--- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: networks.k8s.plugin.opnfv.org spec: group: k8s.plugin.opnfv.org names: kind: Network listKind: NetworkList plural: networks singular: network scope: Namespaced subresources: status: {} validation: openAPIV3Schema: properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' type: string metadata: type: object spec: properties: cniType: description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' type: string dns: properties: domain: type: string nameservers: items: type: string type: array options: items: type: string type: array search: items: type: string type: array type: object ipv4Subnets: items: properties: excludeIps: type: string gateway: type: string name: type: string subnet: type: string required: - name - subnet type: object type: array ipv6Subnets: items: properties: excludeIps: type: string gateway: type: string name: type: string subnet: type: string required: - name - subnet type: object type: array routes: items: properties: dst: type: string gw: type: string required: - dst type: object type: array required: - cniType - ipv4Subnets type: object status: properties: state: description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' type: string required: - state type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: providernetworks.k8s.plugin.opnfv.org spec: group: k8s.plugin.opnfv.org names: kind: ProviderNetwork listKind: ProviderNetworkList plural: providernetworks singular: providernetwork scope: Namespaced subresources: status: {} validation: openAPIV3Schema: description: ProviderNetwork is the Schema for the providernetworks API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ProviderNetworkSpec defines the desired state of ProviderNetwork properties: cniType: description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' type: string direct: properties: directNodeSelector: type: string nodeLabelList: items: type: string type: array providerInterfaceName: type: string required: - directNodeSelector - providerInterfaceName type: object dns: properties: domain: type: string nameservers: items: type: string type: array options: items: type: string type: array search: items: type: string type: array type: object ipv4Subnets: items: properties: excludeIps: type: string gateway: type: string name: type: string subnet: type: string required: - name - subnet type: object type: array ipv6Subnets: items: properties: excludeIps: type: string gateway: type: string name: type: string subnet: type: string required: - name - subnet type: object type: array providerNetType: type: string routes: items: properties: dst: type: string gw: type: string required: - dst type: object type: array vlan: properties: logicalInterfaceName: type: string nodeLabelList: items: type: string type: array providerInterfaceName: type: string vlanId: type: string vlanNodeSelector: type: string required: - providerInterfaceName - vlanId - vlanNodeSelector type: object required: - cniType - ipv4Subnets - providerNetType type: object status: description: ProviderNetworkStatus defines the observed state of ProviderNetwork properties: state: description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "operator-sdk generate k8s" to regenerate code after modifying this file Add custom validation using kubebuilder tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html' type: string required: - state type: object type: object version: v1alpha1 versions: - name: v1alpha1 served: true storage: true --- apiVersion: v1 kind: ServiceAccount metadata: name: k8s-nfn-sa namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: k8s-nfn-cr rules: - apiGroups: - "" resources: - pods - pods/status - services - endpoints - persistentvolumeclaims - events - configmaps - secrets - nodes verbs: - '*' - apiGroups: - apps resources: - deployments - daemonsets - replicasets - statefulsets verbs: - '*' - apiGroups: - monitoring.coreos.com resources: - servicemonitors verbs: - get - create - apiGroups: - apps resourceNames: - nfn-operator resources: - deployments/finalizers verbs: - update - apiGroups: - k8s.plugin.opnfv.org resources: - '*' - providernetworks verbs: - '*' --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: k8s-nfn-crb subjects: - kind: Group name: system:serviceaccounts apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: k8s-nfn-cr apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: Service metadata: name: nfn-operator namespace: kube-system spec: type: NodePort ports: - port: 50000 protocol: TCP targetPort: 50000 selector: name: nfn-operator --- apiVersion: v1 kind: ConfigMap metadata: name: ovn-controller-network namespace: kube-system data: OVN_SUBNET: "10.244.64.0/18" OVN_GATEWAYIP: "10.244.64.20/18" OVN_EXCLUDEIPS: "10.244.64.0..10.244.64.16" --- apiVersion: apps/v1 kind: Deployment metadata: name: nfn-operator namespace: kube-system spec: replicas: 1 selector: matchLabels: name: nfn-operator template: metadata: labels: name: nfn-operator spec: hostNetwork: true affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - key: ovn4nfv-k8s-plugin operator: In values: - ovn-control-plane tolerations: - key: "node-role.kubernetes.io/master" effect: "NoSchedule" operator: "Exists" serviceAccountName: k8s-nfn-sa containers: - name: nfn-operator image: integratedcloudnative/ovn4nfv-k8s-plugin:master command: ["/usr/local/bin/entrypoint", "operator"] imagePullPolicy: IfNotPresent envFrom: - configMapRef: name: ovn-controller-network ports: - containerPort: 50000 protocol: TCP env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "nfn-operator" --- kind: ConfigMap apiVersion: v1 metadata: name: ovn4nfv-cni-config namespace: kube-system labels: app: ovn4nfv data: ovn4nfv_k8s.conf: | [logging] loglevel=5 logfile=/var/log/openvswitch/ovn4k8s.log [cni] conf-dir=/etc/cni/net.d plugin=ovn4nfvk8s-cni [kubernetes] kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig 00-network.conf: | { "name": "ovn4nfv-k8s-plugin", "type": "ovn4nfvk8s-cni", "cniVersion": "0.3.1" } --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: ovn4nfv-cni namespace: kube-system labels: app: ovn4nfv spec: updateStrategy: type: RollingUpdate template: metadata: labels: app: ovn4nfv spec: hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: k8s-nfn-sa containers: - name: ovn4nfv image: integratedcloudnative/ovn4nfv-k8s-plugin:master command: ["/usr/local/bin/entrypoint", "cni"] imagePullPolicy: IfNotPresent resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true volumeMounts: - name: cni mountPath: /host/etc/cni/net.d - name: cnibin mountPath: /host/opt/cni/bin - name: cniconf mountPath: /host/etc/openvswitch - name: ovn4nfv-cfg mountPath: /tmp/ovn4nfv-conf - name: ovn4nfv-cni-net-conf mountPath: /tmp/ovn4nfv-cni volumes: - name: cni hostPath: path: /etc/cni/net.d - name: cnibin hostPath: path: /opt/cni/bin - name: cniconf hostPath: path: /etc/openvswitch - name: ovn4nfv-cfg configMap: name: ovn4nfv-cni-config items: - key: ovn4nfv_k8s.conf path: ovn4nfv_k8s.conf - name: ovn4nfv-cni-net-conf configMap: name: ovn4nfv-cni-config items: - key: 00-network.conf path: 00-network.conf --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: nfn-agent namespace: kube-system labels: app: nfn-agent spec: updateStrategy: type: RollingUpdate template: metadata: labels: app: nfn-agent spec: hostNetwork: true hostPID: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - operator: Exists effect: NoSchedule serviceAccountName: k8s-nfn-sa containers: - name: nfn-agent image: integratedcloudnative/ovn4nfv-k8s-plugin:master command: ["/usr/local/bin/entrypoint", "agent"] resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" env: - name: NFN_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName securityContext: runAsUser: 0 capabilities: add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"] privileged: true volumeMounts: - mountPath: /var/run/dbus/ name: host-var-run-dbus readOnly: true - mountPath: /run/openvswitch name: host-run-ovs - mountPath: /var/run/openvswitch name: host-var-run-ovs - mountPath: /var/run/ovn4nfv-k8s-plugin name: host-var-cniserver-socket-dir volumes: - name: host-run-ovs hostPath: path: /run/openvswitch - name: host-var-run-ovs hostPath: path: /var/run/openvswitch - name: host-var-run-dbus hostPath: path: /var/run/dbus - name: host-var-cniserver-socket-dir hostPath: path: /var/run/ovn4nfv-k8s-plugin