openstack/openstack-helm-infra
Code Issues Proposed changes

feat(ovn): enable ha for OVN control plane

Browse Source 
This is a really big refactor which implements and adds OVN HA
for the control plane which can enable production deployments.

Depends-On: https://review.opendev.org/c/openstack/openstack-helm-images/+/889181
Change-Id: Idce896148b33a87467cd5656918c5c7377a29504
This commit is contained in:
Mohammed Naser 2023-07-21 15:40:09 +00:00 committed by Vladimir Kozhukalov
parent 4ee839a6e4
commit ec29020b32
18 changed files with 612 additions and 1683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ovn/Chart.yaml
View File

@ -15,7 +15,7 @@ apiVersion: v1
appVersion: v23.3.0
description: OpenStack-Helm OVN
name: ovn
version: 0.1.3
version: 0.1.4
home: https://www.ovn.org
icon: https://www.ovn.org/images/ovn-logo.png
sources:

89
ovn/templates/bin/_ovn-controller-init.sh.tpl Normal file
View File

@ -0,0 +1,89 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
function get_ip_address_from_interface {
local interface=$1
local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
echo ${ip}
}
# Detect tunnel interface
tunnel_interface="{{- .Values.network.interface.tunnel -}}"
if [ -z "${tunnel_interface}" ] ; then
# search for interface with tunnel network routing
tunnel_network_cidr="{{- .Values.network.interface.tunnel_network_cidr -}}"
if [ -z "${tunnel_network_cidr}" ] ; then
tunnel_network_cidr="0/0"
fi
# If there is not tunnel network gateway, exit
tunnel_interface=$(ip -4 route list ${tunnel_network_cidr} | awk -F 'dev' '{ print $2; exit }' \
| awk '{ print $1 }') || exit 1
fi
ovs-vsctl set open . external_ids:ovn-encap-ip="$(get_ip_address_from_interface ${tunnel_interface})"
# Configure system ID
set +e
ovs-vsctl get open . external-ids:system-id
if [ $? -eq 1 ]; then
ovs-vsctl set open . external-ids:system-id="$(uuidgen)"
fi
set -e
# Configure OVN remote
{{- if empty .Values.conf.ovn_remote -}}
{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- $sb_service_list := list -}}
{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
{{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
{{- end }}
ovs-vsctl set open . external-ids:ovn-remote="{{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}"
{{- else -}}
ovs-vsctl set open . external-ids:ovn-remote="{{ .Values.conf.ovn_remote }}"
{{- end }}
# Configure OVN values
ovs-vsctl set open . external-ids:rundir="/var/run/openvswitch"
ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}"
ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
ovs-vsctl set open . external-ids:ovn-cms-options="{{ .Values.conf.ovn_cms_options }}"
# Configure hostname
{{- if .Values.conf.use_fqdn.compute }}
ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
{{- else }}
ovs-vsctl set open . external-ids:hostname="$(hostname)"
{{- end }}
# Create bridges and create ports
# handle any bridge mappings
# /tmp/auto_bridge_add is one line json file: {"br-ex1":"eth1","br-ex2":"eth2"}
for bmap in `sed 's/[{}"]//g' /tmp/auto_bridge_add | tr "," "\n"`
do
bridge=${bmap%:*}
iface=${bmap#*:}
ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
if [ -n "$iface" ] && [ "$iface" != "null" ]
then
ovs-vsctl --may-exist add-port $bridge $iface
fi
done

39
ovn/templates/bin/_ovn-controller.sh.tpl Normal file
View File

@ -0,0 +1,39 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
function start () {
/usr/share/ovn/scripts/ovn-ctl start_controller \
--ovn-manage-ovsdb=no
tail --follow=name /var/log/ovn/ovn-controller.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_controller
pkill tail
}
function liveness () {
ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
}
function readiness () {
ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
}
$COMMAND

57
ovn/templates/bin/_ovn-northd.sh.tpl Normal file
View File

@ -0,0 +1,57 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- $nb_service_list := list -}}
{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
{{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
{{- end -}}
{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
{{- $sb_service_list := list -}}
{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
{{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
{{- end }}
function start () {
/usr/share/ovn/scripts/ovn-ctl start_northd \
--ovn-manage-ovsdb=no \
--ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
--ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
tail --follow=name /var/log/ovn/ovn-northd.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_northd
pkill tail
}
function liveness () {
ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
}
function readiness () {
ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
}
$COMMAND

29
ovn/templates/bin/_ovn-setup-bridges-init.sh.tpl
View File

@ -1,29 +0,0 @@
#!/bin/bash
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
set -ex
# handle any bridge mappings
# /tmp/auto_bridge_add is one line json file: {"br-ex1":"eth1","br-ex2":"eth2"}
for bmap in `sed 's/[{}"]//g' /tmp/auto_bridge_add | tr "," "\n"`
do
bridge=${bmap%:*}
iface=${bmap#*:}
ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
if [ -n "$iface" ] && [ "$iface" != "null" ]
then
ovs-vsctl --may-exist add-port $bridge $iface
fi
done

1393
ovn/templates/bin/_ovn.sh.tpl
View File

File diff suppressed because it is too large Load Diff

72
ovn/templates/bin/_ovsdb-server.sh.tpl Normal file
View File

@ -0,0 +1,72 @@
#!/bin/bash -xe
# Copyright 2023 VEXXHOST, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
COMMAND="${@:-start}"
OVSDB_HOST=$(hostname -f)
ARGS=(
--db-${OVS_DATABASE}-create-insecure-remote=yes
--db-${OVS_DATABASE}-cluster-local-proto=tcp
--db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
)
if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
ARGS+=(
--db-${OVS_DATABASE}-cluster-remote-proto=tcp
--db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
)
fi
function start () {
/usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
}
function stop () {
/usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
pkill tail
}
function liveness () {
if [[ $OVS_DATABASE == "nb" ]]; then
OVN_DATABASE="Northbound"
elif [[ $OVS_DATABASE == "sb" ]]; then
OVN_DATABASE="Southbound"
else
echo "OVS_DATABASE must be nb or sb"
exit 1
fi
ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
}
function readiness () {
if [[ $OVS_DATABASE == "nb" ]]; then
OVN_DATABASE="Northbound"
elif [[ $OVS_DATABASE == "sb" ]]; then
OVN_DATABASE="Southbound"
else
echo "OVS_DATABASE must be nb or sb"
exit 1
fi
ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
}
$COMMAND

12
ovn/templates/configmap-bin.yaml
View File

@ -24,8 +24,12 @@ data:
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
{{- end }}
ovn.sh: |
{{ tuple "bin/_ovn.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-setup-bridges-init.sh: |
{{ tuple "bin/_ovn-setup-bridges-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovsdb-server.sh: |
{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-northd.sh: |
{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-controller-init.sh: |
{{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
ovn-controller.sh: |
{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}

38
ovn/templates/daemonset-controller.yaml
View File

@ -38,20 +38,22 @@ spec:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
{{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: ovn-setup-bridge
- name: controller-init
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/ovn-setup-bridges-init.sh
- /tmp/ovn-controller-init.sh
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-setup-bridges-init.sh
subPath: ovn-setup-bridges-init.sh
mountPath: /tmp/ovn-controller-init.sh
subPath: ovn-controller-init.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch
@ -60,25 +62,23 @@ spec:
subPath: auto_bridge_add
readOnly: true
containers:
- name: ovn-controller
- name: controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/start.sh
- ovn-controller
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
env:
- name: K8S_NODE
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: OVN_ENCAP_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/ovn-controller.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovn-controller.sh
- stop
volumeMounts:
- name: ovn-bin
mountPath: /tmp/start.sh
subPath: ovn.sh
mountPath: /tmp/ovn-controller.sh
subPath: ovn-controller.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch

41
ovn/templates/deployment-northd.yaml
View File

@ -12,6 +12,20 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- define "livenessProbeTemplate" }}
exec:
command:
- /tmp/ovn-northd.sh
- liveness
{{- end }}
{{- define "readinessProbeTemplate" }}
exec:
command:
- /tmp/ovn-northd.sh
- readiness
{{- end }}
{{- if .Values.manifests.deployment_northd }}
{{- $envAll := . }}
@ -24,13 +38,10 @@ metadata:
name: ovn-northd
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "ovn" "ovn-northd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
replicas: 1
strategy:
type: Recreate
replicas: {{ .Values.pod.replicas.ovn_northd }}
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-northd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
@ -40,6 +51,7 @@ spec:
{{ tuple $envAll "ovn" "ovn-northd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
nodeSelector:
@ -47,16 +59,25 @@ spec:
initContainers:
{{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovn-northd
- name: northd
{{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/start.sh
- run-ovn-northd
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
command:
- /tmp/ovn-northd.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovn-northd.sh
- stop
volumeMounts:
- name: ovn-bin
mountPath: /tmp/start.sh
subPath: ovn.sh
mountPath: /tmp/ovn-northd.sh
subPath: ovn-northd.sh
readOnly: true
volumes:
- name: ovn-bin

12
ovn/templates/service-nb-db.yaml → ovn/templates/service-ovsdb-nb.yaml
View File

@ -12,17 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ovn_nb_db }}
{{- if .Values.manifests.service_ovn_ovsdb_nb }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "ovn-nb-db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: ovn-nb-db
port: {{ tuple "ovn-nb-db" "internal" "db" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ovsdb
port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: raft
port: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
selector:
{{ tuple $envAll "ovn" "ovn-nb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

12
ovn/templates/service-sb-db.yaml → ovn/templates/service-ovsdb-sb.yaml
View File

@ -12,17 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.service_ovn_sb_db }}
{{- if .Values.manifests.service_ovn_ovsdb_sb }}
{{- $envAll := . }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ tuple "ovn-sb-db" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
spec:
ports:
- name: ovn-sb-db
port: {{ tuple "ovn-sb-db" "internal" "db" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: ovsdb
port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- name: raft
port: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
selector:
{{ tuple $envAll "ovn" "ovn-sb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
{{- end }}

85
ovn/templates/statefulset-nb-db.yaml
View File

@ -1,85 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_ovn_nb_db }}
{{- $envAll := . }}
{{- $serviceAccountName := "ovn-nb-db" }}
{{ tuple $envAll "ovn_nb_db" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ovn-nb-db
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ovn" "ovn-nb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-nb-db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: 1
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-nb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-nb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{- tuple $envAll "ovn" "ovn-nb-db" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ovn_nb_db.node_selector_key }}: {{ .Values.labels.ovn_nb_db.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_nb_db" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovn-nb-db
{{ tuple $envAll "ovn_nb_db" | include "helm-toolkit.snippets.image" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-nb-db" "internal" "db" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
command:
- /tmp/start.sh
- nb-ovsdb
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
volumeMounts:
- name: ovn-bin
mountPath: /tmp/start.sh
subPath: ovn.sh
readOnly: true
- name: ovn-nb-db-data
mountPath: /var/lib/ovn
volumes:
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_nb_db.enabled }}
- name: ovn-nb-db-data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: ovn-nb-db-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ $envAll.Values.volume.ovn_nb_db.size }}
storageClassName: {{ $envAll.Values.volume.ovn_nb_db.class_name }}
{{- end }}
{{- end }}

102
ovn/templates/statefulset-ovsdb-nb.yaml Normal file
View File

@ -0,0 +1,102 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
{{- $envAll := . }}
{{- $serviceAccountName := "ovn-ovsdb-nb" }}
{{ tuple $envAll "ovn_ovsdb_nb" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ovn-ovsdb-nb
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{- tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ovn_ovsdb_nb.node_selector_key }}: {{ .Values.labels.ovn_ovsdb_nb.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- name: OVS_DATABASE
value: nb
- name: OVS_PORT
value: "{{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
command:
- /tmp/ovsdb-server.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovsdb-server.sh
- stop
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovsdb-server.sh
subPath: ovsdb-server.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch
- name: data
mountPath: /var/lib/ovn
volumes:
- name: run-openvswitch
emptyDir: {}
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_nb.class_name }}
resources:
requests:
storage: {{ $envAll.Values.volume.ovn_ovsdb_nb.size }}
{{- end }}
{{- end }}

102
ovn/templates/statefulset-ovsdb-sb.yaml Normal file
View File

@ -0,0 +1,102 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
{{- $envAll := . }}
{{- $serviceAccountName := "ovn-ovsdb-sb" }}
{{ tuple $envAll "ovn_ovsdb_sb" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ovn-ovsdb-sb
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{- tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ovn_ovsdb_sb.node_selector_key }}: {{ .Values.labels.ovn_ovsdb_sb.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
{{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
env:
- name: OVS_DATABASE
value: sb
- name: OVS_PORT
value: "{{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}"
command:
- /tmp/ovsdb-server.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovsdb-server.sh
- stop
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovsdb-server.sh
subPath: ovsdb-server.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch
- name: data
mountPath: /var/lib/ovn
volumes:
- name: run-openvswitch
emptyDir: {}
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
{{- end }}
{{- end }}

85
ovn/templates/statefulset-sb-db.yaml
View File

@ -1,85 +0,0 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.statefulset_ovn_sb_db }}
{{- $envAll := . }}
{{- $serviceAccountName := "ovn-sb-db" }}
{{ tuple $envAll "ovn_sb_db" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: ovn-sb-db
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
labels:
{{ tuple $envAll "ovn" "ovn-sb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
serviceName: {{ tuple "ovn-sb-db" "internal" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
replicas: 1
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-sb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-sb-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
affinity:
{{- tuple $envAll "ovn" "ovn-sb-db" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
nodeSelector:
{{ .Values.labels.ovn_sb_db.node_selector_key }}: {{ .Values.labels.ovn_sb_db.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_sb_db" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovn-sb-db
{{ tuple $envAll "ovn_sb_db" | include "helm-toolkit.snippets.image" | indent 10 }}
ports:
- containerPort: {{ tuple "ovn-sb-db" "internal" "db" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
command:
- /tmp/start.sh
- sb-ovsdb
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
volumeMounts:
- name: ovn-bin
mountPath: /tmp/start.sh
subPath: ovn.sh
readOnly: true
- name: ovn-sb-db-data
mountPath: /var/lib/ovn
volumes:
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0555
{{- if not .Values.volume.ovn_sb_db.enabled }}
- name: ovn-sb-db-data
emptyDir: {}
{{- else }}
volumeClaimTemplates:
- metadata:
name: ovn-sb-db-data
spec:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: {{ $envAll.Values.volume.ovn_sb_db.size }}
storageClassName: {{ $envAll.Values.volume.ovn_sb_db.class_name }}
{{- end }}
{{- end }}

124
ovn/values.yaml
View File

@ -20,8 +20,8 @@ release_group: null
images:
tags:
ovn_nb_db: docker.io/openstackhelm/ovn:latest-ubuntu_focal
ovn_sb_db: docker.io/openstackhelm/ovn:latest-ubuntu_focal
ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
@ -34,10 +34,10 @@ images:
- image_repo_sync
labels:
ovn_nb_db:
ovn_ovsdb_nb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_sb_db:
ovn_ovsdb_sb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
@ -48,30 +48,28 @@ labels:
node_selector_value: enabled
volume:
ovn_nb_db:
use_local_path:
enabled: false
host_path: /var/lib/rabbitmq
chown_on_start: true
ovn_ovsdb_nb:
enabled: true
class_name: general
size: 5Gi
ovn_sb_db:
use_local_path:
enabled: false
host_path: /var/lib/rabbitmq
chown_on_start: true
ovn_ovsdb_sb:
enabled: true
class_name: general
size: 5Gi
network:
interface:
# Tunnel interface will be used for VXLAN tunneling.
tunnel: null
# If tunnel is null there is a fallback mechanism to search
# for interface with routing using tunnel network cidr.
tunnel_network_cidr: "0/0"
conf:
ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
ovn_remote: tcp:ovn-sb-db.openstack.svc.cluster.local:6640
ovn_encap_type: geneve
ovn_bridge: br-int
# ovn_bridge_mappings: "physnet-public:br-public,physnet-private:br-private"
ovn_bridge_mappings: ""
ovn_bridge_mappings: external:br-ex
# auto_bridge_add:
# br-private: eth0
@ -83,10 +81,23 @@ conf:
compute: true
pod:
security_context:
ovn_northd:
container:
northd:
capabilities:
add:
- SYS_NICE
ovn_controller:
container:
controller:
capabilities:
add:
- SYS_NICE
tolerations:
ovn_nb_db:
ovn_ovsdb_nb:
enabled: false
ovn_sb_db:
ovn_ovsdb_sb:
enabled: false
ovn_northd:
enabled: false
@ -102,17 +113,32 @@ pod:
default: 10
probes:
# TODO: Add healthchecks
ovn_northd:
northd:
readiness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
liveness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
dns_policy: "ClusterFirstWithHostNet"
replicas:
ovn_ovsdb_nb: 1
ovn_ovsdb_sb: 1
ovn_northd: 1
lifecycle:
upgrades:
daemonsets:
pod_replacement_strategy: RollingUpdate
ovn_nb_db:
ovn_ovsdb_nb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_sb_db:
ovn_ovsdb_sb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
@ -127,14 +153,14 @@ pod:
resources:
enabled: false
ovs:
ovn_nb_db:
ovn_ovsdb_nb:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_sb_db:
ovn_ovsdb_sb:
requests:
memory: "128Mi"
cpu: "100m"
@ -166,8 +192,8 @@ pod:
secrets:
oci_image_registry:
ovn_nb_db: ovn-nb-db-oci-image-registry-key
ovn_sb_db: ovn-sb-db-oci-image-registry-key
ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
ovn_northd: ovn-northd-oci-image-registry-key
ovn_controller: ovn-controller-oci-image-registry-key
@ -201,34 +227,38 @@ endpoints:
port:
registry:
default: null
ovn_nb_db:
name: ovn-nb-db
ovn_ovsdb_nb:
name: ovn-ovsdb-nb
namespace: null
hosts:
default: ovn-nb-db
default: ovn-ovsdb-nb
host_fqdn_override:
default: null
port:
db:
default: 6640
ovn_sb_db:
name: ovn-sb-db
ovsdb:
default: 6641
raft:
default: 6643
ovn_ovsdb_sb:
name: ovn-ovsdb-sb
namespace: null
hosts:
default: ovn-sb-db
default: ovn-ovsdb-sb
host_fqdn_override:
default: null
port:
db:
default: 6640
ovsdb:
default: 6642
raft:
default: 6644
network_policy:
ovn_nb_db:
ovn_ovsdb_nb:
ingress:
- {}
egress:
- {}
ovn_sb_db:
ovn_ovsdb_sb:
ingress:
- {}
egress:
@ -254,18 +284,18 @@ dependencies:
- endpoint: node
service: local_image_registry
static:
ovn_nb_db: null
ovn_sb_db: null
ovn_ovsdb_nb: null
ovn_ovsdb_sb: null
ovn_northd:
services:
- endpoint: internal
service: ovn-nb-db
service: ovn-ovsdb-nb
- endpoint: internal
service: ovn-sb-db
service: ovn-ovsdb-sb
ovn_controller:
services:
- endpoint: internal
service: ovn-sb-db
service: ovn-ovsdb-sb
pod:
- requireSameNode: true
labels:
@ -281,10 +311,10 @@ manifests:
configmap_etc: true
deployment_northd: true
daemonset_controller: true
service_ovn_nb_db: true
service_ovn_sb_db: true
statefulset_ovn_nb_db: true
statefulset_ovn_sb_db: true
service_ovn_ovsdb_nb: true
service_ovn_ovsdb_sb: true
statefulset_ovn_ovsdb_nb: true
statefulset_ovn_ovsdb_sb: true
deployment_ovn_northd: true
daemonset_ovn_controller: true
job_image_repo_sync: true

1
releasenotes/notes/ovn.yaml
View File

@ -4,4 +4,5 @@ ovn:
- 0.1.1 Fix ovn db persistence issue
- 0.1.2 Add bridge-mapping configuration
- 0.1.3 Fix system-id reuse
- 0.1.4 Add support for OVN HA + refactor
...