[ATMOSPHERE-493] chart: bump ovn chart version and add liveness check for northd (#2010)
because required the upstream patch rebased and also new versions include some fixes, i updated ovn chart version first and added liveness check in the patch for introducing kube-ovn
Reviewed-by: Mohammed Naser <mnaser@vexxhost.com>
Reviewed-by: Oleksandr K.
diff --git a/charts/ovn/Chart.yaml b/charts/ovn/Chart.yaml
index 8ac48b4..00f498b 100644
--- a/charts/ovn/Chart.yaml
+++ b/charts/ovn/Chart.yaml
@@ -9,4 +9,4 @@
sources:
- https://github.com/ovn-org/ovn
- https://opendev.org/openstack/openstack-helm
-version: 0.1.4
+version: 0.1.13
diff --git a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
index 77e1e68..b196021 100644
--- a/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
+++ b/charts/ovn/templates/bin/_ovn-controller-init.sh.tpl
@@ -18,7 +18,7 @@
function get_ip_address_from_interface {
local interface=$1
- local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $1}')
+ local ip=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $1}')
if [ -z "${ip}" ] ; then
exit 1
fi
@@ -27,7 +27,7 @@
function get_ip_prefix_from_interface {
local interface=$1
- local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' '{print $2}')
+ local prefix=$(ip -4 -o addr s "${interface}" | awk '{ print $4; exit }' | awk -F '/' 'NR==1 {print $2}')
if [ -z "${prefix}" ] ; then
exit 1
fi
@@ -70,7 +70,7 @@
elif [[ -z "${bridge_ip}" && -z "${ip}" ]]; then
echo "Interface and bridge have no ips configured. Leaving as is."
else
- echo "Interface ${name} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
+ echo "Interface ${src_nic} has invalid IP address. IP:[${ip}]; Prefix:[${prefix}]..."
exit 1
fi
@@ -145,12 +145,13 @@
ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}"
ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}"
ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}"
+
{{ if .Values.conf.ovn_bridge_datapath_type -}}
ovs-vsctl set open . external-ids:ovn-bridge-datapath-type="{{ .Values.conf.ovn_bridge_datapath_type }}"
{{- end }}
# Configure hostname
-{{- if .Values.conf.use_fqdn.compute }}
+{{- if .Values.pod.use_fqdn.compute }}
ovs-vsctl set open . external-ids:hostname="$(hostname -f)"
{{- else }}
ovs-vsctl set open . external-ids:hostname="$(hostname)"
@@ -164,7 +165,7 @@
bridge=${bmap%:*}
iface=${bmap#*:}
ovs-vsctl --may-exist add-br $bridge -- set bridge $bridge protocols=OpenFlow13
- if [ -n "$iface" ] && [ "$iface" != "null" ]
+ if [ -n "$iface" ] && [ "$iface" != "null" ] && ( ip link show $iface 1>/dev/null 2>&1 );
then
ovs-vsctl --may-exist add-port $bridge $iface
migrate_ip_from_nic $iface $bridge
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 3ecd81d..4acd11b 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -36,18 +36,15 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: gw
+{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -67,7 +64,7 @@
- /tmp/ovn-controller-init.sh
env:
- name: OVN_CMS_OPTIONS
- value: {{ .Values.conf.gw_ovn_cms_options | quote }}
+ value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }}
- name: NODE_NAME
valueFrom:
fieldRef:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index b6b0b04..d208b08 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -36,18 +36,15 @@
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
- type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
spec:
selector:
matchLabels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
- type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
template:
metadata:
labels:
-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
- type: hv
+{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
annotations:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
@@ -55,12 +52,15 @@
spec:
serviceAccountName: {{ $serviceAccountName }}
hostNetwork: true
+ hostPID: true
+ hostIPC: true
dnsPolicy: {{ .Values.pod.dns_policy }}
nodeSelector:
{{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }}
initContainers:
{{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
- name: controller-init
+{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
@@ -85,12 +85,12 @@
readOnly: true
containers:
- name: controller
- command:
- - /root/ovnkube.sh
- - ovn-controller
{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+ command:
+ - /root/ovnkube.sh
+ - ovn-controller
{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
@@ -112,6 +112,10 @@
mountPath: /var/run/ovn
- name: run-openvswitch
mountPath: /var/run/openvswitch
+ - name: logs
+ mountPath: /var/log/ovn
+ - name: run-ovn
+ mountPath: /run/ovn
volumes:
- name: ovn-bin
configMap:
@@ -125,4 +129,12 @@
secret:
secretName: {{ $configMapName }}
defaultMode: 0444
+ - name: logs
+ hostPath:
+ path: /var/log/ovn
+ type: DirectoryOrCreate
+ - name: run-ovn
+ hostPath:
+ path: /run/ovn
+ type: DirectoryOrCreate
{{- end }}
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index ae31b35..f945bb2 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -62,6 +62,7 @@
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
env:
- name: OVN_DAEMONSET_VERSION
value: "3"
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 4866074..98e70ad 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -73,6 +73,7 @@
{{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+
ports:
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
- containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
@@ -110,7 +111,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 92af96d..694348b 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -110,7 +110,9 @@
mountPath: /etc/ovn
volumes:
- name: run-openvswitch
- emptyDir: {}
+ hostPath:
+ path: /run/openvswitch
+ type: DirectoryOrCreate
{{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
- name: data
emptyDir: {}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index 5c35a2f..b70e886 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -20,11 +20,11 @@
images:
tags:
- ovn_ovsdb_nb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_ovsdb_sb: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_northd: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- ovn_controller: docker.io/openstackhelm/ovn:latest-ubuntu_focal
- dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
+ ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
+ ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
+ dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal
image_repo_sync: docker.io/library/docker:17.07.0
vector: docker.io/timberio/vector:0.39.0-debian
ovn_logging_parser: docker.io/openstackhelm/neutron:2024.1-ubuntu_jammy
@@ -37,16 +37,16 @@
labels:
ovn_ovsdb_nb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_ovsdb_sb:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
- node_selector_key: openstack-compute-node
+ node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_controller:
- node_selector_key: openstack-compute-node
+ node_selector_key: openvswitch
node_selector_value: enabled
ovn_controller_gw:
node_selector_key: openstack-control-plane
@@ -72,7 +72,7 @@
conf:
ovn_cms_options: "availability-zones=nova"
- gw_ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
+ ovn_cms_options_gw_enabled: "enable-chassis-as-gw,availability-zones=nova"
ovn_encap_type: geneve
ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex
@@ -84,10 +84,6 @@
# br-public: eth1
auto_bridge_add: {}
- # NOTE: should be same as nova.conf.use_fqdn.compute
- use_fqdn:
- compute: true
-
ovn_network_logging_parser_uwsgi:
uwsgi:
add-header: "Connection: close"
@@ -107,6 +103,9 @@
wsgi-file: /var/lib/openstack/bin/neutron-ovn-network-logging-parser-wsgi
pod:
+ # NOTE: should be same as nova.pod.use_fqdn.compute
+ use_fqdn:
+ compute: true
security_context:
ovn_northd:
container:
@@ -117,21 +116,19 @@
ovn_controller:
container:
controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
controller:
- capabilities:
- add:
- - SYS_NICE
+ readOnlyRootFilesystem: true
+ privileged: true
ovn_controller_gw:
container:
controller_init:
+ readOnlyRootFilesystem: true
privileged: true
- runAsUser: 0
controller:
- capabilities:
- add:
- - SYS_NICE
+ readOnlyRootFilesystem: true
+ privileged: true
ovn_logging_parser:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
@@ -289,6 +286,7 @@
limits:
memory: "1024Mi"
cpu: "2000m"
+
sidecars:
ovn_logging_parser: false
vector: false