[ATMOSPHERE-497] [stable/2024.1] chart: sync ovn with upstream (#2028)
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/.charts.yml b/.charts.yml
index c19c5ef..4c3e371 100644
--- a/.charts.yml
+++ b/.charts.yml
@@ -172,14 +172,13 @@
repository: *openstack_helm_infra_repository
dependencies: *openstack_helm_dependencies
- name: ovn
- version: 0.1.4
+ version: 0.1.13
repository: *openstack_helm_infra_repository
dependencies: *openstack_helm_dependencies
patches:
gerrit:
review.opendev.org:
- - 893739
- - 914807
+ - 933333
- name: placement
version: 0.3.9
repository: *openstack_helm_repository
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 8ac48b4..00f498b 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://github.com/ovn-org/ovn
- https://opendev.org/openstack/openstack-helm
-version: 0.1.4
+version: 0.1.13
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
index 77e1e68..1d303c8 100644
--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -18,7 +18,7 @@
function get_ip_address_from_interface {
local interface=$1
- local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+ local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
@@ -27,7 +27,7 @@
function get_ip_prefix_from_interface {
local interface=$1
- local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $2}')
+ local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $2}')
if [ -z "${prefix}" ] ; then
exit 1
fi
@@ -70,7 +70,7 @@
elif [[ -z "${bridge_ip}" && -z "${ip}" ]]; then
echo "Interface and bridge have no ips configured. Leaving as is."
else
- echo "Interface ${name} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
+ echo "Interface ${src_nic} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
exit 1
fi
@@ -144,13 +144,20 @@
ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}"
ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
-ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+
+GW_ENABLED=$(cat /tmp/gw-enabled/gw-enabled)
+if [[ ${GW_ENABLED} == {{ .Values.labels.ovn_controller_gw.node_selector_value }} ]]; then
+ ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options_gw_enabled }}
+else
+ ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+fi
+
{{ if .Values.conf.ovn_bridge_datapath_type -}}
ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
{{- end }}
# Configure hostname
-{{- if .Values.conf.use_fqdn.compute }}
+{{- if .Values.pod.use_fqdn.compute }}
ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
{{- else }}
ovs-vsctl set open . external-ids:hostname="$(hostname)"
@@ -164,7 +171,7 @@
bridge=${bmap%:*}
iface=${bmap#*:}
ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
- if [ -n "$iface" ] && [ "$iface" != "null" ]
+ if [ -n "$iface" ] && [ "$iface" != "null" ] && ( ip link show $iface 1>/dev/null 2>&1 );
then
ovs-vsctl --may-exist add-port $bridge $iface
migrate_ip_from_nic $iface $bridge
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
deleted file mode 100644
index 3ecd81d..0000000
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ /dev/null
@@ -1,191 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "controllerGatewayReadinessProbeTemplate" }}
-exec:
- command:
- - /usr/bin/ovn-kube-util
- - readiness-probe
- - -t
- - ovn-controller
-{{- end }}
-
-{{- if .Values.manifests.daemonset_ovn_controller_gw }}
-{{- $envAll := . }}
-
-{{- $configMapName := "ovn-etc" }}
-{{- $serviceAccountName := "ovn-controller-gw" }}
-{{ tuple $envAll "ovn_controller_gw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
- name: ovn-controller-gw
- annotations:
- {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: gw
-spec:
- selector:
- matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: gw
- template:
- metadata:
- labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: gw
- annotations:
-{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
- spec:
- serviceAccountName: {{ $serviceAccountName }}
- hostNetwork: true
- dnsPolicy: {{ .Values.pod.dns_policy }}
- nodeSelector:
- {{ .Values.labels.ovn_controller_gw.node_selector_key }}: {{ .Values.labels.ovn_controller_gw.node_selector_value }}
- initContainers:
-{{- tuple $envAll "ovn_controller_gw" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- - name: controller-init
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-controller-init.sh
- env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.gw_ovn_cms_options | quote }}
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller-init.sh
- subPath: ovn-controller-init.sh
- readOnly: true
- - name: run-openvswitch
- mountPath: /run/openvswitch
- - name: ovn-etc
- mountPath: /tmp/auto_bridge_add
- subPath: auto_bridge_add
- readOnly: true
- containers:
- - name: controller
- command:
- - /root/ovnkube.sh
- - ovn-controller
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- env:
- - name: OVN_DAEMONSET_VERSION
- value: "3"
- - name: OVN_LOGLEVEL_CONTROLLER
- value: "-vconsole:info -vfile:info"
