Skip to content
GitLab
Unverified Commit 96961608 authored by 张祖建's avatar 张祖建 Committed by GitHub
Browse files

Merge pull request #1127 from kubeovn/feat/mcast 

Add switch for NB_Global option mcast_privileged
parents b2046740 743502cd
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 23 additions and 561 deletions
+23 -561
dist/images/Dockerfile.base
+ 1
- 0
View file @ 96961608
......@@ -24,6 +24,7 @@ RUN dpkg -i /usr/src/python3-openvswitch*.deb /usr/src/libopenvswitch*.deb
RUN cd /usr/src/ && git clone -b branch-21.06 --depth=1 https://github.com/ovn-org/ovn.git && \
cd ovn && \
curl -s https://github.com/kubeovn/ovn/commit/e24734913d25c0bffdf1cfd79e14ef43d01e1019.patch | git apply && \
curl -s https://github.com/kubeovn/ovn/commit/eee4ace8a3dd00f0a067fed0f0cabee46a29aa54.patch | git apply && \
sed -i 's/OVN/ovn/g' debian/changelog && \
rm -rf .git && \
./boot.sh && \
......
dist/images/install.sh
+ 2
- 0
View file @ 96961608
......@@ -13,6 +13,7 @@ HW_OFFLOAD=${HW_OFFLOAD:-false}
ENABLE_LB=${ENABLE_LB:-true}
ENABLE_NP=${ENABLE_NP:-true}
ENABLE_EXTERNAL_VPC=${ENABLE_EXTERNAL_VPC:-true}
MULTICAST_PRIVILEGED=${MULTICAST_PRIVILEGED:-false}
# The nic to support container network can be a nic name or a group of regex
# separated by comma, if empty will use the nic that the default route use
IFACE=${IFACE:-}
......@@ -1885,6 +1886,7 @@ spec:
- --enable-lb=$ENABLE_LB
- --enable-np=$ENABLE_NP
- --enable-external-vpc=$ENABLE_EXTERNAL_VPC
- --multicast-privileged=$MULTICAST_PRIVILEGED
- --logtostderr=false
- --alsologtostderr=true
- --log_file=/var/log/kube-ovn/kube-ovn-controller.log
......
pkg/controller/config.go
+ 5
- 0
View file @ 96961608
......@@ -69,6 +69,8 @@ type Configuration struct {
EnableLb bool
EnableNP bool
EnableExternalVpc bool
MulticastPrivileged bool
}
// ParseFlags parses cmd args then init kubeclient and conf
......@@ -111,6 +113,8 @@ func ParseFlags() (*Configuration, error) {
argEnableLb = pflag.Bool("enable-lb", true, "Enable load balancer, default: true")
argEnableNP = pflag.Bool("enable-np", true, "Enable network policy support, default: true")
argEnableExternalVpc = pflag.Bool("enable-external-vpc", true, "Enable external vpc support, default: true")
argMulticastPrivileged = pflag.Bool("multicast-privileged", false, "Move broadcast/multicast flows to table ls_in_pre_lb in logical switches' ingress pipeline to improve broadcast/multicast performace, default: false")
)
klogFlags := flag.NewFlagSet("klog", flag.ExitOnError)
......@@ -164,6 +168,7 @@ func ParseFlags() (*Configuration, error) {
EnableLb: *argEnableLb,
EnableNP: *argEnableNP,
EnableExternalVpc: *argEnableExternalVpc,
MulticastPrivileged: *argMulticastPrivileged,
}
if config.NetworkType == util.NetworkTypeVlan && config.DefaultHostInterface == "" {
......
pkg/controller/init.go
+ 4
- 0
View file @ 96961608
......@@ -18,6 +18,10 @@ import (
)
func (c *Controller) InitOVN() error {
if err := c.ovnClient.SetMulticastPrivileged(c.config.MulticastPrivileged); err != nil {
return err
}
if err := c.initClusterRouter(); err != nil {
klog.Errorf("init cluster router failed: %v", err)
return err
......
pkg/ovs/ovn-nbctl.go
+ 7
- 0
View file @ 96961608
......@@ -67,6 +67,13 @@ func (c Client) SetUseCtInvMatch() error {
return nil
}
func (c Client) SetMulticastPrivileged(enabled bool) error {
if _, err := c.ovnNbCommand("set", "NB_Global", ".", fmt.Sprintf("options:mcast_privileged=%v", enabled)); err != nil {
return fmt.Errorf("failed to set NB_Global option mcast_privileged to %v: %v", enabled, err)
}
return nil
}
func (c Client) SetICAutoRoute(enable bool, blackList []string) error {
if enable {
if _, err := c.ovnNbCommand("set", "NB_Global", ".", "options:ic-route-adv=true", "options:ic-route-learn=true", fmt.Sprintf("options:ic-route-blacklist=%s", strings.Join(blackList, ","))); err != nil {
......
yamls/crd-pre-1.16.yaml deleted 100644 → 0
+ 0
- 561
View file @ b2046740
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ips.kubeovn.io
spec:
group: kubeovn.io
version: v1
scope: Cluster
names:
plural: ips
singular: ip
kind: IP
shortNames:
- ip
additionalPrinterColumns:
- name: IP
type: string
JSONPath: .spec.ipAddress
- name: Mac
type: string
JSONPath: .spec.macAddress
- name: Node
type: string
JSONPath: .spec.nodeName
- name: Subnet
type: string
JSONPath: .spec.subnet
validation:
openAPIV3Schema:
properties:
spec:
type: object
properties:
podName:
type: string
namespace:
type: string
subnet:
type: string
attachSubnets:
type: array
items:
type: string
nodeName:
type: string
ipAddress:
type: string
attachIps:
type: array
items:
type: string
macAddress:
type: string
attachMacs:
type: array
items:
type: string
containerID:
type: string
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: subnets.kubeovn.io
spec:
group: kubeovn.io
version: v1
scope: Cluster
names:
plural: subnets
singular: subnet
kind: Subnet
shortNames:
- subnet
subresources:
status: {}
additionalPrinterColumns:
- name: Provider
type: string
JSONPath: .spec.provider
- name: Vpc
type: string
JSONPath: .spec.vpc
- name: Protocol
type: string
JSONPath: .spec.protocol
- name: CIDR
type: string
JSONPath: .spec.cidrBlock
- name: Private
type: boolean
JSONPath: .spec.private
- name: NAT
type: boolean
JSONPath: .spec.natOutgoing
- name: Default
type: boolean
JSONPath: .spec.default
- name: GatewayType
type: string
JSONPath: .spec.gatewayType
- name: Used
type: number
JSONPath: .status.usingIPs
- name: Available
type: number
JSONPath: .status.availableIPs
- name: ExcludeIPs
type: string
JSONPath: .spec.excludeIps
validation:
openAPIV3Schema:
properties:
status:
type: object
properties:
availableIPs:
type: number
usingIPs:
type: number
activateGateway:
type: string
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
spec:
type: object
properties:
vpc:
type: string
default:
type: boolean
protocol:
type: string
cidrBlock:
type: string
namespaces:
type: array
items:
type: string
gateway:
type: string
provider:
type: string
excludeIps:
type: array
items:
type: string
gatewayType:
type: string
allowSubnets:
type: array
items:
type: string
gatewayNode:
type: string
natOutgoing:
type: boolean
externalEgressGateway:
type: string
policyRoutingPriority:
type: integer
minimum: 1
maximum: 32765
policyRoutingTableID:
type: integer
minimum: 1
maximum: 2147483647
not:
enum:
- 252 # compat
- 253 # default
- 254 # main
- 255 # local
private:
type: boolean
vlan:
type: string
logicalGateway:
type: boolean
disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: vlans.kubeovn.io
spec:
group: kubeovn.io
version: v1
scope: Cluster
names:
plural: vlans
singular: vlan
kind: Vlan
shortNames:
- vlan
additionalPrinterColumns:
- name: ID
type: string
JSONPath: .spec.id
- name: Provider
type: string
JSONPath: .spec.provider
validation:
openAPIV3Schema:
properties:
spec:
type: object
properties:
id:
type: integer
minimum: 0
maximum: 4095
provider:
type: string
vlanId:
type: integer
description: Deprecated in favor of id
providerInterfaceName:
type: string
description: Deprecated in favor of provider
required:
- provider
status:
type: object
properties:
subnets:
type: array
items:
type: string
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: provider-networks.kubeovn.io
spec:
group: kubeovn.io
version: v1
scope: Cluster
names:
plural: provider-networks
singular: provider-network
kind: ProviderNetwork
listKind: ProviderNetworkList
additionalPrinterColumns:
- name: DefaultInterface
type: string
JSONPath: .spec.defaultInterface
- name: Ready
type: boolean
JSONPath: .status.ready
validation:
openAPIV3Schema:
properties:
metadata:
type: object
properties:
name:
type: string
maxLength: 12
not:
enum:
- int
- external
spec:
type: object
properties:
defaultInterface:
type: string
maxLength: 15
pattern: '^[^/\s]+$'
customInterfaces:
type: array
items:
type: object
properties:
interface:
type: string
maxLength: 15
pattern: '^[^/\s]+$'
nodes:
type: array
items:
type: string
excludeNodes:
type: array
items:
type: string
required:
- defaultInterface
status:
type: object
properties:
ready:
type: boolean
readyNodes:
type: array
items:
type: string
vlans:
type: array
items:
type: string
conditions:
type: array
items:
type: object
properties:
node:
type: string
type:
type: string
status:
type: string
reason:
type: string
message:
type: string
lastUpdateTime:
type: string
lastTransitionTime:
type: string
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: vpcs.kubeovn.io
spec:
group: kubeovn.io
version: v1
scope: Cluster
names:
plural: vpcs
singular: vpc
kind: Vpc
listKind: VpcList
shortNames:
- vpc
subresources:
status: {}
additionalPrinterColumns:
- JSONPath: .status.standby
name: Standby
type: boolean
- JSONPath: .status.subnets
name: Subnets
type: string
- JSONPath: .spec.namespaces
name: Namespaces
type: string
validation:
openAPIV3Schema:
properties:
spec:
properties:
namespaces:
items:
type: string
type: array
staticRoutes:
items:
properties:
policy:
type: string
cidr:
type: string
nextHopIP:
type: string
type: object
type: array
policyRoutes:
items:
properties:
priority:
type: integer
action:
type: string
match:
type: string
nextHopIP:
type: string
type: object
type: array
type: object
status:
properties:
conditions:
items:
properties:
lastTransitionTime:
type: string
lastUpdateTime:
type: string
message:
type: string
reason:
type: string
status:
type: string
type:
type: string
type: object
type: array
default:
type: boolean
defaultLogicalSwitch:
type: string
router:
type: string
standby:
type: boolean
subnets:
items:
type: string
type: array
tcpLoadBalancer:
type: string
tcpSessionLoadBalancer:
type: string
udpLoadBalancer:
type: string
udpSessionLoadBalancer:
type: string
type: object
type: object
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: vpc-nat-gateways.kubeovn.io
spec:
group: kubeovn.io
names:
plural: vpc-nat-gateways
singular: vpc-nat-gateway
shortNames:
- vpc-nat-gw
kind: VpcNatGateway
listKind: VpcNatGatewayList
scope: Cluster
versions:
- additionalPrinterColumns:
- JSONPath: .spec.vpc
name: Vpc
type: string
- JSONPath: .spec.subnet
name: Subnet
type: string
- JSONPath: .spec.lanIp
name: LanIP
type: string
name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
dnatRules:
type: array
items:
type: object
properties:
eip:
type: string
externalPort:
type: string
internalIp:
type: string
internalPort:
type: string
protocol:
type: string
eips:
type: array
items:
type: object
properties:
eipCIDR:
type: string
gateway:
type: string
floatingIpRules:
type: array
items:
type: object
properties:
eip:
type: string
internalIp:
type: string
lanIp:
type: string
snatRules:
type: array
items:
type: object
properties:
eip:
type: string
internalCIDR:
type: string
subnet:
type: string
vpc:
type: string
subresources:
status: {}
conversion:
strategy: None
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: htbqoses.kubeovn.io
spec:
group: kubeovn.io
versions:
- name: v1
served: true
storage: true
additionalPrinterColumns:
- name: PRIORITY
type: string
jsonPath: .spec.priority
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
priority:
type: string # Value in range 0 to 4,294,967,295.
scope: Cluster
names:
plural: htbqoses
singular: htbqos
kind: HtbQos
shortNames:
- htbqos
\ No newline at end of file
yamls/kube-ovn-ipv6.yaml
+ 2
- 0
View file @ 96961608
......@@ -57,6 +57,8 @@ spec:
- --pod-nic-type=veth-pair
- --enable-lb=true
- --enable-np=true
- --enable-external-vpc=true
- --multicast-privileged=false
env:
- name: ENABLE_SSL
value: "false"
......
yamls/kube-ovn.yaml
+ 2
- 0
View file @ 96961608
......@@ -49,6 +49,7 @@ spec:
- --default-logical-gateway=false
- --default-exclude-ips=
- --node-switch-cidr=100.64.0.0/16
- --node-switch-gateway=100.64.0.1
- --service-cluster-ip-range=10.96.0.0/12
- --network-type=geneve
- --default-interface-name=
......@@ -57,6 +58,7 @@ spec:
- --enable-lb=true
- --enable-np=true
- --enable-external-vpc=true
- --multicast-privileged=false
env:
- name: ENABLE_SSL
value: "false"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

免费DevSecOps平台,让您的项目体验完整的DevSecOps流程,让项目更安全