upd kubeovn

packages/core/kubeovn/Makefile

@@ -2,24 +2,20 @@ NAMESPACE=cozy-kubeovn
 NAME=kubeovn
 
 show:
-	helm template -n $(NAMESPACE) $(NAME) .
+	helm template --dry-run=server -n $(NAMESPACE) $(NAME) .
 
 apply:
 	kubectl label node -lnode-role.kubernetes.io/control-plane kube-ovn/role=master --overwrite && \
 	MASTER_NODES=$$(kubectl get nodes -lkube-ovn/role=master -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}' | tr ' ' ',') && \
 	MASTER_COUNT=$$(echo "$$MASTER_NODES" | awk -F, '{ print NF }') && \
 	set -x && \
-	helm upgrade -i -n $(NAMESPACE) $(NAME) . -f values-runtime.yaml
+	helm upgrade -i -n $(NAMESPACE) $(NAME) .
 
 diff:
-	helm diff upgrade --allow-unreleased -n $(NAMESPACE) $(NAME) .
+	helm diff upgrade --dry-run --allow-unreleased -n $(NAMESPACE) $(NAME) .
 
 update:
 	rm -rf charts && mkdir -p charts/kube-ovn
-	tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/kubeovn/kube-ovn  | awk -F'[/^]' 'END{print $$3}') && \
-	curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/tags/$${tag}.tar.gz | \
-	tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-$${tag#*v}/charts
-	sed -i 's/kube-system/cozy-kubeovn/g' `grep -lr kube-system charts | grep -v values.yaml`
-	sed -i ./charts/kube-ovn/templates/*.yaml \
-  	-e '/path:/ s|/etc/origin/|/var/lib/|' \
-		-e '/mountPath:/ s|/usr/local/bin|/opt/bin|' 
+	curl -sSL https://github.com/kubeovn/kube-ovn/archive/refs/heads/master.tar.gz | \
+	tar -C charts/kube-ovn -xzvf - --strip 2 kube-ovn-master/charts
+	cd charts/kube-ovn && patch -p2 < ../../patches/talos.patch

packages/core/kubeovn/charts/kube-ovn/Chart.yaml

@@ -21,4 +21,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.12.0"
+appVersion: "1.13.0"

packages/core/kubeovn/charts/kube-ovn/README.md

@@ -10,11 +10,33 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=mast
 $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
 
 # standard install 
-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},
+$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}
 
 # high availability install
-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
+$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
 
 # upgrade to this version
-$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
+$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
+```
+
+If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
+
+### Talos Linux
+
+To install Kube-OVN on Talos Linux, declare openvswitch module in machine config:
+
+```
+machine:
+  kernel:
+    modules:
+    - name: openvswitch
+```
+
+and use the following options for install this Helm-chart:
+
+```
+--set cni_conf.MOUNT_LOCAL_BIN_DIR=false
+--set OPENVSWITCH_DIR=/var/lib/openvswitch
+--set OVN_DIR=/var/lib/ovn
+--set DISABLE_MODULES_MANAGEMENT=true
 ```

packages/core/kubeovn/charts/kube-ovn/crds/crd.yaml

@@ -1490,6 +1490,10 @@ spec:
                   type: string
                 pmac:
                   type: string
+                selector:
+                  type: array
+                  items:
+                    type: string
                 conditions:
                   type: array
                   items:
@@ -1532,6 +1536,10 @@ spec:
                   type: string
                 parentV6ip:
                   type: string
+                selector:
+                  type: array
+                  items:
+                    type: string
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
@@ -1738,6 +1746,8 @@ spec:
                   type: boolean
                 ipv6RAConfigs:
                   type: string
+                allowEWTraffic:
+                  type: boolean
                 acls:
                   type: array
                   items:
@@ -1787,6 +1797,8 @@ spec:
                   type: boolean
                 enableEcmp:
                   type: boolean
+                enableMulticastSnoop:
+                  type: boolean
                 routeTable:
                   type: string
   scope: Cluster

packages/core/kubeovn/charts/kube-ovn/templates/_helpers.tpl

@@ -0,0 +1,24 @@
+{{/*
+Get IP-addresses of master nodes
+*/}}
+{{- define "kubeovn.nodeIPs" -}}
+{{- $nodes := lookup "v1" "Node" "" "" -}}
+{{- $ips := list -}}
+{{- range $node := $nodes.items -}}
+  {{- if eq (index $node.metadata.labels "kube-ovn/role") "master" -}}
+    {{- range $address := $node.status.addresses -}}
+      {{- if eq $address.type "InternalIP" -}}
+        {{- $ips = append $ips $address.address -}}
+      {{- end -}}
+    {{- end -}}
+  {{- end -}}
+{{- end -}}
+{{ join "," $ips }}
+{{- end -}}
+
+{{/*
+Number of master nodes
+*/}}
+{{- define "kubeovn.nodeCount" -}}
+  {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
+{{- end -}}

packages/core/kubeovn/charts/kube-ovn/templates/central-deploy.yaml

@@ -7,7 +7,7 @@ metadata:
     kubernetes.io/description: |
       OVN components: northd, nb and sb.
 spec:
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ include "kubeovn.nodeCount" . }}
   strategy:
     rollingUpdate:
       maxSurge: 0
@@ -53,7 +53,7 @@ spec:
             - name: ENABLE_SSL
               value: "{{ .Values.networking.ENABLE_SSL }}"
             - name: NODE_IPS
-              value: "{{ .Values.MASTER_NODES }}"
+              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
             - name: POD_IP
               valueFrom:
                 fieldRef:
@@ -82,21 +82,11 @@ spec:
               value: "{{ .Values.networking.ENABLE_COMPACT }}"
           resources:
             requests:
-            {{- if .Release.IsUpgrade }}
-              cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.requests.cpu | quote }}
-              memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.requests.memory | quote }}
-            {{- else }}
               cpu: {{ index .Values "ovn-central" "requests" "cpu" }}
               memory: {{ index .Values "ovn-central" "requests" "memory" }}
-            {{- end }}
             limits:
-            {{- if .Release.IsUpgrade }}
-              cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.limits.cpu | quote }}
-              memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "ovn-central").spec.template.spec.containers 0).resources.limits.memory | quote }}
-            {{- else }}
               cpu: {{ index .Values "ovn-central" "limits" "cpu" }}
               memory: {{ index .Values "ovn-central" "limits" "memory" }}
-            {{- end }}
           volumeMounts:
             - mountPath: /var/run/openvswitch
               name: host-run-ovs
@@ -149,10 +139,10 @@ spec:
             path: /sys
         - name: host-config-openvswitch
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-config-ovn
           hostPath:
-            path: /var/lib/ovn
+            path: {{ .Values.OVN_DIR }}
         - name: host-log-ovs
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch

packages/core/kubeovn/charts/kube-ovn/templates/controller-deploy.yaml

@@ -7,7 +7,7 @@ metadata:
     kubernetes.io/description: |
       kube-ovn controller
 spec:
-  replicas: {{ .Values.replicaCount }}
+  replicas: {{ include "kubeovn.nodeCount" . }}
   selector:
     matchLabels:
       app: kube-ovn-controller
@@ -70,8 +70,8 @@ spec:
           {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
           {{ .Values.ipv6.POD_GATEWAY }}
           {{- end }}
-          - --default-gateway-check={{- .Values.cni_conf.CHECK_GATEWAY }}
-          - --default-logical-gateway={{- .Values.cni_conf.LOGICAL_GATEWAY }}
+          - --default-gateway-check={{- .Values.func.CHECK_GATEWAY }}
+          - --default-logical-gateway={{- .Values.func.LOGICAL_GATEWAY }}
           - --default-u2o-interconnection={{- .Values.func.U2O_INTERCONNECTION }}
           - --default-exclude-ips={{- .Values.networking.EXCLUDE_IPS }}
           - --cluster-router={{ .Values.networking.DEFAULT_VPC }}
@@ -132,7 +132,7 @@ spec:
                 fieldRef:
                   fieldPath: spec.nodeName
             - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES }}"
+              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
             - name: POD_IPS
               valueFrom:
                 fieldRef:
@@ -166,21 +166,11 @@ spec:
             timeoutSeconds: 45
           resources:
             requests:
-            {{- if .Release.IsUpgrade }}
-              cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.requests.cpu | quote }}
-              memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.requests.memory | quote }}
-            {{- else }}
               cpu: {{ index .Values "kube-ovn-controller" "requests" "cpu" }}
               memory: {{ index .Values "kube-ovn-controller" "requests" "memory" }}
-            {{- end }}
             limits:
-            {{- if .Release.IsUpgrade }}
-              cpu: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.limits.cpu | quote }}
-              memory: {{ (index (lookup "apps/v1" "Deployment" "cozy-kubeovn" "kube-ovn-controller").spec.template.spec.containers 0).resources.limits.memory | quote }}
-            {{- else }}
               cpu: {{ index .Values "kube-ovn-controller" "limits" "cpu" }}
               memory: {{ index .Values "kube-ovn-controller" "limits" "memory" }}
-            {{- end }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:

packages/core/kubeovn/charts/kube-ovn/templates/controller-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: kube-ovn-controller
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app: kube-ovn-controller
 spec:

packages/core/kubeovn/charts/kube-ovn/templates/monitor-deploy.yaml

@@ -118,10 +118,10 @@ spec:
             path: /run/ovn
         - name: host-config-openvswitch
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-config-ovn
           hostPath:
-            path: /var/lib/ovn
+            path: {{ .Values.OVN_DIR }}
         - name: host-log-ovn
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/ovn

packages/core/kubeovn/charts/kube-ovn/templates/monitor-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: kube-ovn-monitor
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app: kube-ovn-monitor
 spec:

packages/core/kubeovn/charts/kube-ovn/templates/nb-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ovn-nb
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 spec:
   ports:
     - name: ovn-nb

packages/core/kubeovn/charts/kube-ovn/templates/northd-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ovn-northd
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 spec:
   ports:
     - name: ovn-northd

packages/core/kubeovn/charts/kube-ovn/templates/ovn-CRB.yaml

@@ -9,7 +9,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: ovn
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -23,7 +23,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: ovn-ovs
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -37,7 +37,7 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kube-ovn-cni
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -51,4 +51,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kube-ovn-app
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}

packages/core/kubeovn/charts/kube-ovn/templates/ovn-dpdk-ds.yaml

@@ -3,7 +3,7 @@ kind: DaemonSet
 apiVersion: apps/v1
 metadata:
   name: ovs-ovn-dpdk
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   annotations:
     kubernetes.io/description: |
       This daemon set launches the openvswitch daemon.
@@ -55,7 +55,7 @@ spec:
                 fieldRef:
                   fieldPath: spec.nodeName
             - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES }}"
+              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
             - name: OVN_REMOTE_PROBE_INTERVAL
               value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
             - name: OVN_REMOTE_OPENFLOW_INTERVAL
@@ -144,10 +144,10 @@ spec:
             path: /sys
         - name: host-config-openvswitch
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-config-ovn
           hostPath:
-            path: /var/lib/ovn
+            path: {{ .Values.OVN_DIR }}
         - name: host-log-ovs
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch

packages/core/kubeovn/charts/kube-ovn/templates/ovn-sa.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: ovn
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 {{-  if .Values.global.registry.imagePullSecrets }}
 imagePullSecrets:
 {{- range $index, $secret := .Values.global.registry.imagePullSecrets }}
@@ -17,18 +17,18 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: ovn-ovs
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-ovn-cni
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-ovn-app
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}

packages/core/kubeovn/charts/kube-ovn/templates/ovncni-ds.yaml

@@ -39,8 +39,10 @@ spec:
         volumeMounts:
           - mountPath: /opt/cni/bin
             name: cni-bin
-          - mountPath: /opt/bin
+          {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
+          - mountPath: /usr/local/bin
             name: local-bin
+          {{- end }}
       containers:
       - name: cni-server
         image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
@@ -156,21 +158,11 @@ spec:
           timeoutSeconds: 3
         resources:
           requests:
-          {{- if .Release.IsUpgrade }}
-            cpu: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.requests.cpu | quote }}
