diff --git a/charts/kube-ovn/Chart.yaml b/charts/kube-ovn/Chart.yaml index 0978817b6fce..31f0e5ed6c97 100644 --- a/charts/kube-ovn/Chart.yaml +++ b/charts/kube-ovn/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.13.0 +version: 2.0.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/kube-ovn/templates/_helpers.tpl b/charts/kube-ovn/templates/_helpers.tpl index 1b9a0575479f..0b203bed24a0 100644 --- a/charts/kube-ovn/templates/_helpers.tpl +++ b/charts/kube-ovn/templates/_helpers.tpl @@ -1,3 +1,59 @@ +{/* +Expand the name of the chart. +*/}} +{{- define "kubeovn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "kubeovn.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "kubeovn.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "kubeovn.labels" -}} +helm.sh/chart: {{ include "kubeovn.chart" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{/* +Create the name of the service account to use +*/}} +{{- define "kubeovn.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "kubeovn.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + + {{/* Get IP-addresses of master nodes */}} diff --git a/charts/kube-ovn/templates/agent/agent-clusterrole.yaml b/charts/kube-ovn/templates/agent/agent-clusterrole.yaml new file mode 100644 index 000000000000..cc0ada5f36e8 --- /dev/null +++ b/charts/kube-ovn/templates/agent/agent-clusterrole.yaml @@ -0,0 +1,89 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + annotations: + rbac.authorization.k8s.io/system-only: "true" + {{- with .Values.agent.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} + name: system:kube-ovn-cni +rules: + - apiGroups: + - "kubeovn.io" + resources: + - subnets + - vlans + - provider-networks + verbs: + - get + - list + - watch + - apiGroups: + - "" + - "kubeovn.io" + resources: + - ovn-eips + - ovn-eips/status + - nodes + - pods + verbs: + - get + - list + - patch + - watch + - apiGroups: + - "kubeovn.io" + resources: + - ips + verbs: + - get + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - update + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + verbs: + - "create" + - "get" + - "list" + - "watch" + - "delete" + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" \ No newline at end of file diff --git a/charts/kube-ovn/templates/agent/agent-clusterrolebinding.yaml b/charts/kube-ovn/templates/agent/agent-clusterrolebinding.yaml new file mode 100644 index 000000000000..319327cfc0c8 --- /dev/null +++ b/charts/kube-ovn/templates/agent/agent-clusterrolebinding.yaml @@ -0,0 +1,21 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kube-ovn-cni + {{- with .Values.agent.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + name: system:kube-ovn-cni + kind: ClusterRole + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: kube-ovn-cni + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/charts/kube-ovn/templates/ovncni-ds.yaml b/charts/kube-ovn/templates/agent/agent-daemonset.yaml similarity index 93% rename from charts/kube-ovn/templates/ovncni-ds.yaml rename to charts/kube-ovn/templates/agent/agent-daemonset.yaml index 6537d2253707..c006313bb114 100644 --- a/charts/kube-ovn/templates/ovncni-ds.yaml +++ b/charts/kube-ovn/templates/agent/agent-daemonset.yaml @@ -1,21 +1,33 @@ -kind: DaemonSet apiVersion: apps/v1 +kind: DaemonSet metadata: name: kube-ovn-cni namespace: {{ .Values.namespace }} + {{- with .Values.agent.annotations }} annotations: - kubernetes.io/description: | - This daemon set launches the kube-ovn cni daemon. + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: - app: kube-ovn-cni + app.kubernetes.io/name: kube-ovn-cni + app.kubernetes.io/part-of: kube-ovn template: metadata: + {{- with .Values.agent.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: kube-ovn-cni - component: network - type: infra + app.kubernetes.io/name: kube-ovn-cni + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.agent.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - effect: NoSchedule @@ -216,13 +228,10 @@ spec: - --port=10665 - --tls={{- .Values.func.SECURE_SERVING }} timeoutSeconds: 5 + {{- with .Values.agent.resources }} resources: - requests: - cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }} + {{- toYaml . | trim | nindent 10 }} + {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: diff --git a/charts/kube-ovn/templates/agent/agent-rolebinding.yaml b/charts/kube-ovn/templates/agent/agent-rolebinding.yaml new file mode 100644 index 000000000000..0e91181e1597 --- /dev/null +++ b/charts/kube-ovn/templates/agent/agent-rolebinding.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + {{- with .Values.agent.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader +subjects: + - kind: ServiceAccount + name: kube-ovn-cni + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/charts/kube-ovn/templates/agent/agent-service.yaml b/charts/kube-ovn/templates/agent/agent-service.yaml new file mode 100644 index 000000000000..f838f0a2210b --- /dev/null +++ b/charts/kube-ovn/templates/agent/agent-service.yaml @@ -0,0 +1,23 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + {{- with .Values.agent.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + app.kubernetes.io/name: kube-ovn-cni + app.kubernetes.io/part-of: kube-ovn + ports: + - port: {{ .Values.agent.metrics.port }} + name: metrics + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/charts/kube-ovn/templates/agent/agent-serviceaccount.yaml b/charts/kube-ovn/templates/agent/agent-serviceaccount.yaml new file mode 100644 index 000000000000..fb773d699872 --- /dev/null +++ b/charts/kube-ovn/templates/agent/agent-serviceaccount.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kube-ovn-cni + namespace: {{ .Values.namespace }} + {{- with .Values.agent.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.agent.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/charts/kube-ovn/templates/central-deploy.yaml b/charts/kube-ovn/templates/central/central-deployment.yaml similarity index 87% rename from charts/kube-ovn/templates/central-deploy.yaml rename to charts/kube-ovn/templates/central/central-deployment.yaml index bbc1e09d3160..2e486335bdb3 100644 --- a/charts/kube-ovn/templates/central-deploy.yaml +++ b/charts/kube-ovn/templates/central/central-deployment.yaml @@ -2,10 +2,14 @@ kind: Deployment apiVersion: apps/v1 metadata: name: ovn-central - namespace: {{ .Values.namespace }} + {{- with .Values.central.annotations }} annotations: - kubernetes.io/description: | - OVN components: northd, nb and sb. + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.central.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ include "kubeovn.nodeCount" . }} strategy: @@ -15,13 +19,20 @@ spec: type: RollingUpdate selector: matchLabels: - app: ovn-central + app.kubernetes.io/name: ovn-central + app.kubernetes.io/part-of: kube-ovn template: metadata: + {{- with .Values.central.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: ovn-central - component: network - type: infra + app.kubernetes.io/name: ovn-central + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.central.