diff --git a/README.md b/README.md
index 927b79a0f91e22434f7ce320fa3bf2b96138ef0b..e2f8134f19fc80b57003cd74080a9018d8853ca4 100644
--- a/README.md
+++ b/README.md
@@ -143,7 +143,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [flanneld](https://github.com/flannel-io/flannel) v0.14.0
- [kube-ovn](https://github.com/alauda/kube-ovn) v1.7.2
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.3.1
- - [multus](https://github.com/intel/multus-cni) v3.8.0
+ - [multus](https://github.com/intel/multus-cni) v3.8
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
- [weave](https://github.com/weaveworks/weave) v2.8.1
- Application
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 19f854e67721307a7bbee4c4a8779ffd09e19f09..176780214a56979f9b49f545f264d16905618398 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -83,9 +83,9 @@ cni_version: "v0.9.1"
weave_version: 2.8.1
pod_infra_version: "3.3"
cilium_version: "v1.9.10"
-kube_ovn_version: "v1.7.2"
+kube_ovn_version: "v1.8.1"
kube_router_version: "v1.3.1"
-multus_version: "v3.8.0"
+multus_version: "v3.8"
ovn4nfv_ovn_image_version: "v1.0.0"
ovn4nfv_k8s_plugin_image_version: "v1.1.0"
helm_version: "v3.7.0"
diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml
index d0eb52794aab3a06d141631b640c6b6cf0351944..831c26bd466e7cac79bd57159a692b64ba137945 100644
--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -7,6 +7,10 @@ kube_ovn_node_cpu_request: 200m
kube_ovn_node_memory_request: 200Mi
kube_ovn_node_cpu_limit: 1000m
kube_ovn_node_memory_limit: 800Mi
+kube_ovn_cni_server_cpu_request: 200m
+kube_ovn_cni_server_memory_request: 200Mi
+kube_ovn_cni_server_cpu_limit: 1000m
+kube_ovn_cni_server_memory_limit: 1Gi
kube_ovn_controller_cpu_request: 200m
kube_ovn_controller_memory_request: 200Mi
kube_ovn_controller_cpu_limit: 1000m
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
index 07866554eb452b1aec40302cc4949208f6abf59d..9234006e21652f87bb2da87670621813bf09e90a 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2
@@ -100,15 +100,6 @@ spec:
- name: NAT
type: boolean
jsonPath: .spec.natOutgoing
- - name: ExternalEgressGateway
- type: string
- jsonPath: .spec.externalEgressGateway
- - name: PolicyRoutingPriority
- type: integer
- jsonPath: .spec.policyRoutingPriority
- - name: PolicyRoutingTableID
- type: integer
- jsonPath: .spec.policyRoutingTableID
- name: Default
type: boolean
jsonPath: .spec.default
@@ -127,6 +118,9 @@ spec:
- name: V6Available
type: number
jsonPath: .status.v6availableIPs
+ - name: ExcludeIPs
+ type: string
+ jsonPath: .spec.excludeIps
schema:
openAPIV3Schema:
type: object
@@ -214,7 +208,7 @@ spec:
type: boolean
vlan:
type: string
- underlayGateway:
+ disableGatewayCheck:
type: boolean
disableInterConnection:
type: boolean
@@ -293,11 +287,23 @@ spec:
openAPIV3Schema:
type: object
properties:
+ metadata:
+ type: object
+ properties:
+ name:
+ type: string
+ maxLength: 12
+ not:
+ enum:
+ - int
+ - external
spec:
type: object
properties:
defaultInterface:
type: string
+ maxLength: 15
+ pattern: '^[^/\s]+$'
customInterfaces:
type: array
items:
@@ -305,6 +311,8 @@ spec:
properties:
interface:
type: string
+ maxLength: 15
+ pattern: '^[^/\s]+$'
nodes:
type: array
items:
@@ -375,6 +383,9 @@ spec:
- jsonPath: .status.subnets
name: Subnets
type: string
+ - jsonPath: .spec.namespaces
+ name: Namespaces
+ type: string
name: v1
schema:
openAPIV3Schema:
@@ -466,7 +477,17 @@ spec:
listKind: VpcNatGatewayList
scope: Cluster
versions:
- - name: v1
+ - additionalPrinterColumns:
+ - jsonPath: .spec.vpc
+ name: Vpc
+ type: string
+ - jsonPath: .spec.subnet
+ name: Subnet
+ type: string
+ - jsonPath: .spec.lanIp
+ name: LanIP
+ type: string
+ name: v1
served: true
storage: true
schema:
@@ -528,3 +549,96 @@ spec:
status: {}
conversion:
strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: security-groups.kubeovn.io
+spec:
+ group: kubeovn.io
+ names:
+ plural: security-groups
+ singular: security-group
+ shortNames:
+ - sg
+ kind: SecurityGroup
+ listKind: SecurityGroupList
+ scope: Cluster
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ ingressRules:
+ type: array
+ items:
+ type: object
+ properties:
+ ipVersion:
+ type: string
+ protocol:
+ type: string
+ priority:
+ type: integer
+ remoteType:
+ type: string
+ remoteAddress:
+ type: string
+ remoteSecurityGroup:
+ type: string
+ portRangeMin:
+ type: integer
+ portRangeMax:
+ type: integer
+ policy:
+ type: string
+ egressRules:
+ type: array
+ items:
+ type: object
+ properties:
+ ipVersion:
+ type: string
+ protocol:
+ type: string
+ priority:
+ type: integer
+ remoteType:
+ type: string
+ remoteAddress:
+ type: string
+ remoteSecurityGroup:
+ type: string
+ portRangeMin:
+ type: integer
+ portRangeMax:
+ type: integer
+ policy:
+ type: string
+ allowSameGroupTraffic:
+ type: boolean
+ status:
+ type: object
+ properties:
+ portGroup:
+ type: string
+ allowSameGroupTraffic:
+ type: boolean
+ ingressMd5:
+ type: string
+ egressMd5:
+ type: string
+ ingressLastSyncSuccess:
+ type: boolean
+ egressLastSyncSuccess:
+ type: boolean
+ subresources:
+ status: {}
+ conversion:
+ strategy: None
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
index ec05e76c40c8db5dbe4096283435d82af737ca93..e9cadc2b9876ac85754b3926fb52eca12de79604 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -45,6 +45,9 @@ spec:
args:
- --default-cidr={{ kube_pods_subnet }}
- --pod-nic-type=veth-pair
+ - --enable-lb=true
+ - --enable-np=true
+ - --enable-external-vpc=true
env:
- name: ENABLE_SSL
value: "{{ enable_ssl | lower }}"
@@ -194,6 +197,13 @@ spec:
initialDelaySeconds: 30
periodSeconds: 7
failureThreshold: 5
+ resources:
+ requests:
+ cpu: {{ kube_ovn_cni_server_cpu_request }}
+ memory: {{ kube_ovn_cni_server_memory_request }}
+ limits:
+ cpu: {{ kube_ovn_cni_server_cpu_limit }}
+ memory: {{ kube_ovn_cni_server_memory_limit }}
nodeSelector:
kubernetes.io/os: "linux"
volumes:
diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
index b9017598635e6bd520470361ef0bc39b5321e122..a8505df26a2267173592059c5f8135da1f40fcab 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
@@ -70,6 +70,8 @@ rules:
- provider-networks
- provider-networks/status
- networks
+ - security-groups
+ - security-groups/status
verbs:
- "*"
- apiGroups: