Change rke2-multus chart to local

Upstream chart is not maintained so this allows us
to configure multus deployments properly.

packages/rke2-multus/charts/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

packages/rke2-multus/charts/Chart.yaml

@@ -0,0 +1,17 @@
+apiVersion: v2
+appVersion: 4.0.2
+dependencies:
+- condition: rke2-whereabouts.enabled
+  name: rke2-whereabouts
+  repository: file://./charts/rke2-whereabouts
+description: Multus Helm chart for Kubernetes
+home: https://github.com/k8snetworkplumbingwg/multus-cni
+icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png
+maintainers:
+- email: charts@rancher.com
+  name: Rancher Labs
+name: rke2-multus
+sources:
+- https://github.com/intel/multus-cni
+type: application
+version: v4.0.2-build20230707

packages/rke2-multus/charts/templates/NOTES.txt

@@ -0,0 +1,30 @@
+======
+1. The following components have been deployed as part of this helm chart:
+{{- if .Values.manifests.clusterRole }}
+Cluster Role: {{ .Values.serviceAccount.name }}
+{{- end}}
+{{- if .Values.manifests.clusterRoleBinding }}
+Cluster Role Binding: {{ .Chart.Name }}
+{{- end }}
+{{- if .Values.manifests.configMap }}
+Config Map: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config
+{{- end }}
+{{- if .Values.manifests.customResourceDefinition }}
+Custom Resource Definition: network-attachment-definitions.k8s.cni.cncf.io
+{{- end }}
+{{- if .Values.manifests.daemonSet }}
+Daemon Set: {{ .Release.Name }}-{{ .Chart.Name }}-ds
+{{- end }}
+{{- if .Values.manifests.serviceAccount }}
+Service Account: {{ .Values.serviceAccount.name }}
+{{- end }}
+
+You can now deploy any other CNI and create its Network Attachment Defintion.
+---------
+
+2. To uninstall helm chart use the command:
+helm delete {{ .Release.Name }}
+
+You may have to manually delete CRD -
+kubectl delete crd network-attachment-definitions.k8s.cni.cncf.io
+---------

packages/rke2-multus/charts/templates/_helpers.tpl

@@ -0,0 +1,27 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{{/* Generate basic labels */}}
+{{- define "multus.labels" }}
+tier: node
+app: {{ .Chart.Name }}
+{{- end }}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

packages/rke2-multus/charts/templates/clusterRole.yaml

@@ -0,0 +1,39 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.clusterRole }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ .Chart.Name }}
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+    resources:
+      - events
+    verbs:
+      - create
+{{- end }}

packages/rke2-multus/charts/templates/clusterRoleBinding.yaml

@@ -0,0 +1,27 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.clusterRoleBinding }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ .Chart.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}
+subjects:
+- kind: ServiceAccount
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}

packages/rke2-multus/charts/templates/configMap.yaml

@@ -0,0 +1,25 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.configMap }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-{{ .Chart.Version }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{- include "multus.labels" . | indent 4 }}
+data:
+  cni-conf.json: |-
+{{ toJson .Values.config.cni_conf | indent 4 }}
+{{- end }}

packages/rke2-multus/charts/templates/customResourceDefinition.yaml

@@ -0,0 +1,41 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.customResourceDefinition }}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+  group: k8s.cni.cncf.io
+  scope: Namespaced
+  names:
+    plural: network-attachment-definitions
+    singular: network-attachment-definition
+    kind: NetworkAttachmentDefinition
+    shortNames:
+    - net-attach-def
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          type: object
+          properties:
+            spec:
+              type: object
+              properties:
+                config:
+                  type: string
+{{- end }}

