-
Notifications
You must be signed in to change notification settings - Fork 77
/
Copy pathovs-cni.yml.in
132 lines (132 loc) · 3.42 KB
/
ovs-cni.yml.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: ovs-cni-amd64
namespace: ${NAMESPACE}
labels:
tier: node
app: ovs-cni
spec:
selector:
matchLabels:
app: ovs-cni
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 10%
template:
metadata:
labels:
tier: node
app: ovs-cni
annotations:
description: OVS CNI allows users to attach their Pods/VMs to Open vSwitch bridges available on nodes
spec:
serviceAccountName: ovs-cni-marker
hostNetwork: true
nodeSelector:
kubernetes.io/arch: amd64
kubernetes.io/os: linux
tolerations:
- key: node-role.kubernetes.io/master
operator: Exists
effect: NoSchedule
initContainers:
- name: ovs-cni-plugin
image: ${OVS_CNI_PLUGIN_IMAGE_REPO}/${OVS_CNI_PLUGIN_IMAGE_NAME}:${OVS_CNI_PLUGIN_IMAGE_VERSION}
command: ["/bin/sh","-c"]
args:
- >
cp /ovs /host${CNI_MOUNT_PATH}/ovs &&
cp /ovs-mirror-producer /host${CNI_MOUNT_PATH}/ovs-mirror-producer &&
cp /ovs-mirror-consumer /host${CNI_MOUNT_PATH}/ovs-mirror-consumer
imagePullPolicy: ${OVS_CNI_PLUGIN_IMAGE_PULL_POLICY}
securityContext:
privileged: true
resources:
requests:
cpu: "10m"
memory: "15Mi"
volumeMounts:
- name: cnibin
mountPath: /host${CNI_MOUNT_PATH}
priorityClassName: system-node-critical
containers:
- name: ovs-cni-marker
image: ${OVS_CNI_PLUGIN_IMAGE_REPO}/${OVS_CNI_PLUGIN_IMAGE_NAME}:${OVS_CNI_PLUGIN_IMAGE_VERSION}
imagePullPolicy: ${OVS_CNI_PLUGIN_IMAGE_PULL_POLICY}
securityContext:
privileged: true
command:
- /marker
args:
- -v
- "3"
- -logtostderr
- -node-name
- $(NODE_NAME)
- -ovs-socket
- unix:/host/var/run/openvswitch/db.sock
- -healthcheck-interval=${OVS_CNI_MARKER_HEALTHCHECK_INTERVAL}
volumeMounts:
- name: ovs-var-run
mountPath: /host/var/run/openvswitch
resources:
requests:
cpu: "10m"
memory: "10Mi"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
livenessProbe:
exec:
command:
- sh
- -c
- >-
find /tmp/healthy -mmin -2 | grep -q '/tmp/healthy'
initialDelaySeconds: ${OVS_CNI_MARKER_HEALTHCHECK_INTERVAL}
periodSeconds: ${OVS_CNI_MARKER_HEALTHCHECK_INTERVAL}
volumes:
- name: cnibin
hostPath:
path: ${CNI_MOUNT_PATH}
- name: ovs-var-run
hostPath:
path: /var/run/openvswitch
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ovs-cni-marker-cr
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- update
- patch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ovs-cni-marker-crb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: ovs-cni-marker-cr
subjects:
- kind: ServiceAccount
name: ovs-cni-marker
namespace: ${NAMESPACE}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: ovs-cni-marker
namespace: ${NAMESPACE}