kubeasz/roles/kube-ovn/templates/ovn.yaml.j2

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: kube-ovn
  annotations:
    seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
spec:
  privileged: true
  allowPrivilegeEscalation: true
  allowedCapabilities:
    - '*'
  volumes:
    - '*'
  hostNetwork: true
  hostPorts:
    - min: 0
      max: 65535
  hostIPC: true
  hostPID: true
  runAsUser:
    rule: 'RunAsAny'
  seLinux:
    rule: 'RunAsAny'
  supplementalGroups:
    rule: 'RunAsAny'
  fsGroup:
    rule: 'RunAsAny'

---

apiVersion: v1
kind: ConfigMap
metadata:
  name: ovn-config
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ovn
  namespace:  kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.k8s.io/system-only: "true"
  name: system:ovn
rules:
  - apiGroups: ['policy']
    resources: ['podsecuritypolicies']
    verbs:     ['use']
    resourceNames:
      - kube-ovn
  - apiGroups:
      - "kubeovn.io"
    resources:
      - subnets
      - subnets/status
      - ips
      - vlans
      - networks
    verbs:
      - "*"
  - apiGroups:
      - ""
    resources:
      - pods
      - namespaces
      - nodes
      - configmaps
    verbs:
      - create
      - get
      - list
      - watch
      - patch
      - update
  - apiGroups:
      - ""
      - networking.k8s.io
      - apps
      - extensions
    resources:
      - networkpolicies
      - services
      - endpoints
      - statefulsets
      - daemonsets
      - deployments
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - ""
    resources:
      - events
    verbs:
      - create
      - patch
      - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: ovn
roleRef:
  name: system:ovn
  kind: ClusterRole
  apiGroup: rbac.authorization.k8s.io
subjects:
  - kind: ServiceAccount
    name: ovn
    namespace:  kube-system
---
kind: Service
apiVersion: v1
metadata:
  name: ovn-nb
  namespace:  kube-system
spec:
  ports:
    - name: ovn-nb
      protocol: TCP
      port: 6641
      targetPort: 6641
  type: ClusterIP
  selector:
    app: ovn-central
    ovn-nb-leader: "true"
  sessionAffinity: None
---
kind: Service
apiVersion: v1
metadata:
  name: ovn-sb
  namespace:  kube-system
spec:
  ports:
    - name: ovn-sb
      protocol: TCP
      port: 6642
      targetPort: 6642
  type: ClusterIP
  selector:
    app: ovn-central
    ovn-sb-leader: "true"
  sessionAffinity: None
---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: ovn-central
  namespace:  kube-system
  annotations:
    kubernetes.io/description: |
      OVN components: northd, nb and sb.
spec:
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 0%
      maxUnavailable: 100%
    type: RollingUpdate
  selector:
    matchLabels:
      app: ovn-central
  template:
    metadata:
      labels:
        app: ovn-central
        component: network
        type: infra
    spec:
      tolerations:
        - operator: Exists
      affinity:
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
                matchLabels:
                  app: ovn-central
              topologyKey: kubernetes.io/hostname
      priorityClassName: system-cluster-critical
      serviceAccountName: ovn
      hostNetwork: true
      containers:
        - name: ovn-central
          image: "kubeovn/kube-ovn:v1.5.3"
          imagePullPolicy: IfNotPresent
          command: ["/kube-ovn/start-db.sh"]
          securityContext:
            capabilities:
              add: ["SYS_NICE"]
          env:
            - name: ENABLE_SSL
              value: "false"
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          resources:
            requests:
              cpu: 500m
              memory: 200Mi
            limits:
              cpu: 3
              memory: 3Gi
          volumeMounts:
            - mountPath: /var/run/openvswitch
              name: host-run-ovs
            - mountPath: /var/run/ovn
              name: host-run-ovn
            - mountPath: /sys
              name: host-sys
              readOnly: true
            - mountPath: /etc/openvswitch
              name: host-config-openvswitch
            - mountPath: /etc/ovn
              name: host-config-ovn
            - mountPath: /var/log/openvswitch
              name: host-log-ovs
            - mountPath: /var/log/ovn
              name: host-log-ovn
            - mountPath: /var/run/tls
              name: kube-ovn-tls
          readinessProbe:
            exec:
              command:
                - sh
                - /kube-ovn/ovn-is-leader.sh
            periodSeconds: 3
            timeoutSeconds: 45
          livenessProbe:
            exec:
              command:
                - sh
                - /kube-ovn/ovn-healthcheck.sh
            initialDelaySeconds: 30
            periodSeconds: 7
            failureThreshold: 5
            timeoutSeconds: 45
      nodeSelector:
        kubernetes.io/os: "linux"
        kube-ovn/role: "master"
      volumes:
        - name: host-run-ovs
          hostPath:
            path: /run/openvswitch
        - name: host-run-ovn
          hostPath:
            path: /run/ovn
        - name: host-sys
          hostPath:
            path: /sys
        - name: host-config-openvswitch
          hostPath:
            path: /etc/origin/openvswitch
        - name: host-config-ovn
          hostPath:
            path: /etc/origin/ovn
        - name: host-log-ovs
          hostPath:
            path: /var/log/openvswitch
        - name: host-log-ovn
          hostPath:
            path: /var/log/ovn
        - name: kube-ovn-tls
          secret:
            optional: true
            secretName: kube-ovn-tls
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: ovs-ovn
  namespace:  kube-system
  annotations:
    kubernetes.io/description: |
      This daemon set launches the openvswitch daemon.
