From 186d273d690502dd171bf6b7bb27eb42ecb69b31 Mon Sep 17 00:00:00 2001 From: Jeff d'Ambly Date: Wed, 11 Sep 2024 10:15:33 -0700 Subject: [PATCH 1/7] Multus update (#2) * intial commit for multus upgrade * intial commit for multus upgrade * Allows manually triggering the workflow --- .github/workflows/helm_test.yml | 48 +++++++++++++++++++ .gitignore | 2 + multus/Chart.yaml | 4 +- multus/templates/clusterRole.yaml | 2 + multus/templates/crds/net-def.yaml | 45 +++++++++++++++++ .../templates/customResourceDefinition.yaml | 43 ----------------- multus/templates/daemonSet.yaml | 40 ++++++++++------ multus/values.yaml | 2 +- scripts/README.md | 22 +++++++++ scripts/compare_chart.sh | 39 +++++++++++++++ 10 files changed, 186 insertions(+), 61 deletions(-) create mode 100644 .github/workflows/helm_test.yml create mode 100644 .gitignore create mode 100644 multus/templates/crds/net-def.yaml delete mode 100644 multus/templates/customResourceDefinition.yaml create mode 100644 scripts/README.md create mode 100755 scripts/compare_chart.sh diff --git a/.github/workflows/helm_test.yml b/.github/workflows/helm_test.yml new file mode 100644 index 0000000..1144c83 --- /dev/null +++ b/.github/workflows/helm_test.yml @@ -0,0 +1,48 @@ +name: Helm Charts Test + +on: + push: + branches: + - main + - 'release/**' + pull_request: + branches: + - main + - 'release/**' + workflow_dispatch: # Allows manually triggering the workflow + +jobs: + test: + runs-on: ubuntu-latest + strategy: + matrix: + chart: [multus,sriov, whereabouts] # Add all your chart directories here + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: 'v3.12.0' # specify the Helm version you want to use + + - name: Set up Kubernetes (kind) + uses: helm/kind-action@v1.2.0 + with: + version: v0.17.0 # specify the kind version you want to use + + - name: Helm Lint + run: helm lint ${{ matrix.chart }} + + - name: Install dependencies + run: helm dependency update ${{ matrix.chart }} + + - name: Install Helm chart + run: helm install --wait --timeout 60s --dry-run ${{ matrix.chart }}-release ${{ matrix.chart }} + + - name: Run Helm tests + run: helm test ${{ matrix.chart }}-release --timeout 60s + + - name: Delete Helm release + run: helm uninstall ${{ matrix.chart }}-release diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b28d17b --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +/.idea +/scratch diff --git a/multus/Chart.yaml b/multus/Chart.yaml index 5c4a0d8..67355b6 100644 --- a/multus/Chart.yaml +++ b/multus/Chart.yaml @@ -15,11 +15,11 @@ apiVersion: v2 name: multus description: Multus Helm chart for Kubernetes type: application -version: 0.1.2 +version: 0.1.3 home: https://github.com/intel/multus-cni icon: https://raw.githubusercontent.com/intel/multus-cni/master/doc/images/Multus.png sources: - https://github.com/intel/multus-cni maintainers: - name: Network Plumbing Group -appVersion: 0.1.0 +appVersion: 2.8.0 diff --git a/multus/templates/clusterRole.yaml b/multus/templates/clusterRole.yaml index 6546262..9615bff 100644 --- a/multus/templates/clusterRole.yaml +++ b/multus/templates/clusterRole.yaml @@ -37,5 +37,7 @@ rules: - events verbs: - create + - patch + - update {{- end }} {{- end }} diff --git a/multus/templates/crds/net-def.yaml b/multus/templates/crds/net-def.yaml new file mode 100644 index 0000000..24b2c58 --- /dev/null +++ b/multus/templates/crds/net-def.yaml @@ -0,0 +1,45 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string diff --git a/multus/templates/customResourceDefinition.yaml b/multus/templates/customResourceDefinition.yaml deleted file mode 100644 index d86bf91..0000000 --- a/multus/templates/customResourceDefinition.yaml +++ /dev/null @@ -1,43 +0,0 @@ -# Copyright 2020 K8s Network Plumbing Group -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.customResourceDefinition }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: network-attachment-definitions.k8s.cni.cncf.io -spec: - group: k8s.cni.cncf.io - scope: Namespaced - names: - plural: network-attachment-definitions - singular: network-attachment-definition - kind: NetworkAttachmentDefinition - shortNames: - - net-attach-def - versions: - - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - config: - type: string -{{- end }} -{{- end }} diff --git a/multus/templates/daemonSet.yaml b/multus/templates/daemonSet.yaml index de7ad73..5d882a7 100644 --- a/multus/templates/daemonSet.yaml +++ b/multus/templates/daemonSet.yaml @@ -47,7 +47,7 @@ spec: effect: NoSchedule serviceAccountName: {{ .Values.serviceAccount.name }} containers: - - name: kube-{{ .Chart.Name }} + - name: multus image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: @@ -55,14 +55,11 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - command: - - /bin/bash - - -cex - - | - #!/bin/bash - sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/00-multus.conf.template > /tmp/multus-conf/00-multus.conf - /entrypoint.sh \ - --multus-conf-file=/tmp/multus-conf/00-multus.conf + command: ["/thin_entrypoint"] + args: + - "--multus-conf-file=auto" + - "--multus-autoconfig-dir=/host/etc/cni/net.d" + - "--cni-conf-dir=/host/etc/cni/net.d" {{- if .Values.pod.resources.multus }} resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }} {{- end }} @@ -73,11 +70,26 @@ spec: mountPath: /host/etc/cni/net.d - name: cnibin mountPath: /host/opt/cni/bin - {{- if .Values.manifests.configMap }} - name: multus-cfg - mountPath: /tmp/multus-conf/00-multus.conf.template - subPath: "cni-conf.json" - {{- end }} + mountPath: /tmp/multus-conf + initContainers: + - name: install-multus-binary + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + command: [ "/install_multus" ] + args: + - "--type" + - "thin" + resources: + requests: + cpu: "10m" + memory: "15Mi" + securityContext: + privileged: true + terminationMessagePolicy: FallbackToLogsOnError + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional volumes: - name: cni hostPath: @@ -85,10 +97,8 @@ spec: - name: cnibin hostPath: path: /opt/cni/bin - {{- if .Values.manifests.configMap }} - name: multus-cfg configMap: name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config - {{- end }} {{- end }} {{- end }} diff --git a/multus/values.yaml b/multus/values.yaml index b940bec..c5fa920 100644 --- a/multus/values.yaml +++ b/multus/values.yaml @@ -20,7 +20,7 @@ image: repository: ghcr.io/k8snetworkplumbingwg/multus-cni - tag: v3.8 + tag: v4.1.0 pullPolicy: IfNotPresent #imagePullSecrets: [] diff --git a/scripts/README.md b/scripts/README.md new file mode 100644 index 0000000..0145a4e --- /dev/null +++ b/scripts/README.md @@ -0,0 +1,22 @@ +# Helm Chart Comparison Script + +This script allows you to compare a rendered Helm chart with the latest manifest from a specified GitHub repository. It is particularly useful for keeping your Kubernetes deployments up to date by ensuring that your Helm charts match the latest official manifests. + +## Features + +- **Generic Usage**: Easily adaptable to any Helm chart and GitHub manifest. +- **Scratch Directory**: Uses a `scratch` directory for temporary files, which is ignored by Git. +- **Simple Comparison**: Provides a unified diff between your Helm chart and the latest manifest. + +## Prerequisites + +- **Helm**: Ensure Helm is installed and configured. +- **curl**: Used to download the latest manifest from the GitHub repository. +- **diff**: Standard tool for comparing files. + +## Usage + +### Script Syntax + +```bash +./compare_chart.sh diff --git a/scripts/compare_chart.sh b/scripts/compare_chart.sh new file mode 100755 index 0000000..5bff765 --- /dev/null +++ b/scripts/compare_chart.