- - name: OVN_KUBERNETES_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: OVN_KUBERNETES_NB_STATEFULSET
- value: ovn-ovsdb-nb
- - name: OVN_KUBERNETES_SB_STATEFULSET
- value: ovn-ovsdb-sb
- - name: OVN_SSL_ENABLE
- value: "no"
- volumeMounts:
- - name: run-openvswitch
- mountPath: /var/run/ovn
- - name: run-openvswitch
- mountPath: /var/run/openvswitch
- - name: shared
- mountPath: /var/log/ovn/
- {{- if .Values.pod.sidecars.vector }}
- - name: vector
-{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - vector
- - --config
- - /etc/vector/vector.toml
- volumeMounts:
- - name: vector-config
- mountPath: /etc/vector
- - name: shared
- mountPath: /logs
- - name: vector-data
- mountPath: /var/lib/vector
- {{- end }}
- {{- if .Values.pod.sidecars.ovn_logging_parser }}
- - name: log-parser
-{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-network-logging-parser.sh
- - start
- env:
- - name: VECTOR_HTTP_ENDPOINT
- value: http://localhost:5001
- ports:
- - name: http
- containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- protocol: TCP
- volumeMounts:
- - name: neutron-etc
- mountPath: /etc/neutron/neutron.conf
- subPath: neutron.conf
- readOnly: true
- - name: ovn-bin
- mountPath: /tmp/ovn-network-logging-parser.sh
- subPath: ovn-network-logging-parser.sh
- readOnly: true
- - name: ovn-etc
- mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
- subPath: neutron-ovn-network-logging-parser-uwsgi.ini
- readOnly: true
- {{- end }}
- volumes:
- - name: ovn-bin
- configMap:
- name: ovn-bin
- defaultMode: 0777
- - name: run-openvswitch
- hostPath:
- path: /run/openvswitch
- type: DirectoryOrCreate
- - name: ovn-etc
- secret:
- secretName: {{ $configMapName }}
- defaultMode: 0444
- - name: shared
- emptyDir: {}
- {{- if .Values.pod.sidecars.vector }}
- - name: vector-config
- secret:
- secretName: ovn-vector-config
- - name: vector-data
- emptyDir: {}
- {{- end }}
- {{- if .Values.pod.sidecars.ovn_logging_parser }}
- - name: neutron-etc
- secret:
- secretName: neutron-etc
- defaultMode: 0444
- {{- end }}
-{{- end }}
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index b6b0b04..82b70f7 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -26,7 +26,33 @@
{{- $configMapName := "ovn-etc" }}
{{- $serviceAccountName := "ovn-controller" }}
+{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
{{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list", "get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $serviceAccountNamespace }}
+roleRef:
+ kind: ClusterRole
+ name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+ apiGroup: rbac.authorization.k8s.io
+
---
kind: DaemonSet
apiVersion: apps/v1
@@ -37,17 +63,14 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: hv
spec:
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: hv
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: hv
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -55,19 +78,35 @@
spec:
serviceAccountName: {{ $serviceAccountName }}
hostNetwork: true
+ hostPID: true
+ hostIPC: true
dnsPolicy: {{ .Values.pod.dns_policy }}
nodeSelector:
{{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: get-gw-enabled
+{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.{{ .Values.labels.ovn_controller_gw.node_selector_key }}}' > /tmp/gw-enabled/gw-enabled
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - name: gw-enabled
+ mountPath: /tmp/gw-enabled
+ readOnly: false
- name: controller-init
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/ovn-controller-init.sh
env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.ovn_cms_options | quote }}
- name: NODE_NAME
valueFrom:
fieldRef:
@@ -83,14 +122,17 @@
mountPath: /tmp/auto_bridge_add
subPath: auto_bridge_add
readOnly: true
+ - name: gw-enabled
+ mountPath: /tmp/gw-enabled
+ readOnly: true
containers:
- name: controller
- command:
- - /root/ovnkube.sh
- - ovn-controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /root/ovnkube.sh
+ - ovn-controller
{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
@@ -109,9 +151,57 @@
value: "no"
volumeMounts:
- name: run-openvswitch
- mountPath: /var/run/ovn
+ mountPath: /run/openvswitch
+ - name: logs
+ mountPath: /var/log/ovn
- name: run-openvswitch
- mountPath: /var/run/openvswitch
+ mountPath: /run/ovn
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector
+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - vector
+ - --config
+ - /etc/vector/vector.toml
+ volumeMounts:
+ - name: vector-config
+ mountPath: /etc/vector
+ - name: logs
+ mountPath: /logs
+ - name: vector-data
+ mountPath: /var/lib/vector
+ {{- end }}
+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
+ - name: log-parser
+{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/ovn-network-logging-parser.sh
+ - start
+ env:
+ - name: VECTOR_HTTP_ENDPOINT
+ value: http://localhost:5001
+ ports:
+ - name: http
+ containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ protocol: TCP
+ volumeMounts:
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ - name: ovn-bin
+ mountPath: /tmp/ovn-network-logging-parser.sh
+ subPath: ovn-network-logging-parser.sh
+ readOnly: true
+ - name: ovn-etc
+ mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
+ subPath: neutron-ovn-network-logging-parser-uwsgi.ini
+ readOnly: true
+ {{- end }}
volumes:
- name: ovn-bin
configMap:
@@ -125,4 +215,27 @@
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: logs
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
+ - name: run-ovn
+ hostPath:
+ path: /run/ovn
+ type: DirectoryOrCreate
+ - name: gw-enabled
+ emptyDir: {}
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector-config
+ secret:
+ secretName: ovn-vector-config
+ - name: vector-data
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
+ - name: neutron-etc
+ secret:
+ secretName: neutron-etc
+ defaultMode: 0444
+ {{- end }}
{{- end }}
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index ae31b35..f945bb2 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -62,6 +62,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 4866074..98e70ad 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -73,6 +73,7 @@
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -110,7 +111,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 92af96d..694348b 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -110,7 +110,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 5c35a2f..8c99d50 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -20,11 +20,12 @@
images:
tags:
- ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/library/docker:17.07.0
vector: docker.io/timberio/vector:0.39.0-debian
ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
@@ -37,19 +38,19 @@
labels:
ovn_ovsdb_nb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_ovsdb_sb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_controller:
- node_selector_key: openstack-compute-node
+ node_selector_key: openvswitch
node_selector_value: enabled
ovn_controller_gw:
- node_selector_key: openstack-control-plane
+ node_selector_key: l3-agent
node_selector_value: enabled
volume:
@@ -72,7 +73,7 @@
conf:
ovn_cms_options: "availability-zones=nova"
- gw_ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
+ ovn_cms_options_gw_enabled: "enable-chassis-as-gw,availability-zones=nova"
ovn_encap_type: geneve
ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex
@@ -84,10 +85,6 @@
# br-public: eth1
auto_bridge_add: {}
- # NOTE: should be same as nova.conf.use_fqdn.compute
- use_fqdn:
- compute: true
-
ovn_network_logging_parser_uwsgi:
uwsgi:
add-header: "Connection: close"
@@ -107,6 +104,9 @@
wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
pod:
+ # NOTE: should be same as nova.pod.use_fqdn.compute
+ use_fqdn:
+ compute: true
security_context:
ovn_northd:
container:
@@ -117,21 +117,11 @@
ovn_controller:
container:
controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
controller:
- capabilities:
- add:
- - SYS_NICE
- ovn_controller_gw:
- container:
- controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
- controller:
- capabilities:
- add:
- - SYS_NICE
ovn_logging_parser:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
@@ -147,8 +137,6 @@
enabled: false
ovn_controller:
enabled: false
- ovn_controller_gw:
- enabled: false
affinity:
anti:
type:
@@ -224,10 +212,6 @@
enabled: true
min_ready_seconds: 0
max_unavailable: 1
- ovn_controller_gw:
- enabled: true
- min_ready_seconds: 0
- max_unavailable: 1
resources:
enabled: false
ovs:
@@ -259,28 +243,20 @@
limits:
memory: "1024Mi"
cpu: "2000m"
- ovn_controller_gw:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
- ovn_controller_gw:
- ovn_logging_parser:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "500m"
- vector:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "500m"
+ ovn_logging_parser:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "256Mi"
+ cpu: "500m"
+ vector:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "256Mi"
+ cpu: "500m"
jobs:
image_repo_sync:
requests:
@@ -289,6 +265,7 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+
sidecars:
ovn_logging_parser: false
vector: false
@@ -387,9 +364,6 @@
ovn_controller:
ingress:
- {}
- ovn_controller_gw:
- ingress:
- - {}
egress:
- {}
@@ -415,10 +389,6 @@
services:
- endpoint: internal
service: ovn-ovsdb-sb
- ovn_controller_gw:
- services:
- - endpoint: internal
- service: ovn-ovsdb-sb
pod:
- requireSameNode: true
labels:
@@ -439,6 +409,5 @@
statefulset_ovn_ovsdb_sb: true
deployment_ovn_northd: true
daemonset_ovn_controller: true
- daemonset_ovn_controller_gw: true
job_image_repo_sync: true
...
diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
index f8dc4c1..35719dd 100644
--- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
+++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch
@@ -1,7 +1,7 @@
-diff --git b/ovn/templates/bin/_ovn-controller-init.sh.tpl a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
-index 1e61577d..77e1e687 100644
---- b/ovn/templates/bin/_ovn-controller-init.sh.tpl
-+++ a/ovn/templates/bin/_ovn-controller-init.sh.tpl
+diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl
+index 55cc2ecb..885204a0 100644
+--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl
++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -14,6 +14,8 @@
# See the License for the specific language governing permissions and
# limitations under the License.
@@ -10,7 +10,7 @@
+
function get_ip_address_from_interface {
local interface=$1
- local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+ local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
@@ -75,6 +77,19 @@ function migrate_ip_from_nic {
set -e
}
@@ -63,21 +63,22 @@
# Configure OVN remote
{{- if empty .Values.conf.ovn_remote -}}
-@@ -118,6 +145,9 @@ ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type
- ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
- ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
- ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+@@ -125,6 +152,10 @@ else
+ ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+ fi
+
+{{ if .Values.conf.ovn_bridge_datapath_type -}}
+ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
+{{- end }}
-
++
# Configure hostname
- {{- if .Values.conf.use_fqdn.compute }}
-diff --git b/ovn/templates/clusterrole-controller.yaml a/charts/ovn/templates/clusterrole-controller.yaml
+ {{- if .Values.pod.use_fqdn.compute }}
+ ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
+diff --git a/ovn/templates/clusterrole-controller.yaml b/ovn/templates/clusterrole-controller.yaml
new file mode 100644
index 00000000..8291f65a
--- /dev/null
-+++ a/ovn/templates/clusterrole-controller.yaml
++++ b/ovn/templates/clusterrole-controller.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
@@ -91,11 +92,11 @@
+ verbs:
+ - get
+ - patch
-diff --git b/ovn/templates/clusterrolebinding-controller.yaml a/charts/ovn/templates/clusterrolebinding-controller.yaml
+diff --git a/ovn/templates/clusterrolebinding-controller.yaml b/ovn/templates/clusterrolebinding-controller.yaml
new file mode 100644
index 00000000..c95ef5e9
--- /dev/null
-+++ a/ovn/templates/clusterrolebinding-controller.yaml
++++ b/ovn/templates/clusterrolebinding-controller.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
@@ -112,10 +113,10 @@
+- kind: ServiceAccount
+ name: ovn-controller-gw
+ namespace: {{ .Release.Namespace }}
-diff --git b/ovn/templates/configmap-bin.yaml a/charts/ovn/templates/configmap-bin.yaml
+diff --git a/ovn/templates/configmap-bin.yaml b/ovn/templates/configmap-bin.yaml
index a849dd8a..82001f99 100644
---- b/ovn/templates/configmap-bin.yaml
-+++ a/ovn/templates/configmap-bin.yaml
+--- a/ovn/templates/configmap-bin.yaml
++++ b/ovn/templates/configmap-bin.yaml
@@ -24,12 +24,6 @@ data:
image-repo-sync.sh: |
{{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
@@ -129,89 +130,10 @@
- ovn-controller.sh: |
-{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
{{- end }}
-diff --git b/ovn/templates/daemonset-controller-gw.yaml a/charts/ovn/templates/daemonset-controller-gw.yaml
-index 6307bbab..eb309c5e 100644
---- b/ovn/templates/daemonset-controller-gw.yaml
-+++ a/ovn/templates/daemonset-controller-gw.yaml
-@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
- limitations under the License.
- */}}
-
-+{{- define "controllerGatewayReadinessProbeTemplate" }}
-+exec:
-+ command:
-+ - /usr/bin/ovn-kube-util
-+ - readiness-probe
-+ - -t
-+ - ovn-controller
-+{{- end }}
-+
- {{- if .Values.manifests.daemonset_ovn_controller_gw }}
- {{- $envAll := . }}
-
-@@ -59,6 +68,10 @@ spec:
- env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.gw_ovn_cms_options | quote }}
-+ - name: NODE_NAME
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: spec.nodeName
- volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller-init.sh
-@@ -72,25 +85,33 @@ spec:
- readOnly: true
- containers:
- - name: controller
-+ command:
-+ - /root/ovnkube.sh
-+ - ovn-controller
- {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
- {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
- {{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-- command:
-- - /tmp/ovn-controller.sh
-- - start
-- lifecycle:
-- preStop:
-- exec:
-- command:
-- - /tmp/ovn-controller.sh
-- - stop
-+{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-+ env:
-+ - name: OVN_DAEMONSET_VERSION
-+ value: "3"
-+ - name: OVN_LOGLEVEL_CONTROLLER
-+ value: "-vconsole:info -vfile:info"
-+ - name: OVN_KUBERNETES_NAMESPACE
-+ valueFrom:
-+ fieldRef:
-+ fieldPath: metadata.namespace
-+ - name: OVN_KUBERNETES_NB_STATEFULSET
-+ value: ovn-ovsdb-nb
-+ - name: OVN_KUBERNETES_SB_STATEFULSET
-+ value: ovn-ovsdb-sb
-+ - name: OVN_SSL_ENABLE
-+ value: "no"
- volumeMounts:
-- - name: ovn-bin
-- mountPath: /tmp/ovn-controller.sh
-- subPath: ovn-controller.sh
-- readOnly: true
- - name: run-openvswitch
-- mountPath: /run/openvswitch
-+ mountPath: /var/run/ovn
-+ - name: run-openvswitch
-+ mountPath: /var/run/openvswitch
- volumes:
- - name: ovn-bin
- configMap:
-diff --git b/ovn/templates/daemonset-controller.yaml a/charts/ovn/templates/daemonset-controller.yaml
-index 85daf70b..b6b0b048 100644
---- b/ovn/templates/daemonset-controller.yaml
-+++ a/ovn/templates/daemonset-controller.yaml
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index 4cd5d9b2..fae94512 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
@@ -12,6 +12,15 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
@@ -228,10 +150,11 @@
{{- if .Values.manifests.daemonset_ovn_controller }}
{{- $envAll := . }}
-@@ -59,6 +68,10 @@ spec:
- env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.ovn_cms_options | quote }}
+@@ -106,6 +106,11 @@ spec:
+ {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /tmp/ovn-controller-init.sh
++ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
@@ -239,17 +162,10 @@
volumeMounts:
- name: ovn-bin
mountPath: /tmp/ovn-controller-init.sh
-@@ -72,25 +85,33 @@ spec:
- readOnly: true
- containers:
- - name: controller
-+ command:
-+ - /root/ovnkube.sh
-+ - ovn-controller
- {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
+@@ -117,17 +122,23 @@ spec:
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-- command:
+ command:
- - /tmp/ovn-controller.sh
- - start
- lifecycle:
@@ -258,6 +174,8 @@
- command:
- - /tmp/ovn-controller.sh
- - stop
++ - /root/ovnkube.sh
++ - ovn-controller
+{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ env:
+ - name: OVN_DAEMONSET_VERSION
@@ -280,17 +198,19 @@
- subPath: ovn-controller.sh
- readOnly: true
- name: run-openvswitch
-- mountPath: /run/openvswitch
-+ mountPath: /var/run/ovn
+@@ -154,7 +154,7 @@ spec:
+ mountPath: /run/openvswitch
+ - name: logs
+ mountPath: /var/log/ovn
+- - name: run-ovn
+ - name: run-openvswitch
-+ mountPath: /var/run/openvswitch
- volumes:
- - name: ovn-bin
- configMap:
-diff --git b/ovn/templates/deployment-northd.yaml a/charts/ovn/templates/deployment-northd.yaml
+ mountPath: /run/ovn
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector
+diff --git a/ovn/templates/deployment-northd.yaml b/ovn/templates/deployment-northd.yaml
index e3afdd05..ae31b357 100644
---- b/ovn/templates/deployment-northd.yaml
-+++ a/ovn/templates/deployment-northd.yaml
+--- a/ovn/templates/deployment-northd.yaml
++++ b/ovn/templates/deployment-northd.yaml
@@ -12,18 +12,13 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
@@ -315,7 +235,7 @@
{{- end }}
{{- if .Values.manifests.deployment_northd }}
-@@ -60,28 +55,26 @@ spec:
+@@ -60,28 +55,27 @@ spec:
{{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: northd
@@ -347,6 +267,7 @@
- name: ovn-bin
- defaultMode: 0555
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+ env:
+ - name: OVN_DAEMONSET_VERSION
+ value: "3"
@@ -363,11 +284,11 @@
+ - name: OVN_SSL_ENABLE
+ value: "no"
{{- end }}
-diff --git b/ovn/templates/role-controller.yaml a/charts/ovn/templates/role-controller.yaml
+diff --git a/ovn/templates/role-controller.yaml b/ovn/templates/role-controller.yaml
new file mode 100644
index 00000000..de3cfa6d
--- /dev/null
-+++ a/ovn/templates/role-controller.yaml
++++ b/ovn/templates/role-controller.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
@@ -380,11 +301,11 @@
+ - endpointslices
+ verbs:
+ - list
-diff --git b/ovn/templates/role-northd.yaml a/charts/ovn/templates/role-northd.yaml
+diff --git a/ovn/templates/role-northd.yaml b/ovn/templates/role-northd.yaml
new file mode 100644
index 00000000..ca02fae6
--- /dev/null
-+++ a/ovn/templates/role-northd.yaml
++++ b/ovn/templates/role-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
@@ -397,11 +318,11 @@
+ - endpointslices
+ verbs:
+ - list
-diff --git b/ovn/templates/role-ovsdb.yaml a/charts/ovn/templates/role-ovsdb.yaml
+diff --git a/ovn/templates/role-ovsdb.yaml b/ovn/templates/role-ovsdb.yaml
new file mode 100644
index 00000000..10e0e239
--- /dev/null
-+++ a/ovn/templates/role-ovsdb.yaml
++++ b/ovn/templates/role-ovsdb.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
@@ -422,11 +343,11 @@
+ verbs:
+ - list
+ - get
-diff --git b/ovn/templates/rolebinding-controller.yaml a/charts/ovn/templates/rolebinding-controller.yaml
+diff --git a/ovn/templates/rolebinding-controller.yaml b/ovn/templates/rolebinding-controller.yaml
new file mode 100644
index 00000000..7973c7e2
--- /dev/null
-+++ a/ovn/templates/rolebinding-controller.yaml
++++ b/ovn/templates/rolebinding-controller.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
@@ -441,11 +362,11 @@
+ name: ovn-controller
+- kind: ServiceAccount
+ name: ovn-controller-gw
-diff --git b/ovn/templates/rolebinding-northd.yaml a/charts/ovn/templates/rolebinding-northd.yaml
+diff --git a/ovn/templates/rolebinding-northd.yaml b/ovn/templates/rolebinding-northd.yaml
new file mode 100644
index 00000000..428a4707
--- /dev/null
-+++ a/ovn/templates/rolebinding-northd.yaml
++++ b/ovn/templates/rolebinding-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
@@ -458,11 +379,11 @@
+subjects:
+- kind: ServiceAccount
+ name: ovn-northd
-diff --git b/ovn/templates/rolebinding-ovsdb.yaml a/charts/ovn/templates/rolebinding-ovsdb.yaml
+diff --git a/ovn/templates/rolebinding-ovsdb.yaml b/ovn/templates/rolebinding-ovsdb.yaml
new file mode 100644
index 00000000..f32382bc
--- /dev/null
-+++ a/ovn/templates/rolebinding-ovsdb.yaml
++++ b/ovn/templates/rolebinding-ovsdb.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
@@ -477,10 +398,10 @@
+ name: ovn-ovsdb-nb
+- kind: ServiceAccount
+ name: ovn-ovsdb-sb
-diff --git b/ovn/templates/service-ovsdb-nb.yaml a/charts/ovn/templates/service-ovsdb-nb.yaml
+diff --git a/ovn/templates/service-ovsdb-nb.yaml b/ovn/templates/service-ovsdb-nb.yaml
index b93da9b8..56f7cd09 100644
---- b/ovn/templates/service-ovsdb-nb.yaml
-+++ a/ovn/templates/service-ovsdb-nb.yaml
+--- a/ovn/templates/service-ovsdb-nb.yaml
++++ b/ovn/templates/service-ovsdb-nb.yaml
@@ -20,6 +20,7 @@ kind: Service
metadata:
name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
@@ -489,10 +410,10 @@
ports:
- name: ovsdb
port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git b/ovn/templates/service-ovsdb-sb.yaml a/charts/ovn/templates/service-ovsdb-sb.yaml
+diff --git a/ovn/templates/service-ovsdb-sb.yaml b/ovn/templates/service-ovsdb-sb.yaml
index 70f62c6e..4a6b5864 100644
---- b/ovn/templates/service-ovsdb-sb.yaml
-+++ a/ovn/templates/service-ovsdb-sb.yaml
+--- a/ovn/templates/service-ovsdb-sb.yaml
++++ b/ovn/templates/service-ovsdb-sb.yaml
@@ -20,6 +20,7 @@ kind: Service
metadata:
name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
@@ -501,10 +422,10 @@
ports:
- name: ovsdb
port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
-diff --git b/ovn/templates/statefulset-ovsdb-nb.yaml a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
-index c8198279..4866074e 100644
---- b/ovn/templates/statefulset-ovsdb-nb.yaml
-+++ a/ovn/templates/statefulset-ovsdb-nb.yaml
+diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml
+index 04958165..98e70ada 100644
+--- a/ovn/templates/statefulset-ovsdb-nb.yaml
++++ b/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
@@ -533,7 +454,7 @@
replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
selector:
matchLabels:
-@@ -49,41 +63,54 @@ spec:
+@@ -49,43 +63,57 @@ spec:
{{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
@@ -547,6 +468,7 @@
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
++
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -602,7 +524,9 @@
+ mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
- - name: ovn-bin
- configMap:
- name: ovn-bin
@@ -610,10 +534,10 @@
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
-diff --git b/ovn/templates/statefulset-ovsdb-sb.yaml a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
-index 916ef94d..92af96de 100644
---- b/ovn/templates/statefulset-ovsdb-sb.yaml
-+++ a/ovn/templates/statefulset-ovsdb-sb.yaml
+diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml
+index 9e7b6670..694348b2 100644
+--- a/ovn/templates/statefulset-ovsdb-sb.yaml
++++ b/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -12,6 +12,19 @@ See the License for the specific language governing permissions and
limitations under the License.
*/}}
@@ -642,7 +566,7 @@
replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
selector:
matchLabels:
-@@ -49,41 +63,54 @@ spec:
+@@ -49,43 +63,56 @@ spec:
{{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: ovsdb
@@ -711,7 +635,9 @@
+ mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
- - name: ovn-bin
- configMap:
- name: ovn-bin
@@ -719,7 +645,7 @@
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
-@@ -93,10 +120,10 @@ spec:
+@@ -95,10 +122,10 @@ spec:
name: data
spec:
accessModes: ["ReadWriteOnce"]
@@ -731,11 +657,11 @@
{{- end }}
{{- end }}
-diff --git b/ovn/values.yaml a/charts/ovn/values.yaml
-index 518dd71e..214dd16f 100644
---- b/ovn/values.yaml
-+++ a/ovn/values.yaml
-@@ -52,12 +52,10 @@ labels:
+diff --git a/ovn/values.yaml b/ovn/values.yaml
+index a18184ab..b07a0f5a 100644
+--- a/ovn/values.yaml
++++ b/ovn/values.yaml
+@@ -51,12 +51,10 @@ labels:
volume:
ovn_ovsdb_nb:
@@ -757,7 +683,7 @@
# auto_bridge_add:
# br-private: eth0
-@@ -138,13 +138,41 @@ pod:
+@@ -135,13 +135,41 @@ pod:
readiness:
enabled: true
params:
@@ -804,7 +730,7 @@
dns_policy: "ClusterFirstWithHostNet"
replicas:
ovn_ovsdb_nb: 1
-@@ -179,18 +207,18 @@ pod:
+@@ -176,18 +204,18 @@ pod:
ovs:
ovn_ovsdb_nb:
requests:
diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch
index f964369..69a74a0 100644
--- a/charts/patches/ovn/0002-add-logging-parser.patch
+++ b/charts/patches/ovn/0002-add-logging-parser.patch
@@ -69,21 +69,19 @@
{{- end }}
{{- end }}
-diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonset-controller-gw.yaml
-index eb309c5e..3ecd81dc 100644
---- a/ovn/templates/daemonset-controller-gw.yaml
-+++ b/ovn/templates/daemonset-controller-gw.yaml
-@@ -112,6 +112,54 @@ spec:
- mountPath: /var/run/ovn
- - name: run-openvswitch
- mountPath: /var/run/openvswitch
-+ - name: shared
-+ mountPath: /var/log/ovn/
+diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml
+index e421794f..843cbeaa 100644
+--- a/ovn/templates/daemonset-controller.yaml
++++ b/ovn/templates/daemonset-controller.yaml
+@@ -156,6 +156,52 @@ spec:
+ mountPath: /var/log/ovn
+ - name: run-ovn
+ mountPath: /run/ovn
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector
+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - vector
+ - --config
@@ -91,7 +89,7 @@
+ volumeMounts:
+ - name: vector-config
+ mountPath: /etc/vector
-+ - name: shared
++ - name: logs
+ mountPath: /logs
+ - name: vector-data
+ mountPath: /var/lib/vector
@@ -99,8 +97,8 @@
+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
+ - name: log-parser
+{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
-+{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-+{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
++{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
++{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/ovn-network-logging-parser.sh
+ - start
@@ -128,12 +126,10 @@
volumes:
- name: ovn-bin
configMap:
-@@ -125,4 +173,19 @@ spec:
- secret:
- secretName: {{ $configMapName }}
- defaultMode: 0444
-+ - name: shared
-+ emptyDir: {}
+@@ -225,4 +225,17 @@
+ type: DirectoryOrCreate
+ - name: gw-enabled
+ emptyDir: {}
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector-config
+ secret:
@@ -211,21 +207,20 @@
+ tenant_id = "{{`{{ project_id }}`}}"
+{{- end }}
diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 214dd16f..d0f2406b 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -26,6 +26,8 @@ images:
- ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+index b07a0f5a..79fde2c2 100644
+--- a/ovn//values.yaml
++++ b/ovn//values.yaml
+@@ -26,5 +26,7 @@ images:
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/library/docker:17.07.0
+ vector: docker.io/timberio/vector:0.39.0-debian
+ ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
pull_policy: "IfNotPresent"
local_registry:
active: false
-@@ -86,6 +88,24 @@ conf:
- use_fqdn:
- compute: true
+@@ -82,6 +84,24 @@ conf:
+ # br-public: eth1
+ auto_bridge_add: {}
+ ovn_network_logging_parser_uwsgi:
+ uwsgi:
@@ -246,12 +241,12 @@
+ wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
+
pod:
- security_context:
- ovn_northd:
-@@ -112,6 +132,12 @@ pod:
- capabilities:
- add:
- - SYS_NICE
+ # NOTE: should be same as nova.pod.use_fqdn.compute
+ use_fqdn:
+@@ -109,6 +129,12 @@ pod:
+ controller:
+ readOnlyRootFilesystem: true
+ privileged: true
+ ovn_logging_parser:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
@@ -261,39 +256,40 @@
tolerations:
ovn_ovsdb_nb:
enabled: false
-@@ -240,6 +266,21 @@ pod:
+@@ -237,6 +263,20 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
-+ ovn_controller_gw:
-+ ovn_logging_parser:
-+ requests:
-+ memory: "128Mi"
-+ cpu: "100m"
-+ limits:
-+ memory: "256Mi"
-+ cpu: "500m"
-+ vector:
-+ requests:
-+ memory: "128Mi"
-+ cpu: "100m"
-+ limits:
-+ memory: "256Mi"
-+ cpu: "500m"
++ ovn_logging_parser:
++ requests:
++ memory: "128Mi"
++ cpu: "100m"
++ limits:
++ memory: "256Mi"
++ cpu: "500m"
++ vector:
++ requests:
++ memory: "128Mi"
++ cpu: "100m"
++ limits:
++ memory: "256Mi"
++ cpu: "500m"
jobs:
image_repo_sync:
requests:
-@@ -248,6 +289,9 @@ pod:
+@@ -245,7 +286,11 @@ pod:
limits:
memory: "1024Mi"
cpu: "2000m"
+
+ sidecars:
+ ovn_logging_parser: false
+ vector: false
-
++
secrets:
oci_image_registry:
-@@ -311,6 +355,22 @@ endpoints:
+ ovn: ovn-oci-image-registry-key
+@@ -304,6 +349,22 @@ endpoints:
default: 6642
raft:
default: 6644
@@ -316,80 +312,3 @@
network_policy:
ovn_ovsdb_nb:
-diff --git a/images/neutron/Dockerfile b/images/neutron/Dockerfile
-index 7032319b..992091b6 100644
---- a/images/neutron/Dockerfile
-+++ b/images/neutron/Dockerfile
-@@ -13,12 +13,16 @@ RUN git -C /src/neutron-vpnaas fetch --unshallow
- ARG POLICY_SERVER_GIT_REF=4a86b140d5510823a8fb8a59137feddf5b111b26
- ADD --keep-git-dir=true https://github.com/vexxhost/neutron-policy-server.git#${POLICY_SERVER_GIT_REF} /src/neutron-policy-server
- RUN git -C /src/neutron-policy-server fetch --unshallow
-+ARG LOG_PASER_GIT_REF=3bc113d9fc0eb3264feca5900e550f6ed15503c2
-+ADD --keep-git-dir=true https://github.com/vexxhost/neutron-ovn-network-logging-parser.git#${LOG_PASER_GIT_REF} /src/neutron-ovn-network-logging-parser
-+RUN git -C /src/neutron-ovn-network-logging-parser fetch --unshallow
- RUN --mount=type=cache,mode=0755,target=/root/.cache/pip,sharing=private <<EOF bash -xe
- pip3 install \
- --constraint /upper-constraints.txt \
- /src/neutron \
- /src/neutron-vpnaas \
-- /src/neutron-policy-server
-+ /src/neutron-policy-server \
-+ /src/neutron-ovn-network-logging-parser
- EOF
-
- FROM registry.atmosphere.dev/library/openstack-python-runtime:${RELEASE}
-diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
-index ff60d44a..2904e8de 100644
---- a/roles/defaults/vars/main.yml
-+++ b/roles/defaults/vars/main.yml
-@@ -173,6 +173,7 @@ _atmosphere_images:
- openvswitch_db_server: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
- openvswitch_vswitchd: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
- ovn_controller: "registry.atmosphere.dev/library/ovn-host:{{ atmosphere_release }}"
-+ ovn_logging_parser: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
- ovn_northd: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
- ovn_ovsdb_nb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
- ovn_ovsdb_sb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
-diff --git a/roles/neutron/vars/main.yml b/roles/neutron/vars/main.yml
-index fc587502..5c814499 100644
---- a/roles/neutron/vars/main.yml
-+++ b/roles/neutron/vars/main.yml
-@@ -70,6 +70,8 @@ __neutron_helm_values:
- metadata_proxy_shared_secret: "{{ openstack_helm_endpoints['compute_metadata']['secret'] }}"
- plugins:
- ml2_conf:
-+ agent:
-+ extensions: "log"
- ml2:
- extension_drivers: dns_domain_ports,port_security,qos
- type_drivers: flat,gre,vlan,vxlan
-@@ -85,7 +87,7 @@ __neutron_ovn_helm_values:
- conf:
- neutron:
- DEFAULT:
-- service_plugins: qos,ovn-router,segments,trunk
-+ service_plugins: qos,ovn-router,segments,trunk,log
- ovn:
- ovn_emit_need_to_frag: true
- ovn_metadata_agent:
-diff --git a/roles/ovn/defaults/main.yml b/roles/ovn/defaults/main.yml
-index b9045986..a6ebdb96 100644
---- a/roles/ovn/defaults/main.yml
-+++ b/roles/ovn/defaults/main.yml
-@@ -18,3 +18,5 @@ ovn_helm_chart_ref: /usr/local/src/ovn
-
- ovn_helm_release_namespace: openstack
- ovn_helm_values: {}
-+
-+ovn_network_logging_parser_enabled: true
-diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
-index 59d9c209..603b4edf 100644
---- a/roles/ovn/vars/main.yml
-+++ b/roles/ovn/vars/main.yml
-@@ -35,3 +35,6 @@ _ovn_helm_values:
- ovn_ovsdb_nb: 3
- ovn_ovsdb_sb: 3
- ovn_northd: 3
-+ sidecars:
-+ ovn_logging_parser: "{{ ovn_network_logging_parser_enabled }}"
-+ vector: "{{ ovn_network_logging_parser_enabled }}"
diff --git a/charts/patches/ovn/0003-oci-image-registry-secret.patch b/charts/patches/ovn/0003-oci-image-registry-secret.patch
deleted file mode 100644
index 904f3ab..0000000
--- a/charts/patches/ovn/0003-oci-image-registry-secret.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff --git a/ovn/values.yaml b/ovn/values.yaml
-index 4171db47..2df5c38c 100644
---- a/ovn/values.yaml
-+++ b/ovn/values.yaml
-@@ -295,11 +295,7 @@ pod:
-
- secrets:
- oci_image_registry:
-- ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
-- ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
-- ovn_northd: ovn-northd-oci-image-registry-key
-- ovn_controller: ovn-controller-oci-image-registry-key
-- ovn_controller_gw: ovn-controller-gw-oci-image-registry-key
-+ ovn: ovn-oci-image-registry-key
diff --git a/molecule/aio/group_vars/all/molecule.yml b/molecule/aio/group_vars/all/molecule.yml
index 898f142..7cb93a8 100644
--- a/molecule/aio/group_vars/all/molecule.yml
+++ b/molecule/aio/group_vars/all/molecule.yml
@@ -125,8 +125,6 @@
ovn_ovsdb_nb: 1
ovn_ovsdb_sb: 1
ovn_northd: 1
- manifests:
- daemonset_ovn_controller: false
coredns_helm_values:
replicaCount: 1
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index 64bfd3f..5835207 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -185,6 +185,7 @@
openvswitch_db_server: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
openvswitch_vswitchd: "registry.atmosphere.dev/library/openvswitch:{{ atmosphere_release }}"
ovn_controller: "registry.atmosphere.dev/library/ovn-host:{{ atmosphere_release }}"
+ ovn_controller_kubectl: "registry.atmosphere.dev/library/ovn-host:{{ atmosphere_release }}"
ovn_logging_parser: "registry.atmosphere.dev/library/neutron:{{ atmosphere_release }}"
ovn_northd: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
ovn_ovsdb_nb: "registry.atmosphere.dev/library/ovn-central:{{ atmosphere_release }}"
diff --git a/roles/ovn/vars/main.yml b/roles/ovn/vars/main.yml
index 603b4ed..994894f 100644
--- a/roles/ovn/vars/main.yml
+++ b/roles/ovn/vars/main.yml
@@ -25,6 +25,9 @@
ovn_northd:
node_selector_key: openstack-control-plane
node_selector_value: enabled
+ ovn_controller_gw:
+ node_selector_key: openstack-control-plane
+ node_selector_value: enabled
volume:
ovn_ovsdb_nb:
size: 20Gi