blueprints/iotgateway/playbooks/roles/eg_mep/files/deploy/conf/edge/network-isolation/multus.yaml

   1 #
   2 #   Copyright 2020 Huawei Technologies Co., Ltd.
   3 #
   4 #   Licensed under the Apache License, Version 2.0 (the "License");
   5 #   you may not use this file except in compliance with the License.
   6 #   You may obtain a copy of the License at
   7 #
   8 #       http://www.apache.org/licenses/LICENSE-2.0
   9 #
  10 #   Unless required by applicable law or agreed to in writing, software
  11 #   distributed under the License is distributed on an "AS IS" BASIS,
  12 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 #   See the License for the specific language governing permissions and
  14 #   limitations under the License.
  15 #
  16
  17 ---
  18 apiVersion: apiextensions.k8s.io/v1
  19 kind: CustomResourceDefinition
  20 metadata:
  21   name: network-attachment-definitions.k8s.cni.cncf.io
  22 spec:
  23   group: k8s.cni.cncf.io
  24   scope: Namespaced
  25   names:
  26     plural: network-attachment-definitions
  27     singular: network-attachment-definition
  28     kind: NetworkAttachmentDefinition
  29     shortNames:
  30       - net-attach-def
  31   versions:
  32     - name: v1
  33       served: true
  34       storage: true
  35       schema:
  36         openAPIV3Schema:
  37         # yamllint disable rule:line-length
  38           description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
  39             Working Group to express the intent for attaching pods to one or more logical or physical
  40             networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
  41         # yamllint disable rule:line-length
  42           type: object
  43           properties:
  44             apiVersion:
  45               description: 'APIVersion defines the versioned schema of this represen
  46                 tation of an object. Servers should convert recognized schemas to the
  47                 latest internal value, and may reject unrecognized values. More info:
  48                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  49               type: string
  50             kind:
  51               description: 'Kind is a string value representing the REST resource this
  52                 object represents. Servers may infer this from the endpoint the client
  53                 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  54               type: string
  55             metadata:
  56               type: object
  57             spec:
  58               description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
  59               type: object
  60               properties:
  61                 config:
  62                   description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
  63                   type: string
  64 ---
  65 kind: ClusterRole
  66 apiVersion: rbac.authorization.k8s.io/v1
  67 metadata:
  68   name: multus
  69 rules:
  70   - apiGroups: ["k8s.cni.cncf.io"]
  71     resources:
  72       - '*'
  73     verbs:
  74       - '*'
  75   - apiGroups:
  76       - ""
  77     resources:
  78       - pods
  79       - pods/status
  80     verbs:
  81       - get
  82       - update
  83   - apiGroups:
  84       - ""
  85       - events.k8s.io
  86     resources:
  87       - events
  88     verbs:
  89       - create
  90       - patch
  91       - update
  92 ---
  93 kind: ClusterRoleBinding
  94 apiVersion: rbac.authorization.k8s.io/v1
  95 metadata:
  96   name: multus
  97 roleRef:
  98   apiGroup: rbac.authorization.k8s.io
  99   kind: ClusterRole
 100   name: multus
 101 subjects:
 102   - kind: ServiceAccount
 103     name: multus
 104     namespace: kube-system
 105 ---
 106 apiVersion: v1
 107 kind: ServiceAccount
 108 metadata:
 109   name: multus
 110   namespace: kube-system
 111 ---
 112 kind: ConfigMap
 113 apiVersion: v1
 114 metadata:
 115   name: multus-cni-config
 116   namespace: kube-system
 117   labels:
 118     tier: node
 119     app: multus
 120 data:
 121   # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
 122   # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
 123   # change the "args" line below from
 124   # - "--multus-conf-file=auto"
 125   # to:
 126   # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
 127   # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
 128   # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
 129   cni-conf.json: |
 130     {
 131       "name": "multus-cni-network",
 132       "type": "multus",
 133       "capabilities": {
 134         "portMappings": true
 135       },
 136       "delegates": [
 137         {
 138           "cniVersion": "0.3.1",
 139           "name": "default-cni-network",
 140           "plugins": [
 141             {
 142               "type": "flannel",
 143               "name": "flannel.1",
 144                 "delegate": {
 145                   "isDefaultGateway": true,
 146                   "hairpinMode": true
 147                 }
 148               },
 149               {
 150                 "type": "portmap",
 151                 "capabilities": {
 152                   "portMappings": true
 153                 }
 154               }
 155           ]
 156         }
 157       ],
 158       "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
 159     }
 160 ---
 161 apiVersion: apps/v1
 162 kind: DaemonSet
 163 metadata:
 164   name: kube-multus-ds-amd64
 165   namespace: kube-system
 166   labels:
 167     tier: node
 168     app: multus
 169     name: multus
 170 spec:
 171   selector:
