Code Review / iec.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add Multus with Flannel and SRIOV CNI support
[iec.git] / src / foundation / scripts / cni / multus / multus-sriov-flannel / multus-sriov-flannel-daemonsets.yaml
1 # yamllint disable
2 # This yaml file contains necessary configuration to setup
3 # a demo environment for Multus + SR-IOV, the config includes
4 # the following pieces:
5 # 1. Multus ConfigMap
6 # 2. Network Plumbing Working Group Spec Version 1 CustomerResourceDefinition
7 # 3. Multus ClusterRole & ClusterRoleBinding
8 # 4. Multus & SR-IOV Device Plugin ServiceAccounts
9 # 5. Multus & SR-IOV Device Plugin & SR-IOV CNI DaemonSets
10
11 # Note: This yaml file will not create customer SR-IOV CRD
12 # which will be specified in Pod spec annotation. Below is
13 # an example of SR-IOV CRD:
14 #
15 # apiVersion: "k8s.cni.cncf.io/v1"
16 # kind: NetworkAttachmentDefinition
17 # metadata:
18 #   name: sriov-net1
19 #   annotations:
20 #     k8s.v1.cni.cncf.io/resourceName: intel.com/sriov
21 # spec:
22 #   config: '{
23 #        "type": "sriov",
24 #        "name": "sriov-network",
25 #        "ipam": {
26 #                "type": "host-local",
27 #                "subnet": "10.56.217.0/24",
28 #                "routes": [{
29 #                        "dst": "0.0.0.0/0"
30 #                }],
31 #                "gateway": "10.56.217.1"
32 #        }
33 #   }'
34
35 # An example of Pod spec using above SR-IOV CRD:
36 #
37 # apiVersion: v1
38 # kind: Pod
39 # metadata:
40 #   name: testpod1
41 #   labels:
42 #     env: test
43 #   annotations:
44 #     k8s.v1.cni.cncf.io/networks: sriov-net1
45 # spec:
46 #   containers:
47 #   - name: appcntr1
48 #     image: centos/tools
49 #     imagePullPolicy: IfNotPresent
50 #     command: [ "/bin/bash", "-c", "--" ]
51 #     args: [ "while true; do sleep 300000; done;" ]
52 #     resources:
53 #       requests:
54 #         intel.com/sriov: '1'
55 #       limits:
56 #        intel.com/sriov: '1'
57
58
59 # --------------------------------------------------------------------
60
61 # 1. Multus ConfigMap
62 #
63 # This configMap assumes that:
64 # - Kubeconfig file is located at "/etc/kubernetes/admin.conf" on host
65 # - Default master plugin for Multus is set to flannel
66 #
67 # Note: If either of above is not True in your environment
68 # make sure they are properly set to the corrent values.
