- Support for calico configuration is present but currently disabled.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: I2d2161564c4da2e165e5cf13cea92fae4935f8b2
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+appVersion: v3.7
+description: |
+ Multus CNI is a container network interface (CNI) plugin for
+ Kubernetes that enables attaching multiple network interfaces to
+ pods.
+home: https://github.com/intel/multus-cni
+name: multus-cni
+sources:
+ - https://github.com/intel/multus-cni
+type: application
+version: 0.1.0
--- /dev/null
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+ group: k8s.cni.cncf.io
+ scope: Namespaced
+ names:
+ plural: network-attachment-definitions
+ singular: network-attachment-definition
+ kind: NetworkAttachmentDefinition
+ shortNames:
+ - net-attach-def
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+ Working Group to express the intent for attaching pods to one or more logical or physical
+ networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this represen
+ tation of an object. Servers should convert recognized schemas to the
+ latest internal value, and may reject unrecognized values. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+ type: object
+ properties:
+ config:
+ description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+ type: string
--- /dev/null
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "multus.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "multus.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "multus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "multus.labels" -}}
+helm.sh/chart: {{ include "multus.chart" . }}
+{{ include "multus.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "multus.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "multus.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "multus.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "multus.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+{{- if .Values.rbac.create }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "multus.fullname" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["k8s.cni.cncf.io"]
+ resources:
+ - '*'
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/status
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ - events.k8s.io
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+{{- end }}
\ No newline at end of file
--- /dev/null
+{{- if .Values.rbac.create }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "multus.fullname" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "multus.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "multus.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
\ No newline at end of file
--- /dev/null
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: {{ .Values.config.name }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ tier: node
+data:
+ cni-conf.json: | {{ .Values.config.data | toPrettyJson | nindent 4}}
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "multus.fullname" . }}-ds
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ tier: node
+spec:
+ selector:
+ matchLabels:
+ {{- include "multus.selectorLabels" . | nindent 6 }}
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ {{- include "multus.selectorLabels" . | nindent 8 }}
+ tier: node
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ hostNetwork: true
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ serviceAccountName: {{ include "multus.serviceAccountName" . }}
+ containers:
+ - name: kube-multus
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: KUBERNETES_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ {{- if .Values.config.enabled }}
+ - /bin/bash
+ - -cex
+ - |
+ #!/bin/bash
+ sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/{{ .Values.config.path }}.template > /tmp/{{ .Values.config.path }}
+ /entrypoint.sh --multus-conf-file=/tmp/{{ .Values.config.path }}
+ {{- else }}
+ - /entrypoint.sh
+ - "--multus-conf-file=auto"
+ - "--cni-version=0.3.1"
+ {{- end }}
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/bin/bash", "-c", "rm /host/etc/cni/net.d/*-multus.conf"]
+ resources:
+ {{- toYaml .Values.resources | nindent 10 }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 10 }}
+ volumeMounts:
+ - name: cni
+ mountPath: /host/etc/cni/net.d
+ - name: cnibin
+ mountPath: /host/opt/cni/bin
+ - name: multus-cfg
+ mountPath: /tmp/multus-conf
+ volumes:
+ - name: cni
+ hostPath:
+ path: /etc/cni/net.d
+ - name: cnibin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-cfg
+ configMap:
+ name: {{ .Values.config.name }}
+ items:
+ - key: cni-conf.json
+ path: {{ .Values.config.path }}.template
--- /dev/null
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "multus.serviceAccountName" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
--- /dev/null
+image:
+ repository: nfvpe/multus
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+nameOverride: ""
+fullnameOverride: ""
+
+securityContext:
+ privileged: true
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+
+nodeSelector:
+ kubernetes.io/arch: amd64
+
+tolerations:
+- operator: Exists
+ effect: NoSchedule
+
+# NOTE: If you'd prefer to manually apply a configuration file, you
+# may create one here. Additionally -- you should ensure that the
+# name "{{ .Values.config.path }}" is the alphabetically first name in
+# the /etc/cni/net.d/ directory on each node, otherwise, it will not
+# be used by the Kubelet.
+#
+# __KUBERNETES_NODE_NAME__ below is replaced by spec.nodeName at
+# startup.
+config:
+ enabled: true
+ name: multus-cni-config
+ path: 00-multus.conf
+ # data:
+ # {
+ # "name": "multus-cni-network",
+ # "type": "multus",
+ # "capabilities": {
+ # "portMappings": true
+ # },
+ # "delegates": [
+ # {
+ # "cniVersion": "0.3.1",
+ # "name": "default-cni-network",
+ # "plugins": [
+ # {
+ # "name": "k8s-pod-network",
+ # "cniVersion": "0.3.1",
+ # "type": "calico",
+ # "log_level": "info",
+ # "datastore_type": "kubernetes",
+ # "nodename": "__KUBERNETES_NODE_NAME__",
+ # "mtu": 1440,
+ # "ipam": {
+ # "type": "calico-ipam"
+ # },
+ # "policy": {
+ # "type": "k8s"
+ # },
+ # "kubernetes": {
+ # "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
+ # }
+ # },
+ # {
+ # "type": "portmap",
+ # "snat": true,
+ # "capabilities": {"portMappings": true}
+ # }
+ # ]
+ # }
+ # ],
+ # "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
+ # }
+ data:
+ {
+ "cniVersion": "0.3.1",
+ "name": "multus-cni-network",
+ "type": "multus",
+ "capabilities": {
+ "portMappings": true
+ },
+ "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig",
+ "delegates": [
+ {
+ "name": "cbr0",
+ "cniVersion": "0.3.1",
+ "plugins": [
+ {
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true,
+ "hairpinMode": true
+ }
+ },
+ {
+ "type": "portmap",
+ "capabilities": {
+ "portMappings": true
+ }
+ }
+ ]
+ }
+ ]
+ }
+
+## RBAC parameteres
+## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+##
+rbac:
+ create: true
+ serviceAccountName:
Code Review / multicloud / k8s.git / commitdiff