---

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: networks.k8s.plugin.opnfv.org
spec:
  group: k8s.plugin.opnfv.org
  names:
    kind: Network
    listKind: NetworkList
    plural: networks
    singular: network
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          properties:
            cniType:
              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
                Important: Run "operator-sdk generate k8s" to regenerate code after
                modifying this file Add custom validation using kubebuilder tags:
                https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
              type: string
            dns:
              properties:
                domain:
                  type: string
                nameservers:
                  items:
                    type: string
                  type: array
                options:
                  items:
                    type: string
                  type: array
                search:
                  items:
                    type: string
                  type: array
              type: object
            ipv4Subnets:
              items:
                properties:
                  excludeIps:
                    type: string
                  gateway:
                    type: string
                  name:
                    type: string
                  subnet:
                    type: string
                required:
                - name
                - subnet
                type: object
              type: array
            ipv6Subnets:
              items:
                properties:
                  excludeIps:
                    type: string
                  gateway:
                    type: string
                  name:
                    type: string
                  subnet:
                    type: string
                required:
                - name
                - subnet
                type: object
              type: array
            routes:
              items:
                properties:
                  dst:
                    type: string
                  gw:
                    type: string
                required:
                - dst
                type: object
              type: array
          required:
          - cniType
          - ipv4Subnets
          type: object
        status:
          properties:
            state:
              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
                of cluster Important: Run "operator-sdk generate k8s" to regenerate
                code after modifying this file Add custom validation using kubebuilder
                tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
              type: string
          required:
          - state
          type: object
  version: v1alpha1
  versions:
  - name: v1alpha1
    served: true
    storage: true


---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
  name: providernetworks.k8s.plugin.opnfv.org
spec:
  group: k8s.plugin.opnfv.org
  names:
    kind: ProviderNetwork
    listKind: ProviderNetworkList
    plural: providernetworks
    singular: providernetwork
  scope: Namespaced
  subresources:
    status: {}
  validation:
    openAPIV3Schema:
      description: ProviderNetwork is the Schema for the providernetworks API
      properties:
        apiVersion:
          description: 'APIVersion defines the versioned schema of this representation
            of an object. Servers should convert recognized schemas to the latest
            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
          type: string
        kind:
          description: 'Kind is a string value representing the REST resource this
            object represents. Servers may infer this from the endpoint the client
            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
          type: string
        metadata:
          type: object
        spec:
          description: ProviderNetworkSpec defines the desired state of ProviderNetwork
          properties:
            cniType:
              description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
                Important: Run "operator-sdk generate k8s" to regenerate code after
                modifying this file Add custom validation using kubebuilder tags:
                https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
              type: string
            direct:
              properties:
                directNodeSelector:
                  type: string
                nodeLabelList:
                  items:
                    type: string
                  type: array
                providerInterfaceName:
                  type: string
              required:
              - directNodeSelector
              - providerInterfaceName
              type: object
            dns:
              properties:
                domain:
                  type: string
                nameservers:
                  items:
                    type: string
                  type: array
                options:
                  items:
                    type: string
                  type: array
                search:
                  items:
                    type: string
                  type: array
              type: object
            ipv4Subnets:
              items:
                properties:
                  excludeIps:
                    type: string
                  gateway:
                    type: string
                  name:
                    type: string
                  subnet:
                    type: string
                required:
                - name
                - subnet
                type: object
              type: array
            ipv6Subnets:
              items:
                properties:
                  excludeIps:
                    type: string
                  gateway:
                    type: string
                  name:
                    type: string
                  subnet:
                    type: string
                required:
                - name
                - subnet
                type: object
              type: array
            providerNetType:
              type: string
            routes:
              items:
                properties:
                  dst:
                    type: string
                  gw:
                    type: string
                required:
                - dst
                type: object
              type: array
            vlan:
              properties:
                logicalInterfaceName:
                  type: string
                nodeLabelList:
                  items:
                    type: string
                  type: array
                providerInterfaceName:
                  type: string
                vlanId:
                  type: string
                vlanNodeSelector:
                  type: string
              required:
              - providerInterfaceName
              - vlanId
              - vlanNodeSelector
              type: object
          required:
          - cniType
          - ipv4Subnets
          - providerNetType
          type: object
        status:
          description: ProviderNetworkStatus defines the observed state of ProviderNetwork
          properties:
            state:
              description: 'INSERT ADDITIONAL STATUS FIELD - define observed state
                of cluster Important: Run "operator-sdk generate k8s" to regenerate
                code after modifying this file Add custom validation using kubebuilder
                tags: https://book-v1.book.kubebuilder.io/beyond_basics/generating_crd.html'
              type: string
          required:
          - state
          type: object
      type: object
  version: v1alpha1
  versions:
  - name: v1alpha1
    served: true
    storage: true
---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: k8s-nfn-sa
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  creationTimestamp: null
  name: k8s-nfn-cr
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - pods/status
  - services
  - endpoints
  - persistentvolumeclaims
  - events
  - configmaps
  - secrets
  - nodes
  verbs:
  - '*'
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - replicasets
  - statefulsets
  verbs:
  - '*'
- apiGroups:
  - monitoring.coreos.com
  resources:
  - servicemonitors
  verbs:
  - get
  - create
- apiGroups:
  - apps
  resourceNames:
  - nfn-operator
  resources:
  - deployments/finalizers
  verbs:
  - update
- apiGroups:
  - k8s.plugin.opnfv.org
  resources:
  - '*'
  - providernetworks
  verbs:
  - '*'

---

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: k8s-nfn-crb
subjects:
- kind: Group
  name: system:serviceaccounts
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: k8s-nfn-cr
  apiGroup: rbac.authorization.k8s.io


---

apiVersion: v1
kind: Service
metadata:
  name: nfn-operator
  namespace: kube-system
spec:
  type: NodePort
  ports:
  - port: 50000
    protocol: TCP
    targetPort: 50000
  selector:
    name: nfn-operator


---

apiVersion: v1
kind: ConfigMap
metadata:
  name: ovn-controller-network
  namespace: kube-system
data:
  OVN_SUBNET: "{{ kube_pods_subnet }}"
  OVN_GATEWAYIP: "{{ kube_pods_subnet|ipaddr('net')|ipaddr(1) }}"

---

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nfn-operator
  namespace: kube-system
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nfn-operator
  template:
    metadata:
      labels:
        name: nfn-operator
    spec:
      hostNetwork: true
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: ovn4nfv-k8s-plugin
                operator: In
                values:
                - ovn-control-plane
      tolerations:
       - key: "node-role.kubernetes.io/master"
         effect: "NoSchedule"
         operator: "Exists"
       - key: "node-role.kubernetes.io/control-plane"
         effect: "NoSchedule"
         operator: "Exists"
      serviceAccountName: k8s-nfn-sa
      containers:
        - name: nfn-operator
          image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
          command: ["/usr/local/bin/entrypoint", "operator"]
          imagePullPolicy: {{ k8s_image_pull_policy }}
          envFrom:
          - configMapRef:
              name: ovn-controller-network
          ports:
          - containerPort: 50000
            protocol: TCP
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: OPERATOR_NAME
              value: "nfn-operator"

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: ovn4nfv-cni-config
  namespace: kube-system
  labels:
    app: ovn4nfv
data:
  ovn4nfv_k8s.conf: |
          [logging]
          loglevel=5
          logfile=/var/log/openvswitch/ovn4k8s.log

          [cni]
          conf-dir=/etc/cni/net.d
          plugin=ovn4nfvk8s-cni

          [kubernetes]
          kubeconfig=/etc/cni/net.d/ovn4nfv-k8s.d/ovn4nfv-k8s.kubeconfig
  00-network.conf: |
          {
            "name": "ovn4nfv-k8s-plugin",
            "type": "ovn4nfvk8s-cni",
            "cniVersion": "0.3.1"
          }

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: ovn4nfv-cni
  namespace: kube-system
  labels:
    app: ovn4nfv
spec:
  updateStrategy:
    type: RollingUpdate
  selector:
    matchLabels:
      app: ovn4nfv
  template:
    metadata:
      labels:
        app: ovn4nfv
    spec:
      hostNetwork: true
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: k8s-nfn-sa
      containers:
      - name: ovn4nfv
        image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
        command: ["/usr/local/bin/entrypoint", "cni"]
        imagePullPolicy: {{ k8s_image_pull_policy }}
        resources:
          requests:
            cpu: {{ ovn4nfv_cni_cpu_request }}
            memory: {{ ovn4nfv_cni_memory_request }}
          limits:
            cpu: {{ ovn4nfv_cni_cpu_limit }}
            memory: {{ ovn4nfv_cni_memory_limit }}
        securityContext:
          privileged: true
        volumeMounts:
        - name: cni
          mountPath: /host/etc/cni/net.d
        - name: cnibin
          mountPath: /host/opt/cni/bin
        - name: cniconf
          mountPath: /host/etc/openvswitch
        - name: ovn4nfv-cfg
          mountPath: /tmp/ovn4nfv-conf
        - name: ovn4nfv-cni-net-conf
          mountPath: /tmp/ovn4nfv-cni
      volumes:
        - name: cni
          hostPath:
            path: /etc/cni/net.d
        - name: cnibin
          hostPath:
            path: /opt/cni/bin
        - name: cniconf
          hostPath:
            path: /etc/openvswitch
        - name: ovn4nfv-cfg
          configMap:
            name: ovn4nfv-cni-config
            items:
            - key: ovn4nfv_k8s.conf
              path: ovn4nfv_k8s.conf
        - name: ovn4nfv-cni-net-conf
          configMap:
            name: ovn4nfv-cni-config
            items:
            - key: 00-network.conf
              path: 00-network.conf
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: nfn-agent
  namespace: kube-system
  labels:
    app: nfn-agent
spec:
  selector:
    matchLabels:
      app: nfn-agent
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: nfn-agent
    spec:
      hostNetwork: true
      hostPID: true
      nodeSelector:
        kubernetes.io/arch: amd64
      tolerations:
      - operator: Exists
        effect: NoSchedule
      serviceAccountName: k8s-nfn-sa
      containers:
      - name: nfn-agent
        image: {{ ovn4nfv_k8s_plugin_image_repo }}:{{ ovn4nfv_k8s_plugin_image_tag }}
        command: ["/usr/local/bin/entrypoint", "agent"]
        imagePullPolicy: {{ k8s_image_pull_policy }}
        resources:
          requests:
            cpu: {{ nfn_agent_cpu_request }}
            memory: {{ nfn_agent_memory_request }}
          limits:
            cpu: {{ nfn_agent_cpu_limit }}
            memory: {{ nfn_agent_memory_limit }}
        env:
          - name: NFN_NODE_NAME
            valueFrom:
              fieldRef:
                fieldPath: spec.nodeName
        securityContext:
          runAsUser: 0
          capabilities:
            add: ["NET_ADMIN", "SYS_ADMIN", "SYS_PTRACE"]
          privileged: true
        volumeMounts:
        - mountPath: /var/run/dbus/
          name: host-var-run-dbus
          readOnly: true
        - mountPath: /run/openvswitch
          name: host-run-ovs
        - mountPath: /var/run/openvswitch
          name: host-var-run-ovs
        - mountPath: /var/run/ovn4nfv-k8s-plugin
          name: host-var-cniserver-socket-dir
      volumes:
      - name: host-run-ovs
        hostPath:
          path: /run/openvswitch
      - name: host-var-run-ovs
        hostPath:
          path: /var/run/openvswitch
      - name: host-var-run-dbus
        hostPath:
          path: /var/run/dbus
      - name: host-var-cniserver-socket-dir
        hostPath:
          path: /var/run/ovn4nfv-k8s-plugin