 172     matchLabels:
 173       name: multus
 174   updateStrategy:
 175     type: RollingUpdate
 176   template:
 177     metadata:
 178       labels:
 179         tier: node
 180         app: multus
 181         name: multus
 182     spec:
 183       hostNetwork: true
 184       nodeSelector:
 185         kubernetes.io/arch: amd64
 186       tolerations:
 187         - operator: Exists
 188           effect: NoSchedule
 189       serviceAccountName: multus
 190       containers:
 191         - name: kube-multus
 192           image: docker.io/nfvpe/multus:stable
 193           command: ["/entrypoint.sh"]
 194           args:
 195             - "--multus-conf-file=auto"
 196             - "--cni-version=0.3.1"
 197           resources:
 198             requests:
 199               cpu: "100m"
 200               memory: "50Mi"
 201             limits:
 202               cpu: "100m"
 203               memory: "50Mi"
 204           securityContext:
 205             privileged: true
 206           volumeMounts:
 207             - name: cni
 208               mountPath: /host/etc/cni/net.d
 209             - name: cnibin
 210               mountPath: /host/opt/cni/bin
 211             - name: multus-cfg
 212               mountPath: /tmp/multus-conf
 213       volumes:
 214         - name: cni
 215           hostPath:
 216             path: /etc/cni/net.d
 217         - name: cnibin
 218           hostPath:
 219             path: /opt/cni/bin
 220         - name: multus-cfg
 221           configMap:
 222             name: multus-cni-config
 223             items:
 224               - key: cni-conf.json
 225                 path: 70-multus.conf
 226 ---
 227 apiVersion: apps/v1
 228 kind: DaemonSet
 229 metadata:
 230   name: kube-multus-ds-ppc64le
 231   namespace: kube-system
 232   labels:
 233     tier: node
 234     app: multus
 235     name: multus
 236 spec:
 237   selector:
 238     matchLabels:
 239       name: multus
 240   updateStrategy:
 241     type: RollingUpdate
 242   template:
 243     metadata:
 244       labels:
 245         tier: node
 246         app: multus
 247         name: multus
 248     spec:
 249       hostNetwork: true
 250       nodeSelector:
 251         kubernetes.io/arch: ppc64le
 252       tolerations:
 253         - operator: Exists
 254           effect: NoSchedule
 255       serviceAccountName: multus
 256       containers:
 257         - name: kube-multus
 258         # ppc64le support requires multus:latest for now. support 3.3 or later.
 259           image: docker.io/nfvpe/multus:stable-ppc64le
 260           command: ["/entrypoint.sh"]
 261           args:
 262             - "--multus-conf-file=auto"
 263             - "--cni-version=0.3.1"
 264           resources:
 265             requests:
 266               cpu: "100m"
 267               memory: "90Mi"
 268             limits:
 269               cpu: "100m"
 270               memory: "90Mi"
 271           securityContext:
 272             privileged: true
 273           volumeMounts:
 274             - name: cni
 275               mountPath: /host/etc/cni/net.d
 276             - name: cnibin
 277               mountPath: /host/opt/cni/bin
 278             - name: multus-cfg
 279               mountPath: /tmp/multus-conf
 280       volumes:
 281         - name: cni
 282           hostPath:
 283             path: /etc/cni/net.d
 284         - name: cnibin
 285           hostPath:
 286             path: /opt/cni/bin
 287         - name: multus-cfg
 288           configMap:
 289             name: multus-cni-config
 290             items:
 291               - key: cni-conf.json
 292                 path: 70-multus.conf
 293 ---
 294 apiVersion: apps/v1
 295 kind: DaemonSet
 296 metadata:
 297   name: kube-multus-ds-arm64v8
 298   namespace: kube-system
 299   labels:
 300     tier: node
 301     app: multus
 302     name: multus
 303 spec:
 304   selector:
 305     matchLabels:
 306       name: multus
 307   updateStrategy:
 308     type: RollingUpdate
 309   template:
 310     metadata:
 311       labels:
 312         tier: node
 313         app: multus
 314         name: multus
 315     spec:
 316       hostNetwork: true
 317       nodeSelector:
 318         kubernetes.io/arch: arm64
 319       tolerations:
 320         - operator: Exists
 321           effect: NoSchedule
 322       serviceAccountName: multus
 323       containers:
 324         - name: kube-multus
 325           image: docker.io/nfvpe/multus:stable-arm64v8
 326           command: ["/entrypoint.sh"]
 327           args:
 328             - "--multus-conf-file=auto"
 329             - "--cni-version=0.3.1"
 330           resources:
 331             requests:
 332               cpu: "100m"
 333               memory: "90Mi"
 334             limits:
 335               cpu: "100m"
 336               memory: "90Mi"
 337           securityContext:
 338             privileged: true
 339           volumeMounts:
 340             - name: cni
 341               mountPath: /host/etc/cni/net.d
 342             - name: cnibin
 343               mountPath: /host/opt/cni/bin
 344             - name: multus-cfg
 345               mountPath: /tmp/multus-conf
 346       volumes:
 347         - name: cni
 348           hostPath:
 349             path: /etc/cni/net.d
 350         - name: cnibin
 351           hostPath:
 352             path: /opt/cni/bin
 353         - name: multus-cfg
 354           configMap:
 355             name: multus-cni-config
 356             items:
 357               - key: cni-conf.json
 358                 path: 70-multus.conf