diff --git a/README.md b/README.md
index 2c3e3fac750b984bf6460966ba7a6cb10d7ea1bd..8291528ad8b2957cc56262efdb22b3287153bc18 100644
--- a/README.md
+++ b/README.md
@@ -139,7 +139,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [canal](https://github.com/projectcalico/canal) (given calico/flannel versions)
- [cilium](https://github.com/cilium/cilium) v1.8.8
- [flanneld](https://github.com/coreos/flannel) v0.13.0
- - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.1
+ - [kube-ovn](https://github.com/alauda/kube-ovn) v1.6.2
- [kube-router](https://github.com/cloudnativelabs/kube-router) v1.2.0
- [multus](https://github.com/intel/multus-cni) v3.7.0
- [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 54702d6adf56755a50e6458cd87dc1711c7bddb4..4ffd1a6474713ca15491a6a637f14d49aec19f83 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -78,7 +78,7 @@ cni_version: "v0.9.0"
weave_version: 2.8.1
pod_infra_version: "3.3"
cilium_version: "v1.8.8"
-kube_ovn_version: "v1.6.1"
+kube_ovn_version: "v1.6.2"
kube_router_version: "v1.2.0"
multus_version: "v3.7"
ovn4nfv_ovn_image_version: "v1.0.0"
diff --git a/roles/network_plugin/kube-ovn/defaults/main.yml b/roles/network_plugin/kube-ovn/defaults/main.yml
index a4e43917e0b3190530d6cebd12c103f7afb5ec30..5bbb84b779da5a8580519669d2aa642f56f16c7f 100644
--- a/roles/network_plugin/kube-ovn/defaults/main.yml
+++ b/roles/network_plugin/kube-ovn/defaults/main.yml
@@ -15,6 +15,9 @@ kube_ovn_pinger_cpu_request: 100m
kube_ovn_pinger_memory_request: 200Mi
kube_ovn_pinger_cpu_limit: 200m
kube_ovn_pinger_memory_limit: 400Mi
+kube_ovn_monitor_cpu_request: 500m
+kube_ovn_monitor_memory_request: 300Mi
traffic_mirror: true
-encap_checksum: true
+encap_checksum: false
+enable_ssl: false
diff --git a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
index c0a20449b6fb12c8de900c653deea5ec047cd1ce..e71e9686959b7f5342be7502161dca549dd62bbc 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2
@@ -47,7 +47,7 @@ spec:
- --default-cidr={{ kube_pods_subnet }}
env:
- name: ENABLE_SSL
- value: "false"
+ value: "{{ enable_ssl }}"
- name: POD_NAME
valueFrom:
fieldRef:
@@ -146,7 +146,7 @@ spec:
privileged: true
env:
- name: ENABLE_SSL
- value: "false"
+ value: "{{ enable_ssl }}"
- name: POD_IP
valueFrom:
fieldRef:
@@ -240,7 +240,7 @@ spec:
privileged: false
env:
- name: ENABLE_SSL
- value: "false"
+ value: "{{ enable_ssl }}"
- name: POD_IP
valueFrom:
fieldRef:
diff --git a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2 b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
index 1d6c643195bc747f5bf7aa33dfdadb52843f9224..d2c41fe92a4b58634df67fe4b64a8235a2830d64 100644
--- a/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
+++ b/roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2
@@ -155,6 +155,39 @@ spec:
ovn-sb-leader: "true"
sessionAffinity: None
---
+kind: Service
+apiVersion: v1
+metadata:
+ name: ovn-northd
+ namespace: kube-system
+spec:
+ ports:
+ - name: ovn-northd
+ protocol: TCP
+ port: 6643
+ targetPort: 6643
+ type: ClusterIP
+ selector:
+ app: ovn-central
+ ovn-northd-leader: "true"
+ sessionAffinity: None
+---
+kind: Service
+apiVersion: v1
+metadata:
+ name: kube-ovn-monitor
+ namespace: kube-system
+ labels:
+ app: kube-ovn-monitor
+spec:
+ ports:
+ - name: metrics
+ port: 10661
+ type: ClusterIP
+ selector:
+ app: ovn-central
+ sessionAffinity: None
+---
kind: Deployment
apiVersion: apps/v1
metadata:
@@ -193,6 +226,7 @@ spec:
priorityClassName: system-cluster-critical
serviceAccountName: ovn
hostNetwork: true
+ shareProcessNamespace: true
containers:
- name: ovn-central
image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
@@ -203,7 +237,7 @@ spec:
add: ["SYS_NICE"]
env:
- name: ENABLE_SSL
- value: "false"
+ value: "{{ enable_ssl }}"
- name: POD_IP
valueFrom:
fieldRef:
@@ -257,6 +291,63 @@ spec:
periodSeconds: 7
failureThreshold: 5
timeoutSeconds: 45
+ - name: ovn-monitor
+ image: {{ kube_ovn_container_image_repo }}:{{ kube_ovn_container_image_tag }}
+ imagePullPolicy: {{ k8s_image_pull_policy }}
+ command: ["/kube-ovn/start-ovn-monitor.sh"]
+ env:
+ - name: ENABLE_SSL
+ value: "{{ enable_ssl }}"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ resources:
+ requests:
+ cpu: {{ kube_ovn_monitor_cpu_request }}
+ memory: {{ kube_ovn_monitor_memory_request }}
+ volumeMounts:
+ - mountPath: /var/run/openvswitch
+ name: host-run-ovs
+ - mountPath: /var/run/ovn
+ name: host-run-ovn
+ - mountPath: /sys
+ name: host-sys
+ readOnly: true
+ - mountPath: /etc/openvswitch
+ name: host-config-openvswitch
+ - mountPath: /etc/ovn
+ name: host-config-ovn
+ - mountPath: /var/log/openvswitch
+ name: host-log-ovs
+ - mountPath: /var/log/ovn
+ name: host-log-ovn
+ - mountPath: /var/run/tls
+ name: kube-ovn-tls
+ readinessProbe:
+ exec:
+ command:
+ - cat
+ - /var/run/ovn/ovnnb_db.pid
+ periodSeconds: 3
+ timeoutSeconds: 45
+ livenessProbe:
+ exec:
+ command:
+ - cat
+ - /var/run/ovn/ovn-nbctl.pid
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ failureThreshold: 5
+ timeoutSeconds: 45
nodeSelector:
kubernetes.io/os: "linux"
kube-ovn/role: "master"
@@ -325,7 +416,7 @@ spec:
privileged: true
env:
- name: ENABLE_SSL
- value: "false"
+ value: "{{ enable_ssl }}"
- name: POD_IP
valueFrom:
fieldRef: