Update kube-ovn v1.13.0-ge1310e17 and enable image building

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>

Makefile

@@ -3,6 +3,7 @@
 build:
 	make -C packages/apps/http-cache image
 	make -C packages/apps/kubernetes image
+	make -C packages/system/kubeovn image
 	make -C packages/system/dashboard image
 	make -C packages/core/installer image
 	make manifests

packages/apps/Makefile

@@ -11,7 +11,7 @@ repo:
 	rm -rf "$(TMP)"
 
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done
+	find . -maxdepth 2 -name Chart.yaml  | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done
 
 gen-versions-map: fix-chartnames
 	../../hack/gen_versions_map.sh

packages/apps/kubernetes/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.3.0
+version: 0.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/kubernetes/templates/cluster.yaml

@@ -39,7 +39,9 @@ metadata:
 spec:
   dataStoreName: "{{ $etcd }}"
   addons:
-    coreDNS: {}
+    coreDNS:
+      dnsServiceIPs:
+      - 10.95.0.10
     konnectivity: {}
   kubelet:
     cgroupfs: systemd
@@ -55,7 +57,7 @@ spec:
       className: "{{ $ingress }}"
   deployment:
   replicas: 2
-  version: 1.29.0
+  version: 1.29.4
 ---
 apiVersion: infrastructure.cluster.x-k8s.io/v1alpha1
 kind: KubevirtCluster
@@ -176,5 +178,5 @@ spec:
         kind: KubevirtMachineTemplate
         name: {{ $.Release.Name }}-{{ $groupName }}
         namespace: default
-      version: v1.29.0
+      version: v1.29.4
 {{- end }}

packages/apps/kubernetes/templates/helmreleases/cilium.yaml

@@ -26,7 +26,9 @@ spec:
   values:
     cilium:
       tunnel: disabled
-      autoDirectNodeRoutes: true
+      autoDirectNodeRoutes: false
+      bpf:
+        masquerade: true
       cgroup:
         autoMount:
           enabled: true
@@ -38,9 +40,9 @@ spec:
         chainingMode: ~
         customConf: false
         configMap: ""
-      routingMode: native
+      routingMode: tunnel
       enableIPv4Masquerade: true
-      ipv4NativeRoutingCIDR: "10.244.0.0/16"
+      ipv4NativeRoutingCIDR: ""
   dependsOn:
   - name: {{ .Release.Name }}
     namespace: {{ .Release.Namespace }}

packages/apps/postgres/Chart.yaml

@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.0
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

packages/apps/postgres/templates/init-script.yaml

@@ -100,13 +100,13 @@ stringData:
     echo "== assign roles to users"
     psql -v ON_ERROR_STOP=1 --echo-all <<\EOT
     {{- range $database, $d := .Values.databases }}
-    {{- range $user, $u := $.Values.roles }}
-    {{- if has $user $d.users.admin }}
+    {{- range $user, $u := $.Values.users }}
+    {{- if has $user $d.roles.admin }}
     GRANT {{ $database }}_admin TO {{ $user }};
     {{- else }}
     REVOKE {{ $database }}_admin FROM {{ $user }};
     {{- end }}
-    {{- if has $user $d.users.readonly }}
+    {{- if has $user $d.roles.readonly }}
     GRANT {{ $database }}_readonly TO {{ $user }};
     {{- else }}
     REVOKE {{ $database }}_readonly FROM {{ $user }};

packages/apps/versions_map

@@ -6,12 +6,14 @@ kafka 0.1.0 760f86d2
 kafka 0.2.0 HEAD
 kubernetes 0.1.0 f642698
 kubernetes 0.2.0 7cd7de73
-kubernetes 0.3.0 HEAD
+kubernetes 0.3.0 7caccec1
+kubernetes 0.4.0 HEAD
 mysql 0.1.0 f642698
 mysql 0.2.0 8b975ff0
 mysql 0.3.0 HEAD
 postgres 0.1.0 f642698
-postgres 0.2.0 HEAD
+postgres 0.2.0 7cd7de73
+postgres 0.2.1 HEAD
 rabbitmq 0.1.0 f642698
 rabbitmq 0.2.0 HEAD
 redis 0.1.1 f642698

packages/core/fluxcd/Makefile

@@ -11,3 +11,10 @@ apply:
 
 diff:
 	helm template -n $(NAMESPACE) $(NAME) . --no-hooks --dry-run=server $(API_VERSIONS_FLAGS) | kubectl diff -n $(NAMESPACE) -f-
+
+update:
+	rm -rf charts
+	helm repo add fluxcd-community https://fluxcd-community.github.io/helm-charts
+	helm repo update fluxcd-community
+	helm pull fluxcd-community/flux2 --untar --untardir charts
+	sed -i 's/\.{{ \.Values\.clusterDomain | default "cluster\.local" }}\.//g' `grep -rl '.{{ .Values.clusterDomain | default "cluster.local" }}.' charts`

packages/core/fluxcd/charts/flux2/templates/helm-controller.yaml

@@ -44,7 +44,7 @@ spec:
         - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default"  }}
         {{- end}}
         {{- if .Values.notificationController.create }}
-        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc
         {{- end}}
         - --watch-all-namespaces={{ .Values.watchAllNamespaces }}
         - --log-level={{ .Values.logLevel | default "info" }}

packages/core/fluxcd/charts/flux2/templates/image-automation-controller.yaml

@@ -43,7 +43,7 @@ spec:
         - --no-cross-namespace-refs=true
         {{- end}}
         {{- if .Values.notificationController.create }}
-        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc
         {{- end}}
         - --watch-all-namespaces={{ .Values.watchAllNamespaces }}
         - --log-level={{ .Values.logLevel | default "info" }}

packages/core/fluxcd/charts/flux2/templates/image-reflector-controller.yaml

@@ -43,7 +43,7 @@ spec:
         - --no-cross-namespace-refs=true
         {{- end}}
         {{- if .Values.notificationController.create }}
-        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc
         {{- end}}
         - --watch-all-namespaces={{ .Values.watchAllNamespaces }}
         - --log-level={{ .Values.logLevel | default "info" }}

packages/core/fluxcd/charts/flux2/templates/kustomize-controller.yaml

@@ -44,7 +44,7 @@ spec:
         - --default-service-account={{ .Values.multitenancy.defaultServiceAccount | default "default"  }}
         {{- end}}
         {{- if .Values.notificationController.create }}
-        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc
         {{- end}}
         - --watch-all-namespaces={{ .Values.watchAllNamespaces }}
         - --log-level={{ .Values.logLevel | default "info" }}

packages/core/fluxcd/charts/flux2/templates/source-controller.yaml

@@ -38,14 +38,14 @@ spec:
       containers:
       - args:
         {{- if .Values.notificationController.create }}
-        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --events-addr=http://notification-controller.$(RUNTIME_NAMESPACE).svc
         {{- end}}
         - --watch-all-namespaces={{ .Values.watchAllNamespaces }}
         - --log-level={{ .Values.logLevel | default "info" }}
         - --log-encoding=json
         - --enable-leader-election
         - --storage-path=/data
-        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.{{ .Values.clusterDomain | default "cluster.local" }}.
+        - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc
         {{- range .Values.sourceController.container.additionalArgs }}
         - {{ . }}
         {{- end}}

packages/core/installer/Makefile

@@ -34,8 +34,8 @@ image-cozystack:
 image-talos:
 	test -f ../../../_out/assets/installer-amd64.tar || make talos-installer
 	docker load -i ../../../_out/assets/installer-amd64.tar
-	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
-	docker push ghcr.io/aenix-io/cozystack/talos:$(call settag,$(TALOS_VERSION))
+	docker tag ghcr.io/siderolabs/installer:$(TALOS_VERSION) $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
+	docker push $(REGISTRY)/talos:$(call settag,$(TALOS_VERSION))
 
 image-matchbox:
 	test -f ../../../_out/assets/kernel-amd64 || make talos-kernel

packages/extra/Makefile

@@ -11,7 +11,7 @@ repo:
 	rm -rf "$(TMP)"
 
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done
+	find . -maxdepth 2 -name Chart.yaml | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: $$i/" "$$i/Chart.yaml"; done
 
 gen-versions-map: fix-chartnames
 	../../hack/gen_versions_map.sh

packages/extra/etcd/Chart.yaml

@@ -3,4 +3,4 @@ name: etcd
 description: Storage for Kubernetes clusters
 icon: https://www.svgrepo.com/show/353714/etcd.svg
 type: application
-version: 2.0.1
+version: 2.1.0

packages/extra/etcd/templates/etcd-cluster.yaml

@@ -15,6 +15,9 @@ metadata:
 spec:
   options:
     quota-backend-bytes: {{ include "calculateQuotaBackendBytes" .Values.size | quote }}
+    auto-compaction-mode: "periodic"
+    auto-compaction-retention: "5m"
+    snapshot-count: "10000"
   replicas: {{ .Values.replicas }}
   storage:
     volumeClaimTemplate:

packages/extra/etcd/templates/etcd-defrag.yaml

@@ -0,0 +1,31 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}-defrag
+spec:
+  schedule: "0 * * * *"
+  successfulJobsHistoryLimit: 3
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: etcd-defrag
+            image: ghcr.io/ahrtr/etcd-defrag:v0.13.0
+            args:
+            - --endpoints={{ range $i, $e := until (int .Values.replicas) }}{{ if $i }},{{ end }}https://{{ $.Release.Name }}-{{ $i }}.{{ $.Release.Name }}-headless.{{ $.Release.Namespace }}.svc:2379{{ end }}
+            - --cacert=/etc/etcd/pki/client/cert/ca.crt
+            - --cert=/etc/etcd/pki/client/cert/tls.crt
+            - --key=/etc/etcd/pki/client/cert/tls.key
+            - --cluster
+            - --defrag-rule
+            - "dbQuotaUsage > 0.8 || dbSize - dbSizeInUse > 200*1024*1024"
+            volumeMounts:
+            - mountPath: /etc/etcd/pki/client/cert
+              name: client-certificate
+              readOnly: true
+          volumes:
+          - name: client-certificate
+            secret:
+              secretName: {{ .Release.Name }}-client-tls
+          restartPolicy: OnFailure

packages/extra/versions_map

@@ -1,5 +1,6 @@
 etcd 1.0.0 f7eaab0
 etcd 2.0.0 a6d0f7cf
-etcd 2.0.1 HEAD
+etcd 2.0.1 6fc1cc7d
+etcd 2.1.0 HEAD
 ingress 1.0.0 HEAD
 monitoring 1.0.0 HEAD

packages/system/Makefile

@@ -9,4 +9,4 @@ repo:
 	cd "$(OUT)" && helm repo index .
 
 fix-chartnames:
-	find . -name Chart.yaml -maxdepth 2 | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done
+	find . -maxdepth 2 -name Chart.yaml | awk -F/ '{print $$2}' | while read i; do sed -i "s/^name: .*/name: cozy-$$i/" "$$i/Chart.yaml"; done

packages/system/dashboard/Makefile

@@ -14,6 +14,7 @@ update-chart:
 	helm pull bitnami/kubeapps --untar --untardir charts
 	rm -rf charts/kubeapps/charts/postgresql/
 	ln -s ../../images charts/kubeapps/images
+	sed -i 's/.cluster.local//g' charts/kubeapps/templates/kubeappsapis/deployment.yaml
 
 update-dockerfiles:
 	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/vmware-tanzu/kubeapps  | awk -F'[/^]' 'END{print $$3}') && \

packages/system/dashboard/charts/kubeapps/templates/kubeappsapis/deployment.yaml

@@ -133,7 +133,7 @@ spec:
             # longer-term pass something to the plugins so that the plugins won't need to
             # know these details). Currently they're used directly by the flux plugin
             - name: REDIS_ADDR
-              value: {{ printf "%s-master.%s.svc.cluster.local:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }}
+              value: {{ printf "%s-master.%s.svc:6379" (include "kubeapps.redis.fullname" .) .Release.Namespace }}
             - name: REDIS_PASSWORD
               valueFrom:
                 secretKeyRef:

packages/system/kamaji/values.yaml

@@ -1,3 +1,8 @@
 kamaji:
   etcd:
     deploy: false
+
+  # Fix https://github.com/clastix/kamaji/pull/467
+  image:
+    repository: ghcr.io/kvaps/test
+    tag: kamaji-v0.6.0-fix

packages/system/kubeovn/Makefile

@@ -1,9 +1,28 @@
+KUBEOVN_TAG = v1.13.0
+
 NAME=kubeovn
 NAMESPACE=cozy-$(NAME)
 
+include ../../../scripts/common-envs.mk
 include ../../../scripts/package-system.mk
 
 update:
 	rm -rf charts && mkdir -p charts/kube-ovn
 	curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \
-	tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts
+	tar xzvf - --strip 1 kube-ovn-master/charts
+	patch -p4 --no-backup-if-mismatch < patches/cozyconfig.diff
+	ln -s ../../images charts/kube-ovn/images
+	sed -i '/image:/ s/{{.*}}/{{ include "kubeovn.image" . }}/g' `grep -rl image: charts/kube-ovn/templates/`
+
+image:
+	docker buildx build images/kubeovn \
+		--provenance false \
+		--tag $(REGISTRY)/kubeovn:$(call settag,$(TAG)) \
+		--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)) \
+		--tag $(REGISTRY)/kubeovn:$(call settag,$(KUBEOVN_TAG)-$(TAG)) \
+		--cache-from type=registry,ref=$(REGISTRY)/kubeovn:latest \
+		--cache-to type=inline \
+		--metadata-file images/kubeovn.json \
+		--push=$(PUSH) \
+		--load=$(LOAD)
+	echo "$(REGISTRY)/kubeovn:$(call settag,$(TAG))" > images/kubeovn.tag

packages/system/kubeovn/charts/kube-ovn/Chart.yaml

@@ -15,10 +15,12 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 1.13.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
 appVersion: "1.13.0"
+
+kubeVersion: ">= 1.23.0-0"

packages/system/kubeovn/charts/kube-ovn/README.md

@@ -10,13 +10,13 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=mast
 $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
 
 # standard install 
-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}
+$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0}
 
 # high availability install
-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
+$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
 
 # upgrade to this version
-$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
+$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
 ```
 
 If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
@@ -32,7 +32,7 @@ machine:
     - name: openvswitch
 ```
 
-and use the following options for install this Helm-chart:
+and use the following options to install this Helm-chart:
 
 ```
 --set cni_conf.MOUNT_LOCAL_BIN_DIR=false

packages/system/kubeovn/charts/kube-ovn/images

@@ -0,0 +1 @@
+../../images

packages/system/kubeovn/charts/kube-ovn/kube-ovn/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: kube-ovn
-description: Helm chart for Kube-OVN
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.13.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "1.13.0"

packages/system/kubeovn/charts/kube-ovn/kube-ovn/README.md

@@ -1,42 +0,0 @@
-# Kube-OVN-helm
-
-Currently supported version: 1.9
-
-Installation :
-
-```bash
-$ kubectl label node -lbeta.kubernetes.io/os=linux kubernetes.io/os=linux --overwrite
-$ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=master --overwrite
-$ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
-
-# standard install 
-$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0}
-
-# high availability install
-$ helm install --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
-
-# upgrade to this version
-$ helm upgrade --debug kubeovn ./charts/kube-ovn --set MASTER_NODES=${Node0},${Node1},${Node2}
-```
-
-If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
-
-### Talos Linux
-
-To install Kube-OVN on Talos Linux, declare openvswitch module in machine config:
-
-```
-machine:
-  kernel:
-    modules:
-    - name: openvswitch
-```
-
-and use the following options to install this Helm-chart:
-
-```
---set cni_conf.MOUNT_LOCAL_BIN_DIR=false
---set OPENVSWITCH_DIR=/var/lib/openvswitch
---set OVN_DIR=/var/lib/ovn
---set DISABLE_MODULES_MANAGEMENT=true
-```

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/_helpers.tpl

@@ -1,54 +0,0 @@
-{{/*
-Get IP-addresses of master nodes
-*/}}
-{{- define "kubeovn.nodeIPs" -}}
-{{- $nodes := lookup "v1" "Node" "" "" -}}
-{{- $ips := list -}}
-{{- range $node := $nodes.items -}}
-  {{- $label := splitList "=" $.Values.MASTER_NODES_LABEL }}
-  {{- $key := index $label 0 }}
-  {{- $val := "" }}
-  {{- if eq (len $label) 2 }}
-  {{- $val = index $label 1 }}
-  {{- end }}
-  {{- if eq (index $node.metadata.labels $key) $val -}}
-    {{- range $address := $node.status.addresses -}}
-      {{- if eq $address.type "InternalIP" -}}
-        {{- $ips = append $ips $address.address -}}
-        {{- break -}}
-      {{- end -}}
-    {{- end -}}
-  {{- end -}}
-{{- end -}}
-{{ join "," $ips }}
-{{- end -}}
-
-{{/*
-Number of master nodes
-*/}}
-{{- define "kubeovn.nodeCount" -}}
-  {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
-{{- end -}}
-
-{{- define "kubeovn.ovs-ovn.updateStrategy" -}}
-  {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
-  {{- if $ds -}}
-    {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}}
-      RollingUpdate
-    {{- else -}}
-      {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
-      {{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
-      {{- if regexMatch $versionRegex $imageVersion -}}
-        {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
-          RollingUpdate
-        {{- else -}}
-          OnDelete
-        {{- end -}}
-      {{- else -}}
-        OnDelete
-      {{- end -}}
-    {{- end -}}
-  {{- else -}}
-    RollingUpdate
-  {{- end -}}
-{{- end -}}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/central-deploy.yaml

@@ -1,161 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: ovn-central
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      OVN components: northd, nb and sb.
-spec:
-  replicas: {{ include "kubeovn.nodeCount" . }}
-  strategy:
-    rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: ovn-central
-  template:
-    metadata:
-      labels:
-        app: ovn-central
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: ovn-central
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: ovn-ovs
-      hostNetwork: true
-      containers:
-        - name: ovn-central
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: 
-          - /kube-ovn/start-db.sh
-          securityContext:
-            capabilities:
-              add: ["SYS_NICE"]
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: NODE_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: POD_IPS
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIPs
-            - name: ENABLE_BIND_LOCAL_IP
-              value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-            - name: PROBE_INTERVAL
-              value: "{{ .Values.networking.PROBE_INTERVAL }}"
-            - name: OVN_NORTHD_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}"
-            - name: OVN_LEADER_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}"
-            - name: OVN_NORTHD_N_THREADS
-              value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
-            - name: ENABLE_COMPACT
-              value: "{{ .Values.networking.ENABLE_COMPACT }}"
-            {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
-            - name: OVN_VERSION_COMPATIBILITY
-              value: "21.06"
-            {{- end }}
-          resources:
-            requests:
-              cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
-              memory: {{ index .Values "ovn-central" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
-              memory: {{ index .Values "ovn-central" "limits" "memory" }}
-          volumeMounts:
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/openvswitch
-              name: host-log-ovs
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          readinessProbe:
-            exec:
-              command:
-                - bash
-                - /kube-ovn/ovn-healthcheck.sh
-            periodSeconds: 15
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              command:
-                - bash
-                - /kube-ovn/ovn-healthcheck.sh
-            initialDelaySeconds: 30
-            periodSeconds: 15
-            failureThreshold: 5
-            timeoutSeconds: 45
-      nodeSelector:
-        kubernetes.io/os: "linux"
-        {{- with splitList "=" .Values.MASTER_NODES_LABEL }}
-        {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}"
-        {{- end }}
-      volumes:
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-config-ovn
-          hostPath:
-            path: {{ .Values.OVN_DIR }}
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-deploy.yaml

@@ -1,190 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: kube-ovn-controller
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      kube-ovn controller
-spec:
-  replicas: {{ include "kubeovn.nodeCount" . }}
-  selector:
-    matchLabels:
-      app: kube-ovn-controller
-  strategy:
-    rollingUpdate:
-      maxSurge: 0%
-      maxUnavailable: 100%
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: kube-ovn-controller
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        nodeAffinity:
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - preference:
-                matchExpressions:
-                  - key: "ovn.kubernetes.io/ic-gw"
-                    operator: NotIn
-                    values:
-                      - "true"
-              weight: 100
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: kube-ovn-controller
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: ovn
-      hostNetwork: true
-      containers:
-        - name: kube-ovn-controller
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-          - /kube-ovn/start-controller.sh
-          - --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
-          - --default-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_CIDR }}
-          {{- end }}
-          - --default-gateway=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_GATEWAY }}
-          {{- end }}
-          - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
-          - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
-          - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
-          - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
-          - --cluster-router={{ .Values.networking.DEFAULT_VPC }}
-          - --node-switch={{ .Values.networking.NODE_SUBNET }}
-          - --node-switch-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.JOIN_CIDR }}
-          {{- end }}
-          - --service-cluster-ip-range=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.SVC_CIDR }}
-          {{- end }}
-          - --network-type={{- .Values.networking.NETWORK_TYPE }}
-          - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
-          - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
-          - --default-exchange-link-name={{- .Values.networking.EXCHANGE_LINK_NAME }}
-          - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }}
-          - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }}
-          - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }}
-          - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }}
-          - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
-          - --enable-lb={{- .Values.func.ENABLE_LB }}
-          - --enable-np={{- .Values.func.ENABLE_NP }}
-          - --enable-eip-snat={{- .Values.networking.ENABLE_EIP_SNAT }}
-          - --enable-external-vpc={{- .Values.func.ENABLE_EXTERNAL_VPC }}
-          - --enable-ecmp={{- .Values.networking.ENABLE_ECMP }}
-          - --logtostderr=false
-          - --alsologtostderr=true
-          - --gc-interval={{- .Values.performance.GC_INTERVAL }}
-          - --inspect-interval={{- .Values.performance.INSPECT_INTERVAL }}
-          - --log_file=/var/log/kube-ovn/kube-ovn-controller.log
-          - --log_file_max_size=0
-          - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }}
-          - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
-          - --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
-          - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: KUBE_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: POD_IPS
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIPs
-            - name: ENABLE_BIND_LOCAL_IP
-              value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-          volumeMounts:
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-            # ovn-ic log directory
-            - mountPath: /var/log/ovn
-              name: ovn-log
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          readinessProbe:
-            exec:
-              command:
-                - /kube-ovn/kube-ovn-controller-healthcheck
-            periodSeconds: 3
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              command:
-                - /kube-ovn/kube-ovn-controller-healthcheck
-            initialDelaySeconds: 300
-            periodSeconds: 7
-            failureThreshold: 5
-            timeoutSeconds: 45
-          resources:
-            requests:
-              cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }}
-              memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }}
-              memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      volumes:
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-        - name: ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/controller-svc.yaml

@@ -1,16 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: kube-ovn-controller
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: kube-ovn-controller
-spec:
-  selector:
-    app: kube-ovn-controller
-  ports:
-    - port: 10660
-      name: metrics
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-deploy.yaml

@@ -1,139 +0,0 @@
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: kube-ovn-monitor
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      Metrics for OVN components: northd, nb and sb.
-spec:
-  replicas: 1
-  strategy:
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 1
-    type: RollingUpdate
-  selector:
-    matchLabels:
-      app: kube-ovn-monitor
-  template:
-    metadata:
-      labels:
-        app: kube-ovn-monitor
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - labelSelector:
-                matchLabels:
-                  app: kube-ovn-monitor
-              topologyKey: kubernetes.io/hostname
-      priorityClassName: system-cluster-critical
-      serviceAccountName: kube-ovn-app
-      hostNetwork: true
-      containers:
-        - name: kube-ovn-monitor
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/kube-ovn/start-ovn-monitor.sh"]
-          args:
-          - --log_file=/var/log/kube-ovn/kube-ovn-monitor.log
-          - --logtostderr=false
-          - --alsologtostderr=true
-          - --log_file_max_size=0
-          securityContext:
-            runAsUser: 0
-            privileged: false
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: POD_IPS
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIPs
-            - name: ENABLE_BIND_LOCAL_IP
-              value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-          resources:
-            requests:
-              cpu: {{ index .Values "kube-ovn-monitor" "requests" "cpu" }}
-              memory: {{ index .Values "kube-ovn-monitor" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "kube-ovn-monitor" "limits" "cpu" }}
-              memory: {{ index .Values "kube-ovn-monitor" "limits" "memory" }}
-          volumeMounts:
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-              readOnly: true
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-          livenessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 30
-            periodSeconds: 7
-            successThreshold: 1
-            tcpSocket:
-              port: 10661
-            timeoutSeconds: 3
-          readinessProbe:
-            failureThreshold: 3
-            initialDelaySeconds: 30
-            periodSeconds: 7
-            successThreshold: 1
-            tcpSocket:
-              port: 10661
-            timeoutSeconds: 3
-      nodeSelector:
-        kubernetes.io/os: "linux"
-        {{- with splitList "=" .Values.MASTER_NODES_LABEL }}
-        {{ index . 0 }}: "{{ if eq (len .) 2 }}{{ index . 1 }}{{ end }}"
-        {{- end }}
-      volumes:
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-config-ovn
-          hostPath:
-            path: {{ .Values.OVN_DIR }}
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/monitor-svc.yaml

@@ -1,18 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: kube-ovn-monitor
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: kube-ovn-monitor
-spec:
-  ports:
-    - name: metrics
-      port: 10661
-  type: ClusterIP
-  selector:
-    app: kube-ovn-monitor
-  sessionAffinity: None
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/nb-svc.yaml

@@ -1,19 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: ovn-nb
-  namespace: {{ .Values.namespace }}
-spec:
-  ports:
-    - name: ovn-nb
-      protocol: TCP
-      port: 6641
-      targetPort: 6641
-  type: ClusterIP
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}
-  selector:
-    app: ovn-central
-    ovn-nb-leader: "true"
-  sessionAffinity: None

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/northd-svc.yaml

@@ -1,19 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: ovn-northd
-  namespace: {{ .Values.namespace }}
-spec:
-  ports:
-    - name: ovn-northd
-      protocol: TCP
-      port: 6643
-      targetPort: 6643
-  type: ClusterIP
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}
-  selector:
-    app: ovn-central
-    ovn-northd-leader: "true"
-  sessionAffinity: None

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CR.yaml

@@ -1,256 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-  name: system:ovn
-rules:
-  - apiGroups:
-      - "kubeovn.io"
-    resources:
-      - vpcs
-      - vpcs/status
-      - vpc-nat-gateways
-      - vpc-nat-gateways/status
-      - subnets
-      - subnets/status
-      - ippools
-      - ippools/status
-      - ips
-      - vips
-      - vips/status
-      - vlans
-      - vlans/status
-      - provider-networks
-      - provider-networks/status
-      - security-groups
-      - security-groups/status
-      - iptables-eips
-      - iptables-fip-rules
-      - iptables-dnat-rules
-      - iptables-snat-rules
-      - iptables-eips/status
-      - iptables-fip-rules/status
-      - iptables-dnat-rules/status
-      - iptables-snat-rules/status
-      - ovn-eips
-      - ovn-fips
-      - ovn-snat-rules
-      - ovn-eips/status
-      - ovn-fips/status
-      - ovn-snat-rules/status
-      - ovn-dnat-rules
-      - ovn-dnat-rules/status
-      - switch-lb-rules
-      - switch-lb-rules/status
-      - vpc-dnses
-      - vpc-dnses/status
-      - qos-policies
-      - qos-policies/status
-    verbs:
-      - "*"
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - namespaces
-    verbs:
-      - get
-      - list
-      - patch
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - get
-      - list
-      - patch
-      - update
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - pods/exec
-    verbs:
-      - create
-  - apiGroups:
-      - "k8s.cni.cncf.io"
-    resources:
-      - network-attachment-definitions
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-      - networking.k8s.io
-    resources:
-      - networkpolicies
-      - configmaps
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - apps
-    resources:
-      - daemonsets
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - services/status
-    verbs:
-      - get
-      - list
-      - update
-      - create
-      - delete
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - endpoints
-    verbs:
-      - create
-      - update
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - apps
-    resources:
-      - statefulsets
-      - deployments
-      - deployments/scale
-    verbs:
-      - get
-      - list
-      - create
-      - delete
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-      - update
-  - apiGroups:
-      - coordination.k8s.io
-    resources:
-      - leases
-    verbs:
-      - "*"
-  - apiGroups:
-      - "kubevirt.io"
-    resources:
-      - virtualmachines
-      - virtualmachineinstances
-    verbs:
-      - get
-      - list
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-  name: system:ovn-ovs
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-      - patch
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-    verbs:
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - controllerrevisions
-    verbs:
-      - get
-      - list
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-  name: system:kube-ovn-cni
-rules:
-  - apiGroups:
-      - "kubeovn.io"
-      - ""
-    resources:
-      - subnets
-      - provider-networks
-      - pods
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ""
-      - "kubeovn.io"
-    resources:
-      - ovn-eips
-      - ovn-eips/status
-      - nodes
-    verbs:
-      - get
-      - list
-      - patch
-      - watch
-  - apiGroups:
-      - "kubeovn.io"
-    resources:
-      - ips
-    verbs:
-      - get
-      - update
-  - apiGroups:
-      - ""
-    resources:
-      - events
-    verbs:
-      - create
-      - patch
-      - update
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-  name: system:kube-ovn-app
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-      - nodes
-    verbs:
-      - get
-      - list
-  - apiGroups:
-      - apps
-    resources:
-      - daemonsets
-    verbs:
-      - get

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-CRB.yaml

@@ -1,54 +0,0 @@
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ovn
-roleRef:
-  name: system:ovn
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: ovn
-    namespace: {{ .Values.namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ovn-ovs
-roleRef:
-  name: system:ovn-ovs
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: ovn-ovs
-    namespace: {{ .Values.namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kube-ovn-cni
-roleRef:
-  name: system:kube-ovn-cni
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: kube-ovn-cni
-    namespace: {{ .Values.namespace }}
-
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kube-ovn-app
-roleRef:
-  name: system:kube-ovn-app
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: kube-ovn-app
-    namespace: {{ .Values.namespace }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-dpdk-ds.yaml

@@ -1,164 +0,0 @@
-{{- if .Values.HYBRID_DPDK }}
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
-  name: ovs-ovn-dpdk
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      This daemon set launches the openvswitch daemon.
-spec:
-  selector:
-    matchLabels:
-      app: ovs-dpdk
-  updateStrategy:
-    type: RollingUpdate
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        app: ovs-dpdk
-        component: network
-        type: infra
-    spec:
-      tolerations:
-      - operator: Exists
-      priorityClassName: system-node-critical
-      serviceAccountName: ovn-ovs
-      hostNetwork: true
-      hostPID: true
-      containers:
-        - name: openvswitch
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command: ["/kube-ovn/start-ovs-dpdk-v2.sh"]
-          securityContext:
-            runAsUser: 0
-            privileged: true
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: HW_OFFLOAD
-              value: "{{- .Values.func.HW_OFFLOAD }}"
-            - name: TUNNEL_TYPE
-              value: "{{- .Values.networking.TUNNEL_TYPE }}"
-            - name: DPDK_TUNNEL_IFACE
-              value: "{{- .Values.networking.DPDK_TUNNEL_IFACE }}"
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: OVN_REMOTE_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
-            - name: OVN_REMOTE_OPENFLOW_INTERVAL
-              value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}"
-          volumeMounts:
-            - mountPath: /opt/ovs-config
-              name: host-config-ovs
-            - name: shareddir
-              mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
-            - name: hugepage
-              mountPath: /dev/hugepages
-            - mountPath: /lib/modules
-              name: host-modules
-              readOnly: true
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-              mountPropagation: HostToContainer
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /sys
-              name: host-sys
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/openvswitch
-              name: host-log-ovs
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          readinessProbe:
-            exec:
-              command:
-                - bash
-                - -c
-                - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
-            periodSeconds: 5
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              command:
-                - bash
-                - /kube-ovn/ovs-healthcheck.sh
-            initialDelaySeconds: 60
-            periodSeconds: 5
-            failureThreshold: 5
-            timeoutSeconds: 45
-          resources:
-            requests:
-              cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }}
-              memory: {{ index .Values "ovs-ovn" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }}
-              {{.Values.HUGEPAGE_SIZE_TYPE}}: {{.Values.HUGEPAGES}}
-              memory: {{ index .Values "ovs-ovn" "limits" "memory" }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-        ovn.kubernetes.io/ovs_dp_type: "userspace"
-      volumes:
-        - name: host-config-ovs
-          hostPath:
-            path: /opt/ovs-config
-            type: DirectoryOrCreate
-        - name: shareddir
-          hostPath:
-            path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
-            type: ''
-        - name: hugepage
-          emptyDir:
-            medium: HugePages
-        - name: host-modules
-          hostPath:
-            path: /lib/modules
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-sys
-          hostPath:
-            path: /sys
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-config-ovn
-          hostPath:
-            path: {{ .Values.OVN_DIR }}
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-{{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-sa.yaml

@@ -1,34 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ovn
-  namespace: {{ .Values.namespace }}
-{{-  if .Values.global.registry.imagePullSecrets }}
-imagePullSecrets:
-{{- range $index, $secret := .Values.global.registry.imagePullSecrets }}
-{{- if $secret }}
-- name: {{ $secret | quote}}
-{{- end }}
-{{- end }}
-{{- end }}
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ovn-ovs
-  namespace: {{ .Values.namespace }}
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-ovn-cni
-  namespace: {{ .Values.namespace }}
-
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-ovn-app
-  namespace: {{ .Values.namespace }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovn-tls-secret.yaml

@@ -1,23 +0,0 @@
-{{- if .Values.networking.ENABLE_SSL }}
-{{- $cn := "ovn" -}}
-{{- $ca := genCA "ovn-ca" 3650 -}}
----
-apiVersion: v1
-kind: Secret
-metadata:
-  name: kube-ovn-tls
-  namespace: {{ .Values.namespace }}
-data:
-{{- $existingSecret := lookup "v1" "Secret" .Values.namespace "kube-ovn-tls" }}
-  {{- if $existingSecret }}
-  cacert: {{ index $existingSecret.data "cacert" }}
-  cert: {{ index $existingSecret.data "cert" }}
-  key: {{ index $existingSecret.data "key" }}
-  {{- else }}
-  {{- with genSignedCert $cn nil nil 3650 $ca }}
-  cacert: {{ b64enc $ca.Cert }}
-  cert: {{ b64enc .Cert }}
-  key: {{ b64enc .Key }}
-  {{- end }}
-  {{- end }}
-{{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-ds.yaml

@@ -1,206 +0,0 @@
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
-  name: kube-ovn-cni
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      This daemon set launches the kube-ovn cni daemon.
-spec:
-  selector:
-    matchLabels:
-      app: kube-ovn-cni
-  template:
-    metadata:
-      labels:
-        app: kube-ovn-cni
-        component: network
-        type: infra
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      priorityClassName: system-node-critical
-      serviceAccountName: kube-ovn-cni
-      hostNetwork: true
-      hostPID: true
-      initContainers:
-      - name: install-cni
-        image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["/kube-ovn/install-cni.sh"]
-        securityContext:
-          runAsUser: 0
-          privileged: true
-        volumeMounts:
-          - mountPath: /opt/cni/bin
-            name: cni-bin
-          {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
-          - mountPath: /usr/local/bin
-            name: local-bin
-          {{- end }}
-      containers:
-      - name: cni-server
-        image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command:
-          - bash
-          - /kube-ovn/start-cniserver.sh
-        args:
-          - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
-          - --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
-          - --node-switch={{ .Values.networking.NODE_SUBNET }}
-          - --encap-checksum=true
-          - --service-cluster-ip-range=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.SVC_CIDR }}
-          {{- end }}
-          {{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
-          - --iface=
-          {{- else}}