-            memory: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.requests.memory | quote }}
-          {{- else }}
             cpu: {{ index .Values "kube-ovn-cni" "requests" "cpu" }}
             memory: {{ index .Values "kube-ovn-cni" "requests" "memory" }}
-          {{- end }}
           limits:
-          {{- if .Release.IsUpgrade }}
-            cpu: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.limits.cpu | quote }}
-            memory: {{ (index (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "kube-ovn-cni").spec.template.spec.containers 0).resources.limits.memory | quote }}
-          {{- else }}
             cpu: {{ index .Values "kube-ovn-cni" "limits" "cpu" }}
             memory: {{ index .Values "kube-ovn-cni" "limits" "memory" }}
-          {{- end }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:
@@ -182,7 +174,7 @@ spec:
             path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
         - name: systemid
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-run-ovs
           hostPath:
             path: /run/openvswitch
@@ -216,6 +208,8 @@ spec:
         - name: tmp
           hostPath:
             path: /tmp
+        {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
         - name: local-bin
           hostPath:
-            path: /usr/local/bin
+            path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
+        {{- end }}

packages/core/kubeovn/charts/kube-ovn/templates/ovncni-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: kube-ovn-cni
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app: kube-ovn-cni
 spec:

packages/core/kubeovn/charts/kube-ovn/templates/ovsovn-ds.yaml

@@ -45,12 +45,17 @@ spec:
           command: ["/kube-ovn/start-ovs-dpdk.sh"]
           {{- else }}
           command: 
-          - /bin/bash
+          {{- if .Values.DISABLE_MODULES_MANAGEMENT }}
+          - /bin/sh
           - -c
           - |
-              ln -sf /bin/true /usr/sbin/modinfo
               ln -sf /bin/true /usr/sbin/modprobe
+              ln -sf /bin/true /usr/sbin/modinfo
+              ln -sf /bin/true /usr/sbin/rmmod
               exec /kube-ovn/start-ovs.sh
+          {{- else }}
+          - /kube-ovn/start-ovs.sh
+          {{- end }}
           {{- end }}
           securityContext:
             runAsUser: 0
@@ -79,7 +84,7 @@ spec:
                 fieldRef:
                   fieldPath: spec.nodeName
             - name: OVN_DB_IPS
-              value: "{{ .Values.MASTER_NODES }}"
+              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
             - name: OVN_REMOTE_PROBE_INTERVAL
               value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
             - name: OVN_REMOTE_OPENFLOW_INTERVAL
@@ -185,10 +190,10 @@ spec:
             path: /sys
         - name: host-config-openvswitch
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-config-ovn
           hostPath:
-            path: /var/lib/ovn
+            path: {{ .Values.OVN_DIR }}
         - name: host-log-ovs
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch

packages/core/kubeovn/charts/kube-ovn/templates/pinger-ds.yaml

@@ -20,6 +20,13 @@ spec:
         type: infra
     spec:
       priorityClassName: system-node-critical
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+        - key: CriticalAddonsOnly
+          operator: Exists
       serviceAccountName: kube-ovn-app
       hostPID: true
       containers:
@@ -44,7 +51,7 @@ spec:
           {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
           {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }}
           {{- end }}
-          - --ds-namespace=cozy-kubeovn
+          - --ds-namespace={{ .Values.namespace }}
           - --logtostderr=false
           - --alsologtostderr=true
           - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
@@ -111,7 +118,7 @@ spec:
             path: /run/ovn
         - name: host-config-openvswitch
           hostPath:
-            path: /var/lib/openvswitch
+            path: {{ .Values.OPENVSWITCH_DIR }}
         - name: host-log-ovs
           hostPath:
             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch

packages/core/kubeovn/charts/kube-ovn/templates/pinger-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: kube-ovn-pinger
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app: kube-ovn-pinger
 spec:

packages/core/kubeovn/charts/kube-ovn/templates/pre-delete-hook.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-ovn-pre-delete-hook
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
@@ -48,13 +48,13 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: kube-ovn-pre-delete-hook
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: "{{ .Chart.Name }}-pre-delete-hook"
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
     app.kubernetes.io/instance: {{ .Release.Name | quote }}

packages/core/kubeovn/charts/kube-ovn/templates/sb-svc.yaml

@@ -2,7 +2,7 @@ kind: Service
 apiVersion: v1
 metadata:
   name: ovn-sb
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
 spec:
   ports:
     - name: ovn-sb

packages/core/kubeovn/charts/kube-ovn/templates/upgrade-ovs-ovn.yaml

@@ -1,11 +1,11 @@
-{{ if (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "ovs-ovn") }}
-{{ if eq (lookup "apps/v1" "DaemonSet" "cozy-kubeovn" "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
+{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }}
+{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: ovs-ovn-upgrade
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   annotations:
     # This is what defines this resource as a hook. Without this line, the
