From da93e639bd68b1532e0fa2487673e6e53e211e86 Mon Sep 17 00:00:00 2001 From: Kuralamudhan Ramakrishnan Date: Fri, 31 Jul 2020 07:33:08 -0700 Subject: [PATCH] adding ovn4nfv in kubespray (#6381) Signed-off-by: Kuralamudhan Ramakrishnan --- .gitlab-ci/packet.yml | 5 + README.md | 3 + docs/ci.md | 84 +-- docs/ovn4nfv.md | 49 ++ roles/download/defaults/main.yml | 15 + .../network_plugin/meta/main.yml | 5 + .../network_plugin/ovn4nfv/tasks/main.yml | 9 + .../node/templates/kubelet.env.v1beta1.j2 | 2 +- .../preinstall/tasks/0020-verify-settings.yml | 2 +- .../tasks/0050-create_directories.yml | 3 +- roles/network_plugin/meta/main.yml | 5 + .../network_plugin/ovn4nfv/defaults/main.yml | 15 + roles/network_plugin/ovn4nfv/tasks/main.yml | 15 + .../ovn4nfv/templates/ovn-daemonset.yml.j2 | 239 +++++++ .../templates/ovn4nfv-k8s-plugin.yml.j2 | 608 ++++++++++++++++++ tests/files/packet_ubuntu18-ovn4nfv.yml | 9 + 16 files changed, 1023 insertions(+), 45 deletions(-) create mode 100644 docs/ovn4nfv.md create mode 100644 roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml create mode 100644 roles/network_plugin/ovn4nfv/defaults/main.yml create mode 100644 roles/network_plugin/ovn4nfv/tasks/main.yml create mode 100644 roles/network_plugin/ovn4nfv/templates/ovn-daemonset.yml.j2 create mode 100644 roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 create mode 100644 tests/files/packet_ubuntu18-ovn4nfv.yml diff --git a/.gitlab-ci/packet.yml b/.gitlab-ci/packet.yml index 0d3ac7e8706..9d2232958a6 100644 --- a/.gitlab-ci/packet.yml +++ b/.gitlab-ci/packet.yml @@ -110,6 +110,11 @@ packet_opensuse-canal: extends: .packet when: on_success +packet_ubuntu18-ovn4nfv: + stage: deploy-part2 + extends: .packet + when: on_success + # Contiv does not work in k8s v1.16 # packet_ubuntu16-contiv-sep: # stage: deploy-part2 diff --git a/README.md b/README.md index 5a3caf3defc..e3c41a078d4 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,7 @@ Note: Upstart/SysV init based OS types are not supported. - [kube-ovn](https://github.com/alauda/kube-ovn) v1.2.1 - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.0.0 - [multus](https://github.com/intel/multus-cni) v3.6.0 + - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.0.0 - [weave](https://github.com/weaveworks/weave) v2.6.5 - Application - [ambassador](https://github.com/datawire/ambassador): v1.5 @@ -192,6 +193,8 @@ You can choose between 10 network plugins. (default: `calico`, except Vagrant us - [contiv](docs/contiv.md): supports vlan, vxlan, bgp and Cisco SDN networking. This plugin is able to apply firewall policies, segregate containers in multiple network and bridging pods onto physical networks. +- [ovn4nfv](docs/ovn4nfv.md): [ovn4nfv-k8s-plugins](https://github.com/opnfv/ovn4nfv-k8s-plugin) is the network controller, OVS agent and CNI server to offer basic SFC and OVN overlay networking. + - [weave](docs/weave.md): Weave is a lightweight container overlay network that doesn't require an external K/V database cluster. (Please refer to `weave` [troubleshooting documentation](https://www.weave.works/docs/net/latest/troubleshooting/)). diff --git a/docs/ci.md b/docs/ci.md index 42da340c0bb..35710c5d59e 100644 --- a/docs/ci.md +++ b/docs/ci.md @@ -4,51 +4,51 @@ To generate this Matrix run `./tests/scripts/md-table/main.py` ## docker -| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | -|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | -amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :white_check_mark: | -centos8 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | -debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | -debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | -fedora31 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | -fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | -opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | -ubuntu18 | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | -ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | +| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave | +|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +amazon | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: | +centos8 | :white_check_mark: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | +debian10 | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +debian9 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | +fedora31 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | +fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | +opensuse | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +oracle7 | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu16 | :x: | :white_check_mark: | :x: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :white_check_mark: | +ubuntu18 | :white_check_mark: | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :white_check_mark: | +ubuntu20 | :white_check_mark: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | ## crio -| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | -|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | -amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu18 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave | +|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +centos7 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +debian10 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +fedora32 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu18 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | ## containerd -| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | weave | -|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | -amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -centos7 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | -centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -debian10 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -fedora32 | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | -opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | -ubuntu18 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | -ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +| OS / CNI | calico | canal | cilium | contiv | flannel | kube-ovn | kube-router | macvlan | ovn4nfv | weave | +|---| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +amazon | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +centos7 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | +centos8 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +debian10 | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +debian9 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +fedora31 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +fedora32 | :x: | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | +opensuse | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +oracle7 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu16 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | +ubuntu18 | :x: | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | :x: | :x: | :x: | +ubuntu20 | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | :x: | diff --git a/docs/ovn4nfv.md b/docs/ovn4nfv.md new file mode 100644 index 00000000000..9d120a72c42 --- /dev/null +++ b/docs/ovn4nfv.md @@ -0,0 +1,49 @@ +# OVN4NFV-k8S-Plugin + +Intro to [ovn4nfv-k8s-plugin](https://github.com/opnfv/ovn4nfv-k8s-plugin) + +## How to use it + +* Enable ovn4nfv in `group_vars/k8s-cluster/k8s-cluster.yml` + +```yml +... +kube_network_plugin: ovn4nfv +... +``` + +## Verifying ovn4nfv kube network plugin + +* ovn4nfv install ovn control plan in the master and ovn daemonset in all nodes +* Network function Networking(nfn) operator is install in the master and nfn agent is installed in all the node +* ovn4nfv install `ovn4nfvk8s-cni` cni shim binary in `/opt/cni/bin/` and nfn agent act as the cni server +* All ovn4nfv pods are installed in the kube-system + +```ShellSession +# From K8s client +# kubectl get pods -n kube-system -l app=ovn-control-plane -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +ovn-control-plane-5f8b7bcc65-w759g 1/1 Running 0 3d18h 192.168.121.25 master + +# kubectl get pods -n kube-system -l app=ovn-controller -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +ovn-controller-54zzj 1/1 Running 0 3d18h 192.168.121.24 minion01 +ovn-controller-7cljt 1/1 Running 0 3d18h 192.168.121.25 master +ovn-controller-cx46g 1/1 Running 0 3d18h 192.168.121.15 minion02 + +# kubectl get pods -n kube-system -l name=nfn-operator -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nfn-operator-6dc44dbf48-xk9zl 1/1 Running 0 3d18h 192.168.121.25 master + +# kubectl get pods -n kube-system -l app=nfn-agent -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +nfn-agent-dzlpp 1/1 Running 0 3d18h 192.168.121.15 minion02 +nfn-agent-jcdbn 1/1 Running 0 3d18h 192.168.121.25 master +nfn-agent-lrkzk 1/1 Running 0 3d18h 192.168.121.24 minion01 + +# kubectl get pods -n kube-system -l app=ovn4nfv -o wide +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +ovn4nfv-cni-5zdz2 1/1 Running 0 3d18h 192.168.121.24 minion01 +ovn4nfv-cni-k5wjp 1/1 Running 0 3d18h 192.168.121.25 master +ovn4nfv-cni-t6z5b 1/1 Running 0 3d18h 192.168.121.15 minion02 +``` diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 96497ae6c8e..eaf1ac7c66e 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -83,6 +83,8 @@ cilium_version: "v1.8.1" kube_ovn_version: "v1.2.1" kube_router_version: "v1.0.0" multus_version: "v3.6" +ovn4nfv_ovn_image_version: "v1.0.0" +ovn4nfv_k8s_plugin_image_version: "v1.0.0" # Get kubernetes major version (i.e. 1.17.4 => 1.17) kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}" @@ -492,6 +494,10 @@ kube_router_image_repo: "{{ docker_image_repo }}/cloudnativelabs/kube-router" kube_router_image_tag: "{{ kube_router_version }}" multus_image_repo: "{{ docker_image_repo }}/nfvpe/multus" multus_image_tag: "{{ multus_version }}" +ovn4nfv_ovn_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn-images" +ovn4nfv_ovn_image_tag: "{{ ovn4nfv_ovn_image_version }}" +ovn4nfv_k8s_plugin_image_repo: "{{ docker_image_repo }}/integratedcloudnative/ovn4nfv-k8s-plugin" +ovn4nfv_k8s_plugin_image_tag: "{{ ovn4nfv_k8s_plugin_image_version }}" nginx_image_repo: "{{ docker_image_repo }}/library/nginx" nginx_image_tag: 1.19 @@ -823,6 +829,15 @@ downloads: groups: - k8s-cluster + ovn4nfv: + enabled: "{{ kube_network_plugin == 'ovn4nfv' }}" + container: true + repo: "{{ ovn4nfv_k8s_plugin_image_repo }}" + tag: "{{ ovn4nfv_k8s_plugin_image_tag }}" + sha256: "{{ ovn4nfv_k8s_plugin_digest_checksum|default(None) }}" + groups: + - k8s-cluster + contiv: enabled: "{{ kube_network_plugin == 'contiv' }}" container: true diff --git a/roles/kubernetes-apps/network_plugin/meta/main.yml b/roles/kubernetes-apps/network_plugin/meta/main.yml index b5d1c04734a..3204de10a4c 100644 --- a/roles/kubernetes-apps/network_plugin/meta/main.yml +++ b/roles/kubernetes-apps/network_plugin/meta/main.yml @@ -40,6 +40,11 @@ dependencies: tags: - kube-router + - role: kubernetes-apps/network_plugin/ovn4nfv + when: kube_network_plugin == 'ovn4nfv' + tags: + - ovn4nfv + - role: kubernetes-apps/network_plugin/multus when: kube_network_plugin_multus tags: diff --git a/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml b/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml new file mode 100644 index 00000000000..1262ee6b956 --- /dev/null +++ b/roles/kubernetes-apps/network_plugin/ovn4nfv/tasks/main.yml @@ -0,0 +1,9 @@ +--- +- name: ovn4nfv-k8s | Start Resources + kube: + name: "{{ item.item.name }}" + kubectl: "{{ bin_dir }}/kubectl" + filename: "{{ kube_config_dir }}/{{ item.item.file }}" + state: "latest" + with_items: "{{ ovn4nfv_node_manifests.results }}" + when: inventory_hostname == groups['kube-master'][0] and not item is skipped diff --git a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 index 765b5979e2e..9e3ed054c9e 100644 --- a/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 +++ b/roles/kubernetes/node/templates/kubelet.env.v1beta1.j2 @@ -37,7 +37,7 @@ KUBELET_ARGS="{{ kubelet_args_base }} {% if node_taints|default([]) %}--register {% if kubelet_flexvolumes_plugins_dir is defined %} KUBELET_VOLUME_PLUGIN="--volume-plugin-dir={{ kubelet_flexvolumes_plugins_dir }}" {% endif %} -{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-ovn", "kube-router", "macvlan"] %} +{% if kube_network_plugin is defined and kube_network_plugin in ["calico", "canal", "cni", "flannel", "weave", "contiv", "cilium", "kube-ovn", "ovn4nfv", "kube-router", "macvlan"] %} KUBELET_NETWORK_PLUGIN="--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" {% elif kube_network_plugin is defined and kube_network_plugin == "cloud" %} KUBELET_NETWORK_PLUGIN="--hairpin-mode=promiscuous-bridge --network-plugin=kubenet" diff --git a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml index 73fbc5a97fc..bc20e712a4c 100644 --- a/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml +++ b/roles/kubernetes/preinstall/tasks/0020-verify-settings.yml @@ -22,7 +22,7 @@ - name: Stop if unknown network plugin assert: - that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'kube-ovn', 'kube-router', 'macvlan'] + that: kube_network_plugin in ['calico', 'canal', 'flannel', 'weave', 'cloud', 'cilium', 'cni', 'contiv', 'ovn4nfv','kube-ovn', 'kube-router', 'macvlan'] msg: "{{ kube_network_plugin }} is not supported" when: - kube_network_plugin is defined diff --git a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml index 3fe88230862..d3e44d2c80d 100644 --- a/roles/kubernetes/preinstall/tasks/0050-create_directories.yml +++ b/roles/kubernetes/preinstall/tasks/0050-create_directories.yml @@ -52,7 +52,7 @@ - "/opt/cni/bin" - "/var/lib/calico" when: - - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium", "kube-ovn", "kube-router", "macvlan"] + - kube_network_plugin in ["calico", "weave", "canal", "flannel", "contiv", "cilium", "kube-ovn", "ovn4nfv", "kube-router", "macvlan"] - inventory_hostname in groups['k8s-cluster'] tags: - network @@ -61,6 +61,7 @@ - weave - canal - contiv + - ovn4nfv - kube-ovn - kube-router - bootstrap-os diff --git a/roles/network_plugin/meta/main.yml b/roles/network_plugin/meta/main.yml index 66b283e3360..52f482830a6 100644 --- a/roles/network_plugin/meta/main.yml +++ b/roles/network_plugin/meta/main.yml @@ -50,6 +50,11 @@ dependencies: tags: - kube-router + - role: network_plugin/ovn4nfv + when: kube_network_plugin == 'ovn4nfv' + tags: + - ovn4nfv + - role: network_plugin/multus when: kube_network_plugin_multus tags: diff --git a/roles/network_plugin/ovn4nfv/defaults/main.yml b/roles/network_plugin/ovn4nfv/defaults/main.yml new file mode 100644 index 00000000000..a7550753dd4 --- /dev/null +++ b/roles/network_plugin/ovn4nfv/defaults/main.yml @@ -0,0 +1,15 @@ +--- +ovn_control_plane_cpu_request: 500m +ovn_control_plane_memory_request: 300Mi +ovn_controller_cpu_request: 200m +ovn_controller_memory_request: 300Mi +ovn_controller_cpu_limit: 1000m +ovn_controller_memory_limit: 800Mi +ovn4nfv_cni_cpu_request: 100m +ovn4nfv_cni_memory_request: 50Mi +ovn4nfv_cni_cpu_limit: 100m +ovn4nfv_cni_memory_limit: 50Mi +nfn_agent_cpu_request: 100m +nfn_agent_memory_request: 50Mi +nfn_agent_cpu_limit: 100m +nfn_agent_memory_limit: 50Mi diff --git a/roles/network_plugin/ovn4nfv/tasks/main.yml b/roles/network_plugin/ovn4nfv/tasks/main.yml new file mode 100644 index 00000000000..32a4c2dc5ea --- /dev/null +++ b/roles/network_plugin/ovn4nfv/tasks/main.yml @@ -0,0 +1,15 @@ +--- +- name: ovn4nfv | Label control-plane node + command: >- + {{ bin_dir }}/kubectl label --overwrite node {{ groups['kube-master'] | first }} ovn4nfv-k8s-plugin=ovn-control-plane + when: + - inventory_hostname == groups['kube-master'][0] + +- name: ovn4nfv | Create ovn4nfv-k8s manifests + template: + src: "{{ item.file }}.j2" + dest: "{{ kube_config_dir }}/{{ item.file }}" + with_items: + - {name: ovn-daemonset, file: ovn-daemonset.yml} + - {name: ovn4nfv-k8s-plugin, file: ovn4nfv-k8s-plugin.yml} + register: ovn4nfv_node_manifests diff --git a/roles/network_plugin/ovn4nfv/templates/ovn-daemonset.yml.j2 b/roles/network_plugin/ovn4nfv/templates/ovn-daemonset.yml.j2 new file mode 100644 index 00000000000..3cc1b4f8789 --- /dev/null +++ b/roles/network_plugin/ovn4nfv/templates/ovn-daemonset.yml.j2 @@ -0,0 +1,239 @@ +--- +kind: Service +apiVersion: v1 +metadata: + name: ovn-nb-tcp + namespace: kube-system +spec: + ports: + - name: ovn-nb-tcp + protocol: TCP + port: 6641 + targetPort: 6641 + type: ClusterIP + selector: + app: ovn-control-plane + sessionAffinity: None + +--- +kind: Service +apiVersion: v1 +metadata: + name: ovn-sb-tcp + namespace: kube-system +spec: + ports: + - name: ovn-sb-tcp + protocol: TCP + port: 6642 + targetPort: 6642 + type: ClusterIP + selector: + app: ovn-control-plane + sessionAffinity: None + +--- +kind: Deployment +apiVersion: apps/v1 +metadata: + name: ovn-control-plane + namespace: kube-system + annotations: + kubernetes.io/description: | + OVN control plane deployment using tcp: ovn-northd-tcp, ovn-nb-tcp and ovn-sb-tcp. +spec: + replicas: 1 + strategy: + rollingUpdate: + maxSurge: 0% + maxUnavailable: 100% + type: RollingUpdate + selector: + matchLabels: + app: ovn-control-plane + template: + metadata: + labels: + app: ovn-control-plane + spec: + tolerations: + - operator: Exists + effect: NoSchedule + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app: ovn-control-plane + topologyKey: kubernetes.io/hostname + priorityClassName: system-cluster-critical + hostNetwork: true + containers: + - name: ovn-control-plane + image: {{ ovn4nfv_ovn_image_repo }}:{{ ovn4nfv_ovn_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} + command: ["ovn4nfv-k8s", "start_ovn_control_plane"] + securityContext: + capabilities: + add: ["SYS_NICE"] + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + resources: + requests: + cpu: {{ ovn_control_plane_cpu_request }} + memory: {{ ovn_control_plane_memory_request }} + volumeMounts: + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /sys + name: host-sys + readOnly: true + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + readinessProbe: + exec: + command: ["ovn4nfv-k8s", "check_ovn_control_plane"] + periodSeconds: 3 + livenessProbe: + exec: + command: ["ovn4nfv-k8s", "check_ovn_control_plane"] + initialDelaySeconds: 30 + periodSeconds: 7 + failureThreshold: 5 + nodeSelector: + beta.kubernetes.io/os: "linux" + ovn4nfv-k8s-plugin: ovn-control-plane + volumes: + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-sys + hostPath: + path: /sys + - name: host-config-openvswitch + hostPath: + path: /etc/origin/openvswitch + - name: host-log-ovs + hostPath: + path: /var/log/openvswitch + - name: host-log-ovn + hostPath: + path: /var/log/ovn + +--- +kind: DaemonSet +apiVersion: apps/v1 +metadata: + name: ovn-controller + namespace: kube-system + annotations: + kubernetes.io/description: | + OVN controller: Start ovsdb-server & ovs-vswitchd components, and ovn controller +spec: + selector: + matchLabels: + app: ovn-controller + updateStrategy: + type: OnDelete + template: + metadata: + labels: + app: ovn-controller + spec: + tolerations: + - operator: Exists + effect: NoSchedule + priorityClassName: system-cluster-critical + hostNetwork: true + hostPID: true + containers: + - name: ovn-controller + image: {{ ovn4nfv_ovn_image_repo }}:{{ ovn4nfv_ovn_image_tag }} + imagePullPolicy: {{ k8s_image_pull_policy }} + command: ["ovn4nfv-k8s", "start_ovn_controller"] + securityContext: + runAsUser: 0 + privileged: true + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + volumeMounts: + - mountPath: /lib/modules + name: host-modules + readOnly: true + - mountPath: /var/run/openvswitch + name: host-run-ovs + - mountPath: /var/run/ovn + name: host-run-ovn + - mountPath: /sys + name: host-sys + readOnly: true + - mountPath: /etc/openvswitch + name: host-config-openvswitch + - mountPath: /var/log/openvswitch + name: host-log-ovs + - mountPath: /var/log/ovn + name: host-log-ovn + readinessProbe: + exec: + command: ["ovn4nfv-k8s", "check_ovn_controller"] + periodSeconds: 5 + livenessProbe: + exec: + command: ["ovn4nfv-k8s", "check_ovn_controller"] + initialDelaySeconds: 10 + periodSeconds: 5 + failureThreshold: 5 + resources: + requests: + cpu: {{ ovn_controller_cpu_request }} + memory: {{ ovn_controller_memory_request }} + limits: + cpu: {{ ovn_controller_cpu_limit }} + memory: {{ ovn_controller_memory_limit }} + nodeSelector: + beta.kubernetes.io/os: "linux" + volumes: + - name: host-modules + hostPath: + path: /lib/modules + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-run-ovn + hostPath: + path: /run/ovn + - name: host-sys + hostPath: + path: /sys + - name: host-config-openvswitch + hostPath: + path: /etc/origin/openvswitch + - name: host-log-ovs + hostPath: + path: /var/log/openvswitch + - name: host-log-ovn + hostPath: + path: /var/log/ovn diff --git a/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 b/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 new file mode 100644 index 00000000000..76f0a010d97 --- /dev/null +++ b/roles/network_plugin/ovn4nfv/templates/ovn4nfv-k8s-plugin.yml.j2 @@ -0,0 +1,608 @@ + +--- + +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: networks.k8s.plugin.opnfv.org +spec: + group: k8s.plugin.opnfv.org + names: + kind: Network + listKind: NetworkList + plural: networks + singular: network + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + cniType: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "operator-sdk generate k8s" to regenerate code after + modifying this file Add custom validation using kubebuilder tags: + https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + dns: + properties: + domain: + type: string + nameservers: + items: + type: string + type: array + options: + items: + type: string + type: array + search: + items: + type: string + type: array + type: object + ipv4Subnets: + items: + properties: + excludeIps: + type: string + gateway: + type: string + name: + type: string + subnet: + type: string + required: + - name + - subnet + type: object + type: array + ipv6Subnets: + items: + properties: + excludeIps: + type: string + gateway: + type: string + name: + type: string + subnet: + type: string + required: + - name + - subnet + type: object + type: array + routes: + items: + properties: + dst: + type: string + gw: + type: string + required: + - dst + type: object + type: array + required: + - cniType + - ipv4Subnets + type: object + status: + properties: + state: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "operator-sdk generate k8s" to regenerate + code after modifying this file Add custom validation using kubebuilder + tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + required: + - state + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true + + +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: providernetworks.k8s.plugin.opnfv.org +spec: + group: k8s.plugin.opnfv.org + names: + kind: ProviderNetwork + listKind: ProviderNetworkList + plural: providernetworks + singular: providernetwork + scope: Namespaced + subresources: + status: {} + validation: + openAPIV3Schema: + description: ProviderNetwork is the Schema for the providernetworks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ProviderNetworkSpec defines the desired state of ProviderNetwork + properties: + cniType: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "operator-sdk generate k8s" to regenerate code after + modifying this file Add custom validation using kubebuilder tags: + https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + direct: + properties: + directNodeSelector: + type: string + nodeLabelList: + items: + type: string + type: array + providerInterfaceName: + type: string + required: + - directNodeSelector + - providerInterfaceName + type: object + dns: + properties: + domain: + type: string + nameservers: + items: + type: string + type: array + options: + items: + type: string + type: array + search: + items: + type: string + type: array + type: object + ipv4Subnets: + items: + properties: + excludeIps: + type: string + gateway: + type: string + name: + type: string + subnet: + type: string + required: + - name + - subnet + type: object + type: array + ipv6Subnets: + items: + properties: + excludeIps: + type: string + gateway: + type: string + name: + type: string + subnet: + type: string + required: + - name + - subnet + type: object + type: array + providerNetType: + type: string + routes: + items: + properties: + dst: + type: string + gw: + type: string + required: + - dst + type: object + type: array + vlan: + properties: + logicalInterfaceName: + type: string + nodeLabelList: + items: + type: string + type: array + providerInterfaceName: + type: string + vlanId: + type: string + vlanNodeSelector: + type: string + required: + - providerInterfaceName + - vlanId + - vlanNodeSelector + type: object + required: + - cniType + - ipv4Subnets + - providerNetType + type: object + status: + description: ProviderNetworkStatus defines the observed state of ProviderNetwork + properties: + state: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "operator-sdk generate k8s" to regenerate + code after modifying this file Add custom validation using kubebuilder + tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' + type: string + required: + - state + type: object + type: object + version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true +--- + +apiVersion: v1 +kind: ServiceAccount +metadata: + name: k8s-nfn-sa + namespace: kube-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: k8s-nfn-cr +rules: +- apiGroups: + - "" + resources: + - pods + - pods/status + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + - nodes + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - nfn-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - k8s.plugin.opnfv.org + resources: + - '*' + - providernetworks + verbs: + - '*' + +--- + +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: k8s-nfn-crb +subjects: +- kind: Group + name: system:serviceaccounts + apiGroup: rbac.authorization.k8s.io +roleRef: + kind: ClusterRole + name: k8s-nfn-cr + apiGroup: rbac.authorization.k8s.io + + +--- + +apiVersion: v1 +kind: Service +metadata: + name: nfn-operator + namespace: kube-system +spec: + type: NodePort + ports: + - port: 50000 + protocol: TCP + targetPort: 50000 + selector: + name: nfn-operator + + +--- + +apiVersion: v1 +kind: ConfigMap +metadata: + name: ovn-controller-network + namespace: kube-system +data: + OVN_SUBNET: "{{ kube_pods_subnet }}" + OVN_GATEWAYIP: "{{ kube_pods_subnet|ipaddr('net')|ipaddr(1) }}" + +--- + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nfn-operator + namespace: kube-system +spec: + replicas: 1 + selector: + matchLabels: + name: nfn-operator + template: + metadata: + labels: + name: nfn-operator + spec: + hostNetwork: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: ovn4nfv-k8s-plugin + operator: In + values: + - ovn-control-plane + tolerations: + - key: "node-role.kubernetes.io/master" + effect: "NoSchedule" + operator: "Exists" + serviceAccountName: k8s-nfn-sa + containers: + - name: nfn-operator + image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }} + command: ["/usr/local/bin/entrypoint", "operator"] + imagePullPolicy: {{ k8s_image_pull_policy }} + envFrom: + - configMapRef: + name: ovn-controller-network + ports: + - containerPort: 50000 + protocol: TCP + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: OPERATOR_NAME + value: "nfn-operator" + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: ovn4nfv-cni-config + namespace: kube-system + labels: + app: ovn4nfv +data: + ovn4nfv_k8s.conf: | + [logging] + loglevel=5 + logfile=/var/log/openvswitch/ovn4k8s.log + + [cni] + conf-dir=/etc/cni/net.d + plugin=ovn4nfvk8s-cni + + [kubernetes] + kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig + 00-network.conf: | + { + "name": "ovn4nfv-k8s-plugin", + "type": "ovn4nfvk8s-cni", + "cniVersion": "0.3.1" + } + +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: ovn4nfv-cni + namespace: kube-system + labels: + app: ovn4nfv +spec: + updateStrategy: + type: RollingUpdate + selector: + matchLabels: + app: ovn4nfv + template: + metadata: + labels: + app: ovn4nfv + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: k8s-nfn-sa + containers: + - name: ovn4nfv + image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }} + command: ["/usr/local/bin/entrypoint", "cni"] + imagePullPolicy: {{ k8s_image_pull_policy }} + resources: + requests: + cpu: {{ ovn4nfv_cni_cpu_request }} + memory: {{ ovn4nfv_cni_memory_request }} + limits: + cpu: {{ ovn4nfv_cni_cpu_limit }} + memory: {{ ovn4nfv_cni_memory_limit }} + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: cniconf + mountPath: /host/etc/openvswitch + - name: ovn4nfv-cfg + mountPath: /tmp/ovn4nfv-conf + - name: ovn4nfv-cni-net-conf + mountPath: /tmp/ovn4nfv-cni + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: cniconf + hostPath: + path: /etc/openvswitch + - name: ovn4nfv-cfg + configMap: + name: ovn4nfv-cni-config + items: + - key: ovn4nfv_k8s.conf + path: ovn4nfv_k8s.conf + - name: ovn4nfv-cni-net-conf + configMap: + name: ovn4nfv-cni-config + items: + - key: 00-network.conf + path: 00-network.conf +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: nfn-agent + namespace: kube-system + labels: + app: nfn-agent +spec: + selector: + matchLabels: + app: nfn-agent + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + app: nfn-agent + spec: + hostNetwork: true + hostPID: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: k8s-nfn-sa + containers: + - name: nfn-agent + image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }} + command: ["/usr/local/bin/entrypoint", "agent"] + imagePullPolicy: {{ k8s_image_pull_policy }} + resources: + requests: + cpu: {{ nfn_agent_cpu_request }} + memory: {{ nfn_agent_memory_request }} + limits: + cpu: {{ nfn_agent_cpu_limit }} + memory: {{ nfn_agent_memory_limit }} + env: + - name: NFN_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + securityContext: + runAsUser: 0 + capabilities: + add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"] + privileged: true + volumeMounts: + - mountPath: /var/run/dbus/ + name: host-var-run-dbus + readOnly: true + - mountPath: /run/openvswitch + name: host-run-ovs + - mountPath: /var/run/openvswitch + name: host-var-run-ovs + - mountPath: /var/run/ovn4nfv-k8s-plugin + name: host-var-cniserver-socket-dir + volumes: + - name: host-run-ovs + hostPath: + path: /run/openvswitch + - name: host-var-run-ovs + hostPath: + path: /var/run/openvswitch + - name: host-var-run-dbus + hostPath: + path: /var/run/dbus + - name: host-var-cniserver-socket-dir + hostPath: + path: /var/run/ovn4nfv-k8s-plugin diff --git a/tests/files/packet_ubuntu18-ovn4nfv.yml b/tests/files/packet_ubuntu18-ovn4nfv.yml new file mode 100644 index 00000000000..85af6baa514 --- /dev/null +++ b/tests/files/packet_ubuntu18-ovn4nfv.yml @@ -0,0 +1,9 @@ +--- +# Instance settings +cloud_image: ubuntu-1804 +mode: default + +# Kubespray settings +kube_network_plugin: ovn4nfv +deploy_netchecker: true +dns_min_replicas: 1