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - effect: NoSchedule @@ -35,7 +46,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - app: ovn-central + app.kubernetes.io/name: ovn-central topologyKey: kubernetes.io/hostname priorityClassName: system-cluster-critical serviceAccountName: ovn-ovs @@ -111,13 +122,10 @@ spec: value: "{{ .Values.networking.ENABLE_COMPACT }}" - name: OVN_VERSION_COMPATIBILITY value: '{{ include "kubeovn.ovn.versionCompatibility" . }}' + {{- with .Values.central.resources }} resources: - requests: - cpu: {{ index .Values "ovn-central" "requests" "cpu" }} - memory: {{ index .Values "ovn-central" "requests" "memory" }} - limits: - cpu: {{ index .Values "ovn-central" "limits" "cpu" }} - memory: {{ index .Values "ovn-central" "limits" "memory" }} + {{- toYaml . | trim | nindent 12 }} + {{- end }} volumeMounts: - mountPath: /var/run/ovn name: host-run-ovn diff --git a/charts/kube-ovn/templates/nb-svc.yaml b/charts/kube-ovn/templates/central/northbound-service.yaml similarity index 57% rename from charts/kube-ovn/templates/nb-svc.yaml rename to charts/kube-ovn/templates/central/northbound-service.yaml index 43992e91c6a2..f0c37b0e7fe6 100644 --- a/charts/kube-ovn/templates/nb-svc.yaml +++ b/charts/kube-ovn/templates/central/northbound-service.yaml @@ -3,6 +3,14 @@ apiVersion: v1 metadata: name: ovn-nb namespace: {{ .Values.namespace }} + {{- with .Values.central.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.central.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: ports: - name: ovn-nb @@ -14,6 +22,7 @@ spec: ipFamilyPolicy: PreferDualStack {{- end }} selector: - app: ovn-central + app.kubernetes.io/name: ovn-central + app.kubernetes.io/part-of: kube-ovn ovn-nb-leader: "true" sessionAffinity: None diff --git a/charts/kube-ovn/templates/northd-svc.yaml b/charts/kube-ovn/templates/central/northd-service.yaml similarity index 58% rename from charts/kube-ovn/templates/northd-svc.yaml rename to charts/kube-ovn/templates/central/northd-service.yaml index cec072330b00..571bc5542ae1 100644 --- a/charts/kube-ovn/templates/northd-svc.yaml +++ b/charts/kube-ovn/templates/central/northd-service.yaml @@ -3,6 +3,14 @@ apiVersion: v1 metadata: name: ovn-northd namespace: {{ .Values.namespace }} + {{- with .Values.central.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.central.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: ports: - name: ovn-northd @@ -14,6 +22,7 @@ spec: ipFamilyPolicy: PreferDualStack {{- end }} selector: - app: ovn-central + app.kubernetes.io/name: ovn-central + app.kubernetes.io/part-of: kube-ovn ovn-northd-leader: "true" sessionAffinity: None diff --git a/charts/kube-ovn/templates/sb-svc.yaml b/charts/kube-ovn/templates/central/southbound-service.yaml similarity index 57% rename from charts/kube-ovn/templates/sb-svc.yaml rename to charts/kube-ovn/templates/central/southbound-service.yaml index 36a4a27ab0cf..87f726f5e8d6 100644 --- a/charts/kube-ovn/templates/sb-svc.yaml +++ b/charts/kube-ovn/templates/central/southbound-service.yaml @@ -3,6 +3,14 @@ apiVersion: v1 metadata: name: ovn-sb namespace: {{ .Values.namespace }} + {{- with .Values.central.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.central.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: ports: - name: ovn-sb @@ -14,6 +22,7 @@ spec: ipFamilyPolicy: PreferDualStack {{- end }} selector: - app: ovn-central + app.kubernetes.io/name: ovn-central + app.kubernetes.io/part-of: kube-ovn ovn-sb-leader: "true" sessionAffinity: None diff --git a/charts/kube-ovn/templates/controller-svc.yaml b/charts/kube-ovn/templates/controller-svc.yaml deleted file mode 100644 index b4d39619d94e..000000000000 --- a/charts/kube-ovn/templates/controller-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-controller - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-controller -spec: - selector: - app: kube-ovn-controller - ports: - - port: 10660 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/charts/kube-ovn/templates/controller-deploy.yaml b/charts/kube-ovn/templates/controller/controller-deployment.yaml similarity index 91% rename from charts/kube-ovn/templates/controller-deploy.yaml rename to charts/kube-ovn/templates/controller/controller-deployment.yaml index eaa4c3dc5a03..1656cfb549c3 100644 --- a/charts/kube-ovn/templates/controller-deploy.yaml +++ b/charts/kube-ovn/templates/controller/controller-deployment.yaml @@ -1,16 +1,22 @@ -kind: Deployment apiVersion: apps/v1 +kind: Deployment metadata: name: kube-ovn-controller namespace: {{ .Values.namespace }} + {{- with .Values.controller.annotations }} annotations: - kubernetes.io/description: | - kube-ovn controller + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ include "kubeovn.nodeCount" . }} selector: matchLabels: - app: kube-ovn-controller + app.kubernetes.io/name: kube-ovn-controller + app.kubernetes.io/part-of: kube-ovn strategy: rollingUpdate: maxSurge: 0% @@ -18,10 +24,16 @@ spec: type: RollingUpdate template: metadata: + {{- with .Values.controller.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: kube-ovn-controller - component: network - type: infra + app.kubernetes.io/name: kube-ovn-controller + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - effect: NoSchedule @@ -42,7 +54,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - app: kube-ovn-controller + app.kubernetes.io/name: kube-ovn-controller topologyKey: kubernetes.io/hostname priorityClassName: system-cluster-critical serviceAccountName: ovn @@ -202,13 +214,10 @@ spec: periodSeconds: 7 failureThreshold: 5 timeoutSeconds: 5 + {{- with .Values.controller.resources }} resources: - requests: - cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }} + {{- toYaml . | trim | nindent 12 }} + {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: diff --git a/charts/kube-ovn/templates/controller/controller-service.yaml b/charts/kube-ovn/templates/controller/controller-service.yaml new file mode 100644 index 000000000000..0027bd8e4d87 --- /dev/null +++ b/charts/kube-ovn/templates/controller/controller-service.yaml @@ -0,0 +1,23 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-controller + namespace: {{ .Values.namespace }} + {{- with .Values.controller.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.controller.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + app.kubernetes.io/name: kube-ovn-controller + app.kubernetes.io/part-of: kube-ovn + ports: + - port: {{ .Values.controller.metrics.port }} + name: metrics + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/charts/kube-ovn/templates/pre-delete-hook.yaml b/charts/kube-ovn/templates/hooks/pre-delete-hook.yaml similarity index 100% rename from charts/kube-ovn/templates/pre-delete-hook.yaml rename to charts/kube-ovn/templates/hooks/pre-delete-hook.yaml diff --git a/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml b/charts/kube-ovn/templates/hooks/upgrade-ovs-ovn.yaml similarity index 100% rename from charts/kube-ovn/templates/upgrade-ovs-ovn.yaml rename to charts/kube-ovn/templates/hooks/upgrade-ovs-ovn.yaml diff --git a/charts/kube-ovn/templates/kube-ovn-crd.yaml b/charts/kube-ovn/templates/kube-ovn-crd.yaml deleted file mode 100644 index 7384e9a17d93..000000000000 --- a/charts/kube-ovn/templates/kube-ovn-crd.yaml +++ /dev/null @@ -1,2671 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-dnses.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-dnses - singular: vpc-dns - shortNames: - - vpc-dns - kind: VpcDns - listKind: VpcDnsList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.active - name: Active - type: boolean - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - vpc: - type: string - subnet: - type: string - replicas: - type: integer - minimum: 1 - maximum: 3 - status: - type: object - properties: - active: - type: boolean - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: switch-lb-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: switch-lb-rules - singular: switch-lb-rule - shortNames: - - slr - kind: SwitchLBRule - listKind: SwitchLBRuleList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vip - name: vip - type: string - - jsonPath: .status.ports - name: port(s) - type: string - - jsonPath: .status.service - name: service - type: string - - jsonPath: .metadata.creationTimestamp - name: age - type: date - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - namespace: - type: string - vip: - type: string - sessionAffinity: - type: string - ports: - items: - properties: - name: - type: string - port: - type: integer - minimum: 1 - maximum: 65535 - protocol: - type: string - targetPort: - type: integer - minimum: 1 - maximum: 65535 - type: object - type: array - selector: - items: - type: string - type: array - endpoints: - items: - type: string - type: array - status: - type: object - properties: - ports: - type: string - service: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpc-nat-gateways.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vpc-nat-gateways - singular: vpc-nat-gateway - shortNames: - - vpc-nat-gw - kind: VpcNatGateway - listKind: VpcNatGatewayList - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .spec.vpc - name: Vpc - type: string - - jsonPath: .spec.subnet - name: Subnet - type: string - - jsonPath: .spec.lanIp - name: LanIP - type: string - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - externalSubnets: - items: - type: string - type: array - selector: - type: array - items: - type: string - qosPolicy: - type: string - tolerations: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - enum: - - Equal - - Exists - value: - type: string - effect: - type: string - enum: - - NoExecute - - NoSchedule - - PreferNoSchedule - tolerationSeconds: - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - spec: - type: object - properties: - lanIp: - type: string - subnet: - type: string - externalSubnets: - items: - type: string - type: array - vpc: - type: string - selector: - type: array - items: - type: string - qosPolicy: - type: string - bgpSpeaker: - type: object - properties: - enabled: - type: boolean - asn: - type: integer - remoteAsn: - type: integer - neighbors: - type: array - items: - type: string - holdTime: - type: string - routerId: - type: string - password: - type: string - enableGracefulRestart: - type: boolean - extraArgs: - type: array - items: - type: string - tolerations: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - enum: - - Equal - - Exists - value: - type: string - effect: - type: string - enum: - - NoExecute - - NoSchedule - - PreferNoSchedule - tolerationSeconds: - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - x-kubernetes-patch-strategy: merge - x-kubernetes-patch-merge-key: key - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-eips - singular: iptables-eip - shortNames: - - eip - kind: IptablesEIP - listKind: IptablesEIPList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.ip - name: IP - type: string - - jsonPath: .spec.macAddress - name: Mac - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .spec.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - ip: - type: string - nat: - type: string - redo: - type: string - qosPolicy: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - v4ip: - type: string - v6ip: - type: string - macAddress: - type: string - natGwDp: - type: string - qosPolicy: - type: string - externalSubnet: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-fip-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-fip-rules - singular: iptables-fip-rule - shortNames: - - fip - kind: IptablesFIPRule - listKind: IptablesFIPRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalIp: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalIp: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-dnat-rules - singular: iptables-dnat-rule - shortNames: - - dnat - kind: IptablesDnatRule - listKind: IptablesDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: Eip - type: string - - jsonPath: .spec.protocol - name: Protocol - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalIp - name: InternalIp - type: string - - jsonPath: .spec.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.internalPort - name: InternalPort - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string - externalPort: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - externalPort: - type: string - protocol: - type: string - internalIp: - type: string - internalPort: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: iptables-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: iptables-snat-rules - singular: iptables-snat-rule - shortNames: - - snat - kind: IptablesSnatRule - listKind: IptablesSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.eip - name: EIP - type: string - - jsonPath: .status.v4ip - name: V4ip - type: string - - jsonPath: .status.v6ip - name: V6ip - type: string - - jsonPath: .spec.internalCIDR - name: InternalCIDR - type: string - - jsonPath: .status.natGwDp - name: NatGwDp - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - natGwDp: - type: string - redo: - type: string - internalCIDR: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - eip: - type: string - internalCIDR: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-eips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-eips - singular: ovn-eip - shortNames: - - oeip - kind: OvnEip - listKind: OvnEipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.v4Ip - name: V4IP - type: string - - jsonPath: .status.v6Ip - name: V6IP - type: string - - jsonPath: .status.macAddress - name: Mac - type: string - - jsonPath: .status.type - name: Type - type: string - - jsonPath: .status.nat - name: Nat - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .spec.externalSubnet - name: ExternalSubnet - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - nat: - type: string - ready: - type: boolean - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - externalSubnet: - type: string - type: - type: string - v4Ip: - type: string - v6Ip: - type: string - macAddress: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-fips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-fips - singular: ovn-fip - shortNames: - - ofip - kind: OvnFip - listKind: OvnFipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.v6Ip - name: V6Ip - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .spec.ipType - name: IpType - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v6Eip: - type: string - v4Ip: - type: string - v6Ip: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - vpc: - type: string - v4Ip: - type: string - v6Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-snat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-snat-rules - singular: ovn-snat-rule - shortNames: - - osnat - kind: OvnSnatRule - listKind: OvnSnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4IpCidr - name: V4IpCidr - type: string - - jsonPath: .status.v6IpCidr - name: V6IpCidr - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v6Eip: - type: string - v4IpCidr: - type: string - v6IpCidr: - type: string - vpc: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - vpcSubnet: - type: string - ipName: - type: string - vpc: - type: string - v4IpCidr: - type: string - v6IpCidr: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ovn-dnat-rules.kubeovn.io -spec: - group: kubeovn.io - names: - plural: ovn-dnat-rules - singular: ovn-dnat-rule - shortNames: - - odnat - kind: OvnDnatRule - listKind: OvnDnatRuleList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .status.vpc - name: Vpc - type: string - - jsonPath: .spec.ovnEip - name: Eip - type: string - - jsonPath: .status.protocol - name: Protocol - type: string - - jsonPath: .status.v4Eip - name: V4Eip - type: string - - jsonPath: .status.v6Eip - name: V6Eip - type: string - - jsonPath: .status.v4Ip - name: V4Ip - type: string - - jsonPath: .status.v6Ip - name: V6Ip - type: string - - jsonPath: .status.internalPort - name: InternalPort - type: string - - jsonPath: .status.externalPort - name: ExternalPort - type: string - - jsonPath: .spec.ipName - name: IpName - type: string - - jsonPath: .status.ready - name: Ready - type: boolean - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - ready: - type: boolean - v4Eip: - type: string - v6Eip: - type: string - v4Ip: - type: string - v6Ip: - type: string - vpc: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - ipName: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - ovnEip: - type: string - ipType: - type: string - ipName: - type: string - externalPort: - type: string - internalPort: - type: string - protocol: - type: string - vpc: - type: string - v4Ip: - type: string - v6Ip: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vpcs.kubeovn.io -spec: - group: kubeovn.io - versions: - - additionalPrinterColumns: - - jsonPath: .status.enableExternal - name: EnableExternal - type: boolean - - jsonPath: .status.enableBfd - name: EnableBfd - type: boolean - - jsonPath: .status.standby - name: Standby - type: boolean - - jsonPath: .status.subnets - name: Subnets - type: string - - jsonPath: .status.extraExternalSubnets - name: ExtraExternalSubnets - type: string - - jsonPath: .spec.namespaces - name: Namespaces - type: string - - jsonPath: .status.defaultLogicalSwitch - name: DefaultSubnet - type: string - name: v1 - schema: - openAPIV3Schema: - properties: - spec: - properties: - defaultSubnet: - type: string - enableExternal: - type: boolean - enableBfd: - type: boolean - namespaces: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - staticRoutes: - items: - properties: - policy: - type: string - cidr: - type: string - nextHopIP: - type: string - ecmpMode: - type: string - bfdId: - type: string - routeTable: - type: string - type: object - type: array - policyRoutes: - items: - properties: - priority: - type: integer - action: - type: string - match: - type: string - nextHopIP: - type: string - type: object - type: array - vpcPeerings: - items: - properties: - remoteVpc: - type: string - localConnectIP: - type: string - type: object - type: array - type: object - status: - properties: - conditions: - items: - properties: - lastTransitionTime: - type: string - lastUpdateTime: - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - default: - type: boolean - defaultLogicalSwitch: - type: string - router: - type: string - standby: - type: boolean - enableExternal: - type: boolean - enableBfd: - type: boolean - subnets: - items: - type: string - type: array - extraExternalSubnets: - items: - type: string - type: array - vpcPeerings: - items: - type: string - type: array - tcpLoadBalancer: - type: string - tcpSessionLoadBalancer: - type: string - udpLoadBalancer: - type: string - udpSessionLoadBalancer: - type: string - sctpLoadBalancer: - type: string - sctpSessionLoadBalancer: - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - names: - kind: Vpc - listKind: VpcList - plural: vpcs - shortNames: - - vpc - singular: vpc - scope: Cluster ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ips.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .spec.v4IpAddress - - name: V6IP - type: string - jsonPath: .spec.v6IpAddress - - name: Mac - type: string - jsonPath: .spec.macAddress - - name: Node - type: string - jsonPath: .spec.nodeName - - name: Subnet - type: string - jsonPath: .spec.subnet - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - podName: - type: string - namespace: - type: string - subnet: - type: string - attachSubnets: - type: array - items: - type: string - nodeName: - type: string - ipAddress: - type: string - v4IpAddress: - type: string - v6IpAddress: - type: string - attachIps: - type: array - items: - type: string - macAddress: - type: string - attachMacs: - type: array - items: - type: string - containerID: - type: string - podType: - type: string - scope: Cluster - names: - plural: ips - singular: ip - kind: IP - shortNames: - - ip ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vips.kubeovn.io -spec: - group: kubeovn.io - names: - plural: vips - singular: vip - shortNames: - - vip - kind: Vip - listKind: VipList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - additionalPrinterColumns: - - name: V4IP - type: string - jsonPath: .status.v4ip - - name: V6IP - type: string - jsonPath: .status.v6ip - - name: Mac - type: string - jsonPath: .status.mac - - name: PMac - type: string - jsonPath: .spec.parentMac - - name: Subnet - type: string - jsonPath: .spec.subnet - - jsonPath: .status.ready - name: Ready - type: boolean - - jsonPath: .status.type - name: Type - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - type: - type: string - ready: - type: boolean - v4ip: - type: string - v6ip: - type: string - mac: - type: string - pv4ip: - type: string - pv6ip: - type: string - pmac: - type: string - selector: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - namespace: - type: string - subnet: - type: string - type: - type: string - attachSubnets: - type: array - items: - type: string - v4ip: - type: string - macAddress: - type: string - v6ip: - type: string - parentV4ip: - type: string - parentMac: - type: string - parentV6ip: - type: string - selector: - type: array - items: - type: string ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subnets.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Provider - type: string - jsonPath: .spec.provider - - name: Vpc - type: string - jsonPath: .spec.vpc - - name: Vlan - type: string - jsonPath: .spec.vlan - - name: Protocol - type: string - jsonPath: .spec.protocol - - name: CIDR - type: string - jsonPath: .spec.cidrBlock - - name: Private - type: boolean - jsonPath: .spec.private - - name: NAT - type: boolean - jsonPath: .spec.natOutgoing - - name: Default - type: boolean - jsonPath: .spec.default - - name: GatewayType - type: string - jsonPath: .spec.gatewayType - - name: V4Used - type: number - jsonPath: .status.v4usingIPs - - name: V4Available - type: number - jsonPath: .status.v4availableIPs - - name: V6Used - type: number - jsonPath: .status.v6usingIPs - - name: V6Available - type: number - jsonPath: .status.v6availableIPs - - name: ExcludeIPs - type: string - jsonPath: .spec.excludeIps - - name: U2OInterconnectionIP - type: string - jsonPath: .status.u2oInterconnectionIP - schema: - openAPIV3Schema: - type: object - properties: - metadata: - type: object - properties: - name: - type: string - pattern: ^[^0-9] - status: - type: object - properties: - v4availableIPs: - type: number - v4usingIPs: - type: number - v6availableIPs: - type: number - v6usingIPs: - type: number - activateGateway: - type: string - dhcpV4OptionsUUID: - type: string - dhcpV6OptionsUUID: - type: string - u2oInterconnectionIP: - type: string - u2oInterconnectionMAC: - type: string - u2oInterconnectionVPC: - type: string - v4usingIPrange: - type: string - v4availableIPrange: - type: string - v6usingIPrange: - type: string - v6availableIPrange: - type: string - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - ruleID: - type: string - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - vpc: - type: string - default: - type: boolean - protocol: - type: string - enum: - - IPv4 - - IPv6 - - Dual - cidrBlock: - type: string - namespaces: - type: array - items: - type: string - gateway: - type: string - provider: - type: string - excludeIps: - type: array - items: - type: string - vips: - type: array - items: - type: string - gatewayType: - type: string - allowSubnets: - type: array - items: - type: string - gatewayNode: - type: string - natOutgoing: - type: boolean - externalEgressGateway: - type: string - policyRoutingPriority: - type: integer - minimum: 1 - maximum: 32765 - policyRoutingTableID: - type: integer - minimum: 1 - maximum: 2147483647 - not: - enum: - - 252 # compat - - 253 # default - - 254 # main - - 255 # local - mtu: - type: integer - minimum: 68 - maximum: 65535 - private: - type: boolean - vlan: - type: string - logicalGateway: - type: boolean - disableGatewayCheck: - type: boolean - disableInterConnection: - type: boolean - enableDHCP: - type: boolean - dhcpV4Options: - type: string - dhcpV6Options: - type: string - enableIPv6RA: - type: boolean - ipv6RAConfigs: - type: string - allowEWTraffic: - type: boolean - acls: - type: array - items: - type: object - properties: - direction: - type: string - enum: - - from-lport - - to-lport - priority: - type: integer - minimum: 0 - maximum: 32767 - match: - type: string - action: - type: string - enum: - - allow-related - - allow-stateless - - allow - - drop - - reject - natOutgoingPolicyRules: - type: array - items: - type: object - properties: - action: - type: string - enum: - - nat - - forward - match: - type: object - properties: - srcIPs: - type: string - dstIPs: - type: string - u2oInterconnection: - type: boolean - u2oInterconnectionIP: - type: string - enableLb: - type: boolean - enableEcmp: - type: boolean - enableMulticastSnoop: - type: boolean - routeTable: - type: string - scope: Cluster - names: - plural: subnets - singular: subnet - kind: Subnet - shortNames: - - subnet ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: ippools.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Subnet - type: string - jsonPath: .spec.subnet - - name: IPs - type: string - jsonPath: .spec.ips - - name: V4Used - type: number - jsonPath: .status.v4UsingIPs - - name: V4Available - type: number - jsonPath: .status.v4AvailableIPs - - name: V6Used - type: number - jsonPath: .status.v6UsingIPs - - name: V6Available - type: number - jsonPath: .status.v6AvailableIPs - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - subnet: - type: string - x-kubernetes-validations: - - rule: "self == oldSelf" - message: "This field is immutable." - namespaces: - type: array - x-kubernetes-list-type: set - items: - type: string - ips: - type: array - minItems: 1 - x-kubernetes-list-type: set - items: - type: string - anyOf: - - format: ipv4 - - format: ipv6 - - format: cidr - - pattern: ^(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.\.(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])$ - - pattern: ^((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))\.\.((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|:)))$ - required: - - subnet - - ips - status: - type: object - properties: - v4AvailableIPs: - type: number - v4UsingIPs: - type: number - v6AvailableIPs: - type: number - v6UsingIPs: - type: number - v4AvailableIPRange: - type: string - v4UsingIPRange: - type: string - v6AvailableIPRange: - type: string - v6UsingIPRange: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - scope: Cluster - names: - plural: ippools - singular: ippool - kind: IPPool - shortNames: - - ippool ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: vlans.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - id: - type: integer - minimum: 0 - maximum: 4095 - provider: - type: string - vlanId: - type: integer - description: Deprecated in favor of id - providerInterfaceName: - type: string - description: Deprecated in favor of provider - required: - - provider - status: - type: object - properties: - subnets: - type: array - items: - type: string - additionalPrinterColumns: - - name: ID - type: string - jsonPath: .spec.id - - name: Provider - type: string - jsonPath: .spec.provider - scope: Cluster - names: - plural: vlans - singular: vlan - kind: Vlan - shortNames: - - vlan ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: provider-networks.kubeovn.io -spec: - group: kubeovn.io - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - metadata: - type: object - properties: - name: - type: string - maxLength: 12 - not: - enum: - - int - spec: - type: object - properties: - defaultInterface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - customInterfaces: - type: array - items: - type: object - properties: - interface: - type: string - maxLength: 15 - pattern: '^[^/\s]+$' - nodes: - type: array - items: - type: string - exchangeLinkName: - type: boolean - excludeNodes: - type: array - items: - type: string - required: - - defaultInterface - status: - type: object - properties: - ready: - type: boolean - readyNodes: - type: array - items: - type: string - notReadyNodes: - type: array - items: - type: string - vlans: - type: array - items: - type: string - conditions: - type: array - items: - type: object - properties: - node: - type: string - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - additionalPrinterColumns: - - name: DefaultInterface - type: string - jsonPath: .spec.defaultInterface - - name: Ready - type: boolean - jsonPath: .status.ready - scope: Cluster - names: - plural: provider-networks - singular: provider-network - kind: ProviderNetwork - listKind: ProviderNetworkList ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: security-groups.kubeovn.io -spec: - group: kubeovn.io - names: - plural: security-groups - singular: security-group - shortNames: - - sg - kind: SecurityGroup - listKind: SecurityGroupList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - ingressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - egressRules: - type: array - items: - type: object - properties: - ipVersion: - type: string - protocol: - type: string - priority: - type: integer - remoteType: - type: string - remoteAddress: - type: string - remoteSecurityGroup: - type: string - portRangeMin: - type: integer - portRangeMax: - type: integer - policy: - type: string - allowSameGroupTraffic: - type: boolean - status: - type: object - properties: - portGroup: - type: string - allowSameGroupTraffic: - type: boolean - ingressMd5: - type: string - egressMd5: - type: string - ingressLastSyncSuccess: - type: boolean - egressLastSyncSuccess: - type: boolean - subresources: - status: {} - conversion: - strategy: None ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: qos-policies.kubeovn.io -spec: - group: kubeovn.io - names: - plural: qos-policies - singular: qos-policy - shortNames: - - qos - kind: QoSPolicy - listKind: QoSPolicyList - scope: Cluster - versions: - - name: v1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - jsonPath: .spec.shared - name: Shared - type: string - - jsonPath: .spec.bindingType - name: BindingType - type: string - schema: - openAPIV3Schema: - type: object - properties: - status: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastUpdateTime: - type: string - lastTransitionTime: - type: string - spec: - type: object - properties: - shared: - type: boolean - bindingType: - type: string - bandwidthLimitRules: - type: array - items: - type: object - properties: - name: - type: string - interface: - type: string - rateMax: - type: string - burstMax: - type: string - priority: - type: integer - direction: - type: string - matchType: - type: string - matchValue: - type: string - required: - - name - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map diff --git a/charts/kube-ovn/templates/misc/extra-objects.yaml b/charts/kube-ovn/templates/misc/extra-objects.yaml new file mode 100644 index 000000000000..955c306e8936 --- /dev/null +++ b/charts/kube-ovn/templates/misc/extra-objects.yaml @@ -0,0 +1,8 @@ +{{ range .Values.extraObjects }} +--- +{{ if typeIs "string" . }} + {{- tpl . $ }} +{{- else }} + {{- tpl (toYaml .) $ }} +{{- end }} +{{ end }} diff --git a/charts/kube-ovn/templates/monitor-svc.yaml b/charts/kube-ovn/templates/monitor-svc.yaml deleted file mode 100644 index 1ad1800d84bc..000000000000 --- a/charts/kube-ovn/templates/monitor-svc.yaml +++ /dev/null @@ -1,18 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-monitor - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-monitor -spec: - ports: - - name: metrics - port: 10661 - type: ClusterIP - selector: - app: kube-ovn-monitor - sessionAffinity: None - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/charts/kube-ovn/templates/monitor-deploy.yaml b/charts/kube-ovn/templates/monitors/monitor-deployment.yaml similarity index 86% rename from charts/kube-ovn/templates/monitor-deploy.yaml rename to charts/kube-ovn/templates/monitors/monitor-deployment.yaml index 0bb2f4d4be7e..58d6832e93c0 100644 --- a/charts/kube-ovn/templates/monitor-deploy.yaml +++ b/charts/kube-ovn/templates/monitors/monitor-deployment.yaml @@ -3,9 +3,14 @@ apiVersion: apps/v1 metadata: name: kube-ovn-monitor namespace: {{ .Values.namespace }} + {{- with .Values.monitor.annotations }} annotations: - kubernetes.io/description: | - Metrics for OVN components: northd, nb and sb. + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.monitor.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 strategy: @@ -15,13 +20,20 @@ spec: type: RollingUpdate selector: matchLabels: - app: kube-ovn-monitor + app.kubernetes.io/name: kube-ovn-monitor + app.kubernetes.io/part-of: kube-ovn template: metadata: + {{- with .Values.monitor.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: kube-ovn-monitor - component: network - type: infra + app.kubernetes.io/name: kube-ovn-monitor + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.monitor.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - effect: NoSchedule @@ -33,7 +45,7 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: - app: kube-ovn-monitor + app.kubernetes.io/name: kube-ovn-monitor topologyKey: kubernetes.io/hostname priorityClassName: system-cluster-critical serviceAccountName: kube-ovn-app @@ -98,13 +110,10 @@ spec: fieldPath: status.podIPs - name: ENABLE_BIND_LOCAL_IP value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}" + {{- with .Values.monitor.resources }} resources: - requests: - cpu: {{ index .Values "kube-ovn-monitor" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-monitor" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }} + {{- toYaml . | trim | nindent 12 }} + {{- end }} volumeMounts: - mountPath: /var/run/ovn name: host-run-ovn diff --git a/charts/kube-ovn/templates/monitors/monitor-service.yaml b/charts/kube-ovn/templates/monitors/monitor-service.yaml new file mode 100644 index 000000000000..d8431543b233 --- /dev/null +++ b/charts/kube-ovn/templates/monitors/monitor-service.yaml @@ -0,0 +1,25 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-monitor + namespace: {{ .Values.namespace }} + {{- with .Values.monitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.monitor.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ports: + - name: metrics + port: {{ .Values.monitor.metrics.port }} + type: ClusterIP + selector: + app.kubernetes.io/name: kube-ovn-monitor + app.kubernetes.io/part-of: kube-ovn + sessionAffinity: None + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/charts/kube-ovn/templates/ovn-CR.yaml b/charts/kube-ovn/templates/ovn-CR.yaml index 856c9cd5b862..60b393fbf266 100644 --- a/charts/kube-ovn/templates/ovn-CR.yaml +++ b/charts/kube-ovn/templates/ovn-CR.yaml @@ -239,88 +239,6 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: - annotations: - rbac.authorization.k8s.io/system-only: "true" - name: system:kube-ovn-cni -rules: - - apiGroups: - - "kubeovn.io" - resources: - - subnets - - vlans - - provider-networks - verbs: - - get - - list - - watch - - apiGroups: - - "" - - "kubeovn.io" - resources: - - ovn-eips - - ovn-eips/status - - nodes - - pods - verbs: - - get - - list - - patch - - watch - - apiGroups: - - "kubeovn.io" - resources: - - ips - verbs: - - get - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - apiGroups: - - "certificates.k8s.io" - resources: - - "certificatesigningrequests" - verbs: - - "create" - - "get" - - "list" - - "watch" - - "delete" - - apiGroups: - - "" - resources: - - "secrets" - verbs: - - "get" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole metadata: annotations: rbac.authorization.k8s.io/system-only: "true" diff --git a/charts/kube-ovn/templates/ovn-CRB.yaml b/charts/kube-ovn/templates/ovn-CRB.yaml index 7cc43d84e51e..1b7d706b7f7f 100644 --- a/charts/kube-ovn/templates/ovn-CRB.yaml +++ b/charts/kube-ovn/templates/ovn-CRB.yaml @@ -41,33 +41,6 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: - name: kube-ovn-cni -roleRef: - name: system:kube-ovn-cni - kind: ClusterRole - apiGroup: rbac.authorization.k8s.io -subjects: - - kind: ServiceAccount - name: kube-ovn-cni - namespace: {{ .Values.namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: - - kind: ServiceAccount - name: kube-ovn-cni - namespace: {{ .Values.namespace }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding metadata: name: kube-ovn-app roleRef: diff --git a/charts/kube-ovn/templates/ovn-sa.yaml b/charts/kube-ovn/templates/ovn-sa.yaml index 17b4a92f7845..8ad49de18abe 100644 --- a/charts/kube-ovn/templates/ovn-sa.yaml +++ b/charts/kube-ovn/templates/ovn-sa.yaml @@ -19,13 +19,6 @@ metadata: name: ovn-ovs namespace: {{ .Values.namespace }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - --- apiVersion: v1 kind: ServiceAccount diff --git a/charts/kube-ovn/templates/ovncni-svc.yaml b/charts/kube-ovn/templates/ovncni-svc.yaml deleted file mode 100644 index e1c47c806f87..000000000000 --- a/charts/kube-ovn/templates/ovncni-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-cni - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-cni -spec: - selector: - app: kube-ovn-cni - ports: - - port: 10665 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/charts/kube-ovn/templates/ovsovn-ds.yaml b/charts/kube-ovn/templates/ovs-ovn/ovs-ovn-daemonset.yaml similarity index 83% rename from charts/kube-ovn/templates/ovsovn-ds.yaml rename to charts/kube-ovn/templates/ovs-ovn/ovs-ovn-daemonset.yaml index 33fa06d36850..7af5509e083c 100644 --- a/charts/kube-ovn/templates/ovsovn-ds.yaml +++ b/charts/kube-ovn/templates/ovs-ovn/ovs-ovn-daemonset.yaml @@ -3,14 +3,19 @@ apiVersion: apps/v1 metadata: name: ovs-ovn namespace: {{ .Values.namespace }} + {{- with .Values.ovsOvn.annotations }} annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. - chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ovsOvn.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: - app: ovs + app.kubernetes.io/name: kube-ovn-ovs + app.kubernetes.io/part-of: kube-ovn updateStrategy: type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }} rollingUpdate: @@ -18,12 +23,16 @@ spec: maxUnavailable: 0 template: metadata: - labels: - app: ovs - component: network - type: infra + {{- with .Values.ovsOvn.podAnnotations }} annotations: - chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}" + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + app.kubernetes.io/name: kube-ovn-ovs + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.ovsOvn.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - effect: NoSchedule @@ -38,8 +47,8 @@ spec: hostPID: true initContainers: - name: hostpath-init - {{- if .Values.DPDK }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }} + {{- if .Values.ovsOvn.dpdk.enabled }} + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.ovsOvn.dpdk.version }}-{{ .Values.global.images.kubeovn.tag }} {{- else }} image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} {{- end }} @@ -78,13 +87,13 @@ spec: name: host-log-ovs containers: - name: openvswitch - {{- if .Values.DPDK }} - image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }} + {{- if .Values.ovsOvn.dpdk.enabled }} + image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.ovsOvn.dpdk.version }}-{{ .Values.global.images.kubeovn.tag }} {{- else }} image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.DPDK }} + {{- if .Values.ovsOvn.dpdk.enabled }} command: ["/kube-ovn/start-ovs-dpdk.sh"] {{- else }} command: ["/kube-ovn/start-ovs.sh"] @@ -154,7 +163,7 @@ spec: - mountPath: /var/run/containerd name: cruntime readOnly: true - {{- if .Values.DPDK }} + {{- if .Values.ovsOvn.dpdk.enabled }} - mountPath: /opt/ovs-config name: host-config-ovs - mountPath: /dev/hugepages @@ -162,7 +171,7 @@ spec: {{- end }} readinessProbe: exec: - {{- if .Values.DPDK }} + {{- if .Values.ovsOvn.dpdk.enabled }} command: - bash - /kube-ovn/ovs-dpdk-healthcheck.sh @@ -176,7 +185,7 @@ spec: timeoutSeconds: 45 livenessProbe: exec: - {{- if .Values.DPDK }} + {{- if .Values.ovsOvn.dpdk.enabled }} command: - bash - /kube-ovn/ovs-dpdk-healthcheck.sh @@ -189,24 +198,15 @@ spec: periodSeconds: 5 failureThreshold: 5 timeoutSeconds: 45 + {{- if and .Values.ovsOvn.dpdk.enabled .Values.ovsOvn.resources }} resources: - requests: - {{- if .Values.DPDK }} - cpu: {{ .Values.DPDK_CPU }} - memory: {{ .Values.DPDK_MEMORY }} - {{- else }} - cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} - memory: {{ index .Values "ovs-ovn" "requests" "memory" }} - {{- end }} - limits: - {{- if .Values.DPDK }} - cpu: {{ .Values.DPDK_CPU }} - memory: {{ .Values.DPDK_MEMORY }} - hugepages-1Gi: 1Gi - {{- else }} - cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} - memory: {{ index .Values "ovs-ovn" "limits" "memory" }} - {{- end }} + {{- toYaml .Values.ovsOvn.dpdk.resources | trim | nindent 12 }} + {{- else }} + {{- with .Values.ovsOvn.resources }} + resources: + {{- toYaml . | trim | nindent 12 }} + {{- end }} + {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: @@ -240,7 +240,7 @@ spec: - hostPath: path: /var/run/containerd name: cruntime - {{- if .Values.DPDK }} + {{- if .Values.ovsOvn.dpdk.enabled }} - name: host-config-ovs hostPath: path: /opt/ovs-config diff --git a/charts/kube-ovn/templates/ovn-dpdk-ds.yaml b/charts/kube-ovn/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml similarity index 86% rename from charts/kube-ovn/templates/ovn-dpdk-ds.yaml rename to charts/kube-ovn/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml index c46e3389fce5..7ebd2dc5555c 100644 --- a/charts/kube-ovn/templates/ovn-dpdk-ds.yaml +++ b/charts/kube-ovn/templates/ovs-ovn/ovs-ovn-dpdk-daemonset.yaml @@ -1,16 +1,22 @@ -{{- if .Values.HYBRID_DPDK }} +{{- if .Values.ovsOvn.dpdkHybrid.enabled }} kind: DaemonSet apiVersion: apps/v1 metadata: name: ovs-ovn-dpdk namespace: {{ .Values.namespace }} + {{- with .Values.ovsOvn.annotations }} annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.ovsOvn.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: - app: ovs-dpdk + app.kubernetes.io/name: kube-ovnOvs-dpdk + app.kubernetes.io/part-of: kube-ovn updateStrategy: type: RollingUpdate rollingUpdate: @@ -18,10 +24,16 @@ spec: maxUnavailable: 0 template: metadata: + {{- with .Values.ovsOvn.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: ovs-dpdk - component: network - type: infra + app.kubernetes.io/name: kube-ovn-ovs + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.ovsOvn.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: tolerations: - operator: Exists @@ -106,14 +118,10 @@ spec: periodSeconds: 5 failureThreshold: 5 timeoutSeconds: 45 + {{- with .Values.ovsOvn.dpdkHybrid.resources }} resources: - requests: - cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }} - memory: {{ index .Values "ovs-ovn" "requests" "memory" }} - limits: - cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }} - {{.Values.HUGEPAGE_SIZE_TYPE}}: {{.Values.HUGEPAGES}} - memory: {{ index .Values "ovs-ovn" "limits" "memory" }} + {{- toYaml . | trim | nindent 12 }} + {{- end }} nodeSelector: kubernetes.io/os: "linux" ovn.kubernetes.io/ovs_dp_type: "userspace" diff --git a/charts/kube-ovn/templates/pinger-svc.yaml b/charts/kube-ovn/templates/pinger-svc.yaml deleted file mode 100644 index ef169e8e91c1..000000000000 --- a/charts/kube-ovn/templates/pinger-svc.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: kube-ovn-pinger - namespace: {{ .Values.namespace }} - labels: - app: kube-ovn-pinger -spec: - selector: - app: kube-ovn-pinger - ports: - - port: 8080 - name: metrics - {{- if eq .Values.networking.NET_STACK "dual_stack" }} - ipFamilyPolicy: PreferDualStack - {{- end }} diff --git a/charts/kube-ovn/templates/pinger-ds.yaml b/charts/kube-ovn/templates/pinger/pinger-daemonset.yaml similarity index 87% rename from charts/kube-ovn/templates/pinger-ds.yaml rename to charts/kube-ovn/templates/pinger/pinger-daemonset.yaml index a69a13ffbd8b..90983c1cacaa 100644 --- a/charts/kube-ovn/templates/pinger-ds.yaml +++ b/charts/kube-ovn/templates/pinger/pinger-daemonset.yaml @@ -3,21 +3,33 @@ apiVersion: apps/v1 metadata: name: kube-ovn-pinger namespace: {{ .Values.namespace }} + {{- with .Values.pinger.annotations }} annotations: - kubernetes.io/description: | - This daemon set launches the openvswitch daemon. + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.pinger.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} spec: selector: matchLabels: - app: kube-ovn-pinger + app.kubernetes.io/name: kube-ovn-pinger + app.kubernetes.io/part-of: kube-ovn updateStrategy: type: RollingUpdate template: metadata: + {{- with .Values.pinger.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} labels: - app: kube-ovn-pinger - component: network - type: infra + app.kubernetes.io/name: kube-ovn-pinger + app.kubernetes.io/part-of: kube-ovn + {{- with .Values.pinger.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: priorityClassName: system-node-critical tolerations: @@ -122,13 +134,10 @@ spec: readOnly: true - mountPath: /var/run/tls name: kube-ovn-tls + {{- with .Values.pinger.resources }} resources: - requests: - cpu: {{ index .Values "kube-ovn-pinger" "requests" "cpu" }} - memory: {{ index .Values "kube-ovn-pinger" "requests" "memory" }} - limits: - cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }} - memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }} + {{- toYaml . | trim | nindent 12 }} + {{- end }} nodeSelector: kubernetes.io/os: "linux" volumes: diff --git a/charts/kube-ovn/templates/pinger/pinger-service.yaml b/charts/kube-ovn/templates/pinger/pinger-service.yaml new file mode 100644 index 000000000000..75801bb0207f --- /dev/null +++ b/charts/kube-ovn/templates/pinger/pinger-service.yaml @@ -0,0 +1,23 @@ +kind: Service +apiVersion: v1 +metadata: + name: kube-ovn-pinger + namespace: {{ .Values.namespace }} + {{- with .Values.pinger.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.pinger.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + selector: + app.kubernetes.io/name: kube-ovn-pinger + app.kubernetes.io/part-of: kube-ovn + ports: + - name: metrics + port: {{ .Values.pinger.metrics.port }} + {{- if eq .Values.networking.NET_STACK "dual_stack" }} + ipFamilyPolicy: PreferDualStack + {{- end }} diff --git a/charts/kube-ovn/values.yaml b/charts/kube-ovn/values.yaml index 1df4bdb9e591..9256bc0fb1d9 100644 --- a/charts/kube-ovn/values.yaml +++ b/charts/kube-ovn/values.yaml @@ -130,56 +130,215 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" -# hybrid dpdk -HYBRID_DPDK: false -HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default -HUGEPAGES: 1Gi - -# DPDK -DPDK: false -DPDK_VERSION: "19.11" -DPDK_CPU: "1000m" # Default CPU configuration -DPDK_MEMORY: "2Gi" # Default Memory configuration - -ovn-central: - requests: - cpu: "300m" - memory: "200Mi" - limits: - cpu: "3" - memory: "4Gi" -ovs-ovn: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "2" - memory: "1000Mi" -kube-ovn-controller: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "1000m" - memory: "1Gi" -kube-ovn-cni: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "1000m" - memory: "1Gi" -kube-ovn-pinger: - requests: - cpu: "100m" - memory: "100Mi" - limits: - cpu: "200m" - memory: "400Mi" -kube-ovn-monitor: - requests: - cpu: "200m" - memory: "200Mi" - limits: - cpu: "200m" - memory: "200Mi" +# -- Configuration for ovs-ovn, the Open vSwitch daemon +ovsOvn: + # -- Annotations to be added to all top-level ovs-ovn objects (resources under templates/ovs-ovn) + annotations: {} + # -- Labels to be added to all top-level ovs-ovn objects (resources under templates/ovs-ovn) + labels: {} + # -- Annotations to be added to ovs-ovn pods + podAnnotations: {} + # -- Labels to be added to ovs-ovn pods + podLabels: {} + + # -- ovs-ovn resource limits & requests, overridden if DPDK is enabled + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "2" + memory: "1000Mi" + + # -- DPDK support for OVS + # ref: https://kubeovn.github.io/docs/v1.12.x/en/advance/dpdk/ + dpdk: + # -- Enables DPDK support on OVS + enabled: true + # -- Version of the DPDK image + version: "19.11" + + # -- ovs-ovn resource limits & requests when DPDK is enabled + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "1000m" + memory: "200Mi" + limits: + hugepages-1Gi: 1Gi + cpu: "1000m" + memory: "1000Mi" + + # -- DPDK-hybrid support for OVS + # ref: https://kubeovn.github.io/docs/v1.12.x/en/advance/dpdk/ + dpdkHybrid: + # -- Enables DPDK-hybrid support on OVS + enabled: false + # -- ovs-ovn resource limits & requests when DPDK-hybrid is enabled + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "200m" + memory: "200Mi" + limits: + hugepages-2Mi: 1Gi + cpu: "2" + memory: "1000Mi" + +# -- Configuration for kube-ovn-pinger, the agent monitoring and returning metrics for OVS/external connectivity +pinger: + # -- Annotations to be added to all top-level kube-ovn-pinger objects (resources under templates/pinger) + annotations: {} + # -- Labels to be added to all top-level kube-ovn-pinger objects (resources under templates/pinger) + labels: {} + # -- Annotations to be added to kube-ovn-pinger pods + podAnnotations: {} + # -- Labels to be added to kube-ovn-pinger pods + podLabels: {} + + # -- kube-ovn-pinger resource limits & requests + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "200m" + memory: "400Mi" + + # -- kube-ovn-pinger metrics configuration + metrics: + # -- Configure the port on which the kube-ovn-monitor service will serve metrics + port: 8080 + +# -- Configuration for kube-ovn-monitors, the agent monitoring and returning metrics for the northbound/southbound DBs and northd +monitor: + # -- Annotations to be added to all top-level kube-ovn-monitors objects (resources under templates/monitors) + annotations: {} + # -- Labels to be added to all top-level kube-ovn-monitors objects (resources under templates/monitors) + labels: {} + # -- Annotations to be added to kube-ovn-monitor pods + podAnnotations: {} + # -- Labels to be added to kube-ovn-monitor pods + podLabels: {} + + # -- kube-ovn-monitor resource limits & requests + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "200m" + memory: "200Mi" + + # -- kube-ovn-monitor metrics configuration + metrics: + # -- Configure the port on which the kube-ovn-monitor service will serve metrics + port: 10661 + +# -- Configuration for kube-ovn-controller, the controller responsible for syncing K8s with OVN +controller: + # -- Annotations to be added to all top-level kube-ovn-controller objects (resources under templates/controller) + annotations: {} + # -- Labels to be added to all top-level kube-ovn-controller objects (resources under templates/controller) + labels: {} + # -- Annotations to be added to kube-ovn-controller pods + podAnnotations: {} + # -- Labels to be added to kube-ovn-controller pods + podLabels: {} + + # -- kube-ovn-controller resource limits & requests + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "200m" + memory: "200Mi" + limits: + cpu: "1000m" + memory: "1Gi" + + # -- Controller metrics configuration + metrics: + # -- Configure the port on which the controller service will serve metrics + port: 10660 + +# -- Configuration for ovn-central, the daemon containing the northbound/southbound DBs and northd +central: + # -- Annotations to be added to all top-level ovn-central objects (resources under templates/central) + annotations: {} + # -- Labels to be added to all top-level ovn-central objects (resources under templates/central) + labels: {} + # -- Annotations to be added to ovn-central pods + podAnnotations: {} + # -- Labels to be added to ovn-central pods + podLabels: {} + + # -- ovn-central resource limits & requests + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "300m" + memory: "200Mi" + limits: + cpu: "3" + memory: "4Gi" + +# -- Configuration for kube-ovn-cni, the agent responsible for handling CNI requests from the CRI +agent: + # -- Annotations to be added to all top-level agent objects (resources under templates/agent) + annotations: {} + # -- Labels to be added to all top-level agent objects (resources under templates/agent) + labels: {} + # -- Annotations to be added to the agent pods (kube-ovn-cni) + podAnnotations: {} + # -- Labels to be added to the agent pods (kube-ovn-cni) + podLabels: {} + + # -- Agent daemon resource limits & requests + # ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + resources: + requests: + cpu: "100m" + memory: "100Mi" + limits: + cpu: "1000m" + memory: "1Gi" + + # -- Agent metrics configuration + metrics: + # -- Configure the port on which the agent service will serve metrics + port: 10665 + +# -- Array of extra K8s manifests to deploy +## Note: Supports use of custom Helm templates +extraObjects: [] +# - apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: cni-config +# data: +# cni-config: |- +# { +# "name": "generic-veth", +# "cniVersion": "0.3.1", +# "plugins": [ +# { +# "type": "kube-ovn", +# "server_socket": "/run/openvswitch/kube-ovn-daemon.sock", +# "ipam": { +# "type": "kube-ovn", +# "server_socket": "/run/openvswitch/kube-ovn-daemon.sock" +# } +# }, +# { +# "type": "portmap", +# "snat": true, +# "capabilities": {"portMappings": true} +# }, +# { +# "type": "cilium-cni" +# } +# ] +# } \ No newline at end of file