     # job is considered part of the release.
@@ -65,13 +65,13 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     name: ovs-ovn-upgrade
-    namespace: cozy-kubeovn
+    namespace: {{ .Values.namespace }}
 ---
 apiVersion: batch/v1
 kind: Job
 metadata:
   name: "{{ .Chart.Name }}-post-upgrade-hook"
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   labels:
     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
     app.kubernetes.io/instance: {{ .Release.Name | quote }}

packages/core/kubeovn/charts/kube-ovn/templates/vpc-nat-config.yaml

@@ -2,7 +2,7 @@ kind: ConfigMap
 apiVersion: v1
 metadata:
   name: ovn-vpc-nat-config
-  namespace: cozy-kubeovn
+  namespace: {{ .Values.namespace }}
   annotations:
     kubernetes.io/description: |
       kube-ovn vpc-nat common config

packages/core/kubeovn/charts/kube-ovn/values.yaml

@@ -10,7 +10,7 @@ global:
       repository: kube-ovn
       dpdkRepository: kube-ovn-dpdk
       vpcRepository: vpc-nat-gateway
-      tag: v1.12.4
+      tag: v1.13.0
       support_arm: true
       thirdparty: true
 
@@ -18,7 +18,6 @@ image:
   pullPolicy: IfNotPresent
 
 namespace: kube-system
-replicaCount: 1
 MASTER_NODES: ""
 
 networking:
@@ -38,8 +37,8 @@ networking:
     VLAN_INTERFACE_NAME: ""
     VLAN_NAME: "ovn-vlan"
     VLAN_ID: "100"
-  ENABLE_EIP_SNAT: true
   EXCHANGE_LINK_NAME: false
+  ENABLE_EIP_SNAT: true
   POD_DEFAULT_FIP_TYPE: ""
   DEFAULT_SUBNET: "ovn-default"
   DEFAULT_VPC: "ovn-cluster"
@@ -57,11 +56,14 @@ networking:
 func:
   ENABLE_LB: true
   ENABLE_NP: true
+  ENABLE_EIP_SNAT: true
   ENABLE_EXTERNAL_VPC: true
   HW_OFFLOAD: false
   ENABLE_LB_SVC: false
   ENABLE_KEEP_VM_IP: true
   LS_DNAT_MOD_DL_DST: true
+  CHECK_GATEWAY: true
+  LOGICAL_GATEWAY: false
   ENABLE_BIND_LOCAL_IP: true
   U2O_INTERCONNECTION: false
   ENABLE_TPROXY: false
@@ -71,7 +73,7 @@ ipv4:
   POD_GATEWAY: "10.16.0.1"
   SVC_CIDR: "10.96.0.0/12"
   JOIN_CIDR: "100.64.0.0/16"
-  PINGER_EXTERNAL_ADDRESS: "114.114.114.114"
+  PINGER_EXTERNAL_ADDRESS: "1.1.1.1"
   PINGER_EXTERNAL_DOMAIN: "alauda.cn."
 
 ipv6:
@@ -79,7 +81,7 @@ ipv6:
   POD_GATEWAY: "fd00:10:16::1"
   SVC_CIDR: "fd00:10:96::/112"
   JOIN_CIDR: "fd00:100:64::/112"
-  PINGER_EXTERNAL_ADDRESS: "2400:3200::1"
+  PINGER_EXTERNAL_ADDRESS: "2606:4700:4700::1111"
   PINGER_EXTERNAL_DOMAIN: "google.com."
 
 dual_stack:
@@ -87,7 +89,7 @@ dual_stack:
   POD_GATEWAY: "10.16.0.1,fd00:10:16::1"
   SVC_CIDR: "10.96.0.0/12,fd00:10:96::/112"
   JOIN_CIDR: "100.64.0.0/16,fd00:100:64::/112"
-  PINGER_EXTERNAL_ADDRESS: "114.114.114.114,2400:3200::1"
+  PINGER_EXTERNAL_ADDRESS: "1.1.1.1,2606:4700:4700::1111"
   PINGER_EXTERNAL_DOMAIN: "google.com."
 
 performance:
@@ -102,12 +104,12 @@ debug:
   MIRROR_IFACE: "mirror0"
 
 cni_conf:
-  CHECK_GATEWAY: true
-  LOGICAL_GATEWAY: false
   CNI_CONFIG_PRIORITY: "01"
   CNI_CONF_DIR: "/etc/cni/net.d"
   CNI_BIN_DIR: "/opt/cni/bin"
   CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist"
+  LOCAL_BIN_DIR: "/usr/local/bin"
+  MOUNT_LOCAL_BIN_DIR: false
 
 kubelet_conf:
   KUBELET_DIR: "/var/lib/kubelet"
@@ -115,6 +117,10 @@ kubelet_conf:
 log_conf:
   LOG_DIR: "/var/log"
 
+OPENVSWITCH_DIR: "/etc/origin/openvswitch"
+OVN_DIR: "/etc/origin/ovn"
+DISABLE_MODULES_MANAGEMENT: false
+  
 imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

packages/core/kubeovn/patches/talos.patch

@@ -1,39 +1,551 @@
-diff --git a/system/kubeovn/install.sh b/system/kubeovn/install.sh
-index 6120c35..29a3146 100644
---- a/system/kubeovn/install.sh
-+++ b/system/kubeovn/install.sh
-@@ -49,9 +49,9 @@ REGISTRY="docker.io/kubeovn"
- VPC_NAT_IMAGE="vpc-nat-gateway"
- VERSION="v1.12.3"
- IMAGE_PULL_POLICY="IfNotPresent"
--POD_CIDR="10.16.0.0/16"                # Do NOT overlap with NODE/SVC/JOIN CIDR
--POD_GATEWAY="10.16.0.1"
--SVC_CIDR="10.96.0.0/12"                # Do NOT overlap with NODE/POD/JOIN CIDR
-+POD_CIDR="10.244.0.0/16"                # Do NOT overlap with NODE/SVC/JOIN CIDR
-+POD_GATEWAY="10.244.0.1"
-+SVC_CIDR="10.96.0.0/16"                # Do NOT overlap with NODE/POD/JOIN CIDR
- JOIN_CIDR="100.64.0.0/16"              # Do NOT overlap with NODE/POD/SVC CIDR
- PINGER_EXTERNAL_ADDRESS="114.114.114.114"  # Pinger check external ip probe
- PINGER_EXTERNAL_DOMAIN="alauda.cn."         # Pinger check external domain probe
-@@ -3557,7 +3557,12 @@ spec:
-           image: "$REGISTRY/kube-ovn:$VERSION"
-           imagePullPolicy: $IMAGE_PULL_POLICY
+diff --git a/charts/README.md b/charts/README.md
+index bd0d5c6c..f9295ca9 100644
+--- a/charts/README.md
++++ b/charts/README.md
+@@ -10,11 +10,33 @@ $ kubectl label node -lnode-role.kubernetes.io/control-plane  kube-ovn/role=mast
+ $ kubectl label node -lovn.kubernetes.io/ovs_dp_type!=userspace ovn.kubernetes.io/ovs_dp_type=kernel  --overwrite
+ 
+ # standard install 
+-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},
++$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0}
+ 
+ # high availability install
+-$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
++$ helm install --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
+ 
+ # upgrade to this version
+-$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}, --set replicaCount=3
++$ helm upgrade --debug kubeovn ./charts --set MASTER_NODES=${Node0},${Node1},${Node2}
++```
++
++If `MASTER_NODES` unspecified Helm will take internal IPs of nodes with `kube-ovn/role=master` label
++
++### Talos Linux
++
++To install Kube-OVN on Talos Linux, declare openvswitch module in machine config:
++
++```
++machine:
++  kernel:
++    modules:
++    - name: openvswitch
++```
++
++and use the following options for install this Helm-chart:
++
++```
++--set cni_conf.MOUNT_LOCAL_BIN_DIR=false
++--set OPENVSWITCH_DIR=/var/lib/openvswitch
++--set OVN_DIR=/var/lib/ovn
++--set DISABLE_MODULES_MANAGEMENT=true
+ ```
+diff --git a/charts/templates/_helpers.tpl b/charts/templates/_helpers.tpl
+new file mode 100644
+index 00000000..1341e99f
+--- /dev/null
++++ b/charts/templates/_helpers.tpl
+@@ -0,0 +1,24 @@
++{{/*
++Get IP-addresses of master nodes
++*/}}
++{{- define "kubeovn.nodeIPs" -}}
++{{- $nodes := lookup "v1" "Node" "" "" -}}
++{{- $ips := list -}}
++{{- range $node := $nodes.items -}}
++  {{- if eq (index $node.metadata.labels "kube-ovn/role") "master" -}}
++    {{- range $address := $node.status.addresses -}}
++      {{- if eq $address.type "InternalIP" -}}
++        {{- $ips = append $ips $address.address -}}
++      {{- end -}}
++    {{- end -}}
++  {{- end -}}
++{{- end -}}
++{{ join "," $ips }}
++{{- end -}}
++
++{{/*
++Number of master nodes
++*/}}
++{{- define "kubeovn.nodeCount" -}}
++  {{- len (split "," (.Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .))) }}
++{{- end -}}
+diff --git a/charts/templates/central-deploy.yaml b/charts/templates/central-deploy.yaml
+index 3a854930..cbdf87b7 100644
+--- a/charts/templates/central-deploy.yaml
++++ b/charts/templates/central-deploy.yaml
+@@ -7,7 +7,7 @@ metadata:
+     kubernetes.io/description: |
+       OVN components: northd, nb and sb.
+ spec:
+-  replicas: {{ .Values.replicaCount }}
++  replicas: {{ include "kubeovn.nodeCount" . }}
+   strategy:
+     rollingUpdate:
+       maxSurge: 0
+@@ -53,7 +53,7 @@ spec:
+             - name: ENABLE_SSL
+               value: "{{ .Values.networking.ENABLE_SSL }}"
+             - name: NODE_IPS
+-              value: "{{ .Values.MASTER_NODES }}"
++              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
+             - name: POD_IP
+               valueFrom:
+                 fieldRef:
+@@ -139,10 +139,10 @@ spec:
+             path: /sys
+         - name: host-config-openvswitch
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-config-ovn
+           hostPath:
+-            path: /etc/origin/ovn
++            path: {{ .Values.OVN_DIR }}
+         - name: host-log-ovs
+           hostPath:
+             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
+diff --git a/charts/templates/controller-deploy.yaml b/charts/templates/controller-deploy.yaml
+index bb18f48b..0e694945 100644
+--- a/charts/templates/controller-deploy.yaml
++++ b/charts/templates/controller-deploy.yaml
+@@ -7,7 +7,7 @@ metadata:
+     kubernetes.io/description: |
+       kube-ovn controller
+ spec:
+-  replicas: {{ .Values.replicaCount }}
++  replicas: {{ include "kubeovn.nodeCount" . }}
+   selector:
+     matchLabels:
+       app: kube-ovn-controller
+@@ -132,7 +132,7 @@ spec:
+                 fieldRef:
+                   fieldPath: spec.nodeName
+             - name: OVN_DB_IPS
+-              value: "{{ .Values.MASTER_NODES }}"
++              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
+             - name: POD_IPS
+               valueFrom:
+                 fieldRef:
+diff --git a/charts/templates/controller-svc.yaml b/charts/templates/controller-svc.yaml
+index 93e60e53..b4d39619 100644
+--- a/charts/templates/controller-svc.yaml
++++ b/charts/templates/controller-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: kube-ovn-controller
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app: kube-ovn-controller
+ spec:
+diff --git a/charts/templates/monitor-deploy.yaml b/charts/templates/monitor-deploy.yaml
+index cbdecba6..d28999b4 100644
+--- a/charts/templates/monitor-deploy.yaml
++++ b/charts/templates/monitor-deploy.yaml
+@@ -118,10 +118,10 @@ spec:
+             path: /run/ovn
+         - name: host-config-openvswitch
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-config-ovn
+           hostPath:
+-            path: /etc/origin/ovn
++            path: {{ .Values.OVN_DIR }}
+         - name: host-log-ovn
+           hostPath:
+             path: {{ .Values.log_conf.LOG_DIR }}/ovn
+diff --git a/charts/templates/monitor-svc.yaml b/charts/templates/monitor-svc.yaml
+index fec1fbb3..1ad1800d 100644
+--- a/charts/templates/monitor-svc.yaml
++++ b/charts/templates/monitor-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: kube-ovn-monitor
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app: kube-ovn-monitor
+ spec:
+diff --git a/charts/templates/nb-svc.yaml b/charts/templates/nb-svc.yaml
+index 7ec1595c..43992e91 100644
+--- a/charts/templates/nb-svc.yaml
++++ b/charts/templates/nb-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: ovn-nb
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ spec:
+   ports:
+     - name: ovn-nb
+diff --git a/charts/templates/northd-svc.yaml b/charts/templates/northd-svc.yaml
+index 494f57e2..cec07233 100644
+--- a/charts/templates/northd-svc.yaml
++++ b/charts/templates/northd-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: ovn-northd
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ spec:
+   ports:
+     - name: ovn-northd
+diff --git a/charts/templates/ovn-CRB.yaml b/charts/templates/ovn-CRB.yaml
+index aa84b43f..9230d900 100644
+--- a/charts/templates/ovn-CRB.yaml
++++ b/charts/templates/ovn-CRB.yaml
+@@ -9,7 +9,7 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: ovn
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+ 
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+@@ -23,7 +23,7 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: ovn-ovs
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+ 
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+@@ -37,7 +37,7 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: kube-ovn-cni
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+ 
+ ---
+ apiVersion: rbac.authorization.k8s.io/v1
+@@ -51,4 +51,4 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: kube-ovn-app
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+diff --git a/charts/templates/ovn-dpdk-ds.yaml b/charts/templates/ovn-dpdk-ds.yaml
+index 88865224..1d799899 100644
+--- a/charts/templates/ovn-dpdk-ds.yaml
++++ b/charts/templates/ovn-dpdk-ds.yaml
+@@ -3,7 +3,7 @@ kind: DaemonSet
+ apiVersion: apps/v1
+ metadata:
+   name: ovs-ovn-dpdk
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   annotations:
+     kubernetes.io/description: |
+       This daemon set launches the openvswitch daemon.
+@@ -55,7 +55,7 @@ spec:
+                 fieldRef:
+                   fieldPath: spec.nodeName
+             - name: OVN_DB_IPS
+-              value: "{{ .Values.MASTER_NODES }}"
++              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
+             - name: OVN_REMOTE_PROBE_INTERVAL
+               value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
+             - name: OVN_REMOTE_OPENFLOW_INTERVAL
+@@ -144,10 +144,10 @@ spec:
+             path: /sys
+         - name: host-config-openvswitch
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-config-ovn
+           hostPath:
+-            path: /etc/origin/ovn
++            path: {{ .Values.OVN_DIR }}
+         - name: host-log-ovs
+           hostPath:
+             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
+diff --git a/charts/templates/ovn-sa.yaml b/charts/templates/ovn-sa.yaml
+index 0400b90b..17b4a92f 100644
+--- a/charts/templates/ovn-sa.yaml
++++ b/charts/templates/ovn-sa.yaml
+@@ -2,7 +2,7 @@ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ovn
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ {{-  if .Values.global.registry.imagePullSecrets }}
+ imagePullSecrets:
+ {{- range $index, $secret := .Values.global.registry.imagePullSecrets }}
+@@ -17,18 +17,18 @@ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ovn-ovs
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ 
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: kube-ovn-cni
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ 
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: kube-ovn-app
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+diff --git a/charts/templates/ovncni-ds.yaml b/charts/templates/ovncni-ds.yaml
+index 3cee0233..d9a9a676 100644
+--- a/charts/templates/ovncni-ds.yaml
++++ b/charts/templates/ovncni-ds.yaml
+@@ -39,8 +39,10 @@ spec:
+         volumeMounts:
+           - mountPath: /opt/cni/bin
+             name: cni-bin
++          {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
+           - mountPath: /usr/local/bin
+             name: local-bin
++          {{- end }}
+       containers:
+       - name: cni-server
+         image: {{ .Values.global.registry.address }}/{{ .Values.global.images.kubeovn.repository }}:{{ .Values.global.images.kubeovn.tag }}
+@@ -172,7 +174,7 @@ spec:
+             path: {{ .Values.kubelet_conf.KUBELET_DIR }}/pods
+         - name: systemid
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-run-ovs
+           hostPath:
+             path: /run/openvswitch
+@@ -206,6 +208,8 @@ spec:
+         - name: tmp
+           hostPath:
+             path: /tmp
++        {{- if .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
+         - name: local-bin
+           hostPath:
+-            path: /usr/local/bin
++            path: {{ .Values.cni_conf.MOUNT_LOCAL_BIN_DIR }}
++        {{- end }}
+diff --git a/charts/templates/ovncni-svc.yaml b/charts/templates/ovncni-svc.yaml
+index 13b18c4d..e1c47c80 100644
+--- a/charts/templates/ovncni-svc.yaml
++++ b/charts/templates/ovncni-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: kube-ovn-cni
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app: kube-ovn-cni
+ spec:
+diff --git a/charts/templates/ovsovn-ds.yaml b/charts/templates/ovsovn-ds.yaml
+index 61139d23..e30d8aae 100644
+--- a/charts/templates/ovsovn-ds.yaml
++++ b/charts/templates/ovsovn-ds.yaml
+@@ -45,8 +45,18 @@ spec:
+           command: ["/kube-ovn/start-ovs-dpdk.sh"]
+           {{- else }}
            command: 
--          - /kube-ovn/start-ovs.sh
-+          - /bin/bash
++          {{- if .Values.DISABLE_MODULES_MANAGEMENT }}
++          - /bin/sh
 +          - -c
 +          - |
-+              ln -sf /bin/true /usr/sbin/modinfo
 +              ln -sf /bin/true /usr/sbin/modprobe
++              ln -sf /bin/true /usr/sbin/modinfo
++              ln -sf /bin/true /usr/sbin/rmmod
 +              exec /kube-ovn/start-ovs.sh
++          {{- else }}
+           - /kube-ovn/start-ovs.sh
+           {{- end }}
++          {{- end }}
            securityContext:
              runAsUser: 0
              privileged: true
-@@ -4263,6 +4268,7 @@ spec:
-           args:
-           - --external-address=$PINGER_EXTERNAL_ADDRESS
-           - --external-dns=$PINGER_EXTERNAL_DOMAIN
-+          - --ds-namespace=cozy-kubeovn
+@@ -74,7 +84,7 @@ spec:
+                 fieldRef:
+                   fieldPath: spec.nodeName
+             - name: OVN_DB_IPS
+-              value: "{{ .Values.MASTER_NODES }}"
++              value: "{{ .Values.MASTER_NODES | default (include "kubeovn.nodeIPs" .) }}"
+             - name: OVN_REMOTE_PROBE_INTERVAL
+               value: "{{ .Values.networking.OVN_REMOTE_PROBE_INTERVAL }}"
+             - name: OVN_REMOTE_OPENFLOW_INTERVAL
+@@ -180,10 +190,10 @@ spec:
+             path: /sys
+         - name: host-config-openvswitch
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-config-ovn
+           hostPath:
