openstack/openstack-helm-infra
Code Issues Proposed changes
81da0879c3
openstack-helm-infra/ovn/templates/daemonset-controller.yaml
Vladimir Kozhukalov fb90642b18 Update ovn controller init script 
- OVN init script must be able to attach an interface
  to the provider network bridge and migrate IP from the
  interface to the bridge exactly like Neutron OVS agent
  init script does it.

- OVN init script sets gateway option to those OVN controller
  instances which are running on nodes with l3-agent=enabled
  label.

Change-Id: I24345c1f85c1e75af6e804f09d35abf530ddd6b4
2024-03-21 16:03:51 -05:00

163 lines
5.9 KiB
YAML
Raw Blame History

{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.daemonset_controller }}
{{- $envAll := . }}
{{- $configMapName := "ovn-etc" }}
{{- $serviceAccountName := "ovn-controller" }}
{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
{{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
namespace: {{ $serviceAccountNamespace }}
roleRef:
kind: ClusterRole
name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: ovn-controller
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
serviceAccountName: {{ $serviceAccountName }}
hostNetwork: true
hostPID: true
hostIPC: true
dnsPolicy: ClusterFirstWithHostNet
nodeSelector:
{{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: get-gw-enabled
{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /bin/bash
- -c
- |
kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.l3-agent}' > /tmp/gw-enabled/gw-enabled
env:
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: gw-enabled
mountPath: /tmp/gw-enabled
readOnly: false
- name: controller-init
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/ovn-controller-init.sh
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-controller-init.sh
subPath: ovn-controller-init.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch
- name: ovn-etc
mountPath: /tmp/auto_bridge_add
subPath: auto_bridge_add
readOnly: true
- name: gw-enabled
mountPath: /tmp/gw-enabled
readOnly: true
containers:
- name: controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/ovn-controller.sh
- start
lifecycle:
preStop:
exec:
command:
- /tmp/ovn-controller.sh
- stop
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-controller.sh
subPath: ovn-controller.sh
readOnly: true
- name: run-openvswitch
mountPath: /run/openvswitch
- name: logs
mountPath: /var/log/ovn
- name: run-ovn
mountPath: /run/ovn
volumes:
- name: ovn-bin
configMap:
name: ovn-bin
defaultMode: 0777
- name: run-openvswitch
hostPath:
path: /run/openvswitch
type: DirectoryOrCreate
- name: ovn-etc
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
- name: logs
hostPath:
path: /var/log/ovn
type: DirectoryOrCreate
- name: run-ovn
hostPath:
path: /run/ovn
type: DirectoryOrCreate
- name: gw-enabled
emptyDir: {}
{{- end }}
View Git Blame Copy Permalink