: v1
				80	kind: ServiceAccount
				81	metadata:
				82	name: ovs-plugin
				83	namespace: kube-system
				84
				85	---
				86	# This ConfigMap can be used to configure a self-hosted OVS installation.
				87	kind: ConfigMap
				88	apiVersion: v1
				89	metadata:
				90	name: ovs-config
				91	namespace: kube-system
				92	data:
				93	# The CNI network configuration to install on each node.
				94	cni_ovs_network_config: \|-
				95	{
				96	"name":"ovs",
				97	"cniVersion":"0.3.1",
				98	"type":"ovs",
				99	"ovsBridge":"br0",
				100	"vtepIPs":[
				101	"10.245.2.2",
				102	"10.245.2.3"
				103	],
				104	"isDefaultGateway": true,
				105	"ipMasq": true,
				106	"ipam":{
				107	"type":"host-local",
				108	"subnet":"10.244.0.0/16",
				109	"rangeStart":"10.244.1.10",
				110	"rangeEnd":"10.244.1.150",
				111	"routes":[
				112	{
				113	"dst":"0.0.0.0/0"
				114	}
				115	],
				116	"gateway":"10.244.1.1"
				117	}
				118	}
				119
				120	cni_ovsctlip_network_config: \|-
				121	{
				122	"name":"ovs-ctl",
				123	"cniVersion":"0.3.1",
				124	"type":"ovs",
				125	"ovsBridge":"br0",
				126	"ipam":{
				127	"type":"centralip",
				128	"ipType": "cluster",
				129	"network":"10.245.0.0/16",
				130	"etcdURL": "https://127.0.0.1:2379",
				131	"etcdCertFile": "/etc/ovs/certs/cert.crt",
				132	"etcdKeyFile": "/etc/ovs/certs/key.pem",
				133	"etcdTrustedCAFileFile": "/etc/ovs/certs/ca_cert.crt"
				134	}
				135	}
				136
				137
				138	---
				139	# Install OVS CNI plugin and conf on each slave node.
				140	kind: DaemonSet
Matteo Scandolo	5628d4b	2021-01-11 11:46:12 -0800	[diff] [blame^]	141	apiVersion: apps/v1
Gopinath Taget	c1cee5c	2018-08-01 16:16:06 -0700	[diff] [blame]	142	metadata:
				143	name: ovs-plugin
				144	namespace: kube-system
				145	labels:
				146	k8s-app: ovs
				147	spec:
				148	selector:
				149	matchLabels:
				150	k8s-app: ovs
				151	template:
				152	metadata:
				153	labels:
				154	k8s-app: ovs
				155	annotations:
				156	scheduler.alpha.kubernetes.io/critical-pod: ''
				157	scheduler.alpha.kubernetes.io/tolerations: \|
				158	[
				159	{
				160	"key": "dedicated",
				161	"value": "master",
				162	"effect": "NoSchedule"
				163	},
				164	{
				165	"key": "CriticalAddonsOnly",
				166	"operator": "Exists"
				167	}
				168	]
				169	spec:
				170	hostNetwork: true
				171	hostPID: true
				172	serviceAccountName: ovs-plugin
				173	containers:
				174	# Create a container with place_conf.sh that
				175	# Installs required 30-ovs.conf and 35-ovsctlip.conf on slave node.
				176	- name: install-cni
				177	image: {{ .Values.pull_docker_registry }}{{ .Values.images.ovs_plugin.repository }}:{{ .Values.images.ovs_plugin.tag }}
				178	imagePullPolicy: {{ .Values.images.ovs_plugin.pullPolicy }}
				179	command: ["/place_conf.sh"]
				180	env:
				181	- name: CNI_OVS_NETWORK_CONFIG
				182	valueFrom:
				183	configMapKeyRef:
				184	name: ovs-config
				185	key: cni_ovs_network_config
				186	- name: CNI_OVSCTLIP_NETWORK_CONFIG
				187	valueFrom:
				188	configMapKeyRef:
				189	name: ovs-config
				190	key: cni_ovsctlip_network_config
				191	- name: KUBERNETES_NODE_NAME
				192	valueFrom:
				193	fieldRef:
				194	fieldPath: spec.nodeName
				195	volumeMounts:
				196	- mountPath: /host/opt/cni/bin
				197	name: cni-bin-dir
				198	- mountPath: /host/etc/cni/net.d
				199	name: cni-net-dir
				200	volumes:
				201	- name: cni-bin-dir
				202	hostPath:
				203	path: /opt/cni/bin
				204	- name: cni-net-dir
				205	hostPath:
				206	path: /etc/cni/net.d