+-            path: /etc/origin/ovn
++            path: {{ .Values.OVN_DIR }}
+         - name: host-log-ovs
+           hostPath:
+             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
+diff --git a/charts/templates/pinger-ds.yaml b/charts/templates/pinger-ds.yaml
+index 91df855b..f54b276a 100644
+--- a/charts/templates/pinger-ds.yaml
++++ b/charts/templates/pinger-ds.yaml
+@@ -51,6 +51,7 @@ spec:
+           {{- else if eq .Values.networking.NET_STACK "ipv6" -}}
+           {{ .Values.ipv6.PINGER_EXTERNAL_DOMAIN }}
+           {{- end }}
++          - --ds-namespace={{ .Values.namespace }}
            - --logtostderr=false
            - --alsologtostderr=true
            - --log_file=/var/log/kube-ovn/kube-ovn-pinger.log
+@@ -117,7 +118,7 @@ spec:
+             path: /run/ovn
+         - name: host-config-openvswitch
+           hostPath:
+-            path: /etc/origin/openvswitch
++            path: {{ .Values.OPENVSWITCH_DIR }}
+         - name: host-log-ovs
+           hostPath:
+             path: {{ .Values.log_conf.LOG_DIR }}/openvswitch
+diff --git a/charts/templates/pinger-svc.yaml b/charts/templates/pinger-svc.yaml
+index 0301407e..ef169e8e 100644
+--- a/charts/templates/pinger-svc.yaml
++++ b/charts/templates/pinger-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: kube-ovn-pinger
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app: kube-ovn-pinger
+ spec:
+diff --git a/charts/templates/pre-delete-hook.yaml b/charts/templates/pre-delete-hook.yaml
+index 9fd2a788..d81c5ca2 100644
+--- a/charts/templates/pre-delete-hook.yaml
++++ b/charts/templates/pre-delete-hook.yaml
+@@ -2,7 +2,7 @@ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: kube-ovn-pre-delete-hook
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   annotations:
+     # This is what defines this resource as a hook. Without this line, the
+     # job is considered part of the release.
+@@ -48,13 +48,13 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: kube-ovn-pre-delete-hook
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+ ---
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   name: "{{ .Chart.Name }}-pre-delete-hook"
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+     app.kubernetes.io/instance: {{ .Release.Name | quote }}
+diff --git a/charts/templates/sb-svc.yaml b/charts/templates/sb-svc.yaml
+index 5f8fcca4..36a4a27a 100644
+--- a/charts/templates/sb-svc.yaml
++++ b/charts/templates/sb-svc.yaml
+@@ -2,7 +2,7 @@ kind: Service
+ apiVersion: v1
+ metadata:
+   name: ovn-sb
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+ spec:
+   ports:
+     - name: ovn-sb
+diff --git a/charts/templates/upgrade-ovs-ovn.yaml b/charts/templates/upgrade-ovs-ovn.yaml
+index 487eb218..980354e6 100644
+--- a/charts/templates/upgrade-ovs-ovn.yaml
++++ b/charts/templates/upgrade-ovs-ovn.yaml
+@@ -1,11 +1,11 @@
+-{{ if (lookup "apps/v1" "DaemonSet" "kube-system" "ovs-ovn") }}
+-{{ if eq (lookup "apps/v1" "DaemonSet" "kube-system" "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
++{{ if (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn") }}
++{{ if eq (lookup "apps/v1" "DaemonSet" .Values.namespace "ovs-ovn").spec.updateStrategy.type "OnDelete" }}
+ ---
+ apiVersion: v1
+ kind: ServiceAccount
+ metadata:
+   name: ovs-ovn-upgrade
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   annotations:
+     # This is what defines this resource as a hook. Without this line, the
+     # job is considered part of the release.
+@@ -65,13 +65,13 @@ roleRef:
+ subjects:
+   - kind: ServiceAccount
+     name: ovs-ovn-upgrade
+-    namespace: kube-system
++    namespace: {{ .Values.namespace }}
+ ---
+ apiVersion: batch/v1
+ kind: Job
+ metadata:
+   name: "{{ .Chart.Name }}-post-upgrade-hook"
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   labels:
+     app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+     app.kubernetes.io/instance: {{ .Release.Name | quote }}
+diff --git a/charts/templates/vpc-nat-config.yaml b/charts/templates/vpc-nat-config.yaml
+index 486ffe32..0f9bd0f5 100755
+--- a/charts/templates/vpc-nat-config.yaml
++++ b/charts/templates/vpc-nat-config.yaml
+@@ -2,7 +2,7 @@ kind: ConfigMap
+ apiVersion: v1
+ metadata:
+   name: ovn-vpc-nat-config
+-  namespace: kube-system
++  namespace: {{ .Values.namespace }}
+   annotations:
+     kubernetes.io/description: |
+       kube-ovn vpc-nat common config
+diff --git a/charts/values.yaml b/charts/values.yaml
+index 69f07c4b..d7ad7da6 100644
+--- a/charts/values.yaml
++++ b/charts/values.yaml
+@@ -18,7 +18,6 @@ image:
+   pullPolicy: IfNotPresent
+ 
+ namespace: kube-system
+-replicaCount: 1
+ MASTER_NODES: ""
+ 
+ networking:
+@@ -109,12 +108,18 @@ cni_conf:
+   CNI_CONF_DIR: "/etc/cni/net.d"
+   CNI_BIN_DIR: "/opt/cni/bin"
+   CNI_CONF_FILE: "/kube-ovn/01-kube-ovn.conflist"
++  LOCAL_BIN_DIR: "/usr/local/bin"
++  MOUNT_LOCAL_BIN_DIR: false
+ 
+ kubelet_conf:
+   KUBELET_DIR: "/var/lib/kubelet"
+ 
+ log_conf:
+   LOG_DIR: "/var/log"
++
++OPENVSWITCH_DIR: "/etc/origin/openvswitch"
++OVN_DIR: "/etc/origin/ovn"
++DISABLE_MODULES_MANAGEMENT: false
+   
+ imagePullSecrets: []
+ nameOverride: ""

packages/core/kubeovn/values.yaml

@@ -5,9 +5,10 @@ kube-ovn:
     images:
       kubeovn:
         repository: test
-        tag: kube-ovn-static-v1.13.0-5
+        tag: kube-ovn-static-v1.13.0-cozystack2
 
   namespace: cozy-kubeovn
+
   ipv4:
     POD_CIDR: "10.244.0.0/16"
     POD_GATEWAY: "10.244.0.1"
@@ -18,3 +19,8 @@ kube-ovn:
 
   cni_conf:
     CNI_CONFIG_PRIORITY: "10"
+    MOUNT_LOCAL_BIN_DIR: false
+
+  OPENVSWITCH_DIR: "/var/lib/openvswitch"
+  OVN_DIR: "/var/lib/ovn"
+  DISABLE_MODULES_MANAGEMENT: true