--- # yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: multus spec: interval: 30m chart: spec: chart: app-template version: 3.4.0 interval: 30m sourceRef: kind: HelmRepository name: bjw-s namespace: flux-system values: configMaps: daemon-config: data: daemon-config.json: | { "cniVersion": "0.3.1", "logToStderr": true, "logLevel": "error", "binDir": "/opt/cni/bin", "chrootDir": "/hostroot", "cniConfigDir": "/host/etc/cni/net.d", "confDir": "/host/etc/cni/net.d", "multusAutoconfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", "socketDir": "/host/run/multus/" } controllers: uninstall: type: job annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. helm.sh/hook: pre-delete, pre-upgrade helm.sh/hook-weight: "-5" helm.sh/hook-delete-policy: hook-succeeded pod: hostNetwork: true containers: uninstall: image: repository: alpine tag: 3.20.2 command: - /bin/sh - -c args: - | rm -rf /host/etc/cni/net.d/*multus* rm -rf /host/opt/cni/bin/*multus* multus: type: daemonset annotations: reloader.stakater.com/auto: "true" pod: hostNetwork: true hostPID: true containers: multus-daemon: image: &image repository: ghcr.io/k8snetworkplumbingwg/multus-cni tag: v4.1.0-thick env: MULTUS_NODE_NAME: valueFrom: fieldRef: fieldPath: spec.nodeName resources: requests: cpu: "5m" memory: "96Mi" limits: memory: "500Mi" securityContext: privileged: true initContainers: cni-plugins-installer: image: repository: ghcr.io/angelnu/cni-plugins tag: 1.5.1 resources: requests: cpu: "10m" memory: "15Mi" securityContext: capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError multus-shim-installer: image: *image command: - /bin/sh - -c args: | set -x cp -f /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim resources: requests: cpu: "10m" memory: "15Mi" securityContext: capabilities: drop: - ALL terminationMessagePath: /dev/termination-log terminationMessagePolicy: FallbackToLogsOnError persistence: cni: type: hostPath hostPath: /etc/cni/net.d advancedMounts: uninstall: uninstall: - path: /host/etc/cni/net.d multus: multus-daemon: - path: /host/etc/cni/net.d cnibin: type: hostPath hostPath: /opt/cni/bin advancedMounts: uninstall: uninstall: - path: /host/opt/cni/bin multus: cni-plugins-installer: - path: /host/opt/cni/bin multus-shim-installer: - path: /host/opt/cni/bin multus-daemon: # multus-daemon expects that cnibin path must be identical between pod and container host. # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be # mount to '/opt/cni/bin' in multus-daemon, not to any other directory, like '/opt/bin' or # '/usr/bin'. - path: /opt/cni/bin config: type: configMap name: multus-daemon-config advancedMounts: multus: multus-daemon: - path: /etc/cni/net.d/multus.d hostroot: type: hostPath hostPath: / advancedMounts: multus: multus-daemon: - path: /hostroot mountPropagation: HostToContainer host-run: type: hostPath hostPath: /run advancedMounts: multus: multus-daemon: - path: /host/run host-var-lib-cni-multus: type: hostPath hostPath: /var/lib/cni/multus advancedMounts: multus: multus-daemon: - path: /var/lib/cni/multus host-var-lib-kubelet: type: hostPath hostPath: /var/lib/kubelet advancedMounts: multus: multus-daemon: - path: /var/lib/kubelet host-run-k8s-cni-cncf-io: type: hostPath hostPath: /run/k8s.cni.cncf.io advancedMounts: multus: multus-daemon: - path: /run/k8s.cni.cncf.io host-run-netns: type: hostPath hostPath: /var/run/netns/ advancedMounts: multus: multus-daemon: - path: /run/netns/ mountPropagation: HostToContainer serviceAccount: create: true