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# Usage: ./compare_chart.sh + +# Check if correct number of arguments is provided +if [ "$#" -ne 3 ]; then + echo "Usage: $0 " + exit 1 +fi + +CHART_DIR=$1 +RELEASE_NAME=$2 +MANIFEST_URL=$3 + +# Define scratch directory and output file names +SCRATCH_DIR="./scratch" +mkdir -p ${SCRATCH_DIR} + +CURRENT_YAML="${SCRATCH_DIR}/current-${RELEASE_NAME}.yaml" +LATEST_YAML="${SCRATCH_DIR}/latest-${RELEASE_NAME}.yaml" + +# Fetch the latest manifest +curl -o ${LATEST_YAML} ${MANIFEST_URL} +if [ $? -ne 0 ]; then + echo "Failed to download the manifest from ${MANIFEST_URL}" + exit 1 +fi + +# Render the Helm chart +helm template ${RELEASE_NAME} ${CHART_DIR} > ${CURRENT_YAML} +if [ $? -ne 0 ]; then + echo "Failed to render Helm chart from ${CHART_DIR}" + exit 1 +fi + +# Compare the files side by side +diff -y ${CURRENT_YAML} ${LATEST_YAML} + +# The files will remain in the scratch directory for review From ad34c24a9f5cbdf60979e3b163bc0b3982ba87f6 Mon Sep 17 00:00:00 2001 From: Jeff d'Ambly Date: Wed, 11 Sep 2024 10:37:44 -0700 Subject: [PATCH 2/7] Trigger GitHub Action (#3) * Trigger GitHub Action * seems to be an issue with whereabouts that needs to be updated * remove the dry-run flag * break out github action per chart --- .github/workflows/helm_test.yml | 48 -------------------------- .github/workflows/helm_test_multus.yml | 43 +++++++++++++++++++++++ 2 files changed, 43 insertions(+), 48 deletions(-) delete mode 100644 .github/workflows/helm_test.yml create mode 100644 .github/workflows/helm_test_multus.yml diff --git a/.github/workflows/helm_test.yml b/.github/workflows/helm_test.yml deleted file mode 100644 index 1144c83..0000000 --- a/.github/workflows/helm_test.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: Helm Charts Test - -on: - push: - branches: - - main - - 'release/**' - pull_request: - branches: - - main - - 'release/**' - workflow_dispatch: # Allows manually triggering the workflow - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - chart: [multus,sriov, whereabouts] # Add all your chart directories here - - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: Set up Helm - uses: azure/setup-helm@v3 - with: - version: 'v3.12.0' # specify the Helm version you want to use - - - name: Set up Kubernetes (kind) - uses: helm/kind-action@v1.2.0 - with: - version: v0.17.0 # specify the kind version you want to use - - - name: Helm Lint - run: helm lint ${{ matrix.chart }} - - - name: Install dependencies - run: helm dependency update ${{ matrix.chart }} - - - name: Install Helm chart - run: helm install --wait --timeout 60s --dry-run ${{ matrix.chart }}-release ${{ matrix.chart }} - - - name: Run Helm tests - run: helm test ${{ matrix.chart }}-release --timeout 60s - - - name: Delete Helm release - run: helm uninstall ${{ matrix.chart }}-release diff --git a/.github/workflows/helm_test_multus.yml b/.github/workflows/helm_test_multus.yml new file mode 100644 index 0000000..b13e84d --- /dev/null +++ b/.github/workflows/helm_test_multus.yml @@ -0,0 +1,43 @@ +name: Multus Chart Test + +on: + push: + paths: + - 'multus/**' + - '.github/workflows/helm_test_multus.yml' + branches: + - master + pull_request: + branches: + - master + workflow_dispatch: # Allows manually triggering the workflow + +jobs: + test: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: 'v3.12.0' # specify the Helm version you want to use + + - name: Set up Kubernetes (kind) + uses: helm/kind-action@v1.2.0 + with: + version: v0.17.0 # specify the kind version you want to use + + - name: Helm Lint Multus + run: helm lint multus + + - name: Install Helm chart multus + run: helm install --wait --timeout 60s multus-release ./multus + + - name: Run Helm tests + run: helm test multus-release --timeout 60s + + - name: Delete Helm release + run: helm uninstall multus-release From 3fc1a3cded6c2cfa9f8c4c824bbf97e749e1fae0 Mon Sep 17 00:00:00 2001 From: Jeff d'Ambly Date: Tue, 17 Sep 2024 09:40:20 -0700 Subject: [PATCH 3/7] Test actions (#4) * Trigger GitHub Action * seems to be an issue with whereabouts that needs to be updated * remove the dry-run flag * break out github action per chart * added better support for autoconfig * created new readme file with helm-docs * always create a service account * always create a daemonset * always create a cluster role * always create a cluster role * removed annoation of configmap in favour of using auto config * refactor node selector and tolerations * updated notes * added template for go docs, and updated vaules file for better help ouput * updated chart yaml with corrected urls * updated resources and docs for this config * cleaned up white space for notes --- multus/Chart.yaml | 8 +- multus/README.md | 44 +++++++ multus/README.md.gotmpl | 10 ++ multus/templates/NOTES.txt | 14 --- multus/templates/clusterRole.yaml | 2 - multus/templates/clusterRoleBinding.yaml | 2 - multus/templates/configMap.yaml | 27 ----- multus/templates/daemonSet.yaml | 100 +++++++++++++--- multus/templates/serviceAccount.yaml | 3 +- multus/values.yaml | 142 +++++++++++------------ 10 files changed, 207 insertions(+), 145 deletions(-) create mode 100644 multus/README.md create mode 100644 multus/README.md.gotmpl delete mode 100644 multus/templates/configMap.yaml diff --git a/multus/Chart.yaml b/multus/Chart.yaml index 67355b6..9fa12ed 100644 --- a/multus/Chart.yaml +++ b/multus/Chart.yaml @@ -16,10 +16,10 @@ name: multus description: Multus Helm chart for Kubernetes type: application version: 0.1.3 -home: https://github.com/intel/multus-cni -icon: https://raw.githubusercontent.com/intel/multus-cni/master/doc/images/Multus.png +home: https://github.com/k8snetworkplumbingwg/helm-charts +icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png sources: - - https://github.com/intel/multus-cni + - https://github.com/k8snetworkplumbingwg/multus-cni maintainers: - name: Network Plumbing Group -appVersion: 2.8.0 +appVersion: v4.1.0 diff --git a/multus/README.md b/multus/README.md new file mode 100644 index 0000000..6666fc2 --- /dev/null +++ b/multus/README.md @@ -0,0 +1,44 @@ +# multus + +Multus Helm chart for Kubernetes + +![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v4.1.0](https://img.shields.io/badge/AppVersion-v4.1.0-informational?style=flat-square) + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| args.additionalBinDir | string | `""` | Additional directory to include in the CNI binDir option. | +| args.cleanupConfigOnExit | bool | `false` | Cleanup configuration files on exit. | +| args.cniBinDir | string | `"/host/opt/cni/bin"` | The directory where CNI binaries are installed. | +| args.cniConfDir | string | `"/host/etc/cni/net.d"` | The directory where CNI configurations are stored. | +| args.cniVersion | string | `""` | Version of the CNI to use. | +| args.forceCNIVersion | bool | `false` | Force the use of a specific CNI version. | +| args.globalNamespaces | string | `""` | Comma-separated list of global namespaces for use with namespace isolation. | +| args.multusAutoconfigDir | string | `"/host/etc/cni/net.d"` | Directory for the Multus auto-configuration. | +| args.multusBinFile | string | `"/usr/src/multus-cni/bin/multus"` | Path to the Multus binary file. | +| args.multusCNIConfDir | string | `"/host/etc/cni/multus/net.d"` | Directory for Multus-specific CNI configurations. | +| args.multusConfFile | string | `"auto"` | The configuration file for Multus. | +| args.multusKubeConfigFileHost | string | `"/etc/cni/net.d/multus.d/multus.kubeconfig"` | Path to the kubeconfig file for Multus. | +| args.multusLogFile | string | `""` | Path to the Multus log file. | +| args.multusLogLevel | string | `""` | Log level for Multus. | +| args.multusLogToStderr | bool | `true` | Whether to log to stderr. | +| args.multusMasterCNIFileName | string | `""` | Name of the master CNI file in the Multus auto-configuration directory. | +| args.namespaceIsolation | bool | `false` | Enable namespace isolation. | +| args.overrideNetworkName | bool | `false` | Override the network name from the master CNI file. | +| args.readinessIndicatorFile | string | `""` | File used to indicate readiness. | +| args.renameConfFile | bool | `false` | Rename the master configuration file to invalidate it. | +| args.skipConfigWatch | bool | `false` | Skip watching for configuration changes. | +| args.skipMultusBinaryCopy | bool | `false` | Whether to skip copying the Multus binary file. | +| args.skipTLSVerify | bool | `false` | Skip TLS verification. | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"ghcr.io/k8snetworkplumbingwg/multus-cni"` | Repository for the Multus image. | +| image.tag | string | `"v4.1.0"` | Tag of the Multus image. | +| nodeSelector | object | `{}` | Node selector for pod assignment. | +| resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"250m","memory":"128Mi"}}` | Resources for the Multus pod. | +| securityContext | object | `{"privileged":true}` | securityContext for the pod. | +| serviceAccount.name | string | `"multus"` | | +| tolerations | list | `[{"effect":"NoSchedule","operator":"Exists"}]` | Tolerations for pod assignment. | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.11.0](https://github.com/norwoodj/helm-docs/releases/v1.11.0) diff --git a/multus/README.md.gotmpl b/multus/README.md.gotmpl new file mode 100644 index 0000000..e7768ec --- /dev/null +++ b/multus/README.md.gotmpl @@ -0,0 +1,10 @@ +{{ template "chart.header" . }} +{{ template "chart.description" . }} + +{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }} + +{{ template "chart.requirementsSection" . }} + +{{ template "chart.valuesSection" . }} + +{{ template "helm-docs.versionFooter" . }} diff --git a/multus/templates/NOTES.txt b/multus/templates/NOTES.txt index db7ecc5..5d108ab 100644 --- a/multus/templates/NOTES.txt +++ b/multus/templates/NOTES.txt @@ -1,25 +1,11 @@ ====== {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} 1. The following components have been deployed as part of this helm chart: -{{- if .Values.manifests.clusterRole }} Cluster Role: {{ .Values.serviceAccount.name }} -{{- end}} -{{- if .Values.manifests.clusterRoleBinding }} Cluster Role Binding: {{ .Chart.Name }} -{{- end }} -{{- if .Values.manifests.configMap }} -Config Map: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config -{{- end }} -{{- if .Values.manifests.customResourceDefinition }} Custom Resource Definition: network-attachment-definitions.k8s.cni.cncf.io -{{- end }} -{{- if .Values.manifests.daemonSet }} Daemon Set: {{ .Release.Name }}-{{ .Chart.Name }}-ds -{{- end }} -{{- if .Values.manifests.serviceAccount }} Service Account: {{ .Values.serviceAccount.name }} -{{- end }} - You can now deploy any other CNI and create its Network Attachment Defintion. --------- diff --git a/multus/templates/clusterRole.yaml b/multus/templates/clusterRole.yaml index 9615bff..3c2a2ee 100644 --- a/multus/templates/clusterRole.yaml +++ b/multus/templates/clusterRole.yaml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.clusterRole }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -40,4 +39,3 @@ rules: - patch - update {{- end }} -{{- end }} diff --git a/multus/templates/clusterRoleBinding.yaml b/multus/templates/clusterRoleBinding.yaml index 3095588..aff29b3 100644 --- a/multus/templates/clusterRoleBinding.yaml +++ b/multus/templates/clusterRoleBinding.yaml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.clusterRoleBinding }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -26,4 +25,3 @@ subjects: name: {{ .Values.serviceAccount.name }} namespace: kube-system {{- end }} -{{- end }} diff --git a/multus/templates/configMap.yaml b/multus/templates/configMap.yaml deleted file mode 100644 index c95e82b..0000000 --- a/multus/templates/configMap.