packages/rke2-multus/charts/templates/daemonSet.yaml

@@ -0,0 +1,142 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.daemonSet }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ .Release.Name }}-ds
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{- include "multus.labels" . | indent 4 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+{{- include "multus.labels" . | indent 8 }}
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }}
+    spec:
+      priorityClassName: system-node-critical
+      hostNetwork: true
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      nodeSelector: {{- toYaml .Values.labels.nodeSelector | nindent 8 }}
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      - operator: Exists
+        effect: NoExecute
+      serviceAccountName: {{ .Values.serviceAccount.name }}
+      initContainers:
+      - name: cni-plugins
+        image: {{ template "system_default_registry" . }}{{ .Values.cniplugins.image.repository }}:{{ .Values.cniplugins.image.tag }}
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cnibin
+          mountPath: /host/opt/cni/bin
+        env:
+        - name: SKIP_CNI_BINARIES
+          value: {{ .Values.cniplugins.skipcnis }}
+      containers:
+      - name: kube-{{ .Chart.Name }}
+        image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        env:
+        - name: KUBERNETES_NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        command: ["/thin_entrypoint"]
+        args:
+        - "--multus-conf-file={{ .Values.config.cni_conf.multusConfFile }}"
+        {{- if .Values.config.cni_conf.cniVersion }}
+        - "--cni-version={{ .Values.config.cni_conf.cniVersion }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.confDir }}
+        - "--cni-conf-dir=={{ .Values.config.cni_conf.confDir }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.binDir }}
+        - "--cni-bin-dir={{ .Values.config.cni_conf.binDir }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.multusAutoconfigDir }}
+        - "--multus-autoconfig-dir={{ .Values.config.cni_conf.multusAutoconfigDir }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.kubeconfig }}
+        - "--multus-kubeconfig-file-host={{ .Values.config.cni_conf.kubeconfig }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.masterCniFilename }}
+        - "--multus-master-cni-file-name={{ .Values.config.cni_conf.masterCniFilename }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.additionalBinDir }}
+        - "--additional-bin-dir={{ .Values.config.cni_conf.additionalBinDir }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.skipMultusBinaryCopy }}
+        - "--skip-multus-binary-copy={{ .Values.config.cni_conf.skipMultusBinaryCopy }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.readinessIndicatorFile }}
+        - "--readiness-indicator-file={{ .Values.config.cni_conf.readinessIndicatorFile }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.namespaceIsolation }}
+        - "--cni-namespace-isolation={{ .Values.config.cni_conf.namespaceIsolation }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.globalNamespaces }}
+        - "--global-namespaces={{ .Values.config.cni_conf.globalNamespaces }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.logLevel }}
+        - "--multus-log-level={{ .Values.config.cni_conf.logLevel }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.logFile }}
+        - "--multus-log-file={{ .Values.config.cni_conf.logFile }}"
+        {{- end }}
+        {{- if .Values.config.cni_conf.cleanupConfigOnExit }}
+        - "--cleanup-config-on-exit={{ .Values.config.cni_conf.cleanupConfigOnExit }}"
+        {{- end }}
+        {{- if .Values.pod.resources.multus }}
+        resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }}
+        {{- end }}
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cni
+          mountPath: /host/etc/cni/net.d
+        - name: cnibin
+          mountPath: /host/opt/cni/bin
+        {{- if .Values.manifests.configMap }}
+        - name: multus-cfg
+          mountPath: /tmp/multus-conf/00-multus.conf.template
+          subPath: "cni-conf.json"
+        {{- end }}
+      volumes:
+        - name: cni
+          hostPath:
+            path: /etc/cni/net.d
+        - name: cnibin
+          hostPath:
+            path: /opt/cni/bin
+        {{- if .Values.manifests.configMap }}
+        - name: multus-cfg
+          configMap:
+            name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config
+        {{- end }}
+{{- end }}

packages/rke2-multus/charts/templates/serviceAccount.yaml

@@ -0,0 +1,20 @@
+# Copyright 2020 K8s Network Plumbing Group
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+{{- if .Values.manifests.serviceAccount }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Values.serviceAccount.name }}
+  namespace: {{ .Release.Namespace }}
+{{- end }}