spec:
  selector:
    matchLabels:
      app: ovs
  updateStrategy:
    type: OnDelete
  template:
    metadata:
      labels:
        app: ovs
        component: network
        type: infra
    spec:
      tolerations:
        - operator: Exists
      priorityClassName: system-cluster-critical
      serviceAccountName: ovn
      hostNetwork: true
      hostPID: true
      containers:
        - name: openvswitch
          image: "kubeovn/kube-ovn:v1.5.3"
          imagePullPolicy: IfNotPresent
          command: ["/kube-ovn/start-ovs.sh"]
          securityContext:
            runAsUser: 0
            privileged: true
          env:
            - name: ENABLE_SSL
              value: "false"
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: HW_OFFLOAD
              value: "false"
            - name: KUBE_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - mountPath: /lib/modules
              name: host-modules
              readOnly: true
            - mountPath: /var/run/openvswitch
              name: host-run-ovs
            - mountPath: /var/run/ovn
              name: host-run-ovn
            - mountPath: /sys
              name: host-sys
              readOnly: true
            - mountPath: /etc/openvswitch
              name: host-config-openvswitch
            - mountPath: /etc/ovn
              name: host-config-ovn
            - mountPath: /var/log/openvswitch
              name: host-log-ovs
            - mountPath: /var/log/ovn
              name: host-log-ovn
            - mountPath: /var/run/tls
              name: kube-ovn-tls
          readinessProbe:
            exec:
              command:
                - sh
                - /kube-ovn/ovs-healthcheck.sh
            periodSeconds: 5
            timeoutSeconds: 45
          livenessProbe:
            exec:
              command:
                - sh
                - /kube-ovn/ovs-healthcheck.sh
            initialDelaySeconds: 10
            periodSeconds: 5
            failureThreshold: 5
            timeoutSeconds: 45
          resources:
            requests:
              cpu: 200m
              memory: 200Mi
            limits:
              cpu: 1000m
              memory: 800Mi
      nodeSelector:
        kubernetes.io/os: "linux"
      volumes:
        - name: host-modules
          hostPath:
            path: /lib/modules
        - name: host-run-ovs
          hostPath:
            path: /run/openvswitch
        - name: host-run-ovn
          hostPath:
            path: /run/ovn
        - name: host-sys
          hostPath:
            path: /sys
        - name: host-config-openvswitch
          hostPath:
            path: /etc/origin/openvswitch
        - name: host-config-ovn
          hostPath:
            path: /etc/origin/ovn
        - name: host-log-ovs
          hostPath:
            path: /var/log/openvswitch
        - name: host-log-ovn
          hostPath:
            path: /var/log/ovn
        - name: kube-ovn-tls
          secret:
            optional: true
            secretName: kube-ovn-tls
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`apiVersion: policy/v1beta1`
			`kind: PodSecurityPolicy`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`metadata:`
			`name: kube-ovn`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`annotations:`
			`seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'`
			`spec:`
			`privileged: true`
			`allowPrivilegeEscalation: true`
			`allowedCapabilities:`
			`- '*'`
			`volumes:`
			`- '*'`
			`hostNetwork: true`
			`hostPorts:`
			`- min: 0`
			`max: 65535`
			`hostIPC: true`
			`hostPID: true`
			`runAsUser:`
			`rule: 'RunAsAny'`
			`seLinux:`
			`rule: 'RunAsAny'`
			`supplementalGroups:`
			`rule: 'RunAsAny'`
			`fsGroup:`
			`rule: 'RunAsAny'`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00
			`---`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: ovn-config`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: ovn`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRole`
			`metadata:`
			`annotations:`
			`rbac.authorization.k8s.io/system-only: "true"`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`name: system:ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`rules:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- apiGroups: ['policy']`
			`resources: ['podsecuritypolicies']`
			`verbs: ['use']`
			`resourceNames:`
			`- kube-ovn`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- apiGroups:`
			`- "kubeovn.io"`
			`resources:`
			`- subnets`
feat: update kube-ovn to 0.8.0 2019-10-14 18:21:30 +08:00			`- subnets/status`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- ips`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- vlans`
			`- networks`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`verbs:`
			`- "*"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- apiGroups:`
			`- ""`
			`resources:`
			`- pods`
			`- namespaces`
			`- nodes`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- configmaps`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`verbs:`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- create`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- get`
			`- list`
			`- watch`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- patch`
			`- update`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- apiGroups:`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- ""`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- networking.k8s.io`
feat: update kube-ovn to 0.8.0 2019-10-14 18:21:30 +08:00			`- apps`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- extensions`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`resources:`
			`- networkpolicies`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`- services`
			`- endpoints`
feat: update kube-ovn to 0.8.0 2019-10-14 18:21:30 +08:00			`- statefulsets`
			`- daemonsets`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- deployments`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`verbs:`
			`- get`
			`- list`
			`- watch`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- events`
			`verbs:`
			`- create`
			`- patch`
			`- update`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: ClusterRoleBinding`
			`metadata:`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`name: ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`roleRef:`
feat: upgrade kube-ovn to 0.6.0 2019-07-23 13:28:46 +08:00			`name: system:ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`kind: ClusterRole`
			`apiGroup: rbac.authorization.k8s.io`
			`subjects:`
			`- kind: ServiceAccount`
			`name: ovn`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`---`
			`kind: Service`
			`apiVersion: v1`
			`metadata:`
			`name: ovn-nb`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`spec:`
			`ports:`
			`- name: ovn-nb`
			`protocol: TCP`
			`port: 6641`
			`targetPort: 6641`
			`type: ClusterIP`
			`selector:`
			`app: ovn-central`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`ovn-nb-leader: "true"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`sessionAffinity: None`
			`---`
			`kind: Service`
			`apiVersion: v1`
			`metadata:`
			`name: ovn-sb`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`spec:`
			`ports:`
			`- name: ovn-sb`
			`protocol: TCP`
			`port: 6642`
			`targetPort: 6642`
			`type: ClusterIP`
			`selector:`
			`app: ovn-central`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`ovn-sb-leader: "true"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`sessionAffinity: None`
			`---`
			`kind: Deployment`
			`apiVersion: apps/v1`
			`metadata:`
			`name: ovn-central`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`annotations:`
			`kubernetes.io/description: \|`
			`OVN components: northd, nb and sb.`
			`spec:`
			`replicas: 1`
			`strategy:`
			`rollingUpdate:`
			`maxSurge: 0%`
			`maxUnavailable: 100%`
			`type: RollingUpdate`
			`selector:`
			`matchLabels:`
			`app: ovn-central`
			`template:`
			`metadata:`
			`labels:`
			`app: ovn-central`
			`component: network`
			`type: infra`
			`spec:`
			`tolerations:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- operator: Exists`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`affinity:`
			`podAntiAffinity:`
			`requiredDuringSchedulingIgnoredDuringExecution:`
			`- labelSelector:`
			`matchLabels:`
			`app: ovn-central`
			`topologyKey: kubernetes.io/hostname`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`priorityClassName: system-cluster-critical`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`serviceAccountName: ovn`
			`hostNetwork: true`
			`containers:`
			`- name: ovn-central`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`image: "kubeovn/kube-ovn:v1.5.3"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`imagePullPolicy: IfNotPresent`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`command: ["/kube-ovn/start-db.sh"]`
			`securityContext:`
			`capabilities:`
			`add: ["SYS_NICE"]`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`env:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: ENABLE_SSL`
			`value: "false"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- name: POD_IP`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: status.podIP`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: POD_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.name`
			`- name: POD_NAMESPACE`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: metadata.namespace`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`resources:`
			`requests:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`cpu: 500m`
			`memory: 200Mi`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`limits:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`cpu: 3`
			`memory: 3Gi`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`volumeMounts:`
			`- mountPath: /var/run/openvswitch`
			`name: host-run-ovs`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- mountPath: /var/run/ovn`
			`name: host-run-ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- mountPath: /sys`
			`name: host-sys`
			`readOnly: true`
			`- mountPath: /etc/openvswitch`
			`name: host-config-openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- mountPath: /etc/ovn`
			`name: host-config-ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- mountPath: /var/log/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`name: host-log-ovs`
			`- mountPath: /var/log/ovn`
			`name: host-log-ovn`
			`- mountPath: /var/run/tls`
			`name: kube-ovn-tls`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`readinessProbe:`
			`exec:`
			`command:`
			`- sh`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- /kube-ovn/ovn-is-leader.sh`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`periodSeconds: 3`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`timeoutSeconds: 45`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`livenessProbe:`
			`exec:`
			`command:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- sh`
			`- /kube-ovn/ovn-healthcheck.sh`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`initialDelaySeconds: 30`
			`periodSeconds: 7`
			`failureThreshold: 5`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`timeoutSeconds: 45`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`nodeSelector:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`kubernetes.io/os: "linux"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`kube-ovn/role: "master"`
			`volumes:`
			`- name: host-run-ovs`
			`hostPath:`
			`path: /run/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-run-ovn`
			`hostPath:`
			`path: /run/ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- name: host-sys`
			`hostPath:`
			`path: /sys`
			`- name: host-config-openvswitch`
			`hostPath:`
			`path: /etc/origin/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-config-ovn`
			`hostPath:`
			`path: /etc/origin/ovn`
			`- name: host-log-ovs`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`hostPath:`
			`path: /var/log/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-log-ovn`
			`hostPath:`
			`path: /var/log/ovn`
			`- name: kube-ovn-tls`
			`secret:`
			`optional: true`
			`secretName: kube-ovn-tls`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`---`
			`kind: DaemonSet`
			`apiVersion: apps/v1`
			`metadata:`
			`name: ovs-ovn`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`namespace: kube-system`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`annotations:`
			`kubernetes.io/description: \|`
			`This daemon set launches the openvswitch daemon.`
			`spec:`
			`selector:`
			`matchLabels:`
			`app: ovs`
			`updateStrategy:`
update kube-ovn to 0.9.1 2019-11-27 11:18:45 +08:00			`type: OnDelete`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`template:`
			`metadata:`
			`labels:`
			`app: ovs`
			`component: network`
			`type: infra`
			`spec:`
			`tolerations:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- operator: Exists`
			`priorityClassName: system-cluster-critical`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`serviceAccountName: ovn`
			`hostNetwork: true`
			`hostPID: true`
			`containers:`
			`- name: openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`image: "kubeovn/kube-ovn:v1.5.3"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`imagePullPolicy: IfNotPresent`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`command: ["/kube-ovn/start-ovs.sh"]`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`securityContext:`
			`runAsUser: 0`
			`privileged: true`
			`env:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: ENABLE_SSL`
			`value: "false"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- name: POD_IP`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: status.podIP`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: HW_OFFLOAD`
			`value: "false"`
			`- name: KUBE_NODE_NAME`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`volumeMounts:`
			`- mountPath: /lib/modules`
			`name: host-modules`
			`readOnly: true`
			`- mountPath: /var/run/openvswitch`
			`name: host-run-ovs`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- mountPath: /var/run/ovn`
			`name: host-run-ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- mountPath: /sys`
			`name: host-sys`
			`readOnly: true`
			`- mountPath: /etc/openvswitch`
			`name: host-config-openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- mountPath: /etc/ovn`
			`name: host-config-ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- mountPath: /var/log/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`name: host-log-ovs`
			`- mountPath: /var/log/ovn`
			`name: host-log-ovn`
			`- mountPath: /var/run/tls`
			`name: kube-ovn-tls`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`readinessProbe:`
			`exec:`
			`command:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- sh`
			`- /kube-ovn/ovs-healthcheck.sh`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`periodSeconds: 5`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`timeoutSeconds: 45`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`livenessProbe:`
			`exec:`
			`command:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- sh`
			`- /kube-ovn/ovs-healthcheck.sh`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`initialDelaySeconds: 10`
			`periodSeconds: 5`
			`failureThreshold: 5`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`timeoutSeconds: 45`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`resources:`
			`requests:`
update kube-ovn to 0.9.1 2019-11-27 11:18:45 +08:00			`cpu: 200m`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`memory: 200Mi`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`limits:`
update kube-ovn to 0.9.1 2019-11-27 11:18:45 +08:00			`cpu: 1000m`
			`memory: 800Mi`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`nodeSelector:`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`kubernetes.io/os: "linux"`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`volumes:`
			`- name: host-modules`
			`hostPath:`
			`path: /lib/modules`
			`- name: host-run-ovs`
			`hostPath:`
			`path: /run/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-run-ovn`
			`hostPath:`
			`path: /run/ovn`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`- name: host-sys`
			`hostPath:`
			`path: /sys`
			`- name: host-config-openvswitch`
			`hostPath:`
			`path: /etc/origin/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-config-ovn`
			`hostPath:`
			`path: /etc/origin/ovn`
			`- name: host-log-ovs`
增加网络插件kube-ovn支持 2019-05-22 11:17:42 +08:00			`hostPath:`
			`path: /var/log/openvswitch`
feat: upgrade kube-ovn to 1.5.3 #958 2021-01-18 10:21:48 +08:00			`- name: host-log-ovn`
			`hostPath:`
			`path: /var/log/ovn`
			`- name: kube-ovn-tls`
			`secret:`
			`optional: true`
			`secretName: kube-ovn-tls`