diff --git a/openvswitch/Chart.yaml b/openvswitch/Chart.yaml index 221e671d5..4cfc0e19b 100644 --- a/openvswitch/Chart.yaml +++ b/openvswitch/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v1.0.0 description: OpenStack-Helm OpenVSwitch name: openvswitch -version: 0.1.9 +version: 0.1.10 home: http://openvswitch.org icon: https://www.openstack.org/themes/openstack/images/project-mascots/Neutron/OpenStack_Project_Neutron_vertical.png sources: diff --git a/openvswitch/templates/daemonset-ovs-db.yaml b/openvswitch/templates/daemonset-ovs-db.yaml deleted file mode 100644 index 17c343b4b..000000000 --- a/openvswitch/templates/daemonset-ovs-db.yaml +++ /dev/null @@ -1,118 +0,0 @@ -{{/* -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- define "ovsdblivenessProbeTemplate" }} -exec: - command: - - /usr/bin/ovs-vsctl - - show -{{- end }} -{{- define "ovsdbreadinessProbeTemplate" }} -exec: - command: - - /usr/bin/ovs-vsctl - - list - - Open_Vswitch -{{- end }} - -{{- if .Values.manifests.daemonset_ovs_db }} -{{- $envAll := . }} - -{{- $serviceAccountName := "openvswitch-db" }} -{{ tuple $envAll "db" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: openvswitch-db - annotations: - {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} - labels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} -spec: - selector: - matchLabels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll "ovs_db" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} - template: - metadata: - labels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd-db" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} - annotations: -{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} - configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "openvswitch-db" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} - spec: - shareProcessNamespace: true - serviceAccountName: {{ $serviceAccountName }} -{{ dict "envAll" $envAll "application" "openvswitch_db_server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} - nodeSelector: - {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} -{{ if $envAll.Values.pod.tolerations.openvswitch.enabled }} -{{ tuple $envAll "openvswitch" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} -{{ end }} - dnsPolicy: {{ .Values.pod.dns_policy }} - hostNetwork: true - initContainers: -{{ tuple $envAll "db" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} - - name: openvswitch-db-perms -{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ dict "envAll" $envAll "application" "openvswitch_db_server" "container" "perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} - command: - - chown - - -R - - {{ $envAll.Values.pod.security_context.openvswitch_db_server.container.server.runAsUser | quote }} - - /run/openvswitch - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: run - mountPath: /run/openvswitch - containers: - - name: openvswitch-db -{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ dict "envAll" $envAll "application" "openvswitch_db_server" "container" "server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} -{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} -{{ dict "envAll" $envAll "component" "ovs_db" "container" "ovs_db" "type" "liveness" "probeTemplate" (include "ovsdblivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} -{{ dict "envAll" $envAll "component" "ovs_db" "container" "ovs_db" "type" "readiness" "probeTemplate" (include "ovsdbreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} - command: - - /tmp/openvswitch-db-server.sh - - start - lifecycle: - preStop: - exec: - command: - - /tmp/openvswitch-db-server.sh - - stop - volumeMounts: - - name: pod-tmp - mountPath: /tmp - - name: openvswitch-bin - mountPath: /tmp/openvswitch-db-server.sh - subPath: openvswitch-db-server.sh - readOnly: true - - name: run - mountPath: /run/openvswitch - volumes: - - name: pod-tmp - emptyDir: {} - - name: openvswitch-bin - configMap: - name: openvswitch-bin - defaultMode: 0555 - - name: run - hostPath: - path: /run/openvswitch -{{- end }} diff --git a/openvswitch/templates/daemonset-ovs-vswitchd.yaml b/openvswitch/templates/daemonset.yaml similarity index 56% rename from openvswitch/templates/daemonset-ovs-vswitchd.yaml rename to openvswitch/templates/daemonset.yaml index 97507b49e..244ffb8e5 100644 --- a/openvswitch/templates/daemonset-ovs-vswitchd.yaml +++ b/openvswitch/templates/daemonset.yaml @@ -12,11 +12,26 @@ See the License for the specific language governing permissions and limitations under the License. */}} +{{- define "ovsdblivenessProbeTemplate" }} +exec: + command: + - /usr/bin/ovs-vsctl + - show +{{- end }} + +{{- define "ovsdbreadinessProbeTemplate" }} +exec: + command: + - /usr/bin/ovs-vsctl + - list + - Open_Vswitch +{{- end }} + {{- define "ovsvswitchlivenessProbeTemplate" }} exec: command: -{{- if .Values.pod.probes.ovs_vswitch.ovs_vswitch.liveness.exec }} -{{ .Values.pod.probes.ovs_vswitch.ovs_vswitch.liveness.exec | toYaml | indent 4 }} +{{- if .Values.pod.probes.ovs.ovs_vswitch.liveness.exec }} +{{ .Values.pod.probes.ovs.ovs_vswitch.liveness.exec | toYaml | indent 4 }} {{- else }} - /usr/bin/ovs-appctl - bond/list @@ -26,8 +41,8 @@ exec: {{- define "ovsvswitchreadinessProbeTemplate" }} exec: command: -{{- if .Values.pod.probes.ovs_vswitch.ovs_vswitch.readiness.exec }} -{{ .Values.pod.probes.ovs_vswitch.ovs_vswitch.readiness.exec | toYaml | indent 4 }} +{{- if .Values.pod.probes.ovs.ovs_vswitch.readiness.exec }} +{{ .Values.pod.probes.ovs.ovs_vswitch.readiness.exec | toYaml | indent 4 }} {{- else if not .Values.conf.ovs_dpdk.enabled }} - /bin/bash - -c @@ -39,37 +54,33 @@ exec: {{- end }} {{- end }} -{{- if .Values.manifests.daemonset_ovs_vswitchd }} +{{- if .Values.manifests.daemonset }} {{- $envAll := . }} - -{{- $serviceAccountName := "openvswitch-vswitchd" }} -{{ tuple $envAll "vswitchd" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- apiVersion: apps/v1 kind: DaemonSet metadata: - name: openvswitch-vswitchd + name: openvswitch annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} labels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} +{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} spec: selector: matchLabels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} -{{ tuple $envAll "ovs_vswitchd" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} +{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} +{{ tuple $envAll "ovs" | include "helm-toolkit.snippets.kubernetes_upgrades_daemonset" | indent 2 }} template: metadata: labels: -{{ tuple $envAll "openvswitch" "openvswitch-vswitchd" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} +{{ tuple $envAll "openvswitch" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} annotations: {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} -{{ dict "envAll" $envAll "podName" "openvswitch-vswitchd" "containerNames" (list "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} +{{ dict "envAll" $envAll "podName" "openvswitch" "containerNames" (list "openvswitch-db" "openvswitch-db-perms" "openvswitch-vswitchd" "openvswitch-vswitchd-modules" "init") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 8 }} spec: shareProcessNamespace: true - serviceAccountName: {{ $serviceAccountName }} -{{ dict "envAll" $envAll "application" "openvswitch_vswitchd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} +{{ dict "envAll" $envAll "application" "ovs" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} nodeSelector: {{ .Values.labels.ovs.node_selector_key }}: {{ .Values.labels.ovs.node_selector_value }} {{ if $envAll.Values.pod.tolerations.openvswitch.enabled }} @@ -78,10 +89,24 @@ spec: dnsPolicy: {{ .Values.pod.dns_policy }} hostNetwork: true initContainers: -{{ tuple $envAll "vswitchd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +{{ tuple $envAll "ovs" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} + - name: openvswitch-db-perms +{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ dict "envAll" $envAll "application" "ovs" "container" "perms" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} + command: + - chown + - -R + - {{ $envAll.Values.pod.security_context.ovs.container.server.runAsUser | quote }} + - /run/openvswitch + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: run-openvswitch + mountPath: /run/openvswitch - name: openvswitch-vswitchd-modules {{ tuple $envAll "openvswitch_vswitchd" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ dict "envAll" $envAll "application" "openvswitch_vswitchd" "container" "modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ dict "envAll" $envAll "application" "ovs" "container" "modules" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/openvswitch-vswitchd-init-modules.sh volumeMounts: @@ -96,11 +121,35 @@ spec: mountPropagation: HostToContainer readOnly: true containers: + - name: openvswitch-db +{{ tuple $envAll "openvswitch_db_server" | include "helm-toolkit.snippets.image" | indent 10 }} +{{ dict "envAll" $envAll "application" "ovs" "container" "server" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ tuple $envAll $envAll.Values.pod.resources.ovs.db | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_db" "type" "liveness" "probeTemplate" (include "ovsdblivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_db" "type" "readiness" "probeTemplate" (include "ovsdbreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} + command: + - /tmp/openvswitch-db-server.sh + - start + lifecycle: + preStop: + exec: + command: + - /tmp/openvswitch-db-server.sh + - stop + volumeMounts: + - name: pod-tmp + mountPath: /tmp + - name: openvswitch-bin + mountPath: /tmp/openvswitch-db-server.sh + subPath: openvswitch-db-server.sh + readOnly: true + - name: run + mountPath: /run - name: openvswitch-vswitchd {{- if .Values.conf.ovs_dpdk.enabled }} {{/* Run the container in priviledged mode due to the need for root permissions when using the uio_pci_generic driver. */}} -{{- $_ := set $envAll.Values.pod.security_context.openvswitch_vswitchd.container.vswitchd "privileged" true -}} +{{- $_ := set $envAll.Values.pod.security_context.ovs.container.vswitchd "privileged" true -}} {{/* Limiting CPU cores would severely affect packet throughput It should be handled through lcore and pmd core masks. */}} {{- if .Values.pod.resources.enabled }} @@ -109,12 +158,12 @@ It should be handled through lcore and pmd core masks. */}} {{- end }} {{- end }} {{ tuple $envAll "openvswitch_vswitchd" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ dict "envAll" $envAll "application" "openvswitch_vswitchd" "container" "vswitchd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} +{{ dict "envAll" $envAll "application" "ovs" "container" "vswitchd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.ovs.vswitchd | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} # ensures this container can speak to the ovs database # successfully before its marked as ready -{{ dict "envAll" $envAll "component" "ovs_vswitch" "container" "ovs_vswitch" "type" "liveness" "probeTemplate" (include "ovsvswitchlivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} -{{ dict "envAll" $envAll "component" "ovs_vswitch" "container" "ovs_vswitch" "type" "readiness" "probeTemplate" (include "ovsvswitchreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_vswitch" "type" "liveness" "probeTemplate" (include "ovsvswitchlivenessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} +{{ dict "envAll" $envAll "component" "ovs" "container" "ovs_vswitch" "type" "readiness" "probeTemplate" (include "ovsvswitchreadinessProbeTemplate" $envAll | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }} command: - /tmp/openvswitch-vswitchd.sh - start @@ -167,6 +216,10 @@ It should be handled through lcore and pmd core masks. */}} hostPath: path: /run type: Directory + - name: run-openvswitch + hostPath: + path: /run/openvswitch + type: DirectoryOrCreate - name: host-rootfs hostPath: path: / @@ -204,4 +257,4 @@ It should be handled through lcore and pmd core masks. */}} hostPath: path: /sys/fs/cgroup {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/openvswitch/values.yaml b/openvswitch/values.yaml index 099e7b068..b131faa9a 100644 --- a/openvswitch/values.yaml +++ b/openvswitch/values.yaml @@ -45,7 +45,7 @@ pod: operator: Exists effect: NoSchedule probes: - ovs_db: + ovs: ovs_db: liveness: enabled: true @@ -59,7 +59,6 @@ pod: initialDelaySeconds: 90 periodSeconds: 30 timeoutSeconds: 5 - ovs_vswitch: ovs_vswitch: liveness: enabled: true @@ -74,7 +73,7 @@ pod: periodSeconds: 10 timeoutSeconds: 1 security_context: - openvswitch_db_server: + ovs: pod: runAsUser: 42424 container: @@ -86,10 +85,6 @@ pod: runAsUser: 42424 allowPrivilegeEscalation: false readOnlyRootFilesystem: true - openvswitch_vswitchd: - pod: - runAsUser: 0 - container: modules: runAsUser: 0 capabilities: @@ -108,11 +103,7 @@ pod: upgrades: daemonsets: pod_replacement_strategy: RollingUpdate - ovs_db: - enabled: true - min_ready_seconds: 0 - max_unavailable: 1 - ovs_vswitchd: + ovs: enabled: true min_ready_seconds: 0 max_unavailable: 1 @@ -199,13 +190,7 @@ dependencies: - endpoint: node service: local_image_registry static: - db: null - vswitchd: - pod: - - requireSameNode: true - labels: - application: openvswitch - component: openvswitch-vswitchd-db + ovs: null image_repo_sync: services: - endpoint: internal @@ -213,7 +198,7 @@ dependencies: manifests: configmap_bin: true - daemonset_ovs_db: true + daemonset: true daemonset_ovs_vswitchd: true job_image_repo_sync: true network_policy: false diff --git a/releasenotes/notes/openvswitch.yaml b/releasenotes/notes/openvswitch.yaml index bca0586d1..c2a748c7e 100644 --- a/releasenotes/notes/openvswitch.yaml +++ b/releasenotes/notes/openvswitch.yaml @@ -10,4 +10,5 @@ openvswitch: - 0.1.7 Enable taint toleration for Openstack services jobs - 0.1.8 Added OCI registry authentication - 0.1.9 Enable ovs hardware offload + - 0.1.10 Merge ovs-db and ovs-vswitchd in one Daemonset ...