673c072c0e08aa5ee200d3764dcdb4bf3a32845f
[iec.git] / src / foundation / scripts / cni / multus / latest / multus-daemonset.yml
1 ---
2 apiVersion: apiextensions.k8s.io/v1
3 kind: CustomResourceDefinition
4 metadata:
5   name: network-attachment-definitions.k8s.cni.cncf.io
6 spec:
7   group: k8s.cni.cncf.io
8   scope: Namespaced
9   names:
10     plural: network-attachment-definitions
11     singular: network-attachment-definition
12     kind: NetworkAttachmentDefinition
13     shortNames:
14     - net-attach-def
15   versions:
16     - name: v1
17       served: true
18       storage: true
19       schema:
20         openAPIV3Schema:
21           description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
22             Working Group to express the intent for attaching pods to one or more logical or physical
23             networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
24           type: object
25           properties:
26             apiVersion:
27               description: 'APIVersion defines the versioned schema of this represen
28                 tation of an object. Servers should convert recognized schemas to the
29                 latest internal value, and may reject unrecognized values. More info:
30                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
31               type: string
32             kind:
33               description: 'Kind is a string value representing the REST resource this
34                 object represents. Servers may infer this from the endpoint the client
35                 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
36               type: string
37             metadata:
38               type: object
39             spec:
40               description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
41               type: object
42               properties:
43                 config:
44                   description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
45                   type: string
46 ---
47 kind: ClusterRole
48 apiVersion: rbac.authorization.k8s.io/v1
49 metadata:
50   name: multus
51 rules:
52   - apiGroups: ["k8s.cni.cncf.io"]
53     resources:
54       - '*'
55     verbs:
56       - '*'
57   - apiGroups:
58       - ""
59     resources:
60       - pods
61       - pods/status
62     verbs:
63       - get
64       - update
65   - apiGroups:
66       - ""
67       - events.k8s.io
68     resources:
69       - events
70     verbs:
71       - create
72       - patch
73       - update
74 ---
75 kind: ClusterRoleBinding
76 apiVersion: rbac.authorization.k8s.io/v1
77 metadata:
78   name: multus
79 roleRef:
80   apiGroup: rbac.authorization.k8s.io
81   kind: ClusterRole
82   name: multus
83 subjects:
84 - kind: ServiceAccount
85   name: multus
86   namespace: kube-system
87 ---
88 apiVersion: v1
89 kind: ServiceAccount
90 metadata:
91   name: multus
92   namespace: kube-system
93 ---
94 kind: ConfigMap
95 apiVersion: v1
96 metadata:
97   name: multus-cni-config
98   namespace: kube-system
99   labels:
100     tier: node
101     app: multus
102 data:
103   cni-conf.json: |
104     {
105       "name": "multus-cni-network",
106       "type": "multus",
107       "capabilities": {
108         "portMappings": true
109       },
110       "delegates": [
111         {
112           "cniVersion": "0.3.1",
113           "name": "default-cni-network",
114           "plugins": [
115             {
116               "name": "k8s-pod-network",
117               "cniVersion": "0.3.0",
118               "type": "calico",
119               "log_level": "info",
120               "datastore_type": "kubernetes",
121               "nodename": "__KUBERNETES_NODE_NAME__",
122               "mtu": 1440,
123               "ipam": {
124                 "type": "calico-ipam"
125               },
126               "policy": {
127                 "type": "k8s"
128               },
129               "kubernetes": {
130                 "kubeconfig": "/etc/cni/multus/calico/net.d/calico-kubeconfig"
131               }
132             },
133             {
134               "type": "portmap",
135               "snat": true,
136               "capabilities": {"portMappings": true}
137             }
138           ]
139         }
140       ],
141       "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
142     }
143 ---
144 apiVersion: apps/v1
145 kind: DaemonSet
146 metadata:
147   name: kube-multus-ds
148   namespace: kube-system
149   labels:
150     tier: node
151     app: multus
152     name: multus
153 spec:
154   selector:
155     matchLabels:
156       name: multus
157   updateStrategy:
158     type: RollingUpdate
159   template:
160     metadata:
161       labels:
162         tier: node
163         app: multus
164         name: multus
165     spec:
166       hostNetwork: true
167       tolerations:
168       - operator: Exists
169         effect: NoSchedule
170       - operator: Exists
171         effect: NoExecute
172       serviceAccountName: multus
173       containers:
174       - name: kube-multus
175         image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
176         command: ["/entrypoint.sh"]
177         args:
178         - "--multus-conf-file=auto"
179         - "--cni-version=0.3.1"
180         resources:
181           requests:
182             cpu: "100m"
183             memory: "50Mi"
184           limits:
185             cpu: "100m"
186             memory: "50Mi"
187         securityContext:
188           privileged: true
189         volumeMounts:
190         - name: cni
191           mountPath: /host/etc/cni/net.d
192         - name: cnibin
193           mountPath: /host/opt/cni/bin
194         - name: multus-cfg
195           mountPath: /tmp/multus-conf
196       initContainers:
197         - name: install-multus-binary
198           image: ghcr.io/k8snetworkplumbingwg/multus-cni:stable
199           command:
200             - "cp"
201             - "/usr/src/multus-cni/bin/multus"
202             - "/host/opt/cni/bin/multus"
203           resources:
204             requests:
205               cpu: "10m"
206               memory: "15Mi"
207           securityContext:
208             privileged: true
209           volumeMounts:
210             - name: cnibin
211               mountPath: /host/opt/cni/bin
212               mountPropagation: Bidirectional
213       terminationGracePeriodSeconds: 10
214       volumes:
215         - name: cni
216           hostPath:
217             path: /etc/cni/net.d
218         - name: cnibin
219           hostPath:
220             path: /opt/cni/bin
221         - name: multus-cfg
222           configMap:
223             name: multus-cni-config
224             items:
225             - key: cni-conf.json
226               path: 70-multus.conf