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2020 K8s Network Plumbing Group -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -{{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.configMap }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config - namespace: kube-system - labels: -{{- include "multus.labels" . | indent 4 }} -data: - cni-conf.json: |- -{{ toJson .Values.config.cni_conf | indent 4 }} -{{- end }} -{{- end }} diff --git a/multus/templates/daemonSet.yaml b/multus/templates/daemonSet.yaml index 5d882a7..b9ab5d7 100644 --- a/multus/templates/daemonSet.yaml +++ b/multus/templates/daemonSet.yaml @@ -12,7 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.daemonSet }} apiVersion: apps/v1 kind: DaemonSet metadata: @@ -32,8 +31,6 @@ spec: metadata: labels: {{- include "multus.labels" . | indent 8 }} - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} spec: priorityClassName: system-node-critical hostNetwork: true @@ -41,10 +38,13 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - nodeSelector: {{- toYaml .Values.labels.nodeSelector | nindent 8 }} + {{- with .Values.nodeSelector }} + nodeSelector: {{ . }} + {{- end }} + {{- with .Values.tolerations }} tolerations: - - operator: Exists - effect: NoSchedule + {{- toYaml . | nindent 8 }} + {{- end }} serviceAccountName: {{ .Values.serviceAccount.name }} containers: - name: multus @@ -57,21 +57,88 @@ spec: fieldPath: spec.nodeName command: ["/thin_entrypoint"] args: - - "--multus-conf-file=auto" - - "--multus-autoconfig-dir=/host/etc/cni/net.d" - - "--cni-conf-dir=/host/etc/cni/net.d" - {{- if .Values.pod.resources.multus }} - resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }} + {{- with .Values.args.cniBinDir }} + - --cni-bin-dir={{ . }} + {{- end }} + {{- with .Values.args.cniConfDir }} + - --cni-conf-dir={{ . }} + {{- end }} + {{- with .Values.args.cniVersion }} + - --cni-version={{ . }} + {{- end }} + {{- with .Values.args.multusConfFile }} + - --multus-conf-file={{ . }} + {{- end }} + {{- with .Values.args.multusBinFile }} + - --multus-bin-file={{ . }} + {{- end }} + {{- with .Values.args.multusCNIConfDir }} + - --multus-cni-conf-dir={{ . }} + {{- end }} + {{- with .Values.args.skipMultusBinaryCopy }} + - --skip-multus-binary-copy={{ . }} + {{- end }} + {{- with .Values.args.multusKubeConfigFileHost }} + - --multus-kubeconfig-file-host={{ . }} + {{- end }} + {{- with .Values.args.multusMasterCNIFileName }} + - --multus-master-cni-file-name={{ . }} + {{- end }} + {{- with .Values.args.namespaceIsolation }} + - --namespace-isolation={{ . }} + {{- end }} + {{- with .Values.args.globalNamespaces }} + - --global-namespaces={{ . }} + {{- end }} + {{- with .Values.args.multusAutoconfigDir }} + - --multus-autoconfig-dir={{ . }} + {{- end }} + {{- with .Values.args.multusLogToStderr }} + - --multus-log-to-stderr={{ . }} + {{- end }} + {{- with .Values.args.multusLogLevel }} + - --multus-log-level={{ . }} + {{- end }} + {{- with .Values.args.multusLogFile }} + - --multus-log-file={{ . }} + {{- end }} + {{- with .Values.args.overrideNetworkName }} + - --override-network-name={{ . }} + {{- end }} + {{- with .Values.args.cleanupConfigOnExit }} + - --cleanup-config-on-exit={{ . }} + {{- end }} + {{- with .Values.args.skipConfigWatch }} + - --skip-config-watch={{ . }} + {{- end }} + {{- with .Values.args.renameConfFile }} + - --rename-conf-file={{ . }} + {{- end }} + {{- with .Values.args.readinessIndicatorFile }} + - --readiness-indicator-file={{ . }} + {{- end }} + {{- with .Values.args.additionalBinDir }} + - --additional-bin-dir={{ . }} + {{- end }} + {{- with .Values.args.skipTLSVerify }} + - --skip-tls-verify={{ . }} + {{- end }} + {{- with .Values.forceCNIVersion }} + - --force-cni-version={{ . }} + {{- end }} + {{- with .Values.resources}} + resources: + {{- toYaml . | nindent 10 }} {{- end }} + {{- with .Values.securityContext}} securityContext: - privileged: true + {{- toYaml . | nindent 10 }} + {{- end }} volumeMounts: - name: cni mountPath: /host/etc/cni/net.d - name: cnibin mountPath: /host/opt/cni/bin - - name: multus-cfg - mountPath: /tmp/multus-conf initContainers: - name: install-multus-binary image: {{ .Values.image.repository }}:{{ .Values.image.tag }} @@ -97,8 +164,5 @@ spec: - name: cnibin hostPath: path: /opt/cni/bin - - name: multus-cfg - configMap: - name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config -{{- end }} {{- end }} + diff --git a/multus/templates/serviceAccount.yaml b/multus/templates/serviceAccount.yaml index 01feee9..7ab3809 100644 --- a/multus/templates/serviceAccount.yaml +++ b/multus/templates/serviceAccount.yaml @@ -12,11 +12,10 @@ # See the License for the specific language governing permissions and # limitations under the License. {{- if or ( gt .Capabilities.KubeVersion.Major "1" ) ( ge .Capabilities.KubeVersion.Minor "16" ) }} -{{- if .Values.manifests.serviceAccount }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ .Values.serviceAccount.name }} namespace: kube-system {{- end }} -{{- end }} + diff --git a/multus/values.yaml b/multus/values.yaml index c5fa920..85c95e7 100644 --- a/multus/values.yaml +++ b/multus/values.yaml @@ -16,10 +16,10 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -#replicaCount: 1 - image: + # -- Repository for the Multus image. repository: ghcr.io/k8snetworkplumbingwg/multus-cni + # -- Tag of the Multus image. tag: v4.1.0 pullPolicy: IfNotPresent @@ -35,78 +35,68 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: multus +# -- Resources for the Multus pod. +resources: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "128Mi" + cpu: "500m" -pod: - resources: - enabled: false - multus: - requests: - memory: "128Mi" - cpu: "250m" - limits: - memory: "1024Mi" - cpu: "2000m" - -#podSecurityContext: {} - # fsGroup: 2000 - -#securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -#service: - #type: ClusterIP - #port: 80 - -#ingress: - #enabled: false - #annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - #hosts: - #- host: chart-example.local - # paths: [] - #tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -labels: - nodeSelector: - kubernetes.io/arch: amd64 - -config: - cni_conf: - name: multus-cni-network - type: multus - kubeconfig: /etc/cni/net.d/multus.d/multus.kubeconfig - cniVersion: 0.3.1 - confDir: /etc/cni/net.d - cniDir: /var/lib/cni/multus - binDir: /opt/cni/bin - logFile: /var/log/multus.log - logLevel: panic - capabilities: - portMappings: true - readinessindicatorfile: "" - namespaceIsolation: false - clusterNetwork: k8s-pod-network - defaultNetwork: [] - delegates: [] - systemNamespaces: ["kube-system"] - -manifests: - serviceAccount: true - clusterRole: true - clusterRoleBinding: true - configMap: true - daemonSet: true - customResourceDefinition: true - -#tolerations: [] - -#affinity: {} +args: + # -- The directory where CNI binaries are installed. + cniBinDir: "/host/opt/cni/bin" + # -- The directory where CNI configurations are stored. + cniConfDir: "/host/etc/cni/net.d" + # -- Version of the CNI to use. + cniVersion: "" + # -- The configuration file for Multus. + multusConfFile: "auto" + # -- Path to the Multus binary file. + multusBinFile: "/usr/src/multus-cni/bin/multus" + # -- Directory for Multus-specific CNI configurations. + multusCNIConfDir: "/host/etc/cni/multus/net.d" + # -- Whether to skip copying the Multus binary file. + skipMultusBinaryCopy: false + # -- Path to the kubeconfig file for Multus. + multusKubeConfigFileHost: "/etc/cni/net.d/multus.d/multus.kubeconfig" + # -- Name of the master CNI file in the Multus auto-configuration directory. + multusMasterCNIFileName: "" + # -- Enable namespace isolation. + namespaceIsolation: false + # -- Comma-separated list of global namespaces for use with namespace isolation. + globalNamespaces: "" + # -- Directory for the Multus auto-configuration. + multusAutoconfigDir: "/host/etc/cni/net.d" + # -- Whether to log to stderr. + multusLogToStderr: true + # -- Log level for Multus. + multusLogLevel: "" + # -- Path to the Multus log file. + multusLogFile: "" + # -- Override the network name from the master CNI file. + overrideNetworkName: false + # -- Cleanup configuration files on exit. + cleanupConfigOnExit: false + # -- Skip watching for configuration changes. + skipConfigWatch: false + # -- Rename the master configuration file to invalidate it. + renameConfFile: false + # -- File used to indicate readiness. + readinessIndicatorFile: "" + # -- Additional directory to include in the CNI binDir option. + additionalBinDir: "" + # -- Skip TLS verification. + skipTLSVerify: false + # -- Force the use of a specific CNI version. + forceCNIVersion: false +# -- Node selector for pod assignment. +nodeSelector: {} +# -- Tolerations for pod assignment. +tolerations: + - operator: Exists + effect: NoSchedule +# -- securityContext for the pod. +securityContext: + privileged: true From 0db40249a229118425c8710b1dda280650ad6c97 Mon Sep 17 00:00:00 2001 From: jdambly Date: Wed, 18 Sep 2024 09:33:28 -0700 Subject: [PATCH 4/7] updated default tolerations --- multus/values.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/multus/values.yaml b/multus/values.yaml index 85c95e7..885c63d 100644 --- a/multus/values.yaml +++ b/multus/values.yaml @@ -97,6 +97,8 @@ nodeSelector: {} tolerations: - operator: Exists effect: NoSchedule + - operator: Exists + effect: NoExecute # -- securityContext for the pod. securityContext: privileged: true From 3c0a0189b59ace3f7f2d66a51acb442bdd966ae8 Mon Sep 17 00:00:00 2001 From: jdambly Date: Tue, 1 Oct 2024 13:42:54 -0700 Subject: [PATCH 5/7] fixed label selectors --- multus/templates/daemonSet.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/multus/templates/daemonSet.yaml b/multus/templates/daemonSet.yaml index b9ab5d7..210ae06 100644 --- a/multus/templates/daemonSet.yaml +++ b/multus/templates/daemonSet.yaml @@ -18,11 +18,12 @@ metadata: name: {{ .Release.Name }}-{{ .Chart.Name }}-ds namespace: kube-system labels: -{{- include "multus.labels" . | indent 4 }} + {{- include "multus.labels" . | indent 4 }} spec: selector: matchLabels: app: multus + {{- include "multus.labels" . | indent 8 }} updateStrategy: type: RollingUpdate rollingUpdate: @@ -30,7 +31,8 @@ spec: template: metadata: labels: -{{- include "multus.labels" . | indent 8 }} + app: multus + {{- include "multus.labels" . | indent 8 }} spec: priorityClassName: system-node-critical hostNetwork: true From 14342a1f3025ccb0a4ab81525b6e783e375071f1 Mon Sep 17 00:00:00 2001 From: jdambly Date: Tue, 1 Oct 2024 14:15:16 -0700 Subject: [PATCH 6/7] updated/fixed the indents --- multus/templates/daemonSet.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/multus/templates/daemonSet.yaml b/multus/templates/daemonSet.yaml index 210ae06..62a796f 100644 --- a/multus/templates/daemonSet.yaml +++ b/multus/templates/daemonSet.yaml @@ -23,7 +23,7 @@ spec: selector: matchLabels: app: multus - {{- include "multus.labels" . | indent 8 }} + {{- include "multus.labels" . | indent 6 }} updateStrategy: type: RollingUpdate rollingUpdate: From cbdde4d541f1315909666cd0ed57f705cfdac832 Mon Sep 17 00:00:00 2001 From: jdambly Date: Thu, 14 Nov 2024 10:24:49 -0800 Subject: [PATCH 7/7] updated chart to version 1.0.0 --- multus/Chart.yaml | 2 +- multus/templates/daemonSet.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/multus/Chart.yaml b/multus/Chart.yaml index 9fa12ed..3659048 100644 --- a/multus/Chart.yaml +++ b/multus/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v2 name: multus description: Multus Helm chart for Kubernetes type: application -version: 0.1.3 +version: 1.0.0 home: https://github.com/k8snetworkplumbingwg/helm-charts icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png sources: diff --git a/multus/templates/daemonSet.yaml b/multus/templates/daemonSet.yaml index 62a796f..bcbf0b1 100644 --- a/multus/templates/daemonSet.yaml +++ b/multus/templates/daemonSet.yaml @@ -18,6 +18,7 @@ metadata: name: {{ .Release.Name }}-{{ .Chart.Name }}-ds namespace: kube-system labels: + app: multus {{- include "multus.labels" . | indent 4 }} spec: selector: