diff --git a/.charts.yml b/.charts.yml index 4fd99c4ee..793547b8c 100644 --- a/.charts.yml +++ b/.charts.yml @@ -175,10 +175,6 @@ charts: version: 0.1.13 repository: *openstack_helm_infra_repository dependencies: *openstack_helm_dependencies - patches: - gerrit: - review.opendev.org: - - 893739 - name: placement version: 0.3.9 repository: *openstack_helm_repository diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml index 4acd11ba4..fa7163521 100644 --- a/charts/ovn/templates/daemonset-controller-gw.yaml +++ b/charts/ovn/templates/daemonset-controller-gw.yaml @@ -109,8 +109,8 @@ spec: mountPath: /var/run/ovn - name: run-openvswitch mountPath: /var/run/openvswitch - - name: shared - mountPath: /var/log/ovn/ + - name: logs + mountPath: /var/log/ovn {{- if .Values.pod.sidecars.vector }} - name: vector {{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -123,7 +123,7 @@ spec: volumeMounts: - name: vector-config mountPath: /etc/vector - - name: shared + - name: logs mountPath: /logs - name: vector-data mountPath: /var/lib/vector @@ -170,8 +170,10 @@ spec: secret: secretName: {{ $configMapName }} defaultMode: 0444 - - name: shared - emptyDir: {} + - name: logs + hostPath: + path: /var/log/ovn + type: DirectoryOrCreate {{- if .Values.pod.sidecars.vector }} - name: vector-config secret: diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml index d208b0844..a1245d5d4 100644 --- a/charts/ovn/templates/daemonset-controller.yaml +++ b/charts/ovn/templates/daemonset-controller.yaml @@ -62,7 +62,6 @@ spec: - name: controller-init {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} -{{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} command: - /tmp/ovn-controller-init.sh env: diff --git a/charts/patches/ovn/0000-upstream-893739.patch b/charts/patches/ovn/0000-upstream-893739.patch new file mode 100644 index 000000000..248da7e41 --- /dev/null +++ b/charts/patches/ovn/0000-upstream-893739.patch @@ -0,0 +1,398 @@ +From d44a05f9adf485697ba0aa9189ec72495ac62e69 Mon Sep 17 00:00:00 2001 +From: root +Date: Wed, 06 Sep 2023 00:10:39 +1000 +Subject: [PATCH] Distinguish ovn controller and gateway + +Change-Id: If98d28b540c59c2632a6eda259c04c3cef128af3 +--- + +diff --git a/ovn/templates/bin/_ovn-controller-init.sh.tpl b/ovn/templates/bin/_ovn-controller-init.sh.tpl +index 55cc2ec..e64413e 100644 +--- a/ovn/templates/bin/_ovn-controller-init.sh.tpl ++++ b/ovn/templates/bin/_ovn-controller-init.sh.tpl +@@ -117,13 +117,7 @@ + ovs-vsctl set open . external-ids:ovn-encap-type="{{ .Values.conf.ovn_encap_type }}" + ovs-vsctl set open . external-ids:ovn-bridge="{{ .Values.conf.ovn_bridge }}" + ovs-vsctl set open . external-ids:ovn-bridge-mappings="{{ .Values.conf.ovn_bridge_mappings }}" +- +-GW_ENABLED=$(cat /tmp/gw-enabled/gw-enabled) +-if [[ ${GW_ENABLED} == enabled ]]; then +- ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options_gw_enabled }} +-else +- ovs-vsctl set open . external-ids:ovn-cms-options={{ .Values.conf.ovn_cms_options }} +-fi ++ovs-vsctl set open . external-ids:ovn-cms-options="${OVN_CMS_OPTIONS}" + + # Configure hostname + {{- if .Values.pod.use_fqdn.compute }} +diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonset-controller-gw.yaml +new file mode 100644 +index 0000000..383451f +--- /dev/null ++++ b/ovn/templates/daemonset-controller-gw.yaml +@@ -0,0 +1,116 @@ ++{{/* ++Licensed under the Apache License, Version 2.0 (the "License"); ++you may not use this file except in compliance with the License. ++You may obtain a copy of the License at ++ ++ http://www.apache.org/licenses/LICENSE-2.0 ++ ++Unless required by applicable law or agreed to in writing, software ++distributed under the License is distributed on an "AS IS" BASIS, ++WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++See the License for the specific language governing permissions and ++limitations under the License. ++*/}} ++ ++{{- if .Values.manifests.daemonset_ovn_controller_gw }} ++{{- $envAll := . }} ++ ++{{- $configMapName := "ovn-etc" }} ++{{- $serviceAccountName := "ovn-controller-gw" }} ++{{ tuple $envAll "ovn_controller_gw" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} ++--- ++kind: DaemonSet ++apiVersion: apps/v1 ++metadata: ++ name: ovn-controller-gw ++ annotations: ++ {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} ++ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} ++ labels: ++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} ++spec: ++ selector: ++ matchLabels: ++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} ++ template: ++ metadata: ++ labels: ++{{ tuple $envAll "ovn" "ovn_controller_gw" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} ++ annotations: ++{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} ++ configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} ++ configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }} ++ spec: ++ serviceAccountName: {{ $serviceAccountName }} ++ hostNetwork: true ++ dnsPolicy: {{ .Values.pod.dns_policy }} ++ nodeSelector: ++ {{ .Values.labels.ovn_controller_gw.node_selector_key }}: {{ .Values.labels.ovn_controller_gw.node_selector_value }} ++ initContainers: ++{{- tuple $envAll "ovn_controller_gw" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} ++ - name: controller-init ++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} ++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} ++ command: ++ - /tmp/ovn-controller-init.sh ++ env: ++ - name: OVN_CMS_OPTIONS ++ value: {{ .Values.conf.ovn_cms_options_gw_enabled | quote }} ++ volumeMounts: ++ - name: ovn-bin ++ mountPath: /tmp/ovn-controller-init.sh ++ subPath: ovn-controller-init.sh ++ readOnly: true ++ - name: run-openvswitch ++ mountPath: /run/openvswitch ++ - name: ovn-etc ++ mountPath: /tmp/auto_bridge_add ++ subPath: auto_bridge_add ++ readOnly: true ++ containers: ++ - name: controller ++{{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} ++{{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} ++{{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} ++ command: ++ - /tmp/ovn-controller.sh ++ - start ++ lifecycle: ++ preStop: ++ exec: ++ command: ++ - /tmp/ovn-controller.sh ++ - stop ++ volumeMounts: ++ - name: ovn-bin ++ mountPath: /tmp/ovn-controller.sh ++ subPath: ovn-controller.sh ++ readOnly: true ++ - name: run-openvswitch ++ mountPath: /run/openvswitch ++ - name: logs ++ mountPath: /var/log/ovn ++ - name: run-ovn ++ mountPath: /run/ovn ++ volumes: ++ - name: ovn-bin ++ configMap: ++ name: ovn-bin ++ defaultMode: 0777 ++ - name: run-openvswitch ++ hostPath: ++ path: /run/openvswitch ++ type: DirectoryOrCreate ++ - name: ovn-etc ++ secret: ++ secretName: {{ $configMapName }} ++ defaultMode: 0444 ++ - name: logs ++ hostPath: ++ path: /var/log/ovn ++ type: DirectoryOrCreate ++ - name: run-ovn ++ hostPath: ++ path: /run/ovn ++ type: DirectoryOrCreate ++{{- end }} +diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml +index f27903f..ada19c9 100644 +--- a/ovn/templates/daemonset-controller.yaml ++++ b/ovn/templates/daemonset-controller.yaml +@@ -12,38 +12,12 @@ + limitations under the License. + */}} + +-{{- if .Values.manifests.daemonset_controller }} ++{{- if .Values.manifests.daemonset_ovn_controller }} + {{- $envAll := . }} + + {{- $configMapName := "ovn-etc" }} + {{- $serviceAccountName := "ovn-controller" }} +-{{- $serviceAccountNamespace := $envAll.Release.Namespace }} + {{ tuple $envAll "ovn_controller" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} +- +---- +-apiVersion: rbac.authorization.k8s.io/v1 +-kind: ClusterRole +-metadata: +- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }} +-rules: +-- apiGroups: [""] +- resources: ["nodes"] +- verbs: ["list", "get"] +- +---- +-apiVersion: rbac.authorization.k8s.io/v1 +-kind: ClusterRoleBinding +-metadata: +- name: ovn-controller-list-nodes-rolebinding-{{ $serviceAccountNamespace }} +-subjects: +-- kind: ServiceAccount +- name: {{ $serviceAccountName }} +- namespace: {{ $serviceAccountNamespace }} +-roleRef: +- kind: ClusterRole +- name: ovn-controller-list-nodes-role-{{ $serviceAccountNamespace }} +- apiGroup: rbac.authorization.k8s.io +- + --- + kind: DaemonSet + apiVersion: apps/v1 +@@ -53,15 +27,15 @@ + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} + labels: +-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} ++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }} + spec: + selector: + matchLabels: +-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} ++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 6 }} + template: + metadata: + labels: +-{{ tuple $envAll "ovn" "ovn-controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} ++{{ tuple $envAll "ovn" "ovn_controller" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} + annotations: + {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} + configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} +@@ -71,32 +45,19 @@ + hostNetwork: true + hostPID: true + hostIPC: true +- dnsPolicy: ClusterFirstWithHostNet ++ dnsPolicy: {{ .Values.pod.dns_policy }} + nodeSelector: + {{ .Values.labels.ovn_controller.node_selector_key }}: {{ .Values.labels.ovn_controller.node_selector_value }} + initContainers: + {{- tuple $envAll "ovn_controller" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }} +- - name: get-gw-enabled +-{{ tuple $envAll "ovn_controller_kubectl" | include "helm-toolkit.snippets.image" | indent 10 }} +- command: +- - /bin/bash +- - -c +- - | +- kubectl get node ${NODENAME} -o jsonpath='{.metadata.labels.l3-agent}' > /tmp/gw-enabled/gw-enabled +- env: +- - name: NODENAME +- valueFrom: +- fieldRef: +- fieldPath: spec.nodeName +- volumeMounts: +- - name: gw-enabled +- mountPath: /tmp/gw-enabled +- readOnly: false + - name: controller-init + {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller_init" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }} + {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} + command: + - /tmp/ovn-controller-init.sh ++ env: ++ - name: OVN_CMS_OPTIONS ++ value: {{ .Values.conf.ovn_cms_options | quote }} + volumeMounts: + - name: ovn-bin + mountPath: /tmp/ovn-controller-init.sh +@@ -108,9 +69,6 @@ + mountPath: /tmp/auto_bridge_add + subPath: auto_bridge_add + readOnly: true +- - name: gw-enabled +- mountPath: /tmp/gw-enabled +- readOnly: true + containers: + - name: controller + {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }} +@@ -157,6 +115,4 @@ + hostPath: + path: /run/ovn + type: DirectoryOrCreate +- - name: gw-enabled +- emptyDir: {} + {{- end }} +diff --git a/ovn/templates/statefulset-ovsdb-nb.yaml b/ovn/templates/statefulset-ovsdb-nb.yaml +index 95a33b1..0495816 100644 +--- a/ovn/templates/statefulset-ovsdb-nb.yaml ++++ b/ovn/templates/statefulset-ovsdb-nb.yaml +@@ -58,7 +58,7 @@ + - name: OVS_DATABASE + value: nb + - name: OVS_PORT +- value: "{{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" ++ value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + command: + - /tmp/ovsdb-server.sh + - start +diff --git a/ovn/templates/statefulset-ovsdb-sb.yaml b/ovn/templates/statefulset-ovsdb-sb.yaml +index d300d3f..9e7b667 100644 +--- a/ovn/templates/statefulset-ovsdb-sb.yaml ++++ b/ovn/templates/statefulset-ovsdb-sb.yaml +@@ -58,7 +58,7 @@ + - name: OVS_DATABASE + value: sb + - name: OVS_PORT +- value: "{{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}" ++ value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }} + command: + - /tmp/ovsdb-server.sh + - start +diff --git a/ovn/values.yaml b/ovn/values.yaml +index 8c3dc5a..7d342ad 100644 +--- a/ovn/values.yaml ++++ b/ovn/values.yaml +@@ -24,7 +24,6 @@ + ovn_ovsdb_sb: docker.io/openstackhelm/ovn:ubuntu_focal + ovn_northd: docker.io/openstackhelm/ovn:ubuntu_focal + ovn_controller: docker.io/openstackhelm/ovn:ubuntu_focal +- ovn_controller_kubectl: docker.io/openstackhelm/ceph-config-helper:latest-ubuntu_jammy + dep_check: quay.io/airshipit/kubernetes-entrypoint:latest-ubuntu_focal + image_repo_sync: docker.io/library/docker:17.07.0 + pull_policy: "IfNotPresent" +@@ -47,6 +46,9 @@ + ovn_controller: + node_selector_key: openvswitch + node_selector_value: enabled ++ ovn_controller_gw: ++ node_selector_key: openstack-control-plane ++ node_selector_value: enabled + + volume: + ovn_ovsdb_nb: +@@ -99,6 +101,14 @@ + controller: + readOnlyRootFilesystem: true + privileged: true ++ ovn_controller_gw: ++ container: ++ controller_init: ++ readOnlyRootFilesystem: true ++ privileged: true ++ controller: ++ readOnlyRootFilesystem: true ++ privileged: true + tolerations: + ovn_ovsdb_nb: + enabled: false +@@ -108,6 +118,8 @@ + enabled: false + ovn_controller: + enabled: false ++ ovn_controller_gw: ++ enabled: false + affinity: + anti: + type: +@@ -155,6 +167,10 @@ + enabled: true + min_ready_seconds: 0 + max_unavailable: 1 ++ ovn_controller_gw: ++ enabled: true ++ min_ready_seconds: 0 ++ max_unavailable: 1 + resources: + enabled: false + ovs: +@@ -186,6 +202,13 @@ + limits: + memory: "1024Mi" + cpu: "2000m" ++ ovn_controller_gw: ++ requests: ++ memory: "128Mi" ++ cpu: "100m" ++ limits: ++ memory: "1024Mi" ++ cpu: "2000m" + jobs: + image_repo_sync: + requests: +@@ -273,6 +296,9 @@ + ovn_controller: + ingress: + - {} ++ ovn_controller_gw: ++ ingress: ++ - {} + egress: + - {} + +@@ -298,6 +324,10 @@ + services: + - endpoint: internal + service: ovn-ovsdb-sb ++ ovn_controller_gw: ++ services: ++ - endpoint: internal ++ service: ovn-ovsdb-sb + pod: + - requireSameNode: true + labels: +@@ -312,12 +342,12 @@ + configmap_bin: true + configmap_etc: true + deployment_northd: true +- daemonset_controller: true + service_ovn_ovsdb_nb: true + service_ovn_ovsdb_sb: true + statefulset_ovn_ovsdb_nb: true + statefulset_ovn_ovsdb_sb: true + deployment_ovn_northd: true + daemonset_ovn_controller: true ++ daemonset_ovn_controller_gw: true + job_image_repo_sync: true + ... diff --git a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch index 51a4bad2c..149542cd8 100644 --- a/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch +++ b/charts/patches/ovn/0001-switch-to-ovn-kubernetes.patch @@ -161,7 +161,7 @@ index 8255f6a4..a0da8b0b 100644 volumeMounts: - name: ovn-bin mountPath: /tmp/ovn-controller-init.sh -@@ -69,25 +83,33 @@ spec: +@@ -69,29 +82,35 @@ spec: readOnly: true containers: - name: controller @@ -206,9 +206,22 @@ index 8255f6a4..a0da8b0b 100644 + mountPath: /var/run/ovn + - name: run-openvswitch + mountPath: /var/run/openvswitch + - name: logs + mountPath: /var/log/ovn +- - name: run-ovn +- mountPath: /run/ovn volumes: - name: ovn-bin configMap: +@@ -109,8 +128,4 @@ spec: + hostPath: + path: /var/log/ovn + type: DirectoryOrCreate +- - name: run-ovn +- hostPath: +- path: /run/ovn +- type: DirectoryOrCreate + {{- end }} diff --git a/ovn/templates/daemonset-controller.yaml b/ovn/templates/daemonset-controller.yaml index 4cd5d9b2..fae94512 100644 --- a/ovn/templates/daemonset-controller.yaml diff --git a/charts/patches/ovn/0002-add-logging-parser.patch b/charts/patches/ovn/0002-add-logging-parser.patch index 9133d00fb..83940635e 100644 --- a/charts/patches/ovn/0002-add-logging-parser.patch +++ b/charts/patches/ovn/0002-add-logging-parser.patch @@ -73,12 +73,10 @@ diff --git a/ovn/templates/daemonset-controller-gw.yaml b/ovn/templates/daemonse index eb309c5e..3ecd81dc 100644 --- a/ovn/templates/daemonset-controller-gw.yaml +++ b/ovn/templates/daemonset-controller-gw.yaml -@@ -112,6 +112,54 @@ spec: - mountPath: /var/run/ovn - - name: run-openvswitch +@@ -111,6 +111,52 @@ spec: mountPath: /var/run/openvswitch -+ - name: shared -+ mountPath: /var/log/ovn/ + - name: logs + mountPath: /var/log/ovn + {{- if .Values.pod.sidecars.vector }} + - name: vector +{{ tuple $envAll "vector" | include "helm-toolkit.snippets.image" | indent 10 }} @@ -91,7 +89,7 @@ index eb309c5e..3ecd81dc 100644 + volumeMounts: + - name: vector-config + mountPath: /etc/vector -+ - name: shared ++ - name: logs + mountPath: /logs + - name: vector-data + mountPath: /var/lib/vector @@ -128,12 +126,10 @@ index eb309c5e..3ecd81dc 100644 volumes: - name: ovn-bin configMap: -@@ -125,4 +173,19 @@ spec: - secret: - secretName: {{ $configMapName }} - defaultMode: 0444 -+ - name: shared -+ emptyDir: {} +@@ -128,4 +174,17 @@ spec: + hostPath: + path: /var/log/ovn + type: DirectoryOrCreate + {{- if .Values.pod.sidecars.vector }} + - name: vector-config + secret: