1 # yamllint disable rule:hyphens rule:commas rule:indentation
5 # Setup for Kubernetes to support the ovn-kubernetes plugin
7 # Create the namespace for ovn-kubernetes.
9 # This provisioning is done as part of installation after the cluster is
10 # up and before the ovn daemonsets are created.
20 # Setup for Kubernetes to support the ovn-kubernetes plugin
22 # Create the service account and policies.
23 # ovnkube interacts with kubernetes and the environment
24 # must be properly set up.
26 # This provisioning is done as part of installation after the cluster is
27 # up and before the ovn daemonsets are created.
33 namespace: ovn-kubernetes
36 # for now throw in all the privileges to run a pod. we can fine grain it further later.
38 apiVersion: policy/v1beta1
39 kind: PodSecurityPolicy
43 seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
45 allowPrivilegeEscalation: true
67 apiVersion: rbac.authorization.k8s.io/v1
81 verbs: ["get", "list", "watch"]
89 verbs: ["get", "list", "watch"]
96 verbs: ["create", "patch", "update"]
102 verbs: ["patch", "update"]
107 - podsecuritypolicies
113 apiVersion: rbac.authorization.k8s.io/v1
114 kind: ClusterRoleBinding
120 apiGroup: rbac.authorization.k8s.io
122 - kind: ServiceAccount
124 namespace: ovn-kubernetes
127 # The network cidr and service cidr are set in the ovn-config configmap
132 namespace: ovn-kubernetes
134 net_cidr: "192.168.0.0/16"
135 svc_cidr: "172.16.1.0/24"
136 k8s_apiserver: "https://10.169.41.225:6443"