Vladimir Kozhukalov 4d5919b070 Use host network for ovn controller pods
Change-Id: I9f852ff54cfc42536387fa51a73f019b56070345
2024-01-03 10:08:56 -06:00

323 lines
7.3 KiB
YAML

# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for openvswitch.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
---
release_group: null
images:
tags:
ovn_ovsdb_nb: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal
ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal
dep_check: quay.io/airshipit/kubernetes-entrypoint:v1.0.0
image_repo_sync: docker.io/library/docker:17.07.0
pull_policy: "IfNotPresent"
local_registry:
active: false
exclude:
- dep_check
- image_repo_sync
labels:
ovn_ovsdb_nb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_ovsdb_sb:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_northd:
node_selector_key: openstack-network-node
node_selector_value: enabled
ovn_controller:
node_selector_key: openvswitch
node_selector_value: enabled
volume:
ovn_ovsdb_nb:
enabled: true
class_name: general
size: 5Gi
ovn_ovsdb_sb:
enabled: true
class_name: general
size: 5Gi
network:
interface:
# Tunnel interface will be used for VXLAN tunneling.
tunnel: null
# If tunnel is null there is a fallback mechanism to search
# for interface with routing using tunnel network cidr.
tunnel_network_cidr: "0/0"
conf:
ovn_cms_options: "enable-chassis-as-gw,availability-zones=nova"
ovn_encap_type: geneve
ovn_bridge: br-int
ovn_bridge_mappings: external:br-ex
# auto_bridge_add:
# br-private: eth0
# br-public: eth1
auto_bridge_add: {}
pod:
# NOTE: should be same as nova.pod.use_fqdn.compute
use_fqdn:
compute: true
security_context:
ovn_northd:
container:
northd:
capabilities:
add:
- SYS_NICE
ovn_controller:
container:
controller_init:
readOnlyRootFilesystem: true
privileged: true
controller:
readOnlyRootFilesystem: true
privileged: true
tolerations:
ovn_ovsdb_nb:
enabled: false
ovn_ovsdb_sb:
enabled: false
ovn_northd:
enabled: false
ovn_controller:
enabled: false
affinity:
anti:
type:
default: preferredDuringSchedulingIgnoredDuringExecution
topologyKey:
default: kubernetes.io/hostname
weight:
default: 10
probes:
ovn_northd:
northd:
readiness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
liveness:
enabled: true
params:
initialDelaySeconds: 5
timeoutSeconds: 10
dns_policy: "ClusterFirstWithHostNet"
replicas:
ovn_ovsdb_nb: 1
ovn_ovsdb_sb: 1
ovn_northd: 1
lifecycle:
upgrades:
daemonsets:
pod_replacement_strategy: RollingUpdate
ovn_ovsdb_nb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_ovsdb_sb:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_northd:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
ovn_controller:
enabled: true
min_ready_seconds: 0
max_unavailable: 1
resources:
enabled: false
ovs:
ovn_ovsdb_nb:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_ovsdb_sb:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_northd:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
ovn_controller:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
jobs:
image_repo_sync:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "1024Mi"
cpu: "2000m"
secrets:
oci_image_registry:
ovn_ovsdb_nb: ovn-ovsdb-nb-oci-image-registry-key
ovn_ovsdb_sb: ovn-ovsdb-sb-oci-image-registry-key
ovn_northd: ovn-northd-oci-image-registry-key
ovn_controller: ovn-controller-oci-image-registry-key
# TODO: Check these endpoints?!
endpoints:
cluster_domain_suffix: cluster.local
local_image_registry:
name: docker-registry
namespace: docker-registry
hosts:
default: localhost
internal: docker-registry
node: localhost
host_fqdn_override:
default: null
port:
registry:
node: 5000
oci_image_registry:
name: oci-image-registry
namespace: oci-image-registry
auth:
enabled: false
openvswitch:
username: openvswitch
password: password
hosts:
default: localhost
host_fqdn_override:
default: null
port:
registry:
default: null
ovn_ovsdb_nb:
name: ovn-ovsdb-nb
namespace: null
hosts:
default: ovn-ovsdb-nb
host_fqdn_override:
default: null
port:
ovsdb:
default: 6641
raft:
default: 6643
ovn_ovsdb_sb:
name: ovn-ovsdb-sb
namespace: null
hosts:
default: ovn-ovsdb-sb
host_fqdn_override:
default: null
port:
ovsdb:
default: 6642
raft:
default: 6644
network_policy:
ovn_ovsdb_nb:
ingress:
- {}
egress:
- {}
ovn_ovsdb_sb:
ingress:
- {}
egress:
- {}
ovn_northd:
ingress:
- {}
egress:
- {}
ovn_controller:
ingress:
- {}
egress:
- {}
dependencies:
dynamic:
common:
local_image_registry:
jobs:
- openvswitch-image-repo-sync
services:
- endpoint: node
service: local_image_registry
static:
ovn_ovsdb_nb: null
ovn_ovsdb_sb: null
ovn_northd:
services:
- endpoint: internal
service: ovn-ovsdb-nb
- endpoint: internal
service: ovn-ovsdb-sb
ovn_controller:
services:
- endpoint: internal
service: ovn-ovsdb-sb
pod:
- requireSameNode: true
labels:
application: openvswitch
component: server
image_repo_sync:
services:
- endpoint: internal
service: local_image_registry
manifests:
configmap_bin: true
configmap_etc: true
deployment_northd: true
daemonset_controller: true
service_ovn_ovsdb_nb: true
service_ovn_ovsdb_sb: true
statefulset_ovn_ovsdb_nb: true
statefulset_ovn_ovsdb_sb: true
deployment_ovn_northd: true
daemonset_ovn_controller: true
job_image_repo_sync: true
...