src/foundation/scripts/cni/multus/latest/multus-daemonset.yml

   1 ---
   2 apiVersion: apiextensions.k8s.io/v1
   3 kind: CustomResourceDefinition
   4 metadata:
   5   name: network-attachment-definitions.k8s.cni.cncf.io
   6 spec:
   7   group: k8s.cni.cncf.io
   8   scope: Namespaced
   9   names:
  10     plural: network-attachment-definitions
  11     singular: network-attachment-definition
  12     kind: NetworkAttachmentDefinition
  13     shortNames:
  14     - net-attach-def
  15   versions:
  16     - name: v1
  17       served: true
  18       storage: true
  19       schema:
  20         openAPIV3Schema:
  21           description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
  22             Working Group to express the intent for attaching pods to one or more logical or physical
  23             networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
  24           type: object
  25           properties:
  26             apiVersion:
  27               description: 'APIVersion defines the versioned schema of this represen
  28                 tation of an object. Servers should convert recognized schemas to the
  29                 latest internal value, and may reject unrecognized values. More info:
  30                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  31               type: string
  32             kind:
  33               description: 'Kind is a string value representing the REST resource this
  34                 object represents. Servers may infer this from the endpoint the client
  35                 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  36               type: string
  37             metadata:
  38               type: object
  39             spec:
  40               description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
  41               type: object
  42               properties:
  43                 config:
  44                   description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
  45                   type: string
  46 ---
  47 kind: ClusterRole
  48 apiVersion: rbac.authorization.k8s.io/v1
  49 metadata:
  50   name: multus
  51 rules:
  52   - apiGroups: ["k8s.cni.cncf.io"]
  53     resources:
  54       - '*'
  55     verbs:
  56       - '*'
  57   - apiGroups:
  58       - ""
  59     resources:
  60       - pods
  61       - pods/status
  62     verbs:
  63       - get
  64       - update
  65   - apiGroups:
  66       - ""
  67       - events.k8s.io
  68     resources:
  69       - events
  70     verbs:
  71       - create
  72       - patch
  73       - update
  74 ---
  75 kind: ClusterRoleBinding
  76 apiVersion: rbac.authorization.k8s.io/v1
  77 metadata:
  78   name: multus
  79 roleRef:
  80   apiGroup: rbac.authorization.k8s.io
  81   kind: ClusterRole
  82   name: multus
  83 subjects:
  84 - kind: ServiceAccount
  85   name: multus
  86   namespace: kube-system
  87 ---
  88 apiVersion: v1
  89 kind: ServiceAccount
  90 metadata:
  91   name: multus
  92   namespace: kube-system
  93 ---
  94 kind: ConfigMap
  95 apiVersion: v1
  96 metadata:
  97   name: multus-cni-config
  98   namespace: kube-system
  99   labels:
 100     tier: node
 101     app: multus
 102 data:
 103   cni-conf.json: |
 104     {
 105       "name": "multus-cni-network",
 106       "type": "multus",
 107       "capabilities": {
 108         "portMappings": true
 109       },
 110       "delegates": [
 111         {
 112           "cniVersion": "0.3.1",
 113           "name": "default-cni-network",
 114           "plugins": [
 115             {
 116               "name": "k8s-pod-network",
 117               "cniVersion": "0.3.0",
 118               "type": "calico",
 119               "log_level": "info",
 120               "datastore_type": "kubernetes",
 121               "nodename": "__KUBERNETES_NODE_NAME__",
 122               "mtu": 1440,
 123               "ipam": {
 124                 "type": "calico-ipam"
 125               },
 126               "policy": {
 127                 "type": "k8s"
 128               },
 129               "kubernetes": {
 130                 "kubeconfig": "/etc/cni/multus/calico/net.d/calico-kubeconfig"
 131               }
 132             },
 133             {
 134               "type": "portmap",
 135               "snat": true,
 136               "capabilities": {"portMappings": true}
 137             }
 138           ]
 139         }
 140       ],
 141       "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
 142     }
 143 ---
 144 apiVersion: apps/v1
 145 kind: DaemonSet
 146 metadata:
 147   name: kube-multus-ds
 148   namespace: kube-system
 149   labels:
 150     tier: node
 151     app: multus
 152     name: multus
 153 spec:
 154   selector:
 155     matchLabels:
 156       name: multus
 157   updateStrategy:
 158     type: RollingUpdate
 159   template:
 160     metadata:
 161       labels:
 162         tier: node
 163         app: multus
 164         name: multus
 165     spec:
 166       hostNetwork: true
 167       tolerations:
 168       - operator: Exists
 169         effect: NoSchedule
 170       - operator: Exists
 171         effect: NoExecute
 172       serviceAccountName: multus
 173       containers:
 174       - name: kube-multus
 175         image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
 176         command: ["/entrypoint.sh"]
 177         args:
 178         - "--multus-conf-file=auto"
 179         - "--cni-version=0.3.1"
 180         resources:
 181           requests:
 182             cpu: "100m"
 183             memory: "50Mi"
 184           limits:
 185             cpu: "100m"
 186             memory: "50Mi"
 187         securityContext:
 188           privileged: true
 189         volumeMounts:
 190         - name: cni
 191           mountPath: /host/etc/cni/net.d
 192         - name: cnibin
 193           mountPath: /host/opt/cni/bin
 194         - name: multus-cfg
 195           mountPath: /tmp/multus-conf
 196       initContainers:
 197         - name: install-multus-binary
 198           image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
 199           command:
 200             - "cp"
 201             - "/usr/src/multus-cni/bin/multus"
 202             - "/host/opt/cni/bin/multus"
 203           resources:
 204             requests:
 205               cpu: "10m"
 206               memory: "15Mi"
 207           securityContext:
 208             privileged: true
 209           volumeMounts:
 210             - name: cnibin
 211               mountPath: /host/opt/cni/bin
 212               mountPropagation: Bidirectional
 213       terminationGracePeriodSeconds: 10
 214       volumes:
 215         - name: cni
 216           hostPath:
 217             path: /etc/cni/net.d
 218         - name: cnibin
 219           hostPath:
 220             path: /opt/cni/bin
 221         - name: multus-cfg
 222           configMap:
 223             name: multus-cni-config
 224             items:
 225             - key: cni-conf.json
 226               path: 70-multus.conf