-          - --iface={{- .Values.networking.IFACE }}
-          {{- end }}
-          - --dpdk-tunnel-iface={{- .Values.networking.DPDK_TUNNEL_IFACE }}
-          - --network-type={{- .Values.networking.TUNNEL_TYPE }}
-          - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
-          - --cni-conf-dir={{ .Values.cni_conf.CNI_CONF_DIR }}
-          - --cni-conf-file={{ .Values.cni_conf.CNI_CONF_FILE }}
-          - --cni-conf-name={{- .Values.cni_conf.CNI_CONFIG_PRIORITY -}}-kube-ovn.conflist
-          - --logtostderr=false
-          - --alsologtostderr=true
-          - --log_file=/var/log/kube-ovn/kube-ovn-cni.log
-          - --log_file_max_size=0
-          - --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
-          - --kubelet-dir={{ .Values.kubelet_conf.KUBELET_DIR }}
-          - --enable-tproxy={{ .Values.func.ENABLE_TPROXY }}
-          - --ovs-vsctl-concurrency={{ .Values.performance.OVS_VSCTL_CONCURRENCY }}
-        securityContext:
-          runAsUser: 0
-          privileged: true
-        env:
-          - name: ENABLE_SSL
-            value: "{{ .Values.networking.ENABLE_SSL }}"
-          - name: POD_IP
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIP
-          - name: KUBE_NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
-          - name: POD_IPS
-            valueFrom:
-              fieldRef:
-                fieldPath: status.podIPs
-          - name: ENABLE_BIND_LOCAL_IP
-            value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
-          - name: DBUS_SYSTEM_BUS_ADDRESS
-            value: "unix:path=/host/var/run/dbus/system_bus_socket"
-        volumeMounts:
-          - name: host-modules
-            mountPath: /lib/modules
-            readOnly: true
-          - name: shared-dir
-            mountPath: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
-          - mountPath: /etc/openvswitch
-            name: systemid
-            readOnly: true
-          - mountPath: /etc/cni/net.d
-            name: cni-conf
-          - mountPath: /run/openvswitch
-            name: host-run-ovs
-            mountPropagation: Bidirectional
-          - mountPath: /run/ovn
-            name: host-run-ovn
-          - mountPath: /host/var/run/dbus
-            name: host-dbus
-            mountPropagation: HostToContainer
-          - mountPath: /var/run/netns
-            name: host-ns
-            mountPropagation: HostToContainer
-          - mountPath: /var/log/kube-ovn
-            name: kube-ovn-log
-          - mountPath: /var/log/openvswitch
-            name: host-log-ovs
-          - mountPath: /var/log/ovn
-            name: host-log-ovn
-          - mountPath: /etc/localtime
-            name: localtime
-            readOnly: true
-        readinessProbe:
-          failureThreshold: 3
-          periodSeconds: 7
-          successThreshold: 1
-          tcpSocket:
-            port: 10665
-          timeoutSeconds: 3
-        livenessProbe:
-          failureThreshold: 3
-          initialDelaySeconds: 30
-          periodSeconds: 7
-          successThreshold: 1
-          tcpSocket:
-            port: 10665
-          timeoutSeconds: 3
-        resources:
-          requests:
-            cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }}
-            memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }}
-          limits:
-            cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }}
-            memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      volumes:
-        - name: host-modules
-          hostPath:
-            path: /lib/modules
-        - name: shared-dir
-          hostPath:
-            path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
-        - name: systemid
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: cni-conf
-          hostPath:
-            path: {{ .Values.cni_conf.CNI_CONF_DIR }}
-        - name: cni-bin
-          hostPath:
-            path: {{ .Values.cni_conf.CNI_BIN_DIR }}
-        - name: host-ns
-          hostPath:
-            path: /var/run/netns
-        - name: host-dbus
-          hostPath:
-            path: /var/run/dbus
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
-        - name: local-bin
-          hostPath:
-            path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
-        {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovncni-svc.yaml

@@ -1,16 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: kube-ovn-cni
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: kube-ovn-cni
-spec:
-  selector:
-    app: kube-ovn-cni
-  ports:
-    - port: 10665
-      name: metrics
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/ovsovn-ds.yaml

@@ -1,221 +0,0 @@
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
-  name: ovs-ovn
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      This daemon set launches the openvswitch daemon.
-    chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-spec:
-  selector:
-    matchLabels:
-      app: ovs
-  updateStrategy:
-    type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }}
-    rollingUpdate:
-      maxSurge: 1
-      maxUnavailable: 0
-  template:
-    metadata:
-      labels:
-        app: ovs
-        component: network
-        type: infra
-      annotations:
-        chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-    spec:
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      priorityClassName: system-node-critical
-      serviceAccountName: ovn-ovs
-      hostNetwork: true
-      hostPID: true
-      containers:
-        - name: openvswitch
-          {{- if .Values.DPDK }}
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }}
-          {{- else }}
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          {{- end }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if .Values.DPDK }}
-          command: ["/kube-ovn/start-ovs-dpdk.sh"]
-          {{- else }}
-          command: 
-          {{- if .Values.DISABLE_MODULES_MANAGEMENT }}
-          - /bin/sh
-          - -ec
-          - |
-              ln -sf /bin/true /usr/sbin/modprobe
-              ln -sf /bin/true /usr/sbin/modinfo
-              ln -sf /bin/true /usr/sbin/rmmod
-              exec /kube-ovn/start-ovs.sh
-          {{- else }}
-          - /kube-ovn/start-ovs.sh
-          {{- end }}
-          {{- end }}
-          securityContext:
-            runAsUser: 0
-            privileged: true
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: HW_OFFLOAD
-              value: "{{- .Values.func.HW_OFFLOAD }}"
-            - name: TUNNEL_TYPE
-              value: "{{- .Values.networking.TUNNEL_TYPE }}"
-            - name: KUBE_NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-            - name: OVN_REMOTE_PROBE_INTERVAL
-              value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
-            - name: OVN_REMOTE_OPENFLOW_INTERVAL
-              value: "{{ .Values.networking.OVN_REMOTE_OPENFLOW_INTERVAL }}"
-          volumeMounts:
-            - mountPath: /var/run/netns
-              name: host-ns
-              mountPropagation: HostToContainer
-            - mountPath: /lib/modules
-              name: host-modules
-              readOnly: true
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /etc/ovn
-              name: host-config-ovn
-            - mountPath: /var/log/openvswitch
-              name: host-log-ovs
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-            - mountPath: /var/run/containerd
-              name: cruntime
-              readOnly: true
-            {{- if .Values.DPDK }}
-            - mountPath: /opt/ovs-config
-              name: host-config-ovs
-            - mountPath: /dev/hugepages
-              name: hugepage
-            {{- end }}
-          readinessProbe:
-            exec:
-              {{- if .Values.DPDK }}
-              command:
-                - bash
-                - /kube-ovn/ovs-dpdk-healthcheck.sh
-              {{- else }}
-              command:
-                - bash
-                - -c
-                - LOG_ROTATE=true /kube-ovn/ovs-healthcheck.sh
-              {{- end }}
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            timeoutSeconds: 45
-          livenessProbe:
-            exec:
-              {{- if .Values.DPDK }}
-              command:
-                - bash
-                - /kube-ovn/ovs-dpdk-healthcheck.sh
-              {{- else }}
-              command:
-                - bash
-                - /kube-ovn/ovs-healthcheck.sh
-              {{- end }}
-            initialDelaySeconds: 60
-            periodSeconds: 5
-            failureThreshold: 5
-            timeoutSeconds: 45
-          resources:
-            requests:
-              {{- if .Values.DPDK }}
-              cpu: {{ .Values.DPDK_CPU }}
-              memory: {{ .Values.DPDK_MEMORY }}
-              {{- else }}
-              cpu: {{ index .Values "ovs-ovn" "requests" "cpu" }}
-              memory: {{ index .Values "ovs-ovn" "requests" "memory" }}
-              {{- end }}
-            limits:
-              {{- if .Values.DPDK }}
-              cpu: {{ .Values.DPDK_CPU }}
-              memory: {{ .Values.DPDK_MEMORY }}
-              hugepages-1Gi: 1Gi
-              {{- else }}
-              cpu: {{ index .Values "ovs-ovn" "limits" "cpu" }}
-              memory: {{ index .Values "ovs-ovn" "limits" "memory" }}
-              {{- end }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      volumes:
-        - name: host-modules
-          hostPath:
-            path: /lib/modules
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-config-ovn
-          hostPath:
-            path: {{ .Values.OVN_DIR }}
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-        - name: host-ns
-          hostPath:
-            path: /var/run/netns
-        - hostPath:
-            path: /var/run/containerd
-          name: cruntime
-        {{- if .Values.DPDK }}
-        - name: host-config-ovs
-          hostPath:
-            path: /opt/ovs-config
-            type: DirectoryOrCreate
-        - name: hugepage
-          emptyDir:
-            medium: HugePages
-        {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-ds.yaml

@@ -1,137 +0,0 @@
-kind: DaemonSet
-apiVersion: apps/v1
-metadata:
-  name: kube-ovn-pinger
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      This daemon set launches the openvswitch daemon.
-spec:
-  selector:
-    matchLabels:
-      app: kube-ovn-pinger
-  updateStrategy:
-    type: RollingUpdate
-  template:
-    metadata:
-      labels:
-        app: kube-ovn-pinger
-        component: network
-        type: infra
-    spec:
-      priorityClassName: system-node-critical
-      tolerations:
-        - effect: NoSchedule
-          operator: Exists
-        - effect: NoExecute
-          operator: Exists
-        - key: CriticalAddonsOnly
-          operator: Exists
-      serviceAccountName: kube-ovn-app
-      hostPID: true
-      containers:
-        - name: pinger
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
-          command:
-          - /kube-ovn/kube-ovn-pinger
-          args:
-          - --external-address=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.PINGER_EXTERNAL_ADDRESS }} 
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.PINGER_EXTERNAL_ADDRESS }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.PINGER_EXTERNAL_ADDRESS }}
-          {{- end }}
-          - --external-dns=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.PINGER_EXTERNAL_DOMAIN }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.PINGER_EXTERNAL_DOMAIN }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }}
-          {{- end }}
-          - --ds-namespace={{ .Values.namespace }}
-          - --logtostderr=false
-          - --alsologtostderr=true
-          - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
-          - --log_file_max_size=0
-          - --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          securityContext:
-            runAsUser: 0
-            privileged: false
-          env:
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: POD_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.podIP
-            - name: HOST_IP
-              valueFrom:
-                fieldRef:
-                  fieldPath: status.hostIP
-            - name: POD_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.name
-            - name: NODE_NAME
-              valueFrom:
-                fieldRef:
-                  fieldPath: spec.nodeName
-          volumeMounts:
-            - mountPath: /var/run/openvswitch
-              name: host-run-ovs
-            - mountPath: /var/run/ovn
-              name: host-run-ovn
-            - mountPath: /etc/openvswitch
-              name: host-config-openvswitch
-            - mountPath: /var/log/openvswitch
-              name: host-log-ovs
-              readOnly: true
-            - mountPath: /var/log/ovn
-              name: host-log-ovn
-              readOnly: true
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-            - mountPath: /etc/localtime
-              name: localtime
-              readOnly: true
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-          resources:
-            requests:
-              cpu: {{ index .Values "kube-ovn-pinger" "requests" "cpu" }}
-              memory: {{ index .Values "kube-ovn-pinger" "requests" "memory" }}
-            limits:
-              cpu: {{ index .Values "kube-ovn-pinger" "limits" "cpu" }}
-              memory: {{ index .Values "kube-ovn-pinger" "limits" "memory" }}
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      volumes:
-        - name: host-run-ovs
-          hostPath:
-            path: /run/openvswitch
-        - name: host-run-ovn
-          hostPath:
-            path: /run/ovn
-        - name: host-config-openvswitch
-          hostPath:
-            path: {{ .Values.OPENVSWITCH_DIR }}
-        - name: host-log-ovs
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-        - name: host-log-ovn
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: localtime
-          hostPath:
-            path: /etc/localtime
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pinger-svc.yaml

@@ -1,16 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: kube-ovn-pinger
-  namespace: {{ .Values.namespace }}
-  labels:
-    app: kube-ovn-pinger
-spec:
-  selector:
-    app: kube-ovn-pinger
-  ports:
-    - port: 8080
-      name: metrics
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/pre-delete-hook.yaml

@@ -1,123 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kube-ovn-pre-delete-hook
-  namespace: {{ .Values.namespace }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "2"
-    "helm.sh/hook-delete-policy": hook-succeeded
-  name: system:kube-ovn-pre-delete-hook
-rules:
-  - apiGroups:
-      - kubeovn.io
-    resources:
-      - subnets
-    verbs:
-      - get
-      - list
-      - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: kube-ovn-pre-delete-hook
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "3"
-    "helm.sh/hook-delete-policy": hook-succeeded
-roleRef:
-  name: system:kube-ovn-pre-delete-hook
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: kube-ovn-pre-delete-hook
-    namespace: {{ .Values.namespace }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ .Chart.Name }}-pre-delete-hook"
-  namespace: {{ .Values.namespace }}
-  labels:
-    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-    app.kubernetes.io/instance: {{ .Release.Name | quote }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": pre-delete
-    "helm.sh/hook-weight": "4"
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  completions: 1
-  template:
-    metadata:
-      name: "{{ .Release.Name }}"
-      labels:
-        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-        app.kubernetes.io/instance: {{ .Release.Name | quote }}
-        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-        app: kube-ovn-pre-delete-hook
-        component: job
-    spec:
-      tolerations:
-        - key: ""
-          operator: "Exists"
-          effect: "NoSchedule"
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - topologyKey: kubernetes.io/hostname
-              labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - kube-ovn-pre-delete-hook
-                  - key: component
-                    operator: In
-                    values:
-                      - job
-      restartPolicy: Never
-      hostNetwork: true
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      serviceAccount: kube-ovn-pre-delete-hook
-      serviceAccountName: kube-ovn-pre-delete-hook
-      containers:
-        - name: remove-subnet-finalizer
-          image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-          command:
-            - sh
-            - -c
-            - /kube-ovn/remove-subnet-finalizer.sh 2>&1 | tee -a /var/log/kube-ovn/remove-subnet-finalizer.log
-          volumeMounts:
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-      volumes:
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/sb-svc.yaml

@@ -1,19 +0,0 @@
-kind: Service
-apiVersion: v1
-metadata:
-  name: ovn-sb
-  namespace: {{ .Values.namespace }}
-spec:
-  ports:
-    - name: ovn-sb
-      protocol: TCP
-      port: 6642
-      targetPort: 6642
-  type: ClusterIP
-  {{- if eq .Values.networking.NET_STACK "dual_stack" }}
-  ipFamilyPolicy: PreferDualStack
-  {{- end }}
-  selector:
-    app: ovn-central
-    ovn-sb-leader: "true"
-  sessionAffinity: None

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/upgrade-ovs-ovn.yaml

@@ -1,163 +0,0 @@
-{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: ovs-ovn-upgrade
-  namespace: {{ .Values.namespace }}
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-upgrade
-    "helm.sh/hook-weight": "1"
-    "helm.sh/hook-delete-policy": hook-succeeded
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  annotations:
-    rbac.authorization.k8s.io/system-only: "true"
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-upgrade
-    "helm.sh/hook-weight": "2"
-    "helm.sh/hook-delete-policy": hook-succeeded
-  name: system:ovs-ovn-upgrade
-rules:
-  - apiGroups:
-      - apps
-    resources:
-      - daemonsets
-    resourceNames:
-      - ovs-ovn
-    verbs:
-      - get
-  - apiGroups:
-      - apps
-    resources:
-      - deployments
-    resourceNames:
-      - ovn-central
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - list
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - list
-      - get
-      - watch
-      - delete
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: ovs-ovn-upgrade
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-upgrade
-    "helm.sh/hook-weight": "3"
-    "helm.sh/hook-delete-policy": hook-succeeded
-roleRef:
-  name: system:ovs-ovn-upgrade
-  kind: ClusterRole
-  apiGroup: rbac.authorization.k8s.io
-subjects:
-  - kind: ServiceAccount
-    name: ovs-ovn-upgrade
-    namespace: {{ .Values.namespace }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: "{{ .Chart.Name }}-post-upgrade-hook"
-  namespace: {{ .Values.namespace }}
-  labels:
-    app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-    app.kubernetes.io/instance: {{ .Release.Name | quote }}
-    app.kubernetes.io/version: {{ .Chart.AppVersion }}
-    helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-  annotations:
-    # This is what defines this resource as a hook. Without this line, the
-    # job is considered part of the release.
-    "helm.sh/hook": post-upgrade
-    "helm.sh/hook-weight": "4"
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  completions: 1
-  template:
-    metadata:
-      name: "{{ .Release.Name }}"
-      labels:
-        app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
-        app.kubernetes.io/instance: {{ .Release.Name | quote }}
-        helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
-        app: post-upgrade
-        component: job
-    spec:
-      tolerations:
-        - key: ""
-          operator: "Exists"
-          effect: "NoSchedule"
-      affinity:
-        podAntiAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            - topologyKey: kubernetes.io/hostname
-              labelSelector:
-                matchExpressions:
-                  - key: app
-                    operator: In
-                    values:
-                      - post-upgrade
-                  - key: component
-                    operator: In
-                    values:
-                      - job
-      restartPolicy: Never
-      hostNetwork: true
-      nodeSelector:
-        kubernetes.io/os: "linux"
-      serviceAccount: ovs-ovn-upgrade
-      serviceAccountName: ovs-ovn-upgrade
-      containers:
-        - name: ovs-ovn-upgrade
-          image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
-          env:
-            - name: POD_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace
-            - name: ENABLE_SSL
-              value: "{{ .Values.networking.ENABLE_SSL }}"
-            - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
-          command:
-            - bash
-            - -eo
-            - pipefail
-            - -c
-            - /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log
-          volumeMounts:
-            - mountPath: /var/log/kube-ovn
-              name: kube-ovn-log
-            - mountPath: /var/run/tls
-              name: kube-ovn-tls
-      volumes:
-        - name: kube-ovn-log
-          hostPath:
-            path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-        - name: kube-ovn-tls
-          secret:
-            optional: true
-            secretName: kube-ovn-tls
-{{ end }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/templates/vpc-nat-config.yaml

@@ -1,10 +0,0 @@
-kind: ConfigMap
-apiVersion: v1
-metadata:
-  name: ovn-vpc-nat-config
-  namespace: {{ .Values.namespace }}
-  annotations:
-    kubernetes.io/description: |
-      kube-ovn vpc-nat common config
-data:
-  image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }}

packages/system/kubeovn/charts/kube-ovn/kube-ovn/values.yaml

@@ -1,181 +0,0 @@
-# Default values for kubeovn.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global:
-  registry:
-    address: docker.io/kubeovn
-    imagePullSecrets: []
-  images:
-    kubeovn:
-      repository: kube-ovn
-      dpdkRepository: kube-ovn-dpdk
-      vpcRepository: vpc-nat-gateway
-      tag: v1.13.0
-      support_arm: true
-      thirdparty: true
-
-image:
-  pullPolicy: IfNotPresent
-
-namespace: kube-system
-MASTER_NODES: ""
-MASTER_NODES_LABEL: "kube-ovn/role=master"
-
-networking:
-  # NET_STACK could be dual_stack, ipv4, ipv6
-  NET_STACK: ipv4
-  ENABLE_SSL: false
-  # network type could be geneve or vlan
-  NETWORK_TYPE: geneve
-  # tunnel type could be geneve, vxlan or stt
-  TUNNEL_TYPE: geneve
-  IFACE: ""
-  DPDK_TUNNEL_IFACE: "br-phy"
-  EXCLUDE_IPS: ""
-  POD_NIC_TYPE: "veth-pair"
-  vlan:
-    PROVIDER_NAME: "provider"
-    VLAN_INTERFACE_NAME: ""
-    VLAN_NAME: "ovn-vlan"
-    VLAN_ID: "100"
-  EXCHANGE_LINK_NAME: false
-  ENABLE_EIP_SNAT: true
-  DEFAULT_SUBNET: "ovn-default"
-  DEFAULT_VPC: "ovn-cluster"
-  NODE_SUBNET: "join"
-  ENABLE_ECMP: false
-  ENABLE_METRICS: true
-  NODE_LOCAL_DNS_IP: ""
-  PROBE_INTERVAL: 180000
-  OVN_NORTHD_PROBE_INTERVAL: 5000
-  OVN_LEADER_PROBE_INTERVAL: 5
-  OVN_REMOTE_PROBE_INTERVAL: 10000
-  OVN_REMOTE_OPENFLOW_INTERVAL: 180
-  OVN_NORTHD_N_THREADS: 1
-  ENABLE_COMPACT: false
-
-func:
-  ENABLE_LB: true
-  ENABLE_NP: true
-  ENABLE_EIP_SNAT: true
-  ENABLE_EXTERNAL_VPC: true
-  HW_OFFLOAD: false
-  ENABLE_LB_SVC: false
-  ENABLE_KEEP_VM_IP: true
-  LS_DNAT_MOD_DL_DST: true
-  LS_CT_SKIP_DST_LPORT_IPS: true
-  CHECK_GATEWAY: true
-  LOGICAL_GATEWAY: false
-  ENABLE_BIND_LOCAL_IP: true
-  U2O_INTERCONNECTION: false
-  ENABLE_TPROXY: false
-  ENABLE_IC: false
-
-ipv4:
-  POD_CIDR: "10.16.0.0/16"
-  POD_GATEWAY: "10.16.0.1"
-  SVC_CIDR: "10.96.0.0/12"
-  JOIN_CIDR: "100.64.0.0/16"
-  PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
-  PINGER_EXTERNAL_DOMAIN: "alauda.cn."
-
-ipv6:
-  POD_CIDR: "fd00:10:16::/112"
-  POD_GATEWAY: "fd00:10:16::1"
-  SVC_CIDR: "fd00:10:96::/112"
-  JOIN_CIDR: "fd00:100:64::/112"
-  PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111"
-  PINGER_EXTERNAL_DOMAIN: "google.com."
-
-dual_stack:
-  POD_CIDR: "10.16.0.0/16,fd00:10:16::/112"
-  POD_GATEWAY: "10.16.0.1,fd00:10:16::1"
-  SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112"
-  JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112"
-  PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111"
-  PINGER_EXTERNAL_DOMAIN: "google.com."
-
-performance:
-  GC_INTERVAL: 360
-  INSPECT_INTERVAL: 20
-  OVS_VSCTL_CONCURRENCY: 100
-
-debug:
-  ENABLE_MIRROR: false
-  MIRROR_IFACE: "mirror0"
-
-cni_conf:
-  CNI_CONFIG_PRIORITY: "01"
-  CNI_CONF_DIR: "/etc/cni/net.d"
-  CNI_BIN_DIR: "/opt/cni/bin"
-  CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist"
-  LOCAL_BIN_DIR: "/usr/local/bin"
-  MOUNT_LOCAL_BIN_DIR: false
-
-kubelet_conf:
-  KUBELET_DIR: "/var/lib/kubelet"
-
-log_conf:
-  LOG_DIR: "/var/log"
-
-OPENVSWITCH_DIR: "/etc/origin/openvswitch"
-OVN_DIR: "/etc/origin/ovn"
-DISABLE_MODULES_MANAGEMENT: false
-  
-imagePullSecrets: []
-nameOverride: ""
-fullnameOverride: ""
-
-# hybrid dpdk
-HYBRID_DPDK: false
-HUGEPAGE_SIZE_TYPE: hugepages-2Mi # Default 
-HUGEPAGES: 1Gi
-
-# DPDK
-DPDK: false
-DPDK_VERSION: "19.11"
-DPDK_CPU: "1000m"                        # Default CPU configuration
-DPDK_MEMORY: "2Gi"                       # Default Memory configuration
-
-ovn-central:
-  requests:
-    cpu: "300m"
-    memory: "200Mi"
-  limits:
-    cpu: "3"
-    memory: "4Gi"
-ovs-ovn:
-  requests:
-    cpu: "200m"
-    memory: "200Mi"
-  limits:
-    cpu: "2"
-    memory: "1000Mi"
-kube-ovn-controller:
-  requests:
-    cpu: "200m"
-    memory: "200Mi"
-  limits:
-    cpu: "1000m"
-    memory: "1Gi"
-kube-ovn-cni:
-  requests:
-    cpu: "100m"
-    memory: "100Mi"
-  limits:
-    cpu: "1000m"
-    memory: "1Gi"
-kube-ovn-pinger:
-  requests:
-    cpu: "100m"
-    memory: "100Mi"
-  limits:
-    cpu: "200m"
-    memory: "400Mi"
-kube-ovn-monitor:
-  requests:
-    cpu: "200m"
-    memory: "200Mi"
-  limits:
-    cpu: "200m"
-    memory: "200Mi"

packages/system/kubeovn/charts/kube-ovn/templates/_helpers.tpl

@@ -29,3 +29,28 @@ Number of master nodes
 {{- define "kubeovn.nodeCount" -}}
   {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
 {{- end -}}
+
+{{- define "kubeovn.ovs-ovn.updateStrategy" -}}
+  {{- $ds := lookup "apps/v1" "DaemonSet" $.Values.namespace "ovs-ovn" -}}
+  {{- if $ds -}}
+    {{- if eq $ds.spec.updateStrategy.type "RollingUpdate" -}}
+      RollingUpdate
+    {{- else -}}
+      {{- $chartVersion := index $ds.metadata.annotations "chart-version" }}
+      {{- $newChartVersion := printf "%s-%s" .Chart.Name .Chart.Version }}
+      {{- $imageVersion := (index $ds.spec.template.spec.containers 0).image | splitList ":" | last | trimPrefix "v" -}}
+      {{- $versionRegex := `^(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)` -}}
+      {{- if and (ne $newChartVersion $chartVersion) (regexMatch $versionRegex $imageVersion) -}}
+        {{- if regexFind $versionRegex $imageVersion | semverCompare ">= 1.12.0" -}}
+          RollingUpdate
+        {{- else -}}
+          OnDelete
+        {{- end -}}
+      {{- else -}}
+        OnDelete
+      {{- end -}}
+    {{- end -}}
+  {{- else -}}
+    RollingUpdate
+  {{- end -}}
+{{- end -}}

packages/system/kubeovn/charts/kube-ovn/templates/central-deploy.yaml

@@ -42,7 +42,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-central
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: 
           - /kube-ovn/start-db.sh
@@ -74,12 +74,18 @@ spec:
               value: "{{- .Values.func.ENABLE_BIND_LOCAL_IP }}"
             - name: PROBE_INTERVAL
               value: "{{ .Values.networking.PROBE_INTERVAL }}"
+            - name: OVN_NORTHD_PROBE_INTERVAL
+              value: "{{ .Values.networking.OVN_NORTHD_PROBE_INTERVAL}}"
             - name: OVN_LEADER_PROBE_INTERVAL
               value: "{{ .Values.networking.OVN_LEADER_PROBE_INTERVAL }}"
             - name: OVN_NORTHD_N_THREADS
               value: "{{ .Values.networking.OVN_NORTHD_N_THREADS }}"
             - name: ENABLE_COMPACT
               value: "{{ .Values.networking.ENABLE_COMPACT }}"
+            {{- if include "kubeovn.ovs-ovn.updateStrategy" . | eq "OnDelete" }}
+            - name: OVN_VERSION_COMPATIBILITY
+              value: "21.06"
+            {{- end }}
           resources:
             requests:
               cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
@@ -92,9 +98,6 @@ spec:
               name: host-run-ovs
             - mountPath: /var/run/ovn
               name: host-run-ovn
-            - mountPath: /sys
-              name: host-sys
-              readOnly: true
             - mountPath: /etc/openvswitch
               name: host-config-openvswitch
             - mountPath: /etc/ovn
@@ -136,9 +139,6 @@ spec:
         - name: host-run-ovn
           hostPath:
             path: /run/ovn
-        - name: host-sys
-          hostPath:
-            path: /sys
         - name: host-config-openvswitch
           hostPath:
             path: {{ .Values.OPENVSWITCH_DIR }}

packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml

@@ -49,49 +49,22 @@ spec:
       hostNetwork: true
       containers:
         - name: kube-ovn-controller
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
+          {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
           - /kube-ovn/start-controller.sh
           - --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
-          - --default-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_CIDR }}
-          {{- end }}
-          - --default-gateway=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.POD_GATEWAY }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.POD_GATEWAY }}
-          {{- end }}
+          - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }}
+          - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }}
           - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
           - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
           - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
           - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
           - --cluster-router={{ .Values.networking.DEFAULT_VPC }}
           - --node-switch={{ .Values.networking.NODE_SUBNET }}
-          - --node-switch-cidr=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.JOIN_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.JOIN_CIDR }}
-          {{- end }}
-          - --service-cluster-ip-range=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.SVC_CIDR }}
-          {{- end }}
+          - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
+          - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
           - --network-type={{- .Values.networking.NETWORK_TYPE }}
           - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
           - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
@@ -99,6 +72,7 @@ spec:
           - --default-vlan-name={{- .Values.networking.vlan.VLAN_NAME }}
           - --default-vlan-id={{- .Values.networking.vlan.VLAN_ID }}
           - --ls-dnat-mod-dl-dst={{- .Values.func.LS_DNAT_MOD_DL_DST }}
+          - --ls-ct-skip-dst-lport-ips={{- .Values.func.LS_CT_SKIP_DST_LPORT_IPS }}
           - --pod-nic-type={{- .Values.networking.POD_NIC_TYPE }}
           - --enable-lb={{- .Values.func.ENABLE_LB }}
           - --enable-np={{- .Values.func.ENABLE_NP }}
@@ -113,7 +87,6 @@ spec:
           - --log_file_max_size=0
           - --enable-lb-svc={{- .Values.func.ENABLE_LB_SVC }}
           - --keep-vm-ip={{- .Values.func.ENABLE_KEEP_VM_IP }}
-          - --pod-default-fip-type={{- .Values.networking.POD_DEFAULT_FIP_TYPE }}
           - --enable-metrics={{- .Values.networking.ENABLE_METRICS }}
           - --node-local-dns-ip={{- .Values.networking.NODE_LOCAL_DNS_IP }}
           env:

packages/system/kubeovn/charts/kube-ovn/templates/ic-controller-deploy.yaml

@@ -43,7 +43,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-ic-controller
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: ["/kube-ovn/start-ic-controller.sh"]
           args:

packages/system/kubeovn/charts/kube-ovn/templates/kube-ovn-crd.yaml

@@ -1268,9 +1268,15 @@ spec:
       - jsonPath: .status.v4Eip
         name: V4Eip
         type: string
+      - jsonPath: .status.v6Eip
+        name: V6Eip
+        type: string
       - jsonPath: .status.v4Ip
         name: V4Ip
         type: string
+      - jsonPath: .status.v6Ip
+        name: V6Ip
+        type: string
       - jsonPath: .status.ready
         name: Ready
         type: boolean
@@ -1325,6 +1331,8 @@ spec:
                   type: string
                 v4Ip:
                   type: string
+                v6Ip:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1353,9 +1361,15 @@ spec:
       - jsonPath: .status.v4Eip
         name: V4Eip
         type: string
+      - jsonPath: .status.v6Eip
+        name: V6Eip
+        type: string
       - jsonPath: .status.v4IpCidr
         name: V4IpCidr
         type: string
+      - jsonPath: .status.v6IpCidr
+        name: V6IpCidr
+        type: string
       - jsonPath: .status.ready
         name: Ready
         type: boolean
@@ -1370,8 +1384,12 @@ spec:
                   type: boolean
                 v4Eip:
                   type: string
+                v6Eip:
+                  type: string
                 v4IpCidr:
                   type: string
+                v6IpCidr:
+                  type: string
                 vpc:
                   type: string
                 conditions:
@@ -1404,6 +1422,8 @@ spec:
                   type: string
                 v4IpCidr:
                   type: string
+                v6IpCidr:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1438,9 +1458,15 @@ spec:
         - jsonPath: .status.v4Eip
           name: V4Eip
           type: string
+        - jsonPath: .status.v6Eip
+          name: V6Eip
+          type: string
         - jsonPath: .status.v4Ip
           name: V4Ip
           type: string
+        - jsonPath: .status.v6Ip
+          name: V6Ip
+          type: string
         - jsonPath: .status.internalPort
           name: InternalPort
           type: string
@@ -1512,6 +1538,8 @@ spec:
                   type: string
                 v4Ip:
                   type: string
+                v6Ip:
+                  type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1873,6 +1901,9 @@ spec:
       - name: Vpc
         type: string
         jsonPath: .spec.vpc
+      - name: Vlan
+        type: string
+        jsonPath: .spec.vlan
       - name: Protocol
         type: string
         jsonPath: .spec.protocol
@@ -1913,6 +1944,12 @@ spec:
         openAPIV3Schema:
           type: object
           properties:
+            metadata:
+              type: object
+              properties:
+                name:
+                  type: string
+                  pattern: ^[^0-9]
             status:
               type: object
               properties:

packages/system/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml

@@ -40,7 +40,7 @@ spec:
       hostNetwork: true
       containers:
         - name: kube-ovn-monitor
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: ["/kube-ovn/start-ovn-monitor.sh"]
           args:

packages/system/kubeovn/charts/kube-ovn/templates/ovn-CR.yaml

@@ -54,17 +54,28 @@ rules:
       - ""
     resources:
       - pods
-      - pods/exec
       - namespaces
-      - nodes
-      - configmaps
     verbs:
-      - create
       - get
       - list
+      - patch
       - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - get
+      - list
       - patch
       - update
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods/exec
+    verbs:
+      - create
   - apiGroups:
       - "k8s.cni.cncf.io"
     resources:
@@ -74,40 +85,53 @@ rules:
   - apiGroups:
       - ""
       - networking.k8s.io
-      - apps
     resources:
       - networkpolicies
-      - daemonsets
+      - configmaps
     verbs:
       - get
       - list
       - watch
   - apiGroups:
-      - ""
       - apps
     resources:
-      - services/status
+      - daemonsets
     verbs:
-      - update
+      - get
   - apiGroups:
       - ""
-      - networking.k8s.io
-      - apps
-      - extensions
     resources:
       - services
+      - services/status
+    verbs:
+      - get
+      - list
+      - update
+      - create
+      - delete
+      - watch
+  - apiGroups:
+      - ""
+    resources:
       - endpoints
+    verbs:
+      - create
+      - update
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources:
       - statefulsets
       - deployments
       - deployments/scale
     verbs:
+      - get
+      - list
       - create
       - delete
       - update
-      - patch
-      - get
-      - list
-      - watch
   - apiGroups:
       - ""
     resources:
@@ -148,8 +172,6 @@ rules:
       - patch
   - apiGroups:
       - ""
-      - networking.k8s.io
-      - apps
     resources:
       - services
       - endpoints
@@ -176,26 +198,30 @@ rules:
     resources:
       - subnets
       - provider-networks
-      - ovn-eips
-      - ovn-eips/status
-      - ips
     verbs:
       - get
       - list
-      - patch
-      - update
       - watch
   - apiGroups:
       - ""
+      - "kubeovn.io"
     resources:
-      - pods
+      - ovn-eips
+      - ovn-eips/status
       - nodes
-      - configmaps
+      - pods
     verbs:
       - get
       - list
       - patch
       - watch
+  - apiGroups:
+      - "kubeovn.io"
+    resources:
+      - ips
+    verbs:
+      - get
+      - update
   - apiGroups:
       - ""
     resources:
@@ -204,6 +230,14 @@ rules:
       - create
       - patch
       - update
+  - apiGroups:
+      - ""
+    resources:
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -222,8 +256,6 @@ rules:
       - get
       - list
   - apiGroups:
-      - ""
-      - networking.k8s.io
       - apps
     resources:
       - daemonsets

packages/system/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml

@@ -31,7 +31,7 @@ spec:
       hostPID: true
       containers:
         - name: openvswitch
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}-dpdk
+          image: {{ include "kubeovn.image" . }}-dpdk
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           command: ["/kube-ovn/start-ovs-dpdk-v2.sh"]
           securityContext:

packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml

@@ -30,7 +30,7 @@ spec:
       hostPID: true
       initContainers:
       - name: install-cni
-        image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+        image: {{ include "kubeovn.image" . }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command: ["/kube-ovn/install-cni.sh"]
         securityContext:
@@ -45,24 +45,18 @@ spec:
           {{- end }}
       containers:
       - name: cni-server
-        image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+        image: {{ include "kubeovn.image" . }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         command:
           - bash
           - /kube-ovn/start-cniserver.sh
         args:
+          {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
           - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
           - --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
           - --node-switch={{ .Values.networking.NODE_SUBNET }}
           - --encap-checksum=true
-          - --service-cluster-ip-range=
-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
-          {{ .Values.dual_stack.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
-          {{ .Values.ipv4.SVC_CIDR }}
-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
-          {{ .Values.ipv6.SVC_CIDR }}
-          {{- end }}
+          - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
           {{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
           - --iface=
           {{- else}}
@@ -96,10 +90,6 @@ spec:
             valueFrom:
               fieldRef:
                 fieldPath: spec.nodeName
-          - name: MODULES
-            value: "{{- .Values.performance.MODULES }}"
-          - name: RPMS
-            value: "{{- .Values.performance.RPMS }}"
           - name: POD_IPS
             valueFrom:
               fieldRef:
@@ -139,8 +129,6 @@ spec:
           - mountPath: /etc/localtime
             name: localtime
             readOnly: true
-          - mountPath: /tmp
-            name: tmp
         readinessProbe:
           failureThreshold: 3
           periodSeconds: 7
@@ -205,9 +193,6 @@ spec:
         - name: host-log-ovn
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/ovn
-        - name: tmp
-          hostPath:
-            path: /tmp
         {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
         - name: local-bin
           hostPath:

packages/system/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml

@@ -6,12 +6,13 @@ metadata:
   annotations:
     kubernetes.io/description: |
       This daemon set launches the openvswitch daemon.
+    chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
 spec:
   selector:
     matchLabels:
       app: ovs
   updateStrategy:
-    type: RollingUpdate
+    type: {{ include "kubeovn.ovs-ovn.updateStrategy" . }}
     rollingUpdate:
       maxSurge: 1
       maxUnavailable: 0
@@ -21,6 +22,8 @@ spec:
         app: ovs
         component: network
         type: infra
+      annotations:
+        chart-version: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     spec:
       tolerations:
         - effect: NoSchedule
@@ -36,9 +39,9 @@ spec:
       containers:
         - name: openvswitch
           {{- if .Values.DPDK }}
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.dpdkRepository }}:{{ .Values.DPDK_VERSION }}-{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           {{- else }}
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           {{- end }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.DPDK }}
@@ -100,9 +103,6 @@ spec:
               name: host-run-ovs
             - mountPath: /var/run/ovn
               name: host-run-ovn
-            - mountPath: /sys
-              name: host-sys
-              readOnly: true
             - mountPath: /etc/openvswitch
               name: host-config-openvswitch
             - mountPath: /etc/ovn
@@ -185,9 +185,6 @@ spec:
         - name: host-run-ovn
           hostPath:
             path: /run/ovn
-        - name: host-sys
-          hostPath:
-            path: /sys
         - name: host-config-openvswitch
           hostPath:
             path: {{ .Values.OPENVSWITCH_DIR }}

packages/system/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml

@@ -31,7 +31,7 @@ spec:
       hostPID: true
       containers:
         - name: pinger
-          image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+          image: {{ include "kubeovn.image" . }}
           command:
           - /kube-ovn/kube-ovn-pinger
           args:

packages/system/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml

@@ -104,7 +104,7 @@ spec:
       serviceAccountName: kube-ovn-pre-delete-hook
       containers:
         - name: remove-subnet-finalizer
-          image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
+          image: "{{ include "kubeovn.image" . }}"
           env:
             - name: POD_NAMESPACE
               valueFrom:

packages/system/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml

@@ -1,5 +1,4 @@
-{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }}
-{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
+{{- if eq (include "kubeovn.ovs-ovn.updateStrategy" .) "OnDelete" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -33,6 +32,16 @@ rules:
       - ovs-ovn
     verbs:
       - get
+  - apiGroups:
+      - apps
+    resources:
+      - deployments
+    resourceNames:
+      - ovn-central
+    verbs:
+      - get
+      - list
+      - watch
   - apiGroups:
       - ""
     resources:
@@ -46,6 +55,7 @@ rules:
     verbs:
       - list
       - get
+      - watch
       - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -121,22 +131,33 @@ spec:
       serviceAccountName: ovs-ovn-upgrade
       containers:
         - name: ovs-ovn-upgrade
-          image: "{{ .Values.global.registry.address}}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}"
+          image: "{{ include "kubeovn.image" . }}"
           env:
             - name: POD_NAMESPACE
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+            - name: ENABLE_SSL
+              value: "{{ .Values.networking.ENABLE_SSL }}"
+            - name: OVN_DB_IPS
+              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
           command:
-            - sh
+            - bash
+            - -eo
+            - pipefail
             - -c
             - /kube-ovn/upgrade-ovs.sh 2>&1 | tee -a /var/log/kube-ovn/upgrade-ovs.log
           volumeMounts:
             - mountPath: /var/log/kube-ovn
               name: kube-ovn-log
+            - mountPath: /var/run/tls
+              name: kube-ovn-tls
       volumes:
         - name: kube-ovn-log
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/kube-ovn
-{{ end }}
+        - name: kube-ovn-tls
+          secret:
+            optional: true
+            secretName: kube-ovn-tls
 {{ end }}

packages/system/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml

@@ -7,4 +7,4 @@ metadata:
     kubernetes.io/description: |
       kube-ovn vpc-nat common config
 data:
-  image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.vpcRepository }}:{{ .Values.global.images.kubeovn.tag }}
+  image: {{ include "kubeovn.image" . }}

packages/system/kubeovn/charts/kube-ovn/values.yaml

@@ -40,7 +40,6 @@ networking:
     VLAN_ID: "100"
   EXCHANGE_LINK_NAME: false
   ENABLE_EIP_SNAT: true
-  POD_DEFAULT_FIP_TYPE: ""
   DEFAULT_SUBNET: "ovn-default"
   DEFAULT_VPC: "ovn-cluster"
   NODE_SUBNET: "join"
@@ -48,6 +47,7 @@ networking:
   ENABLE_METRICS: true
   NODE_LOCAL_DNS_IP: ""
   PROBE_INTERVAL: 180000
+  OVN_NORTHD_PROBE_INTERVAL: 5000
   OVN_LEADER_PROBE_INTERVAL: 5
   OVN_REMOTE_PROBE_INTERVAL: 10000
   OVN_REMOTE_OPENFLOW_INTERVAL: 180
@@ -63,19 +63,17 @@ func:
   ENABLE_LB_SVC: false
   ENABLE_KEEP_VM_IP: true
   LS_DNAT_MOD_DL_DST: true
+  LS_CT_SKIP_DST_LPORT_IPS: true
   CHECK_GATEWAY: true
   LOGICAL_GATEWAY: false
   ENABLE_BIND_LOCAL_IP: true
   U2O_INTERCONNECTION: false
   ENABLE_TPROXY: false
+  ENABLE_IC: false
 
 ipv4:
-  POD_CIDR: "10.16.0.0/16"
-  POD_GATEWAY: "10.16.0.1"
-  SVC_CIDR: "10.96.0.0/12"
-  JOIN_CIDR: "100.64.0.0/16"
   PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
-  PINGER_EXTERNAL_DOMAIN: "alauda.cn."
+  PINGER_EXTERNAL_DOMAIN: "kube-ovn.io."
 
 ipv6:
   POD_CIDR: "fd00:10:16::/112"
@@ -94,8 +92,6 @@ dual_stack:
   PINGER_EXTERNAL_DOMAIN: "google.com."
 
 performance:
-  MODULES: "kube_ovn_fastpath.ko"
-  RPMS: "openvswitch-kmod"
   GC_INTERVAL: 360
   INSPECT_INTERVAL: 20
   OVS_VSCTL_CONCURRENCY: 100
@@ -149,7 +145,7 @@ ovs-ovn:
     cpu: "200m"
     memory: "200Mi"
   limits:
-    cpu: "1000m"
+    cpu: "2"
     memory: "1000Mi"
 kube-ovn-controller:
   requests:

packages/system/kubeovn/images/kubeovn.json

@@ -0,0 +1,4 @@
+{
+  "containerimage.config.digest": "sha256:f83db05cfc7228a02d1308721de535e90e355d1b147b2d36bb98e10a848c3ef6",
+  "containerimage.digest": "sha256:440075488baba3610d7f8be6283f89ab3862ff3a9556c51a0e99ec6d46315192"
+}

packages/system/kubeovn/images/kubeovn.tag

@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/kubeovn:latest

packages/system/kubeovn/images/kubeovn/Dockerfile

@@ -0,0 +1,43 @@
+ARG VERSION=v1.13.0
+ARG BASE_TAG=$VERSION
+
+FROM golang:1.22-bookworm as builder
+
+ARG COMMIT_REF=e1310e1
+
+WORKDIR /source
+
+RUN wget -O- https://github.com/kubeovn/kube-ovn/archive/${COMMIT_REF}.tar.gz | tar xzf - --strip-components=1
+RUN sed -i 's|-z now|-z now -static|' Makefile
+RUN make build-go
+
+WORKDIR /source/dist/images
+
+# imported from https://github.com/kubeovn/kube-ovn/blob/master/dist/images/Dockerfile
+FROM kubeovn/kube-ovn-base:$BASE_TAG
+
+COPY --from=builder /source/dist/images/*.sh /kube-ovn/
+COPY --from=builder /source/dist/images/kubectl-ko /kube-ovn/kubectl-ko
+COPY --from=builder /source/dist/images/01-kube-ovn.conflist /kube-ovn/01-kube-ovn.conflist
+COPY --from=builder /source/dist/images/logrotate/* /etc/logrotate.d/
+COPY --from=builder /source/dist/images/grace_stop_ovn_controller /usr/share/ovn/scripts/grace_stop_ovn_controller
+
+WORKDIR /kube-ovn
+
+RUN /kube-ovn/iptables-wrapper-installer.sh --no-sanity-check
+RUN rm -f /usr/bin/nc &&\
+    rm -f /usr/bin/netcat &&\
+    rm -f /usr/lib/apt/methods/mirror
+RUN deluser sync
+
+COPY --from=builder /source/dist/images/kube-ovn /kube-ovn/kube-ovn
+COPY --from=builder /source/dist/images/kube-ovn-cmd /kube-ovn/kube-ovn-cmd
+COPY --from=builder /source/dist/images/kube-ovn-webhook /kube-ovn/kube-ovn-webhook
+RUN ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-daemon && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-monitor && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-pinger && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-speaker && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-controller-healthcheck && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-leader-checker && \
+    ln -s /kube-ovn/kube-ovn-cmd /kube-ovn/kube-ovn-ic-controller

packages/system/kubeovn/patches/cozyconfig.diff

@@ -0,0 +1,97 @@
+
+diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
+index d9a9a67..b2e12dd 100644
+--- a/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
++++ b/packages/system/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml
+@@ -51,18 +51,12 @@ spec:
+           - bash
+           - /kube-ovn/start-cniserver.sh
+         args:
++          {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+           - --enable-mirror={{- .Values.debug.ENABLE_MIRROR }}
+           - --mirror-iface={{- .Values.debug.MIRROR_IFACE }}
+           - --node-switch={{ .Values.networking.NODE_SUBNET }}
+           - --encap-checksum=true
+-          - --service-cluster-ip-range=
+-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
+-          {{ .Values.dual_stack.SVC_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
+-          {{ .Values.ipv4.SVC_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+-          {{ .Values.ipv6.SVC_CIDR }}
+-          {{- end }}
++          - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
+           {{- if eq .Values.networking.NETWORK_TYPE "vlan" }}
+           - --iface=
+           {{- else}}
+diff --git a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
+index 0e69494..756eb7c 100644
+--- a/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
++++ b/packages/system/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml
+@@ -52,46 +52,19 @@ spec:
+           image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+           imagePullPolicy: {{ .Values.image.pullPolicy }}
+           args:
++          {{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+           - /kube-ovn/start-controller.sh
+           - --default-ls={{ .Values.networking.DEFAULT_SUBNET }}
+-          - --default-cidr=
+-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
+-          {{ .Values.dual_stack.POD_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
+-          {{ .Values.ipv4.POD_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+-          {{ .Values.ipv6.POD_CIDR }}
+-          {{- end }}
+-          - --default-gateway=
+-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
+-          {{ .Values.dual_stack.POD_GATEWAY }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
+-          {{ .Values.ipv4.POD_GATEWAY }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+-          {{ .Values.ipv6.POD_GATEWAY }}
+-          {{- end }}
++          - --default-cidr={{ index $cozyConfig.data "ipv4-pod-cidr" }}
++          - --default-gateway={{ index $cozyConfig.data "ipv4-pod-gateway" }}
+           - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
+           - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
+           - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
+           - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
+           - --cluster-router={{ .Values.networking.DEFAULT_VPC }}
+           - --node-switch={{ .Values.networking.NODE_SUBNET }}
+-          - --node-switch-cidr=
+-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
+-          {{ .Values.dual_stack.JOIN_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
+-          {{ .Values.ipv4.JOIN_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+-          {{ .Values.ipv6.JOIN_CIDR }}
+-          {{- end }}
+-          - --service-cluster-ip-range=
+-          {{- if eq .Values.networking.NET_STACK "dual_stack" -}}
+-          {{ .Values.dual_stack.SVC_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv4" -}}
+-          {{ .Values.ipv4.SVC_CIDR }}
+-          {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+-          {{ .Values.ipv6.SVC_CIDR }}
+-          {{- end }}
++          - --node-switch-cidr={{ index $cozyConfig.data "ipv4-join-cidr" }}
++          - --service-cluster-ip-range={{ index $cozyConfig.data "ipv4-svc-cidr" }}
+           - --network-type={{- .Values.networking.NETWORK_TYPE }}
+           - --default-provider-name={{ .Values.networking.vlan.PROVIDER_NAME }}
+           - --default-interface-name={{- .Values.networking.vlan.VLAN_INTERFACE_NAME }}
+diff --git a/packages/system/kubeovn/charts/kube-ovn/values.yaml b/packages/system/kubeovn/charts/kube-ovn/values.yaml
+index bfffc4d..b880749 100644
+--- a/packages/system/kubeovn/charts/kube-ovn/values.yaml
++++ b/packages/system/kubeovn/charts/kube-ovn/values.yaml
+@@ -70,10 +70,6 @@ func:
+   ENABLE_TPROXY: false
+ 
+ ipv4:
+-  POD_CIDR: "10.16.0.0/16"
+-  POD_GATEWAY: "10.16.0.1"
+-  SVC_CIDR: "10.96.0.0/12"
+-  JOIN_CIDR: "100.64.0.0/16"
+   PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
+   PINGER_EXTERNAL_DOMAIN: "alauda.cn."
+ 

packages/system/kubeovn/templates/_helpers.tpl

@@ -0,0 +1,3 @@
+{{- define "kubeovn.image" -}}
+{{ .Files.Get "images/kubeovn.tag" | trim }}@{{ index (.Files.Get "images/kubeovn.json" | fromJson) "containerimage.digest" }}
+{{- end -}}

packages/system/kubeovn/values.yaml

@@ -1,12 +1,4 @@
 kube-ovn:
-  global:
-    registry:
-      address: ghcr.io/kvaps
-    images:
-      kubeovn:
-        repository: test
-        tag: kube-ovn-static-v1.13.0-cozystack2
-
   namespace: cozy-kubeovn
 
   func: