{{- if .Values.multus.enabled }} kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: multus rules: - apiGroups: ["k8s.cni.cncf.io"] resources: - '*' verbs: - '*' - apiGroups: - "" resources: - pods - pods/status verbs: - get - update - apiGroups: - "" - events.k8s.io resources: - events verbs: - create - patch - update --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: multus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: multus subjects: - kind: ServiceAccount name: multus namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: multus namespace: kube-system --- kind: ConfigMap apiVersion: v1 metadata: name: multus-cni-config namespace: kube-system labels: tier: node app: multus data: # NOTE: If you'd prefer to manually apply a configuration file, you may create one here. # In the case you'd like to customize the Multus installation, you should change the arguments to the Multus pod # change the "args" line below from # - "--multus-conf-file=auto" # to: # "--multus-conf-file=/tmp/multus-conf/70-multus.conf" # Additionally -- you should ensure that the name "70-multus.conf" is the alphabetically first name in the # /etc/cni/net.d/ directory on each node, otherwise, it will not be used by the Kubelet. cni-conf.json: | { "cniVersion": "0.3.1", "name": "multus-cni-network", "type": "multus", "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig", "delegates": [ { "cniVersion": "0.3.1", "name": "cilium", "type": "cilium-cni", "enable-debug": false } ] } --- apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-multus-ds namespace: kube-system labels: tier: node app: multus name: multus spec: selector: matchLabels: name: multus updateStrategy: type: RollingUpdate template: metadata: labels: tier: node app: multus name: multus spec: hostNetwork: true tolerations: - operator: Exists effect: NoSchedule serviceAccountName: multus containers: - name: kube-multus image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }} command: ["/entrypoint.sh"] args: - "--multus-conf-file=auto" - "--cni-version=0.3.1" resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true capabilities: add: ["SYS_ADMIN"] volumeMounts: - name: run mountPath: /run - name: cni mountPath: /host/etc/cni/net.d - name: cnibin mountPath: /host/opt/cni/bin - name: multus-cfg mountPath: /tmp/multus-conf initContainers: - name: install-multus-binary image: ghcr.io/k8snetworkplumbingwg/multus-cni:{{ .Values.multus.tag }} command: - "cp" - "/usr/src/multus-cni/bin/multus" - "/host/opt/cni/bin/multus" resources: requests: cpu: "10m" memory: "15Mi" securityContext: privileged: true volumeMounts: - name: cnibin mountPath: /host/opt/cni/bin mountPropagation: Bidirectional terminationGracePeriodSeconds: 10 volumes: - name: run hostPath: path: /run - name: cni hostPath: path: /etc/cni/net.d - name: cnibin hostPath: path: /opt/cni/bin - name: multus-cfg configMap: name: multus-cni-config items: - key: cni-conf.json path: 70-multus.conf {{- end }}