---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: multus
spec:
interval: 30m
chart:
spec:
chart: app-template
version: 3.4.0
interval: 30m
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
values:
configMaps:
daemon-config:
data:
daemon-config.json: |
{
"cniVersion": "0.3.1",
"logToStderr": true,
"logLevel": "error",
"binDir": "/opt/cni/bin",
"chrootDir": "/hostroot",
"cniConfigDir": "/host/etc/cni/net.d",
"confDir": "/host/etc/cni/net.d",
"multusAutoconfigDir": "/host/etc/cni/net.d",
"multusConfigFile": "auto",
"socketDir": "/host/run/multus/"
}
controllers:
uninstall:
type: job
annotations:
# This is what defines this resource as a hook. Without this line, the
# job is considered part of the release.
helm.sh/hook: pre-delete, pre-upgrade
helm.sh/hook-weight: "-5"
helm.sh/hook-delete-policy: hook-succeeded
pod:
hostNetwork: true
containers:
uninstall:
image:
repository: alpine
tag: 3.20.2
command:
- /bin/sh
- -c
args:
- |
rm -rf /host/etc/cni/net.d/*multus*
rm -rf /host/opt/cni/bin/*multus*
multus:
type: daemonset
annotations:
reloader.stakater.com/auto: "true"
pod:
hostNetwork: true
hostPID: true
containers:
multus-daemon:
image: &image
repository: ghcr.io/k8snetworkplumbingwg/multus-cni
tag: v4.1.0-thick
env:
MULTUS_NODE_NAME:
valueFrom:
fieldRef:
fieldPath: spec.nodeName
resources:
requests:
cpu: "5m"
memory: "96Mi"
limits:
memory: "500Mi"
securityContext:
privileged: true
initContainers:
cni-plugins-installer:
image:
repository: ghcr.io/angelnu/cni-plugins
tag: 1.5.1
resources:
requests:
cpu: "10m"
memory: "15Mi"
securityContext:
capabilities:
drop:
- ALL
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
multus-shim-installer:
image: *image
command:
- /bin/sh
- -c
args: |
set -x
cp -f /usr/src/multus-cni/bin/multus-shim /host/opt/cni/bin/multus-shim
resources:
requests:
cpu: "10m"
memory: "15Mi"
securityContext:
capabilities:
drop:
- ALL
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: FallbackToLogsOnError
persistence:
cni:
type: hostPath
hostPath: /etc/cni/net.d
advancedMounts:
uninstall:
uninstall:
- path: /host/etc/cni/net.d
multus:
multus-daemon:
- path: /host/etc/cni/net.d
cnibin:
type: hostPath
hostPath: /opt/cni/bin
advancedMounts:
uninstall:
uninstall:
- path: /host/opt/cni/bin
multus:
cni-plugins-installer:
- path: /host/opt/cni/bin
multus-shim-installer:
- path: /host/opt/cni/bin
multus-daemon:
# multus-daemon expects that cnibin path must be identical between pod and container host.
# e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be
# mount to '/opt/cni/bin' in multus-daemon, not to any other directory, like '/opt/bin' or
# '/usr/bin'.
- path: /opt/cni/bin
config:
type: configMap
name: multus-daemon-config
advancedMounts:
multus:
multus-daemon:
- path: /etc/cni/net.d/multus.d
hostroot:
type: hostPath
hostPath: /
advancedMounts:
multus:
multus-daemon:
- path: /hostroot
mountPropagation: HostToContainer
host-run:
type: hostPath
hostPath: /run
advancedMounts:
multus:
multus-daemon:
- path: /host/run
host-var-lib-cni-multus:
type: hostPath
hostPath: /var/lib/cni/multus
advancedMounts:
multus:
multus-daemon:
- path: /var/lib/cni/multus
host-var-lib-kubelet:
type: hostPath
hostPath: /var/lib/kubelet
advancedMounts:
multus:
multus-daemon:
- path: /var/lib/kubelet
host-run-k8s-cni-cncf-io:
type: hostPath
hostPath: /run/k8s.cni.cncf.io
advancedMounts:
multus:
multus-daemon:
- path: /run/k8s.cni.cncf.io
host-run-netns:
type: hostPath
hostPath: /var/run/netns/
advancedMounts:
multus:
multus-daemon:
- path: /run/netns/
mountPropagation: HostToContainer
serviceAccount:
create: true