Compare commits
No commits in common. "33e146046bc90fce92e1a1aa9d4ac8b8103082fe" and "f1535678c7f370e999442c6fe5ca3beac7d443fe" have entirely different histories.
33e146046b
...
f1535678c7
4 changed files with 24 additions and 288 deletions
|
@ -1,45 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: apiextensions.k8s.io/v1
|
|
||||||
kind: CustomResourceDefinition
|
|
||||||
metadata:
|
|
||||||
name: network-attachment-definitions.k8s.cni.cncf.io
|
|
||||||
spec:
|
|
||||||
group: k8s.cni.cncf.io
|
|
||||||
scope: Namespaced
|
|
||||||
names:
|
|
||||||
plural: network-attachment-definitions
|
|
||||||
singular: network-attachment-definition
|
|
||||||
kind: NetworkAttachmentDefinition
|
|
||||||
shortNames:
|
|
||||||
- net-attach-def
|
|
||||||
versions:
|
|
||||||
- name: v1
|
|
||||||
served: true
|
|
||||||
storage: true
|
|
||||||
schema:
|
|
||||||
openAPIV3Schema:
|
|
||||||
description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
|
|
||||||
Working Group to express the intent for attaching pods to one or more logical or physical
|
|
||||||
networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
apiVersion:
|
|
||||||
description: 'APIVersion defines the versioned schema of this represen
|
|
||||||
tation of an object. Servers should convert recognized schemas to the
|
|
||||||
latest internal value, and may reject unrecognized values. More info:
|
|
||||||
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
||||||
type: string
|
|
||||||
kind:
|
|
||||||
description: 'Kind is a string value representing the REST resource this
|
|
||||||
object represents. Servers may infer this from the endpoint the client
|
|
||||||
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
||||||
type: string
|
|
||||||
metadata:
|
|
||||||
type: object
|
|
||||||
spec:
|
|
||||||
description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
|
|
||||||
type: object
|
|
||||||
properties:
|
|
||||||
config:
|
|
||||||
description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
|
|
||||||
type: string
|
|
|
@ -1,5 +1,5 @@
|
||||||
---
|
---
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta2.json
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -8,207 +8,33 @@ spec:
|
||||||
interval: 30m
|
interval: 30m
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: multus
|
||||||
version: 3.3.2
|
version: 5.0.4
|
||||||
interval: 30m
|
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjw-s
|
name: angelnu
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
|
interval: 30m
|
||||||
values:
|
values:
|
||||||
configMaps:
|
|
||||||
daemon-config:
|
|
||||||
data:
|
|
||||||
daemon-config.json: |
|
|
||||||
{
|
|
||||||
"cniVersion": "0.3.1",
|
|
||||||
"logToStderr": true,
|
|
||||||
"logLevel": "verbose",
|
|
||||||
"binDir": "/opt/cni/bin",
|
|
||||||
"chrootDir": "/hostroot",
|
|
||||||
"cniConfigDir": "/host/etc/cni/net.d",
|
|
||||||
"confDir": "/host/etc/cni/net.d",
|
|
||||||
"multusAutoconfigDir": "/host/etc/cni/net.d",
|
|
||||||
"multusConfigFile": "auto",
|
|
||||||
"socketDir": "/host/run/multus/"
|
|
||||||
}
|
|
||||||
|
|
||||||
controllers:
|
|
||||||
uninstall:
|
|
||||||
type: job
|
|
||||||
|
|
||||||
annotations:
|
|
||||||
# This is what defines this resource as a hook. Without this line, the
|
|
||||||
# job is considered part of the release.
|
|
||||||
helm.sh/hook: pre-delete, pre-upgrade
|
|
||||||
helm.sh/hook-weight: "-5"
|
|
||||||
helm.sh/hook-delete-policy: hook-succeeded
|
|
||||||
|
|
||||||
pod:
|
|
||||||
hostNetwork: true
|
|
||||||
|
|
||||||
containers:
|
|
||||||
uninstall:
|
|
||||||
image:
|
image:
|
||||||
repository: alpine
|
|
||||||
tag: 3.20.2
|
|
||||||
|
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
|
|
||||||
args:
|
|
||||||
- |
|
|
||||||
rm -rf /host/etc/cni/net.d/*multus*
|
|
||||||
rm -rf /host/opt/cni/bin/*multus*
|
|
||||||
|
|
||||||
multus:
|
|
||||||
type: daemonset
|
|
||||||
|
|
||||||
annotations:
|
|
||||||
reloader.stakater.com/auto: "true"
|
|
||||||
|
|
||||||
pod:
|
|
||||||
hostNetwork: true
|
|
||||||
hostPID: true
|
|
||||||
|
|
||||||
containers:
|
|
||||||
multus-daemon:
|
|
||||||
image: &image
|
|
||||||
repository: ghcr.io/k8snetworkplumbingwg/multus-cni
|
repository: ghcr.io/k8snetworkplumbingwg/multus-cni
|
||||||
tag: v4.1.0-thick
|
tag: v4.0.2-thick
|
||||||
env:
|
|
||||||
MULTUS_NODE_NAME:
|
|
||||||
valueFrom:
|
|
||||||
fieldRef:
|
|
||||||
fieldPath: spec.nodeName
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "5m"
|
|
||||||
memory: "96Mi"
|
|
||||||
limits:
|
|
||||||
memory: "96Mi"
|
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
|
|
||||||
initContainers:
|
cni:
|
||||||
cni-plugins-installer:
|
|
||||||
image:
|
image:
|
||||||
repository: ghcr.io/angelnu/cni-plugins
|
repository: ghcr.io/angelnu/cni-plugins
|
||||||
tag: 1.5.1
|
tag: 1.5.1
|
||||||
|
|
||||||
|
paths:
|
||||||
|
config: /etc/cni/net.d
|
||||||
|
bin: /opt/cni/bin
|
||||||
|
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
cpu: "10m"
|
cpu: 5m
|
||||||
memory: "15Mi"
|
memory: 200Mi
|
||||||
securityContext:
|
limits:
|
||||||
capabilities:
|
memory: 200Mi
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
terminationMessagePath: /dev/termination-log
|
|
||||||
terminationMessagePolicy: FallbackToLogsOnError
|
|
||||||
|
|
||||||
multus-shim-installer:
|
hostPaths:
|
||||||
image: *image
|
netns: /var/run/netns
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
args: |
|
|
||||||
set -x
|
|
||||||
cp /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: "10m"
|
|
||||||
memory: "15Mi"
|
|
||||||
securityContext:
|
|
||||||
capabilities:
|
|
||||||
drop:
|
|
||||||
- ALL
|
|
||||||
terminationMessagePath: /dev/termination-log
|
|
||||||
terminationMessagePolicy: FallbackToLogsOnError
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
cni:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /etc/cni/net.d
|
|
||||||
advancedMounts:
|
|
||||||
uninstall:
|
|
||||||
uninstall:
|
|
||||||
- path: /host/etc/cni/net.d
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /host/etc/cni/net.d
|
|
||||||
|
|
||||||
cnibin:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /opt/cni/bin
|
|
||||||
advancedMounts:
|
|
||||||
uninstall:
|
|
||||||
uninstall:
|
|
||||||
- path: /host/opt/cni/bin
|
|
||||||
multus:
|
|
||||||
cni-plugins-installer:
|
|
||||||
- path: /host/opt/cni/bin
|
|
||||||
multus-shim-installer:
|
|
||||||
- path: /host/opt/cni/bin
|
|
||||||
multus-daemon:
|
|
||||||
# multus-daemon expects that cnibin path must be identical between pod and container host.
|
|
||||||
# e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be
|
|
||||||
# mount to '/opt/cni/bin' in multus-daemon, not to any other directory, like '/opt/bin' or
|
|
||||||
# '/usr/bin'.
|
|
||||||
- path: /opt/cni/bin
|
|
||||||
|
|
||||||
config:
|
|
||||||
type: configMap
|
|
||||||
name: multus-daemon-config
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /etc/cni/net.d/multus.d
|
|
||||||
hostroot:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /hostroot
|
|
||||||
mountPropagation: HostToContainer
|
|
||||||
host-run:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /run
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /host/run
|
|
||||||
host-var-lib-cni-multus:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /var/lib/cni/multus
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /var/lib/cni/multus
|
|
||||||
host-var-lib-kubelet:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /var/lib/kubelet
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /var/lib/kubelet
|
|
||||||
host-run-k8s-cni-cncf-io:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /run/k8s.cni.cncf.io
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /run/k8s.cni.cncf.io
|
|
||||||
host-run-netns:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /var/run/netns/
|
|
||||||
advancedMounts:
|
|
||||||
multus:
|
|
||||||
multus-daemon:
|
|
||||||
- path: /run/netns/
|
|
||||||
mountPropagation: HostToContainer
|
|
||||||
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
|
|
|
@ -4,5 +4,3 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helmrelease.yaml
|
- ./helmrelease.yaml
|
||||||
- ./rbac.yaml
|
|
||||||
- ./crd.yaml
|
|
||||||
|
|
|
@ -1,43 +0,0 @@
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRole
|
|
||||||
metadata:
|
|
||||||
name: multus
|
|
||||||
rules:
|
|
||||||
- apiGroups: ["k8s.cni.cncf.io"]
|
|
||||||
resources:
|
|
||||||
- '*'
|
|
||||||
verbs:
|
|
||||||
- '*'
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
resources:
|
|
||||||
- pods
|
|
||||||
- pods/status
|
|
||||||
verbs:
|
|
||||||
- get
|
|
||||||
- list
|
|
||||||
- update
|
|
||||||
- watch
|
|
||||||
- apiGroups:
|
|
||||||
- ""
|
|
||||||
- events.k8s.io
|
|
||||||
resources:
|
|
||||||
- events
|
|
||||||
verbs:
|
|
||||||
- create
|
|
||||||
- patch
|
|
||||||
- update
|
|
||||||
---
|
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
|
||||||
kind: ClusterRoleBinding
|
|
||||||
metadata:
|
|
||||||
name: multus
|
|
||||||
roleRef:
|
|
||||||
apiGroup: rbac.authorization.k8s.io
|
|
||||||
kind: ClusterRole
|
|
||||||
name: multus
|
|
||||||
subjects:
|
|
||||||
- kind: ServiceAccount
|
|
||||||
name: multus
|
|
||||||
namespace: network
|
|
Loading…
Reference in a new issue