theshire/kubernetes/apps/kube-system/multus/app/helmrelease.yaml

---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
  name: multus
spec:
  interval: 30m
  chart:
    spec:
      chart: app-template
      version: 3.3.2
      interval: 30m
      sourceRef:
        kind: HelmRepository
        name: bjw-s
        namespace: flux-system

  values:
    configMaps:
      daemon-config:
        data:
          daemon-config.json: |
            {
              "cniVersion": "0.3.1",
              "logToStderr": true,
              "logLevel": "info",
              "binDir": "/opt/cni/bin",
              "chrootDir": "/hostroot",
              "cniConfigDir": "/host/etc/cni/net.d",
              "confDir": "/host/etc/cni/net.d",
              "multusAutoconfigDir": "/host/etc/cni/net.d",
              "multusConfigFile": "auto",
              "socketDir": "/host/run/multus/"
            }

    controllers:
      uninstall:
        type: job

        annotations:
          # This is what defines this resource as a hook. Without this line, the
          # job is considered part of the release.
          helm.sh/hook: pre-delete, pre-upgrade
          helm.sh/hook-weight: "-5"
          helm.sh/hook-delete-policy: hook-succeeded

        pod:
          hostNetwork: true

        containers:
          uninstall:
            image:
              repository: alpine
              tag: 3.20.2

            command:
              - /bin/sh
              - -c

            args:
              - |
                rm -rf /host/etc/cni/net.d/*multus*
                rm -rf /host/opt/cni/bin/*multus*

      multus:
        type: daemonset

        annotations:
          reloader.stakater.com/auto: "true"

        pod:
          hostNetwork: true
          hostPID: true

        containers:
          multus-daemon:
            image: &image
              repository: ghcr.io/k8snetworkplumbingwg/multus-cni
              tag: v4.1.0-thick
            env:
              MULTUS_NODE_NAME:
                valueFrom:
                  fieldRef:
                    fieldPath: spec.nodeName
            resources:
              requests:
                cpu: "5m"
                memory: "96Mi"
              limits:
                memory: "96Mi"
            securityContext:
              privileged: true

        initContainers:
          cni-plugins-installer:
            image:
              repository: ghcr.io/angelnu/cni-plugins
              tag: 1.5.1
            resources:
              requests:
                cpu: "10m"
                memory: "15Mi"
            securityContext:
              capabilities:
                drop:
                  - ALL
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: FallbackToLogsOnError

          multus-shim-installer:
            image: *image
            command:
              - /bin/sh
              - -c
            args: |
              set -x
              cp /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim
            resources:
              requests:
                cpu: "10m"
                memory: "15Mi"
            securityContext:
              capabilities:
                drop:
                  - ALL
            terminationMessagePath: /dev/termination-log
            terminationMessagePolicy: FallbackToLogsOnError

    persistence:
      cni:
        type: hostPath
        hostPath: /etc/cni/net.d
        advancedMounts:
          uninstall:
            uninstall:
              - path: /host/etc/cni/net.d
          multus:
            multus-daemon:
              - path: /host/etc/cni/net.d

      cnibin:
        type: hostPath
        hostPath: /opt/cni/bin
        advancedMounts:
          uninstall:
            uninstall:
              - path: /host/opt/cni/bin
          multus:
            cni-plugins-installer:
              - path: /host/opt/cni/bin
            multus-shim-installer:
              - path: /host/opt/cni/bin
            multus-daemon:
              # multus-daemon expects that cnibin path must be identical between pod and container host.
              # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be
              # mount to '/opt/cni/bin' in multus-daemon, not to any other directory, like '/opt/bin' or
              # '/usr/bin'.
              - path: /opt/cni/bin

      config:
        type: configMap
        name: multus-daemon-config
        advancedMounts:
          multus:
            multus-daemon:
              - path: /etc/cni/net.d/multus.d
      hostroot:
        type: hostPath
        hostPath: /
        advancedMounts:
          multus:
            multus-daemon:
              - path: /hostroot
                mountPropagation: HostToContainer
      host-run:
        type: hostPath
        hostPath: /run
        advancedMounts:
          multus:
            multus-daemon:
              - path: /host/run
      host-var-lib-cni-multus:
        type: hostPath
        hostPath: /var/lib/cni/multus
        advancedMounts:
          multus:
            multus-daemon:
              - path: /var/lib/cni/multus
      host-var-lib-kubelet:
        type: hostPath
        hostPath: /var/lib/kubelet
        advancedMounts:
          multus:
            multus-daemon:
              - path: /var/lib/kubelet
      host-run-k8s-cni-cncf-io:
        type: hostPath
        hostPath: /run/k8s.cni.cncf.io
        advancedMounts:
          multus:
            multus-daemon:
              - path: /run/k8s.cni.cncf.io
      host-run-netns:
        type: hostPath
        hostPath: /var/run/netns/
        advancedMounts:
          multus:
            multus-daemon:
              - path: /run/netns/
                mountPropagation: HostToContainer

    serviceAccount:
      create: true
Adding multus. 2024-04-14 10:02:37 -05:00			`---`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00			`# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json`
Update dependency HelmRelease to helm.toolkit.fluxcd.io/v2 2024-05-28 10:02:09 -05:00			`apiVersion: helm.toolkit.fluxcd.io/v2`
Adding multus. 2024-04-14 10:02:37 -05:00			`kind: HelmRelease`
			`metadata:`
			`name: multus`
			`spec:`
			`interval: 30m`
			`chart:`
			`spec:`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00			`chart: app-template`
			`version: 3.3.2`
			`interval: 30m`
Adding multus. 2024-04-14 10:02:37 -05:00			`sourceRef:`
			`kind: HelmRepository`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00			`name: bjw-s`
Adding multus. 2024-04-14 10:02:37 -05:00			`namespace: flux-system`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00
Adding multus. 2024-04-14 10:02:37 -05:00			`values:`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00			`configMaps:`
			`daemon-config:`
			`data:`
			`daemon-config.json: \|`
			`{`
			`"cniVersion": "0.3.1",`
			`"logToStderr": true,`
less noise 2024-08-08 10:49:22 -05:00			`"logLevel": "info",`
Converting multus to an app template. Yoink via bjw-s. 2024-08-08 07:18:03 -05:00			`"binDir": "/opt/cni/bin",`
			`"chrootDir": "/hostroot",`
			`"cniConfigDir": "/host/etc/cni/net.d",`
			`"confDir": "/host/etc/cni/net.d",`
			`"multusAutoconfigDir": "/host/etc/cni/net.d",`
			`"multusConfigFile": "auto",`
			`"socketDir": "/host/run/multus/"`
			`}`

			`controllers:`
			`uninstall:`
			`type: job`

			`annotations:`
			`# This is what defines this resource as a hook. Without this line, the`
			`# job is considered part of the release.`
			`helm.sh/hook: pre-delete, pre-upgrade`
			`helm.sh/hook-weight: "-5"`
			`helm.sh/hook-delete-policy: hook-succeeded`

			`pod:`
			`hostNetwork: true`

			`containers:`
			`uninstall:`
			`image:`
			`repository: alpine`
			`tag: 3.20.2`

			`command:`
			`- /bin/sh`
			`- -c`

			`args:`
			`- \|`
			`rm -rf /host/etc/cni/net.d/multus`
			`rm -rf /host/opt/cni/bin/multus`

			`multus:`
			`type: daemonset`

			`annotations:`
			`reloader.stakater.com/auto: "true"`

			`pod:`
			`hostNetwork: true`
			`hostPID: true`

			`containers:`
			`multus-daemon:`
			`image: &image`
			`repository: ghcr.io/k8snetworkplumbingwg/multus-cni`
			`tag: v4.1.0-thick`
			`env:`
			`MULTUS_NODE_NAME:`
			`valueFrom:`
			`fieldRef:`
			`fieldPath: spec.nodeName`
			`resources:`
			`requests:`
			`cpu: "5m"`
			`memory: "96Mi"`
			`limits:`
			`memory: "96Mi"`
			`securityContext:`
			`privileged: true`

			`initContainers:`
			`cni-plugins-installer:`
			`image:`
			`repository: ghcr.io/angelnu/cni-plugins`
			`tag: 1.5.1`
			`resources:`
			`requests:`
			`cpu: "10m"`
			`memory: "15Mi"`
			`securityContext:`
			`capabilities:`
			`drop:`
			`- ALL`
			`terminationMessagePath: /dev/termination-log`
			`terminationMessagePolicy: FallbackToLogsOnError`

			`multus-shim-installer:`
			`image: *image`
			`command:`
			`- /bin/sh`
			`- -c`
			`args: \|`
			`set -x`
			`cp /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim`
			`resources:`
			`requests:`
			`cpu: "10m"`
			`memory: "15Mi"`
			`securityContext:`
			`capabilities:`
			`drop:`
			`- ALL`
			`terminationMessagePath: /dev/termination-log`
			`terminationMessagePolicy: FallbackToLogsOnError`

			`persistence:`
			`cni:`
			`type: hostPath`
			`hostPath: /etc/cni/net.d`
			`advancedMounts:`
			`uninstall:`
			`uninstall:`
			`- path: /host/etc/cni/net.d`
			`multus:`
			`multus-daemon:`
			`- path: /host/etc/cni/net.d`

			`cnibin:`
			`type: hostPath`
			`hostPath: /opt/cni/bin`
			`advancedMounts:`
			`uninstall:`
			`uninstall:`
			`- path: /host/opt/cni/bin`
			`multus:`
			`cni-plugins-installer:`
			`- path: /host/opt/cni/bin`
			`multus-shim-installer:`
			`- path: /host/opt/cni/bin`
			`multus-daemon:`
			`# multus-daemon expects that cnibin path must be identical between pod and container host.`
			`# e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be`
			`# mount to '/opt/cni/bin' in multus-daemon, not to any other directory, like '/opt/bin' or`
			`# '/usr/bin'.`
			`- path: /opt/cni/bin`

			`config:`
			`type: configMap`
			`name: multus-daemon-config`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /etc/cni/net.d/multus.d`
			`hostroot:`
			`type: hostPath`
			`hostPath: /`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /hostroot`
			`mountPropagation: HostToContainer`
			`host-run:`
			`type: hostPath`
			`hostPath: /run`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /host/run`
			`host-var-lib-cni-multus:`
			`type: hostPath`
			`hostPath: /var/lib/cni/multus`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /var/lib/cni/multus`
			`host-var-lib-kubelet:`
			`type: hostPath`
			`hostPath: /var/lib/kubelet`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /var/lib/kubelet`
			`host-run-k8s-cni-cncf-io:`
			`type: hostPath`
			`hostPath: /run/k8s.cni.cncf.io`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /run/k8s.cni.cncf.io`
			`host-run-netns:`
			`type: hostPath`
			`hostPath: /var/run/netns/`
			`advancedMounts:`
			`multus:`
			`multus-daemon:`
			`- path: /run/netns/`
			`mountPropagation: HostToContainer`

			`serviceAccount:`
			`create: true`