# Config variables ## Initial setup If you want to override the default values for some config options, then the file available in this repo (etc/ovn_k8s.conf) must be copied to the following locations: - on Linux: ``` /etc/openvswitch/ovn_k8s.conf ``` The following command copies the config file if it is run from inside the repo: ``` cp etc/ovn_k8s.conf /etc/openvswitch/ovn_k8s.conf ``` - on Windows: ``` C:\etc\ovn_k8s.conf ``` The following PowerShell command copies the config file if is run from inside the repo: ``` Copy-Item ".\etc\ovn_k8s.conf" -Destination (New-Item "C:\etc" -Type container -Force) ``` ## Config values The config file contains common configuration options shared between the various ovn-kubernetes programs (ovnkube, ovn-k8s-cni-overlay, etc). All configuration file options can also be specified as command-line arguments which override config file options; see the -help output of each program for more details. ### [default] section The following config option represents the MTU value which should be used for the overlay networks. ``` mtu=1400 ``` The following option affects only the gateway nodes. This value is used to track connections that are initiated from the pods so that the reverse connections go back to the pods. This represents the conntrack zone used for the conntrack flow rules. ``` conntrack-zone=64000 ``` The following option only affects ovn-controller. This is the maximum number of milliseconds of idle time on connection to the server before sending an inactivity probe message. As a client connects to the server over TCP, it may take a while for the kernel to figure out if the connection is broken. But the client can overcome this by periodically sending probes over the TCP connection to make sure that the connection is up. On the flip side, when there are hundreds of nodes, the server can get bogged down by client probe messages. The default value is set as 100000ms. But can be changed with this config option inactivity-probe=600000 ### [logging] section The following config values control what verbosity level logging is written at and to what file (if any). ``` loglevel=5 logfile=/var/log/ovnkube.log ``` ### [cni] section The following config values are used for the CNI plugin. ``` conf-dir=/etc/cni/net.d plugin=ovn-k8s-cni-overlay ``` ### [kubernetes] section Kubernetes API options are stored in the following section. ``` apiserver=https://1.2.3.4:6443 token=TG9yZW0gaXBzdW0gZG9sb3Igc2l0IGFtZXQsIGNvbnNlY3RldHVyIGFkaXBpc2NpbmcgZWxpdC4gQ3JhcyBhdCB1bHRyaWNpZXMgZWxpdC4gVXQgc2l0IGFtZXQgdm9sdXRwYXQgbnVuYy4K cacert=/etc/kubernetes/ca.crt ``` ### [ovnnorth] section This section contains the address and (if the 'ssl' method is used) certificates needed to use the OVN northbound database API. Only the the ovn-kubernetes master needs to specify the 'server' options. ``` address=ssl:1.2.3.4:6641 client-privkey=/path/to/private.key client-cert=/path/to/client.crt client-cacert=/path/to/client-ca.crt server-privkey=/path/to/private.key server-cert=/path/to/server.crt server-cacert=/path/to/server-ca.crt ``` ### [ovnsouth] section This section contains the address and (if the 'ssl' method is used) certificates needed to use the OVN southbound database API. Only the the ovn-kubernetes master needs to specify the 'server' options. ``` address=ssl:1.2.3.4:6642 client-privkey=/path/to/private.key client-cert=/path/to/client.crt client-cacert=/path/to/client-ca.crt server-privkey=/path/to/private.key server-cert=/path/to/server.crt server-cacert=/path/to/server-ca.crt ```