From dc230e023a3149ae9f6dc023eb40e12b97ddb023 Mon Sep 17 00:00:00 2001 From: Todd Malsbary Date: Mon, 1 Mar 2021 14:02:16 -0800 Subject: Add multus addon helm chart - Support for calico configuration is present but currently disabled. Issue-ID: MULTICLOUD-1324 Signed-off-by: Todd Malsbary Change-Id: I2d2161564c4da2e165e5cf13cea92fae4935f8b2 --- kud/deployment_infra/helm/multus-cni/.helmignore | 23 ++++ kud/deployment_infra/helm/multus-cni/Chart.yaml | 26 +++++ .../helm/multus-cni/crds/net-attach-def.yaml | 45 ++++++++ .../helm/multus-cni/templates/_helpers.tpl | 62 ++++++++++ .../helm/multus-cni/templates/clusterrole.yaml | 31 +++++ .../multus-cni/templates/clusterrolebinding.yaml | 16 +++ .../helm/multus-cni/templates/cni-conf.yaml | 9 ++ .../helm/multus-cni/templates/daemonset.yaml | 83 ++++++++++++++ .../helm/multus-cni/templates/serviceaccount.yaml | 12 ++ kud/deployment_infra/helm/multus-cni/values.yaml | 126 +++++++++++++++++++++ 10 files changed, 433 insertions(+) create mode 100644 kud/deployment_infra/helm/multus-cni/.helmignore create mode 100644 kud/deployment_infra/helm/multus-cni/Chart.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl create mode 100644 kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml create mode 100644 kud/deployment_infra/helm/multus-cni/values.yaml (limited to 'kud/deployment_infra/helm') diff --git a/kud/deployment_infra/helm/multus-cni/.helmignore b/kud/deployment_infra/helm/multus-cni/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/kud/deployment_infra/helm/multus-cni/Chart.yaml b/kud/deployment_infra/helm/multus-cni/Chart.yaml new file mode 100644 index 00000000..84d2255c --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/Chart.yaml @@ -0,0 +1,26 @@ +# Copyright 2021 Intel Corporation, Inc +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v2 +appVersion: v3.7 +description: | + Multus CNI is a container network interface (CNI) plugin for + Kubernetes that enables attaching multiple network interfaces to + pods. +home: https://github.com/intel/multus-cni +name: multus-cni +sources: + - https://github.com/intel/multus-cni +type: application +version: 0.1.0 diff --git a/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml b/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml new file mode 100644 index 00000000..85347bd3 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string diff --git a/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl b/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl new file mode 100644 index 00000000..71aee739 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "multus.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "multus.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "multus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "multus.labels" -}} +helm.sh/chart: {{ include "multus.chart" . }} +{{ include "multus.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "multus.selectorLabels" -}} +app.kubernetes.io/name: {{ include "multus.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "multus.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "multus.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml b/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml new file mode 100644 index 00000000..1a3a87e0 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml @@ -0,0 +1,31 @@ +{{- if .Values.rbac.create }} +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "multus.fullname" . }} + labels: + {{- include "multus.labels" . | nindent 4 }} +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +{{- end }} \ No newline at end of file diff --git a/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..4e626480 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbac.create }} +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "multus.fullname" . }} + labels: + {{- include "multus.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "multus.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "multus.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml b/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml new file mode 100644 index 00000000..b1212139 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml @@ -0,0 +1,9 @@ +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ .Values.config.name }} + labels: + {{- include "multus.labels" . | nindent 4 }} + tier: node +data: + cni-conf.json: | {{ .Values.config.data | toPrettyJson | nindent 4}} diff --git a/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml b/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml new file mode 100644 index 00000000..551d6db6 --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "multus.fullname" . }}-ds + labels: + {{- include "multus.labels" . | nindent 4 }} + tier: node +spec: + selector: + matchLabels: + {{- include "multus.selectorLabels" . | nindent 6 }} + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + {{- include "multus.selectorLabels" . | nindent 8 }} + tier: node + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + hostNetwork: true + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + serviceAccountName: {{ include "multus.serviceAccountName" . }} + containers: + - name: kube-multus + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + {{- if .Values.config.enabled }} + - /bin/bash + - -cex + - | + #!/bin/bash + sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/{{ .Values.config.path }}.template > /tmp/{{ .Values.config.path }} + /entrypoint.sh --multus-conf-file=/tmp/{{ .Values.config.path }} + {{- else }} + - /entrypoint.sh + - "--multus-conf-file=auto" + - "--cni-version=0.3.1" + {{- end }} + lifecycle: + preStop: + exec: + command: ["/bin/bash", "-c", "rm /host/etc/cni/net.d/*-multus.conf"] + resources: + {{- toYaml .Values.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: {{ .Values.config.name }} + items: + - key: cni-conf.json + path: {{ .Values.config.path }}.template diff --git a/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml b/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml new file mode 100644 index 00000000..144a098a --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml @@ -0,0 +1,12 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "multus.serviceAccountName" . }} + labels: + {{- include "multus.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/kud/deployment_infra/helm/multus-cni/values.yaml b/kud/deployment_infra/helm/multus-cni/values.yaml new file mode 100644 index 00000000..e08f665e --- /dev/null +++ b/kud/deployment_infra/helm/multus-cni/values.yaml @@ -0,0 +1,126 @@ +image: + repository: nfvpe/multus + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +nameOverride: "" +fullnameOverride: "" + +securityContext: + privileged: true + +resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + +nodeSelector: + kubernetes.io/arch: amd64 + +tolerations: +- operator: Exists + effect: NoSchedule + +# NOTE: If you'd prefer to manually apply a configuration file, you +# may create one here. Additionally -- you should ensure that the +# name "{{ .Values.config.path }}" is the alphabetically first name in +# the /etc/cni/net.d/ directory on each node, otherwise, it will not +# be used by the Kubelet. +# +# __KUBERNETES_NODE_NAME__ below is replaced by spec.nodeName at +# startup. +config: + enabled: true + name: multus-cni-config + path: 00-multus.conf + # data: + # { + # "name": "multus-cni-network", + # "type": "multus", + # "capabilities": { + # "portMappings": true + # }, + # "delegates": [ + # { + # "cniVersion": "0.3.1", + # "name": "default-cni-network", + # "plugins": [ + # { + # "name": "k8s-pod-network", + # "cniVersion": "0.3.1", + # "type": "calico", + # "log_level": "info", + # "datastore_type": "kubernetes", + # "nodename": "__KUBERNETES_NODE_NAME__", + # "mtu": 1440, + # "ipam": { + # "type": "calico-ipam" + # }, + # "policy": { + # "type": "k8s" + # }, + # "kubernetes": { + # "kubeconfig": "/etc/cni/net.d/calico-kubeconfig" + # } + # }, + # { + # "type": "portmap", + # "snat": true, + # "capabilities": {"portMappings": true} + # } + # ] + # } + # ], + # "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" + # } + data: + { + "cniVersion": "0.3.1", + "name": "multus-cni-network", + "type": "multus", + "capabilities": { + "portMappings": true + }, + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig", + "delegates": [ + { + "name": "cbr0", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "flannel", + "delegate": { + "isDefaultGateway": true, + "hairpinMode": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + ] + } + +## RBAC parameteres +## https://kubernetes.io/docs/reference/access-authn-authz/rbac/ +## +rbac: + create: true + serviceAccountName: -- cgit 1.2.3-korg