kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: ovs-cni-marker-cr rules: - apiGroups: - "" resources: - nodes - nodes/status verbs: - get - update - patch --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: ovs-cni-marker-crb roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ovs-cni-marker-cr subjects: - kind: ServiceAccount name: ovs-cni-marker namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: ovs-cni-marker namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: name: ovs-cni-amd64 namespace: kube-system labels: tier: node app: ovs-cni spec: selector: matchLabels: app: ovs-cni template: metadata: labels: tier: node app: ovs-cni spec: serviceAccountName: ovs-cni-marker hostNetwork: true nodeSelector: beta.kubernetes.io/arch: amd64 tolerations: - key: node-role.kubernetes.io/master operator: Exists effect: NoSchedule containers: - name: ovs-cni-plugin image: quay.io/kubevirt/ovs-cni-plugin:latest imagePullPolicy: IfNotPresent resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true volumeMounts: - name: cnibin mountPath: /host/opt/cni/bin - name: ovs-cni-marker image: quay.io/kubevirt/ovs-cni-marker:latest imagePullPolicy: IfNotPresent securityContext: privileged: true args: - -node-name - $(NODE_NAME) - -ovs-socket - /host/var/run/openvswitch/db.sock volumeMounts: - name: ovs-var-run mountPath: /host/var/run/openvswitch env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - name: cnibin hostPath: path: /opt/cni/bin - name: ovs-var-run hostPath: path: /var/run/openvswitch