From 9c3ebc3d2eaaffe986ca8f689f79a2c7e8f96389 Mon Sep 17 00:00:00 2001 From: Akhila Kishore Date: Mon, 26 Aug 2019 15:33:09 -0700 Subject: Use Multus Daemonset for installing Multus in KuD Currently KuD uses Ansible scripts for installing Multus. Multus has a daemonset that should be used for installing the multus as part of an add-on. This is also helpful for KuD offline deployment in the future. Removed the comment. Updated the images path and removed error supression addressed by comments. Signed-off-by: Akhila Kishore Issue-ID: MULTICLOUD-681 Change-Id: Id3702a2b5bd18804c2d7e4d063eba656202cb840 --- kud/deployment_infra/images/multus-daemonset.yml | 162 +++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 kud/deployment_infra/images/multus-daemonset.yml (limited to 'kud/deployment_infra/images') diff --git a/kud/deployment_infra/images/multus-daemonset.yml b/kud/deployment_infra/images/multus-daemonset.yml new file mode 100644 index 00000000..ff44a217 --- /dev/null +++ b/kud/deployment_infra/images/multus-daemonset.yml @@ -0,0 +1,162 @@ +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + version: v1 + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + validation: + openAPIV3Schema: + properties: + spec: + properties: + config: + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: +- kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-cni-config + namespace: kube-system + labels: + tier: node + app: multus +data: + cni-conf.json: | + { + "name": "multus-cni-network", + "type": "multus", + "cniVersion": "0.3.1", + "capabilities": { + "portMappings": true + }, + "delegates": [ + { + "cniVersion": "0.3.1", + "name": "default-cni-network", + "plugins": [ + { + "type": "flannel", + "name": "flannel.1", + "delegate": { + "isDefaultGateway": true, + "hairpinMode": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + ], + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" + } +--- +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: kube-multus-ds-amd64 + namespace: kube-system + labels: + tier: node + app: multus +spec: + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + spec: + hostNetwork: true + nodeSelector: + beta.kubernetes.io/arch: amd64 + tolerations: + - operator: Exists + effect: NoSchedule + serviceAccountName: multus + containers: + - name: kube-multus + image: nfvpe/multus:v3.3-tp + command: ["/entrypoint.sh"] + args: + - "--multus-conf-file=/tmp/multus-conf/00-multus.conf" + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + - name: multus-cfg + mountPath: /tmp/multus-conf + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: multus-cfg + configMap: + name: multus-cni-config + items: + - key: cni-conf.json + path: 00-multus.conf -- cgit 1.2.3-korg