deploy/multus-cni/base/multus-daemonset.yaml

   1 ---
   2 apiVersion: apiextensions.k8s.io/v1
   3 kind: CustomResourceDefinition
   4 metadata:
   5   name: network-attachment-definitions.k8s.cni.cncf.io
   6 spec:
   7   group: k8s.cni.cncf.io
   8   scope: Namespaced
   9   names:
  10     plural: network-attachment-definitions
  11     singular: network-attachment-definition
  12     kind: NetworkAttachmentDefinition
  13     shortNames:
  14     - net-attach-def
  15   versions:
  16     - name: v1
  17       served: true
  18       storage: true
  19       schema:
  20         openAPIV3Schema:
  21           description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
  22             Working Group to express the intent for attaching pods to one or more logical or physical
  23             networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
  24           type: object
  25           properties:
  26             apiVersion:
  27               description: 'APIVersion defines the versioned schema of this represen
  28                 tation of an object. Servers should convert recognized schemas to the
  29                 latest internal value, and may reject unrecognized values. More info:
  30                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  31               type: string
  32             kind:
  33               description: 'Kind is a string value representing the REST resource this
  34                 object represents. Servers may infer this from the endpoint the client
  35                 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  36               type: string
  37             metadata:
  38               type: object
  39             spec:
  40               description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
  41               type: object
  42               properties:
  43                 config:
  44                   description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
  45                   type: string
  46 ---
  47 kind: ClusterRole
  48 apiVersion: rbac.authorization.k8s.io/v1
  49 metadata:
  50   name: multus
  51 rules:
  52   - apiGroups: ["k8s.cni.cncf.io"]
  53     resources:
  54       - '*'
  55     verbs:
  56       - '*'
  57   - apiGroups:
  58       - ""
  59     resources:
  60       - pods
  61       - pods/status
  62     verbs:
  63       - get
  64       - update
  65   - apiGroups:
  66       - ""
  67       - events.k8s.io
  68     resources:
  69       - events
  70     verbs:
  71       - create
  72       - patch
  73       - update
  74 ---
  75 kind: ClusterRoleBinding
  76 apiVersion: rbac.authorization.k8s.io/v1
  77 metadata:
  78   name: multus
  79 roleRef:
  80   apiGroup: rbac.authorization.k8s.io
  81   kind: ClusterRole
  82   name: multus
  83 subjects:
  84 - kind: ServiceAccount
  85   name: multus
  86   namespace: kube-system
  87 ---
  88 apiVersion: v1
  89 kind: ServiceAccount
  90 metadata:
  91   name: multus
  92   namespace: kube-system
  93 ---
  94 kind: ConfigMap
  95 apiVersion: v1
  96 metadata:
  97   name: multus-cni-config
  98   namespace: kube-system
  99   labels:
 100     tier: node
 101     app: multus
 102 data:
 103   # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
 104   # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
 105   # change the "args" line below from
 106   # - "--multus-conf-file=auto"
 107   # to:
 108   # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
 109   # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
 110   # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
 111   cni-conf.json: |
 112     {
 113       "name": "multus-cni-network",
 114       "type": "multus",
 115       "capabilities": {
 116         "portMappings": true
 117       },
 118       "delegates": [
 119         {
 120           "cniVersion": "0.3.1",
 121           "name": "default-cni-network",
 122           "plugins": [
 123             {
 124               "type": "flannel",
 125               "name": "flannel.1",
 126                 "delegate": {
 127                   "isDefaultGateway": true,
 128                   "hairpinMode": true
 129                 }
 130               },
 131               {
 132                 "type": "portmap",
 133                 "capabilities": {
 134                   "portMappings": true
 135                 }
 136               }
 137           ]
 138         }
 139       ],
 140       "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
 141     }
 142 ---
 143 apiVersion: apps/v1
 144 kind: DaemonSet
 145 metadata:
 146   name: kube-multus-ds
 147   namespace: kube-system
 148   labels:
 149     tier: node
 150     app: multus
 151     name: multus
 152 spec:
 153   selector:
 154     matchLabels:
 155       name: multus
 156   updateStrategy:
 157     type: RollingUpdate
 158   template:
 159     metadata:
 160       labels:
 161         tier: node
 162         app: multus
 163         name: multus
 164     spec:
 165       hostNetwork: true
 166       tolerations:
 167       - operator: Exists
 168         effect: NoSchedule
 169       serviceAccountName: multus
 170       containers:
 171       - name: kube-multus
 172         image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
 173         command: ["/entrypoint.sh"]
 174         args:
 175         - "--multus-conf-file=auto"
 176         - "--cni-version=0.3.1"
 177         resources:
 178           requests:
 179             cpu: "100m"
 180             memory: "50Mi"
 181           limits:
 182             cpu: "100m"
 183             memory: "50Mi"
 184         securityContext:
 185           privileged: true
 186         volumeMounts:
 187         - name: cni
 188           mountPath: /host/etc/cni/net.d
 189         - name: cnibin
 190           mountPath: /host/opt/cni/bin
 191         - name: multus-cfg
 192           mountPath: /tmp/multus-conf
 193       terminationGracePeriodSeconds: 10
 194       volumes:
 195         - name: cni
 196           hostPath:
 197             path: /etc/cni/net.d
 198         - name: cnibin
 199           hostPath:
 200             path: /opt/cni/bin
 201         - name: multus-cfg
 202           configMap:
 203             name: multus-cni-config
 204             items:
 205             - key: cni-conf.json
 206               path: 70-multus.conf