diff --git a/neonvm/config/multus-arm64/daemonset_patch.yaml b/neonvm/config/multus-arm64/daemonset_patch.yaml index 1c61286d1..c8e18ddfd 100644 --- a/neonvm/config/multus-arm64/daemonset_patch.yaml +++ b/neonvm/config/multus-arm64/daemonset_patch.yaml @@ -1,137 +1,112 @@ +--- +# Source: multus-cni/templates/daemonset.yaml apiVersion: apps/v1 kind: DaemonSet metadata: + name: kube-multus-ds + namespace: kube-system labels: + tier: node app: multus name: multus - tier: node - name: kube-multus-ds - namespace: kube-system spec: selector: matchLabels: - name: multus + app: multus + updateStrategy: + type: RollingUpdate template: metadata: - labels: - app: multus - name: multus - tier: node + annotations: spec: + + hostNetwork: true + serviceAccountName: multus + securityContext: + fsGroup: 0 affinity: + podAffinity: + nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: nodeSelectorTerms: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - arm64 - key: kubernetes.io/os operator: In values: - - linux - containers: - - command: - - /usr/src/multus-cni/bin/multus-daemon - image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.3-thick - name: kube-multus - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - privileged: true - volumeMounts: - - name: cni - mountPath: /host/etc/cni/net.d - # multus-daemon expects that cnibin path must be identical between pod and container host. - # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, - # not to any other directory, like '/opt/bin' or '/usr/bin'. - - name: cnibin - mountPath: /opt/cni/bin - - name: host-run - mountPath: /host/run - - name: host-var-lib-cni-multus - mountPath: /var/lib/cni/multus - - name: host-var-lib-kubelet - mountPath: /var/lib/kubelet - mountPropagation: HostToContainer - - name: host-run-k8s-cni-cncf-io - mountPath: /run/k8s.cni.cncf.io - - name: host-run-netns - mountPath: /run/netns - mountPropagation: HostToContainer - - name: multus-daemon-config - mountPath: /etc/cni/net.d/multus.d - readOnly: true - - name: hostroot - mountPath: /hostroot - mountPropagation: HostToContainer - env: - - name: MULTUS_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - hostNetwork: true - hostPID: true + - linux + priorityClassName: "" initContainers: - name: install-multus-binary - image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.3-thick + image: docker.io/bitnami/multus-cni:3.9.3 command: - - "cp" - - "/usr/src/multus-cni/bin/multus-shim" - - "/host/opt/cni/bin/multus-shim" - resources: - requests: - cpu: "10m" - memory: "15Mi" + - cp + - "/usr/src/multus-cni/bin/multus" + - "/bitnami/multus-cni/host/opt/cni/bin" securityContext: privileged: true - terminationMessagePolicy: FallbackToLogsOnError + runAsNonRoot: false + runAsUser: 0 volumeMounts: - - name: cnibin - mountPath: /host/opt/cni/bin + - name: cni-bin-dir + mountPath: /bitnami/multus-cni/host/opt/cni/bin mountPropagation: Bidirectional - serviceAccountName: multus - terminationGracePeriodSeconds: 10 - tolerations: - - effect: NoSchedule - operator: Exists + - name: generate-kubeconfig + image: docker.io/bitnami/multus-cni:3.9.3 + command: + - generate-kubeconfig + args: + - "-k8s-service-host=$(KUBERNETES_SERVICE_HOST)" + - "-k8s-service-port=$(KUBERNETES_SERVICE_PORT)" + - "-cni-config-dir=/bitnami/multus-cni/host/etc/cni/net.d" + securityContext: + privileged: true + runAsNonRoot: false + runAsUser: 0 + volumeMounts: + - name: cni-net-dir + mountPath: /bitnami/multus-cni/host/etc/cni/net.d + mountPropagation: Bidirectional + containers: + - name: kube-multus + image: docker.io/bitnami/multus-cni:3.9.3 + imagePullPolicy: "IfNotPresent" + command: + - multus-daemon + args: + - "-cni-version=0.3.0" + - "-cni-config-dir=/bitnami/multus-cni/host/etc/cni/net.d" + - "-multus-autoconfig-dir=/bitnami/multus-cni/host/etc/cni/net.d" + - "-multus-log-to-stderr=true" + - "-multus-log-level=verbose" + securityContext: + privileged: true + runAsNonRoot: false + runAsUser: 0 + env: + - name: BITNAMI_DEBUG + value: "false" + envFrom: + livenessProbe: + exec: + command: + - pgrep + - multus-daemon + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + resources: + limits: {} + requests: {} + volumeMounts: + - name: cni-net-dir + mountPath: /bitnami/multus-cni/host/etc/cni/net.d volumes: - - hostPath: - path: /etc/cni/net.d - name: cni - - hostPath: - path: /opt/cni/bin - name: cnibin - - name: hostroot - hostPath: - path: / - - name: multus-daemon-config - configMap: - name: multus-daemon-config - items: - - key: daemon-config.json - path: daemon-config.json - - name: host-run - hostPath: - path: /run - - name: host-var-lib-cni-multus - hostPath: - path: /var/lib/cni/multus - - name: host-var-lib-kubelet - hostPath: - path: /var/lib/kubelet - - name: host-run-k8s-cni-cncf-io - hostPath: - path: /run/k8s.cni.cncf.io - - name: host-run-netns - hostPath: - path: /run/netns/ - - updateStrategy: - type: RollingUpdate + - name: cni-bin-dir + hostPath: + path: /opt/cni/bin + - name: cni-net-dir + hostPath: + path: /etc/cni/net.d diff --git a/neonvm/config/multus-arm64/kustomization.yaml b/neonvm/config/multus-arm64/kustomization.yaml index a20c9558b..a945347f7 100644 --- a/neonvm/config/multus-arm64/kustomization.yaml +++ b/neonvm/config/multus-arm64/kustomization.yaml @@ -8,21 +8,17 @@ images: - name: kube-multus newName: ghcr.io/k8snetworkplumbingwg/multus-cni newTag: v4.1.3-thick - -resources: -- config_map.yaml + + patchesStrategicMerge: - cluster_role.yaml - daemonset_patch.yaml patches: -- target: - kind: DaemonSet - name: kube-multus-ds +- target: + kind: ServiceAccount + name: multus patch: |- - op: replace - path: /spec/template/spec/containers/0/command - value: ["/usr/src/multus-cni/bin/multus-daemon"] - - op: replace - path: /spec/template/spec/containers/0/args - value: [] + path: /automountServiceAccountToken + value: true