Vladimir Kozhukalov fb90642b18 Update ovn controller init script
- OVN init script must be able to attach an interface
  to the provider network bridge and migrate IP from the
  interface to the bridge exactly like Neutron OVS agent
  init script does it.

- OVN init script sets gateway option to those OVN controller
  instances which are running on nodes with l3-agent=enabled
  label.

Change-Id: I24345c1f85c1e75af6e804f09d35abf530ddd6b4
2024-03-21 16:03:51 -05:00

325 lines
7.4 KiB
YAML

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for openvswitch.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
release_group: null
images:
tags:
ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/library/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
ovn_ovsdb_nb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_ovsdb_sb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_controller:
node_selector_key: openvswitch
node_selector_value: enabled
volume:
ovn_ovsdb_nb:
enabled: true
class_name: general
size: 5Gi
ovn_ovsdb_sb:
enabled: true
class_name: general
size: 5Gi
network:
interface:
# Tunnel interface will be used for VXLAN tunneling.
tunnel: null
# If tunnel is null there is a fallback mechanism to search
# for interface with routing using tunnel network cidr.
tunnel_network_cidr: "0/0"
conf:
ovn_cms_options: "availability-zones=nova"
onv_cms_options_gw_enabled: "enable-chassis-as-gw,availability-zones=nova"
ovn_encap_type: geneve
ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex
# auto_bridge_add:
# br-private: eth0
# br-public: eth1
auto_bridge_add: {}
pod:
# NOTE: should be same as nova.pod.use_fqdn.compute
use_fqdn:
compute: true
security_context:
ovn_northd:
container:
northd:
capabilities:
add:
- SYS_NICE
ovn_controller:
container:
controller_init:
readOnlyRootFilesystem: true
privileged: true
controller:
readOnlyRootFilesystem: true
privileged: true
tolerations:
ovn_ovsdb_nb:
enabled: false
ovn_ovsdb_sb:
enabled: false
ovn_northd:
enabled: false
ovn_controller:
enabled: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
probes:
ovn_northd:
northd:
readiness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
liveness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
dns_policy: "ClusterFirstWithHostNet"
replicas:
ovn_ovsdb_nb: 1
ovn_ovsdb_sb: 1
ovn_northd: 1
lifecycle:
upgrades:
daemonsets:
pod_replacement_strategy: RollingUpdate
ovn_ovsdb_nb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_ovsdb_sb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_northd:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_controller:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
resources:
enabled: false
ovs:
ovn_ovsdb_nb:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_ovsdb_sb:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_northd:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_controller:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
oci_image_registry:
ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
ovn_northd: ovn-northd-oci-image-registry-key
ovn_controller: ovn-controller-oci-image-registry-key
# TODO: Check these endpoints?!
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
openvswitch:
username: openvswitch
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ovn_ovsdb_nb:
name: ovn-ovsdb-nb
namespace: null
hosts:
default: ovn-ovsdb-nb
host_fqdn_override:
default: null
port:
ovsdb:
default: 6641
raft:
default: 6643
ovn_ovsdb_sb:
name: ovn-ovsdb-sb
namespace: null
hosts:
default: ovn-ovsdb-sb
host_fqdn_override:
default: null
port:
ovsdb:
default: 6642
raft:
default: 6644
network_policy:
ovn_ovsdb_nb:
ingress:
- {}
egress:
- {}
ovn_ovsdb_sb:
ingress:
- {}
egress:
- {}
ovn_northd:
ingress:
- {}
egress:
- {}
ovn_controller:
ingress:
- {}
egress:
- {}
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- openvswitch-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ovn_ovsdb_nb: null
ovn_ovsdb_sb: null
ovn_northd:
services:
- endpoint: internal
service: ovn-ovsdb-nb
- endpoint: internal
service: ovn-ovsdb-sb
ovn_controller:
services:
- endpoint: internal
service: ovn-ovsdb-sb
pod:
- requireSameNode: true
labels:
application: openvswitch
component: server
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
manifests:
configmap_bin: true
configmap_etc: true
deployment_northd: true
daemonset_controller: true
service_ovn_ovsdb_nb: true
service_ovn_ovsdb_sb: true
statefulset_ovn_ovsdb_nb: true
statefulset_ovn_ovsdb_sb: true
deployment_ovn_northd: true
daemonset_ovn_controller: true
job_image_repo_sync: true
...