shixiong
/
okd


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
							# This ConfigMap is used to configure Nuage VSP configuration
kind: ConfigMap
apiVersion: v1
metadata:
  name: nuage-config
  namespace: kube-system
data:
  # This will generate the required Nuage vsp-openshift.yaml
  # config on each slave node
  plugin_yaml_config: |
      clientCert: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/client.crt
      # The key to the certificate in clientCert above
      clientKey: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/client.key
      # The certificate authority's certificate for the local kubelet.  Usually the
      # same as the CA cert used to create the client Cert/Key pair.
      CACert: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/ca.crt
      # Name of the enterprise in which pods will reside
      enterpriseName: {{ enterprise }}
      # Name of the domain in which pods will reside
      domainName: {{ domain }}
      # Name of the VSD user in admin group
      vsdUser: {{ vsd_user }}
      # IP address and port number of master API server
      masterApiServer: {{ api_server_url }}
      # REST server URL 
      nuageMonRestServer: https://{{ openshift_master_cluster_hostname }}:{{ nuage_mon_rest_server_port }}
      # Bridge name for the docker bridge
      dockerBridgeName: docker0
      # Certificate for connecting to the openshift monitor REST api
      nuageMonClientCert: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/nuageMonClient.crt
      # Key to the certificate in restClientCert
      nuageMonClientKey: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/nuageMonClient.key
      # CA certificate for verifying the master's rest server
      nuageMonServerCA: {{ nuage_node_config_dsets_mount_dir }}/vsp-openshift/nuageMonCA.crt

  # This will generate the required Nuage CNI yaml configuration
  cni_yaml_config: |
      vrsendpoint: "/var/run/openvswitch/db.sock"
      vrsbridge: "alubr0"
      monitorinterval: 60
      cniversion: 0.2.0
      loglevel: "info"
      portresolvetimer: 60
      logfilesize: 1
      logfilemaxage: 2
      vrsconnectionchecktimer: 180
      mtu: {{ nuage_vport_mtu }}
      staleentrytimeout: 600
      nuagesiteid: {{ nuage_site_id | default(-1) }}
      platform: {{ nuage_personality | default('vrs') }}

---

# This manifest installs Nuage CNI plugins and network config on
# each worker node in Openshift cluster
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: nuage-cni-ds
  namespace: kube-system
  labels:
    k8s-app: nuage-cni-ds
spec:
  selector:
    matchLabels:
      k8s-app: nuage-cni-ds
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: nuage-cni-ds
    spec:
      hostNetwork: true
      containers:
        # This container installs Nuage CNI binaries
        # and CNI network config file on each node.
        - name: install-nuage-cni
          image: {{ nuage_cni_image_name }}:{{ nuage_cni_container_image_version }}
          command: ["/install-cni.sh"]
          args: ["nuage-cni-openshift", "{{ slave_host_type }}"]
          securityContext:
            privileged: true
          env:
            # Nuage vsp-openshift.yaml config to install on each slave node.
            - name: NUAGE_VSP_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: nuage-config
                  key: plugin_yaml_config
            # Nuage nuage-cni.yaml config to install on each slave node.
            - name: NUAGE_CNI_YAML_CONFIG
              valueFrom:
                configMapKeyRef:
                  name: nuage-config
                  key: cni_yaml_config
            # Nuage cluster network CIDR for iptables configuration
            - name: NUAGE_CLUSTER_NW_CIDR
              value: "{{ openshift_cluster_network_cidr }}"
          volumeMounts:
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
            - mountPath: /host/etc/cni/net.d
              name: cni-net-dir
            - mountPath: /etc/default
              name: cni-yaml-dir
            - mountPath: /var/run
              name: var-run-dir
            - mountPath: /var/log
              name: cni-log-dir
            - mountPath: {{ nuage_node_config_dsets_mount_dir }}
              name: var-usr-share-dir
            - mountPath: /usr/share/
              name: usr-share-dir
      volumes:
        - name: cni-bin-dir
          hostPath:
            path: {{ nuage_cni_bin_dsets_mount_dir }}
        - name: cni-net-dir
          hostPath:
            path: {{ nuage_cni_netconf_dsets_mount_dir }}
        - name: cni-yaml-dir
          hostPath:
            path: /etc/default
        - name: var-run-dir
          hostPath:
            path: /var/run
        - name: cni-log-dir
          hostPath:
            path: /var/log
        - name: var-usr-share-dir
          hostPath:
            path: {{ nuage_node_config_dsets_mount_dir }}
        - name: usr-share-dir
          hostPath:
            path: /usr/share/

---

# This manifest installs Nuage VRS on
# each worker node in an Openshift cluster.
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: nuage-vrs-ds
  namespace: kube-system
  labels:
    k8s-app: nuage-vrs-ds
spec:
  selector:
    matchLabels:
      k8s-app: nuage-vrs-ds
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        k8s-app: nuage-vrs-ds
    spec:
      hostNetwork: true
      containers:
        # This container installs Nuage VRS running as a
        # container on each worker node
        - name: install-nuage-vrs
          image: {{ nuage_vrs_image_name }}:{{ nuage_vrs_container_image_version }}
          securityContext:
            privileged: true
          env:
            # Configure parameters for VRS openvswitch file
            - name: NUAGE_ACTIVE_CONTROLLER
              value: "{{ nuage_vsc_active_ip }}"
            - name: NUAGE_STANDBY_CONTROLLER
              value: "{{ nuage_vsc_standby_ip }}"
            - name: NUAGE_PLATFORM
              value: '"kvm, k8s"'
            - name: NUAGE_K8S_SERVICE_IPV4_SUBNET
              value: '{{ svc_ipv4_subnet }}\/{{ svc_ipv4_subnet_mask }}'
            - name: NUAGE_NETWORK_UPLINK_INTF
              value: "{{ nw_uplink_intf }}"
            - name: NUAGE_BRIDGE_MTU
              value: "{{ vrs_bridge_mtu_config }}"
{% if nuage_bgp_config == 'enable' %}
            - name: ENABLE_BGP
              value: "yes"
{% endif %}
          volumeMounts:
            - mountPath: /var/run
              name: vrs-run-dir
            - mountPath: /var/log
              name: vrs-log-dir
            - mountPath: {{ nuage_vrs_mount_dir }}
              name: vrs-mnt-dir
            - mountPath: /sys/module
              name: sys-mod-dir
              readOnly: true
            - mountPath: /lib/modules
              name: lib-mod-dir
              readOnly: true
      volumes:
        - name: vrs-run-dir
          hostPath:
            path: /var/run
        - name: vrs-log-dir
          hostPath:
            path: /var/log
        - name: vrs-mnt-dir
          hostPath:
            path: {{ nuage_vrs_mount_dir }}
        - name: sys-mod-dir
          hostPath:
            path: /sys/module
        - name: lib-mod-dir
          hostPath:
            path: /lib/modules