Update kube-ovn to 1.8.1

README.md

@@ -143,7 +143,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [flanneld](https://github.com/flannel-io/flannel) v0.14.0
   - [kube-ovn](https://github.com/alauda/kube-ovn) v1.7.2
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v1.3.1
-  - [multus](https://github.com/intel/multus-cni) v3.8.0
+  - [multus](https://github.com/intel/multus-cni) v3.8
   - [ovn4nfv](https://github.com/opnfv/ovn4nfv-k8s-plugin) v1.1.0
   - [weave](https://github.com/weaveworks/weave) v2.8.1
 - Application

roles/download/defaults/main.yml

@@ -83,9 +83,9 @@ cni_version: "v0.9.1"
 weave_version: 2.8.1
 pod_infra_version: "3.3"
 cilium_version: "v1.9.10"
-kube_ovn_version: "v1.7.2"
+kube_ovn_version: "v1.8.1"
 kube_router_version: "v1.3.1"
-multus_version: "v3.8.0"
+multus_version: "v3.8"
 ovn4nfv_ovn_image_version: "v1.0.0"
 ovn4nfv_k8s_plugin_image_version: "v1.1.0"
 helm_version: "v3.7.0"

roles/network_plugin/kube-ovn/defaults/main.yml

@@ -7,6 +7,10 @@ kube_ovn_node_cpu_request: 200m
 kube_ovn_node_memory_request: 200Mi
 kube_ovn_node_cpu_limit: 1000m
 kube_ovn_node_memory_limit: 800Mi
+kube_ovn_cni_server_cpu_request: 200m
+kube_ovn_cni_server_memory_request: 200Mi
+kube_ovn_cni_server_cpu_limit: 1000m
+kube_ovn_cni_server_memory_limit: 1Gi
 kube_ovn_controller_cpu_request: 200m
 kube_ovn_controller_memory_request: 200Mi
 kube_ovn_controller_cpu_limit: 1000m

roles/network_plugin/kube-ovn/templates/cni-kube-ovn-crd.yml.j2

@@ -100,15 +100,6 @@ spec:
       - name: NAT
         type: boolean
         jsonPath: .spec.natOutgoing
-      - name: ExternalEgressGateway
-        type: string
-        jsonPath: .spec.externalEgressGateway
-      - name: PolicyRoutingPriority
-        type: integer
-        jsonPath: .spec.policyRoutingPriority
-      - name: PolicyRoutingTableID
-        type: integer
-        jsonPath: .spec.policyRoutingTableID
       - name: Default
         type: boolean
         jsonPath: .spec.default
@@ -127,6 +118,9 @@ spec:
       - name: V6Available
         type: number
         jsonPath: .status.v6availableIPs
+      - name: ExcludeIPs
+        type: string
+        jsonPath: .spec.excludeIps
       schema:
         openAPIV3Schema:
           type: object
@@ -214,7 +208,7 @@ spec:
                   type: boolean
                 vlan:
                   type: string
-                underlayGateway:
+                disableGatewayCheck:
                   type: boolean
                 disableInterConnection:
                   type: boolean
@@ -293,18 +287,32 @@ spec:
         openAPIV3Schema:
           type: object
           properties:
+            metadata:
+              type: object
+              properties:
+                name:
+                  type: string
+                  maxLength: 12
+                  not:
+                    enum:
+                      - int
+                      - external
             spec:
               type: object
               properties:
                 defaultInterface:
                   type: string
+                  maxLength: 15
+                  pattern: '^[^/\s]+$'
                 customInterfaces:
                   type: array
                   items:
                     type: object
                     properties:
                       interface:
                         type: string
+                        maxLength: 15
+                        pattern: '^[^/\s]+$'
                       nodes:
                         type: array
                         items:
@@ -375,6 +383,9 @@ spec:
         - jsonPath: .status.subnets
           name: Subnets
           type: string
+        - jsonPath: .spec.namespaces
+          name: Namespaces
+          type: string
       name: v1
       schema:
         openAPIV3Schema:
@@ -466,7 +477,17 @@ spec:
     listKind: VpcNatGatewayList
   scope: Cluster
   versions:
-    - name: v1
+    - additionalPrinterColumns:
+        - jsonPath: .spec.vpc
+          name: Vpc
+          type: string
+        - jsonPath: .spec.subnet
+          name: Subnet
+          type: string
+        - jsonPath: .spec.lanIp
+          name: LanIP
+          type: string
+      name: v1
       served: true
       storage: true
       schema:
@@ -528,3 +549,96 @@ spec:
         status: {}
   conversion:
     strategy: None
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: security-groups.kubeovn.io
+spec:
+  group: kubeovn.io
+  names:
+    plural: security-groups
+    singular: security-group
+    shortNames:
+      - sg
+    kind: SecurityGroup
+    listKind: SecurityGroupList
+  scope: Cluster
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                ingressRules:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      ipVersion:
+                        type: string
+                      protocol:
+                        type: string
+                      priority:
+                        type: integer
+                      remoteType:
+                        type: string
+                      remoteAddress:
+                        type: string
+                      remoteSecurityGroup:
+                        type: string
+                      portRangeMin:
+                        type: integer
+                      portRangeMax:
+                        type: integer
+                      policy:
+                        type: string
+                egressRules:
+                  type: array
+                  items:
+                    type: object
+                    properties:
+                      ipVersion:
+                        type: string
+                      protocol:
+                        type: string
+                      priority:
+                        type: integer
+                      remoteType:
+                        type: string
+                      remoteAddress:
+                        type: string
+                      remoteSecurityGroup:
+                        type: string
+                      portRangeMin:
+                        type: integer
+                      portRangeMax:
+                        type: integer
+                      policy:
+                        type: string
+                allowSameGroupTraffic:
+                  type: boolean
+            status:
+              type: object
+              properties:
+                portGroup:
+                  type: string
+                allowSameGroupTraffic:
+                  type: boolean
+                ingressMd5:
+                  type: string
+                egressMd5:
+                  type: string
+                ingressLastSyncSuccess:
+                  type: boolean
+                egressLastSyncSuccess:
+                  type: boolean
+      subresources:
+        status: {}
+  conversion:
+    strategy: None

roles/network_plugin/kube-ovn/templates/cni-kube-ovn.yml.j2

@@ -45,6 +45,9 @@ spec:
           args:
           - --default-cidr={{ kube_pods_subnet }}
           - --pod-nic-type=veth-pair
+          - --enable-lb=true
+          - --enable-np=true
+          - --enable-external-vpc=true
           env:
             - name: ENABLE_SSL
               value: "{{ enable_ssl | lower }}"
@@ -194,6 +197,13 @@ spec:
           initialDelaySeconds: 30
           periodSeconds: 7
           failureThreshold: 5
+        resources:
+          requests:
+            cpu: {{ kube_ovn_cni_server_cpu_request }}
+            memory: {{ kube_ovn_cni_server_memory_request }}
+          limits:
+            cpu: {{ kube_ovn_cni_server_cpu_limit }}
+            memory: {{ kube_ovn_cni_server_memory_limit }}
       nodeSelector:
         kubernetes.io/os: "linux"
       volumes:

roles/network_plugin/kube-ovn/templates/cni-ovn.yml.j2

@@ -70,6 +70,8 @@ rules:
       - provider-networks
       - provider-networks/status
       - networks
+      - security-groups
+      - security-groups/status
     verbs:
       - "*"
   - apiGroups: