1# Note:
2# This deployment file is designed for 'quickstart' of multus, easy installation to test it,
3# hence this deployment yaml does not care about following things intentionally.
4# - various configuration options
5# - minor deployment scenario
6# - upgrade/update/uninstall scenario
7# Multus team understand users deployment scenarios are diverse, hence we do not cover
8# comprehensive deployment scenario. We expect that it is covered by each platform deployment.
9---
10apiVersion: apiextensions.k8s.io/v1
11kind: CustomResourceDefinition
12metadata:
13 name: network-attachment-definitions.k8s.cni.cncf.io
14spec:
15 group: k8s.cni.cncf.io
16 scope: Namespaced
17 names:
18 plural: network-attachment-definitions
19 singular: network-attachment-definition
20 kind: NetworkAttachmentDefinition
21 shortNames:
22 - net-attach-def
23 versions:
24 - name: v1
25 served: true
26 storage: true
27 schema:
28 openAPIV3Schema:
29 description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
30 Working Group to express the intent for attaching pods to one or more logical or physical
31 networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
32 type: object
33 properties:
34 apiVersion:
35 description: 'APIVersion defines the versioned schema of this represen
36 tation of an object. Servers should convert recognized schemas to the
37 latest internal value, and may reject unrecognized values. More info:
38 https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
39 type: string
40 kind:
41 description: 'Kind is a string value representing the REST resource this
42 object represents. Servers may infer this from the endpoint the client
43 submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
44 type: string
45 metadata:
46 type: object
47 spec:
48 description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
49 type: object
50 properties:
51 config:
52 description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
53 type: string
54---
55kind: ClusterRole
56apiVersion: rbac.authorization.k8s.io/v1
57metadata:
58 name: multus
59rules:
60 - apiGroups: ["k8s.cni.cncf.io"]
61 resources:
62 - '*'
63 verbs:
64 - '*'
65 - apiGroups:
66 - ""
67 resources:
68 - pods
69 - pods/status
70 verbs:
71 - get
72 - update
73 - apiGroups:
74 - ""
75 - events.k8s.io
76 resources:
77 - events
78 verbs:
79 - create
80 - patch
81 - update
82---
83kind: ClusterRoleBinding
84apiVersion: rbac.authorization.k8s.io/v1
85metadata:
86 name: multus
87roleRef:
88 apiGroup: rbac.authorization.k8s.io
89 kind: ClusterRole
90 name: multus
91subjects:
92- kind: ServiceAccount
93 name: multus
94 namespace: kube-system
95---
96apiVersion: v1
97kind: ServiceAccount
98metadata:
99 name: multus
100 namespace: kube-system
101---
102kind: ConfigMap
103apiVersion: v1
104metadata:
105 name: multus-cni-config
106 namespace: kube-system
107 labels:
108 tier: node
109 app: multus
110data:
111 # NOTE: If you'd prefer to manually apply a configuration file, you may create one here.
112 # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod
113 # change the "args" line below from
114 # - "--multus-conf-file=auto"
115 # to:
116 # "--multus-conf-file=/tmp/multus-conf/70-multus.conf"
117 # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the
118 # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet.
119 cni-conf.json: |
120 {
121 "name": "multus-cni-network",
122 "type": "multus",
123 "capabilities": {
124 "portMappings": true
125 },
126 "delegates": [
127 {
128 "cniVersion": "0.3.1",
129 "name": "default-cni-network",
130 "plugins": [
131 {
132 "type": "flannel",
133 "name": "flannel.1",
134 "delegate": {
135 "isDefaultGateway": true,
136 "hairpinMode": true
137 }
138 },
139 {
140 "type": "portmap",
141 "capabilities": {
142 "portMappings": true
143 }
144 }
145 ]
146 }
147 ],
148 "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
149 }
150---
151apiVersion: apps/v1
152kind: DaemonSet
153metadata:
154 name: kube-multus-ds
155 namespace: kube-system
156 labels:
157 tier: node
158 app: multus
159 name: multus
160spec:
161 selector:
162 matchLabels:
163 name: multus
164 updateStrategy:
165 type: RollingUpdate
166 template:
167 metadata:
168 labels:
169 tier: node
170 app: multus
171 name: multus
172 spec:
173 hostNetwork: true
174 tolerations:
175 - operator: Exists
176 effect: NoSchedule
177 - operator: Exists
178 effect: NoExecute
179 serviceAccountName: multus
180 containers:
181 - name: kube-multus
182 image: ghcr.io/k8snetworkplumbingwg/multus-cni:snapshot
183 command: ["/thin_entrypoint"]
184 args:
185 - "--multus-conf-file=auto"
186 - "--multus-autoconfig-dir=/host/etc/cni/net.d"
187 - "--cni-conf-dir=/host/etc/cni/net.d"
188 resources:
189 requests:
190 cpu: "100m"
191 memory: "50Mi"
192 limits:
193 cpu: "100m"
194 memory: "50Mi"
195 securityContext:
196 privileged: true
197 terminationMessagePolicy: FallbackToLogsOnError
198 volumeMounts:
199 - name: cni
200 mountPath: /host/etc/cni/net.d
201 - name: cnibin
202 mountPath: /host/opt/cni/bin
203 - name: multus-cfg
204 mountPath: /tmp/multus-conf
205 initContainers:
206 - name: install-multus-binary
207 image: ghcr.io/k8snetworkplumbingwg/multus-cni:snapshot
208 command: ["/install_multus"]
209 args:
210 - "--type"
211 - "thin"
212 resources:
213 requests:
214 cpu: "10m"
215 memory: "15Mi"
216 securityContext:
217 privileged: true
218 terminationMessagePolicy: FallbackToLogsOnError
219 volumeMounts:
220 - name: cnibin
221 mountPath: /host/opt/cni/bin
222 mountPropagation: Bidirectional
223 terminationGracePeriodSeconds: 10
224 volumes:
225 - name: cni
226 hostPath:
227 path: /etc/cni/net.d
228 - name: cnibin
229 hostPath:
230 path: /opt/cni/bin
231 - name: multus-cfg
232 configMap:
233 name: multus-cni-config
234 items:
235 - key: cni-conf.json
236 path: 70-multus.conf
View as plain text