+++ /dev/null
-#
-# Copyright 2020 Huawei Technologies Co., Ltd.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: network-attachment-definitions.k8s.cni.cncf.io
-spec:
- group: k8s.cni.cncf.io
- scope: Namespaced
- names:
- plural: network-attachment-definitions
- singular: network-attachment-definition
- kind: NetworkAttachmentDefinition
- shortNames:
- - net-attach-def
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- # yamllint disable rule:line-length
- description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
- Working Group to express the intent for attaching pods to one or more logical or physical
- networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
- # yamllint disable rule:line-length
- type: object
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this represen
- tation of an object. Servers should convert recognized schemas to the
- latest internal value, and may reject unrecognized values. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
- type: object
- properties:
- config:
- description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
- type: string
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-rules:
- - apiGroups: ["k8s.cni.cncf.io"]
- resources:
- - '*'
- verbs:
- - '*'
- - apiGroups:
- - ""
- resources:
- - pods
- - pods/status
- verbs:
- - get
- - update
- - apiGroups:
- - ""
- - events.k8s.io
- resources:
- - events
- verbs:
- - create
- - patch
- - update
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: multus
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: multus
-subjects:
- - kind: ServiceAccount
- name: multus
- namespace: kube-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: multus
- namespace: kube-system
----
-kind: ConfigMap
-apiVersion: v1
-metadata:
- name: multus-cni-config
- namespace: kube-system
- labels:
- tier: node
- app: multus
-data:
- # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
- # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
- # change the "args" line below from
- # - "--multus-conf-file=auto"
- # to:
- # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
- # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
- # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
- cni-conf.json: |
- {
- "name": "multus-cni-network",
- "type": "multus",
- "capabilities": {
- "portMappings": true
- },
- "delegates": [
- {
- "cniVersion": "0.3.1",
- "name": "default-cni-network",
- "plugins": [
- {
- "type": "flannel",
- "name": "flannel.1",
- "delegate": {
- "isDefaultGateway": true,
- "hairpinMode": true
- }
- },
- {
- "type": "portmap",
- "capabilities": {
- "portMappings": true
- }
- }
- ]
- }
- ],
- "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
- }
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-amd64
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: amd64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "50Mi"
- limits:
- cpu: "100m"
- memory: "50Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-ppc64le
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: ppc64le
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- # ppc64le support requires multus:latest for now. support 3.3 or later.
- image: docker.io/nfvpe/multus:stable-ppc64le
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: kube-multus-ds-arm64v8
- namespace: kube-system
- labels:
- tier: node
- app: multus
- name: multus
-spec:
- selector:
- matchLabels:
- name: multus
- updateStrategy:
- type: RollingUpdate
- template:
- metadata:
- labels:
- tier: node
- app: multus
- name: multus
- spec:
- hostNetwork: true
- nodeSelector:
- kubernetes.io/arch: arm64
- tolerations:
- - operator: Exists
- effect: NoSchedule
- serviceAccountName: multus
- containers:
- - name: kube-multus
- image: docker.io/nfvpe/multus:stable-arm64v8
- command: ["/entrypoint.sh"]
- args:
- - "--multus-conf-file=auto"
- - "--cni-version=0.3.1"
- resources:
- requests:
- cpu: "100m"
- memory: "90Mi"
- limits:
- cpu: "100m"
- memory: "90Mi"
- securityContext:
- privileged: true
- volumeMounts:
- - name: cni
- mountPath: /host/etc/cni/net.d
- - name: cnibin
- mountPath: /host/opt/cni/bin
- - name: multus-cfg
- mountPath: /tmp/multus-conf
- volumes:
- - name: cni
- hostPath:
- path: /etc/cni/net.d
- - name: cnibin
- hostPath:
- path: /opt/cni/bin
- - name: multus-cfg
- configMap:
- name: multus-cni-config
- items:
- - key: cni-conf.json
- path: 70-multus.conf
Code Review / eliot.git / blobdiff