From ec4f86da59539b7acb05a67523b5ee1efdb59dc3 Mon Sep 17 00:00:00 2001 From: Jay Deokar <23660509+jaydeokar@users.noreply.github.com> Date: Fri, 13 Dec 2024 14:11:06 -0800 Subject: [PATCH] Adding multus v4.1.4 manifest (#3154) --- .../multus-daemonset-thick.yml | 260 ++++++++++++++++++ scripts/run-multus-tests.sh | 2 +- 2 files changed, 261 insertions(+), 1 deletion(-) create mode 100644 config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml diff --git a/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml b/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml new file mode 100644 index 0000000000..895f83040d --- /dev/null +++ b/config/multus/v4.1.4-eksbuild.1/multus-daemonset-thick.yml @@ -0,0 +1,260 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - list + - update + - watch + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: multus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: multus +subjects: + - kind: ServiceAccount + name: multus + namespace: kube-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: multus + namespace: kube-system +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: multus-daemon-config + namespace: kube-system + labels: + tier: node + app: multus +data: + daemon-config.json: | + { + "chrootDir": "/hostroot", + "confDir": "/host/etc/cni/net.d", + "logFile": "/var/log/multus.log", + "logLevel": "verbose", + "socketDir": "/host/run/multus/", + "cniVersion": "0.3.1", + "logToStderr": true, + "cniConfigDir": "/host/etc/cni/net.d", + "multusConfigFile": "auto", + "multusAutoconfigDir": "/host/etc/cni/net.d", + "multusMasterCNI": "10-aws.conflist" + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-multus-ds + namespace: kube-system + labels: + tier: node + app: multus + name: multus +spec: + selector: + matchLabels: + name: multus + updateStrategy: + type: RollingUpdate + template: + metadata: + labels: + tier: node + app: multus + name: multus + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + - key: eks.amazonaws.com/compute-type + operator: NotIn + values: + - fargate + hostNetwork: true + hostPID: true + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: multus + containers: + - name: kube-multus + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.1_thick + command: [ "/usr/src/multus-cni/bin/multus-daemon" ] + resources: + requests: + cpu: "100m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + + # not to any other directory, like '/opt/bin' or '/usr/bin'. + + - name: cnibin + mountPath: /opt/cni/bin + - name: host-run + mountPath: /host/run + - name: host-var-lib-cni-multus + mountPath: /var/lib/cni/multus + - name: host-var-lib-kubelet + mountPath: /var/lib/kubelet + mountPropagation: HostToContainer + - name: host-run-k8s-cni-cncf-io + mountPath: /run/k8s.cni.cncf.io + - name: host-run-netns + mountPath: /run/netns + mountPropagation: HostToContainer + - name: multus-daemon-config + mountPath: /etc/cni/net.d/multus.d + readOnly: true + - name: hostroot + mountPath: /hostroot + mountPropagation: HostToContainer + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + initContainers: + - name: install-multus-binary + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/multus-cni:v4.1.4-eksbuild.1_thick + command: + - "cp" + - "/usr/src/multus-cni/bin/multus-shim" + - "/host/opt/cni/bin/multus-shim" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + terminationGracePeriodSeconds: 10 + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + - name: hostroot + hostPath: + path: / + - name: multus-daemon-config + configMap: + name: multus-daemon-config + items: + - key: daemon-config.json + path: daemon-config.json + - name: host-run + hostPath: + path: /run + - name: host-var-lib-cni-multus + hostPath: + path: /var/lib/cni/multus + - name: host-var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: host-run-k8s-cni-cncf-io + hostPath: + path: /run/k8s.cni.cncf.io + - name: host-run-netns + hostPath: + path: /run/netns/ diff --git a/scripts/run-multus-tests.sh b/scripts/run-multus-tests.sh index 30ca2f282c..322c2f2f15 100755 --- a/scripts/run-multus-tests.sh +++ b/scripts/run-multus-tests.sh @@ -22,7 +22,7 @@ check_is_installed ginkgo load_cluster_details -LATEST_TAG=${1:-v3.8.0-eksbuild.1} +LATEST_TAG=${1:-v4.1.4-eksbuild.1_thick} echo "Installing latest multus manifest with tag: ${LATEST_TAG}" kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/master/config/multus/${LATEST_TAG}/aws-k8s-multus.yaml