[ATMOSPHERE-497] [stable/2024.1] chart: sync ovn with upstream (#2028)
Co-authored-by: okozachenko1203 <okozachenko1203@users.noreply.github.com>
Co-authored-by: Mohammed Naser <mnaser@vexxhost.com>
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 8ac48b4..00f498b 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://github.com/ovn-org/ovn
- https://opendev.org/openstack/openstack-helm
-version: 0.1.4
+version: 0.1.13
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
index 77e1e68..1d303c8 100644
--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -18,7 +18,7 @@
function get_ip_address_from_interface {
local interface=$1
- local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+ local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
@@ -27,7 +27,7 @@
function get_ip_prefix_from_interface {
local interface=$1
- local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $2}')
+ local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $2}')
if [ -z "${prefix}" ] ; then
exit 1
fi
@@ -70,7 +70,7 @@
elif [[ -z "${bridge_ip}" && -z "${ip}" ]]; then
echo "Interface and bridge have no ips configured. Leaving as is."
else
- echo "Interface ${name} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
+ echo "Interface ${src_nic} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
exit 1
fi
@@ -144,13 +144,20 @@
ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}"
ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
-ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+
+GW_ENABLED=$(cat /tmp/gw-enabled/gw-enabled)
+if [[ ${GW_ENABLED} == {{ .Values.labels.ovn_controller_gw.node_selector_value }} ]]; then
+ ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options_gw_enabled }}
+else
+ ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }}
+fi
+
{{ if .Values.conf.ovn_bridge_datapath_type -}}
ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
{{- end }}
# Configure hostname
-{{- if .Values.conf.use_fqdn.compute }}
+{{- if .Values.pod.use_fqdn.compute }}
ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
{{- else }}
ovs-vsctl set open . external-ids:hostname="$(hostname)"
@@ -164,7 +171,7 @@
bridge=${bmap%:*}
iface=${bmap#*:}
ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
- if [ -n "$iface" ] && [ "$iface" != "null" ]
+ if [ -n "$iface" ] && [ "$iface" != "null" ] && ( ip link show $iface 1>/dev/null 2>&1 );
then
ovs-vsctl --may-exist add-port $bridge $iface
migrate_ip_from_nic $iface $bridge
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
deleted file mode 100644
index 3ecd81d..0000000
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ /dev/null
@@ -1,191 +0,0 @@
-{{/*
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- define "controllerGatewayReadinessProbeTemplate" }}
-exec:
- command:
- - /usr/bin/ovn-kube-util
- - readiness-probe
- - -t
- - ovn-controller
-{{- end }}
-
-{{- if .Values.manifests.daemonset_ovn_controller_gw }}
-{{- $envAll := . }}
-
-{{- $configMapName := "ovn-etc" }}
-{{- $serviceAccountName := "ovn-controller-gw" }}
-{{ tuple $envAll "ovn_controller_gw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
----
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
- name: ovn-controller-gw
- annotations:
- {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: gw
-spec:
- selector:
- matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: gw
- template:
- metadata:
- labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: gw
- annotations:
-{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
- configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
- configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
- spec:
- serviceAccountName: {{ $serviceAccountName }}
- hostNetwork: true
- dnsPolicy: {{ .Values.pod.dns_policy }}
- nodeSelector:
- {{ .Values.labels.ovn_controller_gw.node_selector_key }}: {{ .Values.labels.ovn_controller_gw.node_selector_value }}
- initContainers:
-{{- tuple $envAll "ovn_controller_gw" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- - name: controller-init
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-controller-init.sh
- env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.gw_ovn_cms_options | quote }}
- - name: NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- volumeMounts:
- - name: ovn-bin
- mountPath: /tmp/ovn-controller-init.sh
- subPath: ovn-controller-init.sh
- readOnly: true
- - name: run-openvswitch
- mountPath: /run/openvswitch
- - name: ovn-etc
- mountPath: /tmp/auto_bridge_add
- subPath: auto_bridge_add
- readOnly: true
- containers:
- - name: controller
- command:
- - /root/ovnkube.sh
- - ovn-controller
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
- env:
- - name: OVN_DAEMONSET_VERSION
- value: "3"
- - name: OVN_LOGLEVEL_CONTROLLER
- value: "-vconsole:info -vfile:info"
- - name: OVN_KUBERNETES_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
- - name: OVN_KUBERNETES_NB_STATEFULSET
- value: ovn-ovsdb-nb
- - name: OVN_KUBERNETES_SB_STATEFULSET
- value: ovn-ovsdb-sb
- - name: OVN_SSL_ENABLE
- value: "no"
- volumeMounts:
- - name: run-openvswitch
- mountPath: /var/run/ovn
- - name: run-openvswitch
- mountPath: /var/run/openvswitch
- - name: shared
- mountPath: /var/log/ovn/
- {{- if .Values.pod.sidecars.vector }}
- - name: vector
-{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - vector
- - --config
- - /etc/vector/vector.toml
- volumeMounts:
- - name: vector-config
- mountPath: /etc/vector
- - name: shared
- mountPath: /logs
- - name: vector-data
- mountPath: /var/lib/vector
- {{- end }}
- {{- if .Values.pod.sidecars.ovn_logging_parser }}
- - name: log-parser
-{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
-{{ tuple $envAll $envAll.Values.pod.resources.ovn_controller_gw.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
- command:
- - /tmp/ovn-network-logging-parser.sh
- - start
- env:
- - name: VECTOR_HTTP_ENDPOINT
- value: http://localhost:5001
- ports:
- - name: http
- containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- protocol: TCP
- volumeMounts:
- - name: neutron-etc
- mountPath: /etc/neutron/neutron.conf
- subPath: neutron.conf
- readOnly: true
- - name: ovn-bin
- mountPath: /tmp/ovn-network-logging-parser.sh
- subPath: ovn-network-logging-parser.sh
- readOnly: true
- - name: ovn-etc
- mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
- subPath: neutron-ovn-network-logging-parser-uwsgi.ini
- readOnly: true
- {{- end }}
- volumes:
- - name: ovn-bin
- configMap:
- name: ovn-bin
- defaultMode: 0777
- - name: run-openvswitch
- hostPath:
- path: /run/openvswitch
- type: DirectoryOrCreate
- - name: ovn-etc
- secret:
- secretName: {{ $configMapName }}
- defaultMode: 0444
- - name: shared
- emptyDir: {}
- {{- if .Values.pod.sidecars.vector }}
- - name: vector-config
- secret:
- secretName: ovn-vector-config
- - name: vector-data
- emptyDir: {}
- {{- end }}
- {{- if .Values.pod.sidecars.ovn_logging_parser }}
- - name: neutron-etc
- secret:
- secretName: neutron-etc
- defaultMode: 0444
- {{- end }}
-{{- end }}
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index b6b0b04..82b70f7 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -26,7 +26,33 @@
{{- $configMapName := "ovn-etc" }}
{{- $serviceAccountName := "ovn-controller" }}
+{{- $serviceAccountNamespace := $envAll.Release.Namespace }}
{{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list", "get"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }}
+subjects:
+- kind: ServiceAccount
+ name: {{ $serviceAccountName }}
+ namespace: {{ $serviceAccountNamespace }}
+roleRef:
+ kind: ClusterRole
+ name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }}
+ apiGroup: rbac.authorization.k8s.io
+
---
kind: DaemonSet
apiVersion: apps/v1
@@ -37,17 +63,14 @@
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: hv
spec:
selector:
matchLabels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: hv
template:
metadata:
labels:
{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: hv
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -55,19 +78,35 @@
spec:
serviceAccountName: {{ $serviceAccountName }}
hostNetwork: true
+ hostPID: true
+ hostIPC: true
dnsPolicy: {{ .Values.pod.dns_policy }}
nodeSelector:
{{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
+ - name: get-gw-enabled
+{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }}
+ command:
+ - /bin/bash
+ - -c
+ - |
+ kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.{{ .Values.labels.ovn_controller_gw.node_selector_key }}}' > /tmp/gw-enabled/gw-enabled
+ env:
+ - name: NODENAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ volumeMounts:
+ - name: gw-enabled
+ mountPath: /tmp/gw-enabled
+ readOnly: false
- name: controller-init
-{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
command:
- /tmp/ovn-controller-init.sh
env:
- - name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.ovn_cms_options | quote }}
- name: NODE_NAME
valueFrom:
fieldRef:
@@ -83,14 +122,17 @@
mountPath: /tmp/auto_bridge_add
subPath: auto_bridge_add
readOnly: true
+ - name: gw-enabled
+ mountPath: /tmp/gw-enabled
+ readOnly: true
containers:
- name: controller
- command:
- - /root/ovnkube.sh
- - ovn-controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /root/ovnkube.sh
+ - ovn-controller
{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
@@ -109,9 +151,57 @@
value: "no"
volumeMounts:
- name: run-openvswitch
- mountPath: /var/run/ovn
+ mountPath: /run/openvswitch
+ - name: logs
+ mountPath: /var/log/ovn
- name: run-openvswitch
- mountPath: /var/run/openvswitch
+ mountPath: /run/ovn
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector
+{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.vector | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "vector" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - vector
+ - --config
+ - /etc/vector/vector.toml
+ volumeMounts:
+ - name: vector-config
+ mountPath: /etc/vector
+ - name: logs
+ mountPath: /logs
+ - name: vector-data
+ mountPath: /var/lib/vector
+ {{- end }}
+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
+ - name: log-parser
+{{ tuple $envAll "ovn_logging_parser" | include "helm-toolkit.snippets.image" | indent 10 }}
+{{ tuple $envAll $envAll.Values.pod.resources.ovn_logging_parser | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "ovn_logging_parser" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /tmp/ovn-network-logging-parser.sh
+ - start
+ env:
+ - name: VECTOR_HTTP_ENDPOINT
+ value: http://localhost:5001
+ ports:
+ - name: http
+ containerPort: {{ tuple "ovn_logging_parser" "service" "api" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
+ protocol: TCP
+ volumeMounts:
+ - name: neutron-etc
+ mountPath: /etc/neutron/neutron.conf
+ subPath: neutron.conf
+ readOnly: true
+ - name: ovn-bin
+ mountPath: /tmp/ovn-network-logging-parser.sh
+ subPath: ovn-network-logging-parser.sh
+ readOnly: true
+ - name: ovn-etc
+ mountPath: /etc/neutron/neutron-ovn-network-logging-parser-uwsgi.ini
+ subPath: neutron-ovn-network-logging-parser-uwsgi.ini
+ readOnly: true
+ {{- end }}
volumes:
- name: ovn-bin
configMap:
@@ -125,4 +215,27 @@
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: logs
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
+ - name: run-ovn
+ hostPath:
+ path: /run/ovn
+ type: DirectoryOrCreate
+ - name: gw-enabled
+ emptyDir: {}
+ {{- if .Values.pod.sidecars.vector }}
+ - name: vector-config
+ secret:
+ secretName: ovn-vector-config
+ - name: vector-data
+ emptyDir: {}
+ {{- end }}
+ {{- if .Values.pod.sidecars.ovn_logging_parser }}
+ - name: neutron-etc
+ secret:
+ secretName: neutron-etc
+ defaultMode: 0444
+ {{- end }}
{{- end }}
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index ae31b35..f945bb2 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -62,6 +62,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 4866074..98e70ad 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -73,6 +73,7 @@
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -110,7 +111,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 92af96d..694348b 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -110,7 +110,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 5c35a2f..8c99d50 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -20,11 +20,12 @@
images:
tags:
- ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/library/docker:17.07.0
vector: docker.io/timberio/vector:0.39.0-debian
ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
@@ -37,19 +38,19 @@
labels:
ovn_ovsdb_nb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_ovsdb_sb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_controller:
- node_selector_key: openstack-compute-node
+ node_selector_key: openvswitch
node_selector_value: enabled
ovn_controller_gw:
- node_selector_key: openstack-control-plane
+ node_selector_key: l3-agent
node_selector_value: enabled
volume:
@@ -72,7 +73,7 @@
conf:
ovn_cms_options: "availability-zones=nova"
- gw_ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
+ ovn_cms_options_gw_enabled: "enable-chassis-as-gw,availability-zones=nova"
ovn_encap_type: geneve
ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex
@@ -84,10 +85,6 @@
# br-public: eth1
auto_bridge_add: {}
- # NOTE: should be same as nova.conf.use_fqdn.compute
- use_fqdn:
- compute: true
-
ovn_network_logging_parser_uwsgi:
uwsgi:
add-header: "Connection: close"
@@ -107,6 +104,9 @@
wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
pod:
+ # NOTE: should be same as nova.pod.use_fqdn.compute
+ use_fqdn:
+ compute: true
security_context:
ovn_northd:
container:
@@ -117,21 +117,11 @@
ovn_controller:
container:
controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
controller:
- capabilities:
- add:
- - SYS_NICE
- ovn_controller_gw:
- container:
- controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
- controller:
- capabilities:
- add:
- - SYS_NICE
ovn_logging_parser:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
@@ -147,8 +137,6 @@
enabled: false
ovn_controller:
enabled: false
- ovn_controller_gw:
- enabled: false
affinity:
anti:
type:
@@ -224,10 +212,6 @@
enabled: true
min_ready_seconds: 0
max_unavailable: 1
- ovn_controller_gw:
- enabled: true
- min_ready_seconds: 0
- max_unavailable: 1
resources:
enabled: false
ovs:
@@ -259,28 +243,20 @@
limits:
memory: "1024Mi"
cpu: "2000m"
- ovn_controller_gw:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "1024Mi"
- cpu: "2000m"
- ovn_controller_gw:
- ovn_logging_parser:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "500m"
- vector:
- requests:
- memory: "128Mi"
- cpu: "100m"
- limits:
- memory: "256Mi"
- cpu: "500m"
+ ovn_logging_parser:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "256Mi"
+ cpu: "500m"
+ vector:
+ requests:
+ memory: "128Mi"
+ cpu: "100m"
+ limits:
+ memory: "256Mi"
+ cpu: "500m"
jobs:
image_repo_sync:
requests:
@@ -289,6 +265,7 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+
sidecars:
ovn_logging_parser: false
vector: false
@@ -387,9 +364,6 @@
ovn_controller:
ingress:
- {}
- ovn_controller_gw:
- ingress:
- - {}
egress:
- {}
@@ -415,10 +389,6 @@
services:
- endpoint: internal
service: ovn-ovsdb-sb
- ovn_controller_gw:
- services:
- - endpoint: internal
- service: ovn-ovsdb-sb
pod:
- requireSameNode: true
labels:
@@ -439,6 +409,5 @@
statefulset_ovn_ovsdb_sb: true
deployment_ovn_northd: true
daemonset_ovn_controller: true
- daemonset_ovn_controller_gw: true
job_image_repo_sync: true
...