| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 1 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 2 | # you may not use this file except in compliance with the License. |
| 3 | # You may obtain a copy of the License at |
| 4 | # |
| 5 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 6 | # |
| 7 | # Unless required by applicable law or agreed to in writing, software |
| 8 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 9 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 10 | # See the License for the specific language governing permissions and |
| 11 | # limitations under the License. |
| 12 | |
| 13 | # Default values for openvswitch. |
| 14 | # This is a YAML-formatted file. |
| 15 | # Declare name/value pairs to be passed into your templates. |
| 16 | # name: value |
| 17 | |
| 18 | --- |
| 19 | release_group: null |
| 20 | |
| 21 | images: |
| 22 | tags: |
| ricolin | 24b9a2d | 2023-06-29 23:42:38 +0800 | [diff] [blame] | 23 | openvswitch_db_server: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal |
| 24 | openvswitch_vswitchd: docker.io/openstackhelm/openvswitch:latest-ubuntu_focal |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 25 | dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0 |
| 26 | image_repo_sync: docker.io/library/docker:17.07.0 |
| 27 | pull_policy: "IfNotPresent" |
| 28 | local_registry: |
| 29 | active: false |
| 30 | exclude: |
| 31 | - dep_check |
| 32 | - image_repo_sync |
| 33 | |
| 34 | labels: |
| 35 | ovs: |
| 36 | node_selector_key: openvswitch |
| 37 | node_selector_value: enabled |
| 38 | |
| 39 | pod: |
| Mohammed Naser | 6b0543d | 2024-06-27 11:09:14 -0400 | [diff] [blame] | 40 | tini: |
| 41 | enabled: true |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 42 | tolerations: |
| 43 | openvswitch: |
| 44 | enabled: false |
| 45 | tolerations: |
| 46 | - key: node-role.kubernetes.io/master |
| 47 | operator: Exists |
| 48 | effect: NoSchedule |
| ricolin | 24b9a2d | 2023-06-29 23:42:38 +0800 | [diff] [blame] | 49 | - key: node-role.kubernetes.io/control-plane |
| 50 | operator: Exists |
| 51 | effect: NoSchedule |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 52 | probes: |
| 53 | ovs: |
| 54 | ovs_db: |
| 55 | liveness: |
| 56 | enabled: true |
| 57 | params: |
| 58 | initialDelaySeconds: 60 |
| 59 | periodSeconds: 30 |
| 60 | timeoutSeconds: 5 |
| 61 | readiness: |
| 62 | enabled: true |
| 63 | params: |
| 64 | initialDelaySeconds: 90 |
| 65 | periodSeconds: 30 |
| 66 | timeoutSeconds: 5 |
| 67 | ovs_vswitch: |
| 68 | liveness: |
| 69 | enabled: true |
| 70 | params: |
| 71 | initialDelaySeconds: 60 |
| 72 | periodSeconds: 30 |
| 73 | timeoutSeconds: 5 |
| 74 | readiness: |
| 75 | enabled: true |
| 76 | params: |
| 77 | failureThreshold: 3 |
| 78 | periodSeconds: 10 |
| 79 | timeoutSeconds: 1 |
| 80 | security_context: |
| 81 | ovs: |
| 82 | pod: |
| 83 | runAsUser: 42424 |
| 84 | container: |
| 85 | perms: |
| 86 | runAsUser: 0 |
| 87 | allowPrivilegeEscalation: false |
| 88 | readOnlyRootFilesystem: true |
| 89 | server: |
| 90 | runAsUser: 42424 |
| 91 | allowPrivilegeEscalation: false |
| 92 | readOnlyRootFilesystem: true |
| 93 | modules: |
| 94 | runAsUser: 0 |
| 95 | capabilities: |
| 96 | add: |
| 97 | - SYS_MODULE |
| 98 | - SYS_CHROOT |
| 99 | readOnlyRootFilesystem: true |
| 100 | vswitchd: |
| 101 | runAsUser: 0 |
| 102 | capabilities: |
| 103 | add: |
| 104 | - NET_ADMIN |
| 105 | readOnlyRootFilesystem: true |
| 106 | dns_policy: "ClusterFirstWithHostNet" |
| 107 | lifecycle: |
| 108 | upgrades: |
| 109 | daemonsets: |
| 110 | pod_replacement_strategy: RollingUpdate |
| 111 | ovs: |
| 112 | enabled: true |
| 113 | min_ready_seconds: 0 |
| 114 | max_unavailable: 1 |
| 115 | resources: |
| 116 | enabled: false |
| 117 | ovs: |
| 118 | db: |
| 119 | requests: |
| 120 | memory: "128Mi" |
| 121 | cpu: "100m" |
| 122 | limits: |
| 123 | memory: "1024Mi" |
| 124 | cpu: "2000m" |
| 125 | vswitchd: |
| 126 | requests: |
| 127 | memory: "128Mi" |
| 128 | cpu: "100m" |
| 129 | limits: |
| 130 | memory: "1024Mi" |
| 131 | cpu: "2000m" |
| 132 | # set resources to enabled and specify one of the following when using dpdk |
| 133 | # hugepages-1Gi: "1Gi" |
| 134 | # hugepages-2Mi: "512Mi" |
| 135 | jobs: |
| 136 | image_repo_sync: |
| 137 | requests: |
| 138 | memory: "128Mi" |
| 139 | cpu: "100m" |
| 140 | limits: |
| 141 | memory: "1024Mi" |
| 142 | cpu: "2000m" |
| 143 | user: |
| 144 | nova: |
| 145 | uid: 42424 |
| 146 | |
| 147 | secrets: |
| 148 | oci_image_registry: |
| 149 | openvswitch: openvswitch-oci-image-registry-key |
| 150 | |
| 151 | endpoints: |
| 152 | cluster_domain_suffix: cluster.local |
| 153 | local_image_registry: |
| 154 | name: docker-registry |
| 155 | namespace: docker-registry |
| 156 | hosts: |
| 157 | default: localhost |
| 158 | internal: docker-registry |
| 159 | node: localhost |
| 160 | host_fqdn_override: |
| 161 | default: null |
| 162 | port: |
| 163 | registry: |
| 164 | node: 5000 |
| 165 | oci_image_registry: |
| 166 | name: oci-image-registry |
| 167 | namespace: oci-image-registry |
| 168 | auth: |
| 169 | enabled: false |
| 170 | openvswitch: |
| 171 | username: openvswitch |
| 172 | password: password |
| 173 | hosts: |
| 174 | default: localhost |
| 175 | host_fqdn_override: |
| 176 | default: null |
| 177 | port: |
| 178 | registry: |
| 179 | default: null |
| 180 | |
| 181 | network_policy: |
| 182 | openvswitch: |
| 183 | ingress: |
| 184 | - {} |
| 185 | egress: |
| 186 | - {} |
| 187 | |
| 188 | dependencies: |
| 189 | dynamic: |
| 190 | common: |
| 191 | local_image_registry: |
| 192 | jobs: |
| 193 | - openvswitch-image-repo-sync |
| 194 | services: |
| 195 | - endpoint: node |
| 196 | service: local_image_registry |
| 197 | static: |
| 198 | ovs: null |
| 199 | image_repo_sync: |
| 200 | services: |
| 201 | - endpoint: internal |
| 202 | service: local_image_registry |
| 203 | |
| 204 | manifests: |
| 205 | configmap_bin: true |
| 206 | daemonset: true |
| 207 | daemonset_ovs_vswitchd: true |
| 208 | job_image_repo_sync: true |
| 209 | network_policy: false |
| 210 | secret_registry: true |
| 211 | |
| 212 | conf: |
| Rico Lin | c6ac7a1 | 2023-11-03 00:25:40 +0800 | [diff] [blame] | 213 | poststart: |
| 214 | timeout: 5 |
| 215 | rootUser: "root" |
| 216 | extraCommand: null |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 217 | openvswitch_db_server: |
| 218 | ptcp_port: null |
| 219 | ovs_other_config: |
| 220 | handler_threads: null |
| 221 | revalidator_threads: null |
| 222 | ovs_hw_offload: |
| 223 | enabled: false |
| 224 | ovs_dpdk: |
| 225 | enabled: false |
| 226 | ## Mandatory parameters. Please uncomment when enabling DPDK |
| 227 | # socket_memory: 1024 |
| 228 | # hugepages_mountpath: /dev/hugepages |
| 229 | # vhostuser_socket_dir: vhostuser |
| 230 | # |
| 231 | ## Optional hardware specific parameters: modify to match NUMA topology |
| 232 | # mem_channels: 4 |
| 233 | # lcore_mask: 0x1 |
| 234 | # pmd_cpu_mask: 0x4 |
| 235 | # |
| 236 | ## Optional driver to use. Driver name should be the same as the one |
| 237 | ## specified in the ovs_dpdk section in the Neutron values and vice versa |
| 238 | # driver: vfio-pci |
| 239 | # |
| 240 | ## Optional security feature |
| 241 | # vHost IOMMU feature restricts the vhost memory that a virtio device |
| 242 | # access, available with DPDK v17.11 |
| 243 | # vhost_iommu_support: true |
| Yaguang Tang | e432155 | 2025-01-17 20:14:29 +0800 | [diff] [blame] | 244 | |
| 245 | ## OVS supports run in non-root for both OVS and OVS DPDK mode, you can |
| 246 | # optionally specify to use user with id 42424, ensure the user exists |
| 247 | # in the container image. |
| 248 | ovs_user_name: "openvswitch:openvswitch" |
| Mohammed Naser | f3f59a7 | 2023-01-15 21:02:04 -0500 | [diff] [blame] | 249 | ... |