deploy/multus-daemonset.yml

   1 ---
   2 apiVersion: apiextensions.k8s.io/v1
   3 kind: CustomResourceDefinition
   4 metadata:
   5   name: network-attachment-definitions.k8s.cni.cncf.io
   6 spec:
   7   group: k8s.cni.cncf.io
   8   scope: Namespaced
   9   names:
  10     plural: network-attachment-definitions
  11     singular: network-attachment-definition
  12     kind: NetworkAttachmentDefinition
  13     shortNames:
  14     - net-attach-def
  15   versions:
  16     - name: v1
  17       served: true
  18       storage: true
  19       schema:
  20         openAPIV3Schema:
  21           description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
  22             Working Group to express the intent for attaching pods to one or more logical or physical
  23             networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
  24           type: object
  25           properties:
  26             apiVersion:
  27               description: 'APIVersion defines the versioned schema of this represen
  28                 tation of an object. Servers should convert recognized schemas to the
  29                 latest internal value, and may reject unrecognized values. More info:
  30                 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
  31               type: string
  32             kind:
  33               description: 'Kind is a string value representing the REST resource this
  34                 object represents. Servers may infer this from the endpoint the client
  35                 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
  36               type: string
  37             metadata:
  38               type: object
  39             spec:
  40               description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
  41               type: object
  42               properties:
  43                 config:
  44                   description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
  45                   type: string
  46 ---
  47 kind: ClusterRole
  48 apiVersion: rbac.authorization.k8s.io/v1
  49 metadata:
  50   name: multus
  51 rules:
  52   - apiGroups: ["k8s.cni.cncf.io"]
  53     resources:
  54       - '*'
  55     verbs:
  56       - '*'
  57   - apiGroups:
  58       - ""
  59     resources:
  60       - pods
  61       - pods/status
  62     verbs:
  63       - get
  64       - update
  65   - apiGroups:
  66       - ""
  67       - events.k8s.io
  68     resources:
  69       - events
  70     verbs:
  71       - create
  72       - patch
  73       - update
  74 ---
  75 kind: ClusterRoleBinding
  76 apiVersion: rbac.authorization.k8s.io/v1
  77 metadata:
  78   name: multus
  79 roleRef:
  80   apiGroup: rbac.authorization.k8s.io
  81   kind: ClusterRole
  82   name: multus
  83 subjects:
  84 - kind: ServiceAccount
  85   name: multus
  86   namespace: kube-system
  87 ---
  88 apiVersion: v1
  89 kind: ServiceAccount
  90 metadata:
  91   name: multus
  92   namespace: kube-system
  93 ---
  94 kind: ConfigMap
  95 apiVersion: v1
  96 metadata:
  97   name: multus-cni-config
  98   namespace: kube-system
  99   labels:
 100     tier: node
 101     app: multus
 102 data:
 103   # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
 104   # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
 105   # change the "args" line below from
 106   # - "--multus-conf-file=auto"
 107   # to:
 108   # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
 109   # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
 110   # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
 111   cni-conf.json: |
 112     {
 113       "name": "multus-cni-network",
 114       "type": "multus",
 115       "capabilities": {
 116         "portMappings": true
 117       },
 118       "delegates": [
 119         {
 120           "cniVersion": "0.3.1",
 121           "name": "default-cni-network",
 122           "plugins": [
 123             {
 124               "name": "k8s-pod-network",
 125               "cniVersion": "0.3.1",
 126               "type": "calico",
 127               "log_level": "info",
 128               "datastore_type": "kubernetes",
 129               "nodename": "__KUBERNETES_NODE_NAME__",
 130               "mtu": 1440,
 131               "ipam": {
 132                 "type": "calico-ipam"
 133               },
 134               "policy": {
 135                 "type": "k8s"
 136               },
 137               "kubernetes": {
 138                 "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
 139               }
 140             },
 141             {
 142               "type": "portmap",
 143               "snat": true,
 144               "capabilities": {"portMappings": true}
 145             }
 146           ]
 147         }
 148       ],
 149       "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
 150     }
 151 ---
 152 apiVersion: apps/v1
 153 kind: DaemonSet
 154 metadata:
 155   name: kube-multus-ds-amd64
 156   namespace: kube-system
 157   labels:
 158     tier: node
 159     app: multus
 160     name: multus
 161 spec:
 162   selector:
 163     matchLabels:
 164       name: multus
 165   updateStrategy:
 166     type: RollingUpdate
 167   template:
 168     metadata:
 169       labels:
 170         tier: node
 171         app: multus
 172         name: multus
 173     spec:
 174       hostNetwork: true
 175       nodeSelector:
 176         kubernetes.io/arch: amd64
 177       tolerations:
 178       - operator: Exists
 179         effect: NoSchedule
 180       serviceAccountName: multus
 181       containers:
 182       - name: kube-multus
 183         image: docker.io/nfvpe/multus:stable
 184         env:
 185         - name: KUBERNETES_NODE_NAME
 186           valueFrom:
 187             fieldRef:
 188               fieldPath: spec.nodeName
 189         command:
 190         - /bin/bash
 191         - -cex
 192         - |
 193           #!/bin/bash
 194           sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/00-multus.conf.template > /tmp/multus-conf/00-multus.conf
 195           /entrypoint.sh \
 196             --multus-conf-file=/tmp/multus-conf/00-multus.conf
 197         resources:
 198           requests:
 199             cpu: "100m"
 200             memory: "50Mi"
 201           limits:
 202             cpu: "100m"
 203             memory: "50Mi"
 204         securityContext:
 205           privileged: true
 206         volumeMounts:
 207         - name: cni
 208           mountPath: /host/etc/cni/net.d
 209         - name: cnibin
 210           mountPath: /host/opt/cni/bin
 211         - name: multus-cfg
 212           mountPath: /tmp/multus-conf/00-multus.conf.template
 213           subPath: "cni-conf.json"
 214       volumes:
 215         - name: cni
 216           hostPath:
 217             path: /etc/cni/net.d
 218         - name: cnibin
 219           hostPath:
 220             path: /opt/cni/bin
 221         - name: multus-cfg
 222           configMap:
 223             name: multus-cni-config