4 # Setup for Kubernetes to support the ovn-kubernetes plugin
6 # Create the namespace for ovn-kubernetes.
8 # This provisioning is done as part of installation after the cluster is
9 # up and before the ovn daemonsets are created.
19 # Setup for Kubernetes to support the ovn-kubernetes plugin
21 # Create the service account and policies.
22 # ovnkube interacts with kubernetes and the environment
23 # must be properly set up.
25 # This provisioning is done as part of installation after the cluster is
26 # up and before the ovn daemonsets are created.
32 namespace: ovn-kubernetes
35 # for now throw in all the privileges to run a pod. we can fine grain it further later.
37 apiVersion: policy/v1beta1
38 kind: PodSecurityPolicy
42 seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
44 allowPrivilegeEscalation: true
66 apiVersion: rbac.authorization.k8s.io/v1
80 verbs: ["get", "list", "watch"]
88 verbs: ["get", "list", "watch"]
95 verbs: ["create", "patch", "update"]
101 verbs: ["patch", "update"]
106 - podsecuritypolicies
112 apiVersion: rbac.authorization.k8s.io/v1
113 kind: ClusterRoleBinding
119 apiGroup: rbac.authorization.k8s.io
121 - kind: ServiceAccount
123 namespace: ovn-kubernetes
126 # The network cidr and service cidr are set in the ovn-config configmap
131 namespace: ovn-kubernetes
133 net_cidr: "{{ net_cidr }}"
134 svc_cidr: "{{ svc_cidr }}"
135 k8s_apiserver: "{{ k8s_apiserver }}"
136 mtu: "{{ mtu_value }}"