apiVersion: v1 kind: Namespace metadata: name: kube-ovn --- apiVersion: v1 kind: ConfigMap metadata: name: ovn-config namespace: kube-ovn --- apiVersion: v1 kind: ServiceAccount metadata: name: ovn namespace: kube-ovn --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: annotations: rbac.authorization.k8s.io/system-only: "true" name: system:ovn-reader rules: - apiGroups: - "" - extensions resources: - pods - namespaces - networkpolicies - nodes verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - get - list - watch - apiGroups: - "" resources: - events verbs: - create - patch - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ovn-cluster-reader roleRef: name: cluster-reader kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: ovn namespace: kube-ovn --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ovn-reader roleRef: name: system:ovn-reader kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: ovn namespace: kube-ovn --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: cluster-admin-0 roleRef: name: cluster-admin kind: ClusterRole apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: ovn namespace: kube-ovn --- kind: Service apiVersion: v1 metadata: name: ovn-nb namespace: kube-ovn spec: ports: - name: ovn-nb protocol: TCP port: 6641 targetPort: 6641 type: ClusterIP selector: app: ovn-central sessionAffinity: None --- kind: Service apiVersion: v1 metadata: name: ovn-sb namespace: kube-ovn spec: ports: - name: ovn-sb protocol: TCP port: 6642 targetPort: 6642 type: ClusterIP selector: app: ovn-central sessionAffinity: None --- kind: Deployment apiVersion: apps/v1 metadata: name: ovn-central namespace: kube-ovn annotations: kubernetes.io/description: | OVN components: northd, nb and sb. spec: replicas: 1 strategy: rollingUpdate: maxSurge: 0% maxUnavailable: 100% type: RollingUpdate selector: matchLabels: app: ovn-central template: metadata: labels: app: ovn-central component: network type: infra spec: tolerations: - operator: Exists effect: NoSchedule affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchLabels: app: ovn-central topologyKey: kubernetes.io/hostname serviceAccountName: ovn hostNetwork: true containers: - name: ovn-central image: "index.alauda.cn/alaudak8s/kube-ovn-db:v0.4.0" imagePullPolicy: Always env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP resources: requests: cpu: 200m memory: 300Mi limits: cpu: 400m memory: 800Mi volumeMounts: - mountPath: /run/openvswitch name: host-run-ovs - mountPath: /var/run/openvswitch name: host-run-ovs - mountPath: /sys name: host-sys readOnly: true - mountPath: /etc/openvswitch name: host-config-openvswitch - mountPath: /var/log/openvswitch name: host-log readinessProbe: exec: command: - sh - /root/ovn-is-leader.sh periodSeconds: 3 livenessProbe: exec: command: - sh - /root/ovn-healthcheck.sh initialDelaySeconds: 30 periodSeconds: 7 failureThreshold: 5 nodeSelector: beta.kubernetes.io/os: "linux" kube-ovn/role: "master" volumes: - name: host-run-ovs hostPath: path: /run/openvswitch - name: host-sys hostPath: path: /sys - name: host-config-openvswitch hostPath: path: /etc/origin/openvswitch - name: host-log hostPath: path: /var/log/openvswitch --- kind: DaemonSet apiVersion: apps/v1 metadata: name: ovs-ovn namespace: kube-ovn annotations: kubernetes.io/description: | This daemon set launches the openvswitch daemon. spec: selector: matchLabels: app: ovs updateStrategy: type: RollingUpdate template: metadata: labels: app: ovs component: network type: infra spec: tolerations: - operator: Exists effect: NoSchedule serviceAccountName: ovn hostNetwork: true hostPID: true containers: - name: openvswitch image: "index.alauda.cn/alaudak8s/kube-ovn-node:v0.4.0" imagePullPolicy: Always securityContext: runAsUser: 0 privileged: true env: - name: POD_IP valueFrom: fieldRef: fieldPath: status.podIP volumeMounts: - mountPath: /lib/modules name: host-modules readOnly: true - mountPath: /run/openvswitch name: host-run-ovs - mountPath: /var/run/openvswitch name: host-run-ovs - mountPath: /sys name: host-sys readOnly: true - mountPath: /etc/openvswitch name: host-config-openvswitch - mountPath: /var/log/openvswitch name: host-log readinessProbe: exec: command: - sh - /root/ovs-healthcheck.sh periodSeconds: 5 livenessProbe: exec: command: - sh - /root/ovs-healthcheck.sh initialDelaySeconds: 10 periodSeconds: 5 failureThreshold: 5 resources: requests: cpu: 100m memory: 300Mi limits: cpu: 200m memory: 400Mi nodeSelector: beta.kubernetes.io/os: "linux" volumes: - name: host-modules hostPath: path: /lib/modules - name: host-run-ovs hostPath: path: /run/openvswitch - name: host-sys hostPath: path: /sys - name: host-config-openvswitch hostPath: path: /etc/origin/openvswitch - name: host-log hostPath: path: /var/log/openvswitch