69 ---
70 kind: ConfigMap
71 apiVersion: v1
72 metadata:
73   name: multus-cni-config
74   namespace: kube-system
75   labels:
76     tier: node
77     app: multus
78 data:
79   cni-conf.json: |
80     {
81       "name": "multus-cni-network",
82       "type": "multus",
83       "capabilities": {
84         "portMappings": true
85       },
86       "delegates": [
87         {
88           "cniVersion": "0.3.1",
89           "name": "default-cni-network",
90           "plugins": [
91             {
92               "type": "flannel",
93               "name": "flannel.1",
94                 "delegate": {
95                   "isDefaultGateway": true,
96                   "hairpinMode": true
97                 }
98             },
99             {
100               "type": "portmap",
101               "capabilities": {
102                 "portMappings": true
103               }
104             }
105           ]
106         }
107       ],
108       "kubeconfig": "/etc/kubernetes/admin.conf"
109     }
110
111
112 # 2. NPWG spec v1 Network Attachment Definition
113 ---
114 apiVersion: apiextensions.k8s.io/v1beta1
115 kind: CustomResourceDefinition
116 metadata:
117   name: network-attachment-definitions.k8s.cni.cncf.io
118 spec:
119   group: k8s.cni.cncf.io
120   version: v1
121   scope: Namespaced
122   names:
123     plural: network-attachment-definitions
124     singular: network-attachment-definition
125     kind: NetworkAttachmentDefinition
126     shortNames:
127     - net-attach-def
128   validation:
129     openAPIV3Schema:
130       properties:
131         spec:
132           properties:
133             config:
134                  type: string
135
136
137 # 3.1 Multus Cluster Role
138 ---
139 kind: ClusterRole
140 apiVersion: rbac.authorization.k8s.io/v1beta1
141 metadata:
142   name: multus
143 rules:
144   - apiGroups: ["k8s.cni.cncf.io"]
145     resources:
146       - '*'
147     verbs:
148       - '*'
149   - apiGroups:
150       - ""
151     resources:
152       - pods
153       - pods/status
154     verbs:
155       - get
156       - update
157
158 # 3.2 Multus Cluster Role Binding
159 ---
160 kind: ClusterRoleBinding
161 apiVersion: rbac.authorization.k8s.io/v1beta1
162 metadata:
163   name: multus
164 roleRef:
165   apiGroup: rbac.authorization.k8s.io
166   kind: ClusterRole
167   name: multus
168 subjects:
169 - kind: ServiceAccount
170   name: multus
171   namespace: kube-system
172
173 # 4.1 SR-IOV Device Plugin ServiceAccount
174 ---
175 apiVersion: v1
176 kind: ServiceAccount
177 metadata:
178   name: sriov-device-plugin
179   namespace: kube-system
180
181 # 4.2 Multus ServiceAccount
182 ---
183 apiVersion: v1
184 kind: ServiceAccount
185 metadata:
186   name: multus
187   namespace: kube-system
188
189 # 5.1 SR-IOV Device Plugin DaemonSet
190 ---
191 apiVersion: extensions/v1beta1
192 kind: DaemonSet
193 metadata:
194   name: kube-sriov-device-plugin-amd64
195   namespace: kube-system
196   labels:
197     tier: node
198     app: sriovdp
199 spec:
200   template:
201     metadata:
202       labels:
203         tier: node
204         app: sriovdp
205     spec:
206       hostNetwork: true
207       hostPID: true
208       nodeSelector:
209         beta.kubernetes.io/arch: amd64
210       tolerations:
211               #- key: node-role.kubernetes.io/master
212               #        operator: Exists
213               #        effect: NoSchedule
214       - operator: Exists
215         effect: NoSchedule
216       serviceAccountName: sriov-device-plugin
217       containers:
218       - name: kube-sriovdp
219         image: nfvpe/sriov-device-plugin
220         imagePullPolicy: IfNotPresent
221         args:
222         - --log-dir=sriovdp
223         - --log-level=10
224         - --resource-prefix=arm.com
225         securityContext:
226           privileged: true
227         volumeMounts:
228         - name: devicesock
229           mountPath: /var/lib/kubelet/
230           readOnly: false
231         - name: log
232           mountPath: /var/log
233         - name: config-volume
234           mountPath: /etc/pcidp
235       volumes:
236         - name: devicesock
237           hostPath:
238             path: /var/lib/kubelet/
239         - name: log
240           hostPath:
241             path: /var/log
242         - name: config-volume
243           configMap:
244             name: sriovdp-config
245             items:
246             - key: config.json
247               path: config.json
248 ---
249 apiVersion: extensions/v1beta1
250 kind: DaemonSet
251 metadata:
252   name: kube-sriov-device-plugin-arm64
253   namespace: kube-system
254   labels:
255     tier: node
256     app: sriovdp
257 spec:
258   template:
259     metadata:
260       labels:
261         tier: node
262         app: sriovdp
263     spec:
264       hostNetwork: true
265       hostPID: true
266       nodeSelector:
267         beta.kubernetes.io/arch: arm64
268       tolerations:
269               #- key: node-role.kubernetes.io/master
270               #        operator: Exists
271               #        effect: NoSchedule
272       - operator: Exists
273         effect: NoSchedule
274       serviceAccountName: sriov-device-plugin
275       containers:
276       - name: kube-sriovdp
277         #image: nfvpe/sriov-device-plugin
278         image: iecedge/sriov-device-plugin-arm64
279         imagePullPolicy: IfNotPresent
280         #imagePullPolicy: Never
281         args:
282         - --log-dir=sriovdp
283         - --log-level=10
284         - --resource-prefix=arm.com
285         securityContext:
286           privileged: true
287         volumeMounts:
288         - name: devicesock
289           mountPath: /var/lib/kubelet/
290           readOnly: false
291         - name: log
292           mountPath: /var/log
293         - name: config-volume
294           mountPath: /etc/pcidp
295       volumes:
296         - name: devicesock
297           hostPath:
298             path: /var/lib/kubelet/
299         - name: log
300           hostPath:
301             path: /var/log
302         - name: config-volume
303           configMap:
304             name: sriovdp-config
305             items:
306             - key: config.json
307               path: config.json
308
309 # 5.2 SR-IOV CNI DaemonSet
310 ---
311 apiVersion: extensions/v1beta1
312 kind: DaemonSet
313 metadata:
314   name: kube-sriov-cni-ds-amd64
315   namespace: kube-system
316   labels:
317     tier: node
318     app: sriov-cni
319 spec:
320   template:
321     metadata:
322       labels:
323         tier: node
324         app: sriov-cni
325     spec:
326       hostNetwork: true
327       nodeSelector:
328         beta.kubernetes.io/arch: amd64
329       tolerations:
330       - key: node-role.kubernetes.io/master
331         operator: Exists
332         effect: NoSchedule
333       containers:
334       - name: kube-sriov-cni
335         image: nfvpe/sriov-cni:latest
336         imagePullPolicy: IfNotPresent
337         securityContext:
338           privileged: true
339         resources:
340           requests:
341             cpu: "100m"
342             memory: "50Mi"
343           limits:
344             cpu: "100m"
345             memory: "50Mi"
346         volumeMounts:
347         - name: cnibin
348           mountPath: /host/opt/cni/bin
349       volumes:
350         - name: cnibin
351           hostPath:
352             path: /opt/cni/bin
353 ---
354 apiVersion: extensions/v1beta1
355 kind: DaemonSet
356 metadata:
357   name: kube-sriov-cni-ds-arm64
358   namespace: kube-system
359   labels:
360     tier: node
361     app: sriov-cni
362 spec:
363   template:
364     metadata:
365       labels:
366         tier: node
367         app: sriov-cni
368     spec:
369       hostNetwork: true
370       nodeSelector:
371         beta.kubernetes.io/arch: arm64
372       tolerations:
373               #- key: node-role.kubernetes.io/master
374               #        operator: Exists
375               #        effect: NoSchedule
376       - operator: Exists
377         effect: NoSchedule
378       containers:
379       - name: kube-sriov-cni
380         #image: nfvpe/sriov-cni-arm64:latest
381         image: iecedge/sriov-cni-arm64:latest
382         imagePullPolicy: IfNotPresent
383         securityContext:
384           privileged: true
385         resources:
386           requests:
387             cpu: "100m"
388             memory: "50Mi"
389           limits:
390             cpu: "100m"
391             memory: "50Mi"
392         volumeMounts:
393         - name: cnibin
394           mountPath: /host/opt/cni/bin
395       volumes:
396         - name: cnibin
397           hostPath:
398             path: /opt/cni/bin
399
400 # 5.3 Multus DaemonSet
401 ---
402 apiVersion: apps/v1
403 kind: DaemonSet
404 metadata:
405   name: kube-multus-ds-amd64
406   namespace: kube-system
407   labels:
408     tier: node
409     app: multus
410     name: multus
411 spec:
412   selector:
413     matchLabels:
414       name: multus
415   updateStrategy:
416     type: RollingUpdate
417   template:
418     metadata:
419       labels:
420         tier: node
421         app: multus
422         name: multus
423     spec:
424       hostNetwork: true
425       nodeSelector:
426         beta.kubernetes.io/arch: amd64
427       tolerations:
428       - operator: Exists
429         effect: NoSchedule
430       serviceAccountName: multus
431       containers:
432       - name: kube-multus
433         #image: nfvpe/multus:v3.3
434         #- "--multus-conf-file=auto"
435         #- "--cni-version=0.3.1"
436         #image: nfvpe/multus:v3.4
437         image: iecedge/multus-amd64:v3.4
438         imagePullPolicy: IfNotPresent
439         command: ["/entrypoint.sh"]
440         args:
441         - "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
442         resources:
443           requests:
444             cpu: "100m"
445             memory: "50Mi"
446           limits:
447             cpu: "100m"
448             memory: "50Mi"
449         securityContext:
450           privileged: true
451         volumeMounts:
452         - name: cni
453           mountPath: /host/etc/cni/net.d
454         - name: cnibin
455           mountPath: /host/opt/cni/bin
456         - name: multus-cfg
457           mountPath: /tmp/multus-conf
458         - name: kubernetes-cfg-dir
459           mountPath: /etc/kubernetes
460       volumes:
461         - name: cni
462           hostPath:
463             path: /etc/cni/net.d
464         - name: cnibin
465           hostPath:
466             path: /opt/cni/bin
467         - name: multus-cfg
468           configMap:
469             name: multus-cni-config
470             items:
471             - key: cni-conf.json
472               path: 70-multus.conf
473         - name: kubernetes-cfg-dir
474           hostPath:
475             path: /etc/kubernetes
476 ---
477 apiVersion: apps/v1
478 kind: DaemonSet
479 metadata:
480   name: kube-multus-ds-arm64
481   namespace: kube-system
482   labels:
483     tier: node
484     app: multus
485     name: multus
486 spec:
487   selector:
488     matchLabels:
489       name: multus
490   updateStrategy:
491     type: RollingUpdate
492   template:
493     metadata:
494       labels:
495         tier: node
496         app: multus
497         name: multus
498     spec:
499       hostNetwork: true
500       nodeSelector:
501         beta.kubernetes.io/arch: arm64
502       tolerations:
503       - operator: Exists
504         effect: NoSchedule
505       serviceAccountName: multus
506       containers:
507       - name: kube-multus
508         #image: nfvpe/multus:v3.3
509         #image: iecedge/multus-arm64:latest
510         #- "--multus-conf-file=auto"
511         #- "--cni-version=0.3.1"
512         image: iecedge/multus-arm64:v3.4
513         imagePullPolicy: IfNotPresent
514         command: ["/entrypoint.sh"]
515         args:
516         - "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
517         resources:
518           requests:
519             cpu: "100m"
520             memory: "50Mi"
521           limits:
522             cpu: "100m"
523             memory: "50Mi"
524         securityContext:
525           privileged: true
526         volumeMounts:
527         - name: cni
528           mountPath: /host/etc/cni/net.d
529         - name: cnibin
530           mountPath: /host/opt/cni/bin
531         - name: multus-cfg
532           mountPath: /tmp/multus-conf
533         - name: kubernetes-cfg-dir
534           mountPath: /etc/kubernetes
535       volumes:
536         - name: cni
537           hostPath:
538             path: /etc/cni/net.d
539         - name: cnibin
540           hostPath:
541             path: /opt/cni/bin
542         - name: multus-cfg
543           configMap:
544             name: multus-cni-config
545             items:
546             - key: cni-conf.json
547               path: 70-multus.conf
548         - name: kubernetes-cfg-dir
549           hostPath:
550             path: /etc/kubernetes
551