If you want to override the default values for some config options, then the file available in this repo (etc/ovn_k8s.conf) must be copied to the following locations:
- on Linux:
/etc/openvswitch/ovn_k8s.conf
The following command copies the config file if it is run from inside the repo:
cp etc/ovn_k8s.conf /etc/openvswitch/ovn_k8s.conf
- on Windows:
C:\etc\ovn_k8s.conf
The following PowerShell command copies the config file if is run from inside the repo:
Copy-Item ".\etc\ovn_k8s.conf" -Destination (New-Item "C:\etc" -Type container -Force)
The config file contains common configuration options shared between the various ovn-kubernetes programs (ovnkube, ovn-k8s-cni-overlay, etc). All configuration file options can also be specified as command-line arguments which override config file options; see the -help output of each program for more details.
The following config option represents the MTU value which should be used for the overlay networks.
mtu=1400
The following option affects only the gateway nodes. This value is used to track connections that are initiated from the pods so that the reverse connections go back to the pods. This represents the conntrack zone used for the conntrack flow rules.
conntrack-zone=64000
The following config values control what verbosity level logging is written at and to what file (if any).
loglevel=5
logfile=/var/log/ovnkube.log
The following config values are used for the CNI plugin.
conf-dir=/etc/cni/net.d
plugin=ovn-k8s-cni-overlay
Kubernetes API options are stored in the following section.
apiserver=https://1.2.3.4:6443
token=TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZWxpdC4gQ3JhcyBhdCB1bHRyaWNpZXMgZWxpdC4gVXQgc2l0IGFtZXQgdm9sdXRwYXQgbnVuYy4K
cacert=/etc/kubernetes/ca.crt
This section contains the address and (if the 'ssl' method is used) certificates needed to use the OVN northbound database API. Only the the ovn-kubernetes master needs to specify the 'server' options.
address=ssl://1.2.3.4:6641
client-privkey=/path/to/private.key
client-cert=/path/to/client.crt
client-cacert=/path/to/client-ca.crt
server-privkey=/path/to/private.key
server-cert=/path/to/server.crt
server-cacert=/path/to/server-ca.crt
This section contains the address and (if the 'ssl' method is used) certificates needed to use the OVN southbound database API. Only the the ovn-kubernetes master needs to specify the 'server' options.
address=ssl://1.2.3.4:6642
client-privkey=/path/to/private.key
client-cert=/path/to/client.crt
client-cacert=/path/to/client-ca.crt
server-privkey=/path/to/private.key
server-cert=/path/to/server.crt
server-cacert=/path/to/server-ca.crt