Gitiles
Code Review Sign In
review.vexxhost.dev / atmosphere / refs/heads/main / . / charts / openvswitch / templates / daemonset.yaml
blob: 189b507adc2fad7ce604e9aef17a04b10ff1f233 [file] [log] [blame]
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]1{{/*
2Licensed under the Apache License, Version 2.0 (the "License");
3you may not use this file except in compliance with the License.
4You may obtain a copy of the License at
5
6 http://www.apache.org/licenses/LICENSE-2.0
7
8Unless required by applicable law or agreed to in writing, software
9distributed under the License is distributed on an "AS IS" BASIS,
10WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11See the License for the specific language governing permissions and
12limitations under the License.
13*/}}
14
15{{- define "ovsdblivenessProbeTemplate" }}
16exec:
17 command:
18 - /usr/bin/ovs-vsctl
19 - show
20{{- end }}
21
22{{- define "ovsdbreadinessProbeTemplate" }}
23exec:
24 command:
25 - /usr/bin/ovs-vsctl
26 - list
27 - Open_Vswitch
28{{- end }}
29
30{{- define "ovsvswitchlivenessProbeTemplate" }}
31exec:
32 command:
33{{- if .Values.pod.probes.ovs.ovs_vswitch.liveness.exec }}
34{{ .Values.pod.probes.ovs.ovs_vswitch.liveness.exec | toYaml | indent 4 }}
35{{- else }}
36 - /usr/bin/ovs-appctl
37 - bond/list
38{{- end }}
39{{- end }}
40
41{{- define "ovsvswitchreadinessProbeTemplate" }}
42exec:
43 command:
44{{- if .Values.pod.probes.ovs.ovs_vswitch.readiness.exec }}
45{{ .Values.pod.probes.ovs.ovs_vswitch.readiness.exec | toYaml | indent 4 }}
46{{- else if not .Values.conf.ovs_dpdk.enabled }}
47 - /bin/bash
48 - -c
49 - '/usr/bin/ovs-vsctl show'
50{{- else }}
51 - /bin/bash
52 - -c
53 - '/usr/bin/ovs-vsctl show && ! /usr/bin/ovs-vsctl list Open_vSwitch | grep -q dpdk_initialized.*false'
54{{- end }}
55{{- end }}
56
57{{- if .Values.manifests.daemonset }}
58{{- $envAll := . }}
Rico Linc6ac7a12023-11-03 00:25:40 +0800[diff] [blame]59
60{{- $serviceAccountName := "openvswitch-server" }}
Mohammed Naser6b0543d2024-06-27 11:09:14 -0400[diff] [blame]61{{ tuple $envAll "ovs" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]62---
63apiVersion: apps/v1
64kind: DaemonSet
65metadata:
66 name: openvswitch
67 annotations:
68 {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
69 labels:
70{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
71spec:
72 selector:
73 matchLabels:
74{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }}
75{{ tuple $envAll "ovs" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }}
76 template:
77 metadata:
78 labels:
79{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
80 annotations:
81{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
82 configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
83{{ dict "envAll" $envAll "podName" "openvswitch" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }}
84 spec:
85 shareProcessNamespace: true
Rico Linc6ac7a12023-11-03 00:25:40 +0800[diff] [blame]86 serviceAccountName: {{ $serviceAccountName }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]87{{ dict "envAll" $envAll "application" "ovs" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
88 nodeSelector:
89 {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }}
90{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }}
91{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
92{{ end }}
93 dnsPolicy: {{ .Values.pod.dns_policy }}
94 hostNetwork: true
95 initContainers:
96{{ tuple $envAll "ovs" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
97 - name: openvswitch-db-perms
98{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }}
99{{ dict "envAll" $envAll "application" "ovs" "container" "perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
100{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
101 command:
102 - chown
103 - -R
104 - {{ $envAll.Values.pod.security_context.ovs.container.server.runAsUser | quote }}
105 - /run/openvswitch
106 volumeMounts:
107 - name: pod-tmp
108 mountPath: /tmp
109 - name: run-openvswitch
110 mountPath: /run/openvswitch
111 - name: openvswitch-vswitchd-modules
112{{ tuple $envAll "openvswitch_vswitchd" | include "helm-toolkit.snippets.image" | indent 10 }}
113{{ dict "envAll" $envAll "application" "ovs" "container" "modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
114 command:
115 - /tmp/openvswitch-vswitchd-init-modules.sh
116 volumeMounts:
117 - name: pod-tmp
118 mountPath: /tmp
119 - name: openvswitch-bin
120 mountPath: /tmp/openvswitch-vswitchd-init-modules.sh
121 subPath: openvswitch-vswitchd-init-modules.sh
122 readOnly: true
123 - name: host-rootfs
124 mountPath: /mnt/host-rootfs
125 mountPropagation: HostToContainer
126 readOnly: true
127 containers:
128 - name: openvswitch-db
129{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }}
130{{ dict "envAll" $envAll "application" "ovs" "container" "server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
131{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
132{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_db" "type" "liveness" "probeTemplate" (include "ovsdblivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
133{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_db" "type" "readiness" "probeTemplate" (include "ovsdbreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
134 command:
135 - /tmp/openvswitch-db-server.sh
136 - start
137 lifecycle:
138 preStop:
139 exec:
140 command:
141 - /tmp/openvswitch-db-server.sh
142 - stop
143 volumeMounts:
144 - name: pod-tmp
145 mountPath: /tmp
146 - name: openvswitch-bin
147 mountPath: /tmp/openvswitch-db-server.sh
148 subPath: openvswitch-db-server.sh
149 readOnly: true
150 - name: run
151 mountPath: /run
152 - name: openvswitch-vswitchd
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]153{{/* Run the container in priviledged mode due to the need for root
Yaguang Tange4321552025-01-17 20:14:29 +0800[diff] [blame]154permissions when using --user to specify non root user. */}}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]155{{- $_ := set $envAll.Values.pod.security_context.ovs.container.vswitchd "privileged" true -}}
Yaguang Tange4321552025-01-17 20:14:29 +0800[diff] [blame]156{{- if .Values.conf.ovs_dpdk.enabled }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]157{{/* Limiting CPU cores would severely affect packet throughput
158It should be handled through lcore and pmd core masks. */}}
159{{- if .Values.pod.resources.enabled }}
160{{ $_ := unset $envAll.Values.pod.resources.ovs.vswitchd.requests "cpu" }}
161{{ $_ := unset $envAll.Values.pod.resources.ovs.vswitchd.limits "cpu" }}
162{{- end }}
163{{- end }}
164{{ tuple $envAll "openvswitch_vswitchd" | include "helm-toolkit.snippets.image" | indent 10 }}
165{{ dict "envAll" $envAll "application" "ovs" "container" "vswitchd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
166{{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
167 # ensures this container can speak to the ovs database
168 # successfully before its marked as ready
169{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_vswitch" "type" "liveness" "probeTemplate" (include "ovsvswitchlivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
170{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_vswitch" "type" "readiness" "probeTemplate" (include "ovsvswitchreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
Mohammed Naser6b0543d2024-06-27 11:09:14 -0400[diff] [blame]171{{- if .Values.pod.tini.enabled }}
172 command:
173 - /tini
174 - -s
175 - --
176 args:
177 - /tmp/openvswitch-vswitchd.sh
178 - start
179{{- else }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]180 command:
181 - /tmp/openvswitch-vswitchd.sh
182 - start
Mohammed Naser6b0543d2024-06-27 11:09:14 -0400[diff] [blame]183{{- end }}
Mohammed Naserf3f59a72023-01-15 21:02:04 -0500[diff] [blame]184 lifecycle:
185 postStart:
186 exec:
187 command:
188 - /tmp/openvswitch-vswitchd.sh
189 - poststart
190 preStop:
191 exec:
192 command:
193 - /tmp/openvswitch-vswitchd.sh
194 - stop
195 volumeMounts:
196 - name: pod-tmp
197 mountPath: /tmp
198 - name: openvswitch-bin
199 mountPath: /tmp/openvswitch-vswitchd.sh
200 subPath: openvswitch-vswitchd.sh
201 readOnly: true
202 - name: run
203 mountPath: /run
204{{- if .Values.conf.ovs_dpdk.enabled }}
205 - name: hugepages
206 mountPath: {{ .Values.conf.ovs_dpdk.hugepages_mountpath | quote }}
207 - name: pci-devices
208 mountPath: /sys/bus/pci/devices
209 - name: huge-pages-kernel
210 mountPath: /sys/kernel/mm/hugepages
211 - name: node-devices
212 mountPath: /sys/devices/system/node
213 - name: modules
214 mountPath: /lib/modules
215 - name: devs
216 mountPath: /dev
217 - name: pci-drivers
218 mountPath: /sys/bus/pci/drivers
219 - name: cgroup
220 mountPath: /sys/fs/cgroup
221{{- end }}
222 volumes:
223 - name: pod-tmp
224 emptyDir: {}
225 - name: openvswitch-bin
226 configMap:
227 name: openvswitch-bin
228 defaultMode: 0555
229 - name: run
230 hostPath:
231 path: /run
232 type: Directory
233 - name: run-openvswitch
234 hostPath:
235 path: /run/openvswitch
236 type: DirectoryOrCreate
237 - name: host-rootfs
238 hostPath:
239 path: /
240 type: Directory
241{{- if .Values.conf.ovs_dpdk.enabled }}
242 - name: devs
243 hostPath:
244 path: /dev
245 type: Directory
246 - name: pci-devices
247 hostPath:
248 path: /sys/bus/pci/devices
249 type: Directory
250 - name: huge-pages-kernel
251 hostPath:
252 path: /sys/kernel/mm/hugepages
253 type: Directory
254 - name: node-devices
255 hostPath:
256 path: /sys/devices/system/node
257 type: Directory
258 - name: modules
259 hostPath:
260 path: /lib/modules
261 type: Directory
262 - name: pci-drivers
263 hostPath:
264 path: /sys/bus/pci/drivers
265 type: Directory
266 - name: hugepages
267 hostPath:
268 path: {{ .Values.conf.ovs_dpdk.hugepages_mountpath | quote }}
269 type: Directory
270 - name: cgroup
271 hostPath:
272 path: /sys/fs/cgroup
273{{- end }}
Yaguang Tange4321552025-01-17 20:14:29 +0800[diff] [blame]274{{- end }}