From 84bbe954e934bb2ce564e112d490c5406bfec608 Mon Sep 17 00:00:00 2001 From: Thomas Ferrandiz Date: Wed, 16 Aug 2023 15:44:11 +0000 Subject: [PATCH] Change rke2-multus chart to local Upstream chart is not maintained so this allows us to configure multus deployments properly. --- packages/rke2-multus/charts/.helmignore | 22 +++ packages/rke2-multus/charts/Chart.yaml | 17 +++ .../rke2-multus/charts/templates/NOTES.txt | 30 ++++ .../rke2-multus/charts/templates/_helpers.tpl | 27 ++++ .../charts/templates/clusterRole.yaml | 39 +++++ .../charts/templates/clusterRoleBinding.yaml | 27 ++++ .../charts/templates/configMap.yaml | 25 +++ .../templates/customResourceDefinition.yaml | 41 +++++ .../charts/templates/daemonSet.yaml | 142 ++++++++++++++++++ .../charts/templates/serviceAccount.yaml | 20 +++ packages/rke2-multus/charts/values.yaml | 132 ++++++++++++++++ .../generated-changes/patch/Chart.yaml.patch | 26 ---- .../patch/templates/_helpers.tpl.patch | 14 -- .../patch/templates/clusterRole.yaml.patch | 11 -- .../templates/clusterRoleBinding.yaml.patch | 10 -- .../patch/templates/configMap.yaml.patch | 13 -- .../patch/templates/daemonSet.yaml.patch | 63 -------- .../patch/templates/serviceAccount.yaml.patch | 10 -- .../generated-changes/patch/values.yaml.patch | 52 ------- packages/rke2-multus/package.yaml | 7 +- 20 files changed, 525 insertions(+), 203 deletions(-) create mode 100755 packages/rke2-multus/charts/.helmignore create mode 100755 packages/rke2-multus/charts/Chart.yaml create mode 100755 packages/rke2-multus/charts/templates/NOTES.txt create mode 100755 packages/rke2-multus/charts/templates/_helpers.tpl create mode 100755 packages/rke2-multus/charts/templates/clusterRole.yaml create mode 100755 packages/rke2-multus/charts/templates/clusterRoleBinding.yaml create mode 100755 packages/rke2-multus/charts/templates/configMap.yaml create mode 100755 packages/rke2-multus/charts/templates/customResourceDefinition.yaml create mode 100755 packages/rke2-multus/charts/templates/daemonSet.yaml create mode 100755 packages/rke2-multus/charts/templates/serviceAccount.yaml create mode 100755 packages/rke2-multus/charts/values.yaml delete mode 100644 packages/rke2-multus/generated-changes/patch/Chart.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/_helpers.tpl.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/clusterRole.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/clusterRoleBinding.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/configMap.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/daemonSet.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/templates/serviceAccount.yaml.patch delete mode 100644 packages/rke2-multus/generated-changes/patch/values.yaml.patch diff --git a/packages/rke2-multus/charts/.helmignore b/packages/rke2-multus/charts/.helmignore new file mode 100755 index 000000000..50af03172 --- /dev/null +++ b/packages/rke2-multus/charts/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/rke2-multus/charts/Chart.yaml b/packages/rke2-multus/charts/Chart.yaml new file mode 100755 index 000000000..f916b9afe --- /dev/null +++ b/packages/rke2-multus/charts/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v2 +appVersion: 4.0.2 +dependencies: +- condition: rke2-whereabouts.enabled + name: rke2-whereabouts + repository: file://./charts/rke2-whereabouts +description: Multus Helm chart for Kubernetes +home: https://github.com/k8snetworkplumbingwg/multus-cni +icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png +maintainers: +- email: charts@rancher.com + name: Rancher Labs +name: rke2-multus +sources: +- https://github.com/intel/multus-cni +type: application +version: v4.0.2-build20230707 diff --git a/packages/rke2-multus/charts/templates/NOTES.txt b/packages/rke2-multus/charts/templates/NOTES.txt new file mode 100755 index 000000000..679bcca60 --- /dev/null +++ b/packages/rke2-multus/charts/templates/NOTES.txt @@ -0,0 +1,30 @@ +====== +1. The following components have been deployed as part of this helm chart: +{{- if .Values.manifests.clusterRole }} +Cluster Role: {{ .Values.serviceAccount.name }} +{{- end}} +{{- if .Values.manifests.clusterRoleBinding }} +Cluster Role Binding: {{ .Chart.Name }} +{{- end }} +{{- if .Values.manifests.configMap }} +Config Map: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config +{{- end }} +{{- if .Values.manifests.customResourceDefinition }} +Custom Resource Definition: network-attachment-definitions.k8s.cni.cncf.io +{{- end }} +{{- if .Values.manifests.daemonSet }} +Daemon Set: {{ .Release.Name }}-{{ .Chart.Name }}-ds +{{- end }} +{{- if .Values.manifests.serviceAccount }} +Service Account: {{ .Values.serviceAccount.name }} +{{- end }} + +You can now deploy any other CNI and create its Network Attachment Defintion. +--------- + +2. To uninstall helm chart use the command: +helm delete {{ .Release.Name }} + +You may have to manually delete CRD - +kubectl delete crd network-attachment-definitions.k8s.cni.cncf.io +--------- diff --git a/packages/rke2-multus/charts/templates/_helpers.tpl b/packages/rke2-multus/charts/templates/_helpers.tpl new file mode 100755 index 000000000..07147a25b --- /dev/null +++ b/packages/rke2-multus/charts/templates/_helpers.tpl @@ -0,0 +1,27 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{/* Generate basic labels */}} +{{- define "multus.labels" }} +tier: node +app: {{ .Chart.Name }} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/packages/rke2-multus/charts/templates/clusterRole.yaml b/packages/rke2-multus/charts/templates/clusterRole.yaml new file mode 100755 index 000000000..d73ef8cad --- /dev/null +++ b/packages/rke2-multus/charts/templates/clusterRole.yaml @@ -0,0 +1,39 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.clusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }} +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create +{{- end }} diff --git a/packages/rke2-multus/charts/templates/clusterRoleBinding.yaml b/packages/rke2-multus/charts/templates/clusterRoleBinding.yaml new file mode 100755 index 000000000..49edd96fb --- /dev/null +++ b/packages/rke2-multus/charts/templates/clusterRoleBinding.yaml @@ -0,0 +1,27 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.clusterRoleBinding }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }} +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/rke2-multus/charts/templates/configMap.yaml b/packages/rke2-multus/charts/templates/configMap.yaml new file mode 100755 index 000000000..8ebb85111 --- /dev/null +++ b/packages/rke2-multus/charts/templates/configMap.yaml @@ -0,0 +1,25 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.configMap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-{{ .Chart.Version }}-config + namespace: {{ .Release.Namespace }} + labels: +{{- include "multus.labels" . | indent 4 }} +data: + cni-conf.json: |- +{{ toJson .Values.config.cni_conf | indent 4 }} +{{- end }} diff --git a/packages/rke2-multus/charts/templates/customResourceDefinition.yaml b/packages/rke2-multus/charts/templates/customResourceDefinition.yaml new file mode 100755 index 000000000..c8ac8ac5a --- /dev/null +++ b/packages/rke2-multus/charts/templates/customResourceDefinition.yaml @@ -0,0 +1,41 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.customResourceDefinition }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + config: + type: string +{{- end }} diff --git a/packages/rke2-multus/charts/templates/daemonSet.yaml b/packages/rke2-multus/charts/templates/daemonSet.yaml new file mode 100755 index 000000000..59aee4948 --- /dev/null +++ b/packages/rke2-multus/charts/templates/daemonSet.yaml @@ -0,0 +1,142 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.daemonSet }} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Release.Name }}-ds + namespace: {{ .Release.Namespace }} + labels: +{{- include "multus.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + template: + metadata: + labels: +{{- include "multus.labels" . | indent 8 }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }} + spec: + priorityClassName: system-node-critical + hostNetwork: true + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + nodeSelector: {{- toYaml .Values.labels.nodeSelector | nindent 8 }} + tolerations: + - operator: Exists + effect: NoSchedule + - operator: Exists + effect: NoExecute + serviceAccountName: {{ .Values.serviceAccount.name }} + initContainers: + - name: cni-plugins + image: {{ template "system_default_registry" . }}{{ .Values.cniplugins.image.repository }}:{{ .Values.cniplugins.image.tag }} + securityContext: + privileged: true + volumeMounts: + - name: cnibin + mountPath: /host/opt/cni/bin + env: + - name: SKIP_CNI_BINARIES + value: {{ .Values.cniplugins.skipcnis }} + containers: + - name: kube-{{ .Chart.Name }} + image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: KUBERNETES_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: ["/thin_entrypoint"] + args: + - "--multus-conf-file={{ .Values.config.cni_conf.multusConfFile }}" + {{- if .Values.config.cni_conf.cniVersion }} + - "--cni-version={{ .Values.config.cni_conf.cniVersion }}" + {{- end }} + {{- if .Values.config.cni_conf.confDir }} + - "--cni-conf-dir=={{ .Values.config.cni_conf.confDir }}" + {{- end }} + {{- if .Values.config.cni_conf.binDir }} + - "--cni-bin-dir={{ .Values.config.cni_conf.binDir }}" + {{- end }} + {{- if .Values.config.cni_conf.multusAutoconfigDir }} + - "--multus-autoconfig-dir={{ .Values.config.cni_conf.multusAutoconfigDir }}" + {{- end }} + {{- if .Values.config.cni_conf.kubeconfig }} + - "--multus-kubeconfig-file-host={{ .Values.config.cni_conf.kubeconfig }}" + {{- end }} + {{- if .Values.config.cni_conf.masterCniFilename }} + - "--multus-master-cni-file-name={{ .Values.config.cni_conf.masterCniFilename }}" + {{- end }} + {{- if .Values.config.cni_conf.additionalBinDir }} + - "--additional-bin-dir={{ .Values.config.cni_conf.additionalBinDir }}" + {{- end }} + {{- if .Values.config.cni_conf.skipMultusBinaryCopy }} + - "--skip-multus-binary-copy={{ .Values.config.cni_conf.skipMultusBinaryCopy }}" + {{- end }} + {{- if .Values.config.cni_conf.readinessIndicatorFile }} + - "--readiness-indicator-file={{ .Values.config.cni_conf.readinessIndicatorFile }}" + {{- end }} + {{- if .Values.config.cni_conf.namespaceIsolation }} + - "--cni-namespace-isolation={{ .Values.config.cni_conf.namespaceIsolation }}" + {{- end }} + {{- if .Values.config.cni_conf.globalNamespaces }} + - "--global-namespaces={{ .Values.config.cni_conf.globalNamespaces }}" + {{- end }} + {{- if .Values.config.cni_conf.logLevel }} + - "--multus-log-level={{ .Values.config.cni_conf.logLevel }}" + {{- end }} + {{- if .Values.config.cni_conf.logFile }} + - "--multus-log-file={{ .Values.config.cni_conf.logFile }}" + {{- end }} + {{- if .Values.config.cni_conf.cleanupConfigOnExit }} + - "--cleanup-config-on-exit={{ .Values.config.cni_conf.cleanupConfigOnExit }}" + {{- end }} + {{- if .Values.pod.resources.multus }} + resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }} + {{- end }} + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cnibin + mountPath: /host/opt/cni/bin + {{- if .Values.manifests.configMap }} + - name: multus-cfg + mountPath: /tmp/multus-conf/00-multus.conf.template + subPath: "cni-conf.json" + {{- end }} + volumes: + - name: cni + hostPath: + path: /etc/cni/net.d + - name: cnibin + hostPath: + path: /opt/cni/bin + {{- if .Values.manifests.configMap }} + - name: multus-cfg + configMap: + name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config + {{- end }} +{{- end }} diff --git a/packages/rke2-multus/charts/templates/serviceAccount.yaml b/packages/rke2-multus/charts/templates/serviceAccount.yaml new file mode 100755 index 000000000..858226cd1 --- /dev/null +++ b/packages/rke2-multus/charts/templates/serviceAccount.yaml @@ -0,0 +1,20 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +{{- if .Values.manifests.serviceAccount }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/packages/rke2-multus/charts/values.yaml b/packages/rke2-multus/charts/values.yaml new file mode 100755 index 000000000..0133d4dc7 --- /dev/null +++ b/packages/rke2-multus/charts/values.yaml @@ -0,0 +1,132 @@ +# Copyright 2020 K8s Network Plumbing Group +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for multus. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +#replicaCount: 1 + +image: + repository: rancher/hardened-multus-cni + tag: v4.0.2-build20230707 + pullPolicy: IfNotPresent + +#imagePullSecrets: [] +#nameOverride: "" +#fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + #create: true + # Annotations to add to the service account + #annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: multus + +pod: + resources: + enabled: false + multus: + requests: + memory: "128Mi" + cpu: "250m" + limits: + memory: "1024Mi" + cpu: "2000m" + +#podSecurityContext: {} + # fsGroup: 2000 + +#securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +#service: + #type: ClusterIP + #port: 80 + +#ingress: + #enabled: false + #annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + #hosts: + #- host: chart-example.local + # paths: [] + #tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +labels: + nodeSelector: + kubernetes.io/os: linux + kubernetes.io/arch: amd64 + +# Multus configuration +# For more details, see https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#entrypoint-script-parameters +config: + cni_conf: + #confDir: /etc/cni/net.d + #binDir: /opt/cni/bin + #namespaceIsolation: false + #globalNamespaces: default,foo,bar + #skipMultusBinaryCopy: false + #readinessIndicatorFile: "" + multusConfFile: auto #or specify a file to be copied on each node + #The following options can be used only when multusConfFile=auto + #multusAutoconfigDir: /host/etc/cni/net.d + #kubeconfig: /etc/cni/net.d/multus.d/multus.kubeconfig + #masterCniFilename: + #logFile: /var/log/multus.log + #logLevel: panic + #cniVersion: 1.0.0 + #cleanupConfigOnExit: true + #additionalBinDir: /opt/multus/bin + +manifests: + serviceAccount: true + clusterRole: true + clusterRoleBinding: true + configMap: false + daemonSet: true + customResourceDefinition: true + +#tolerations: [] + +#affinity: {} + + +## RANCHER ADDDED INFO ## +cniplugins: + image: + repository: rancher/hardened-cni-plugins + tag: v1.2.0-build20230523 + + # skipcnis is a comma separated list of cni binaries to skip from + # installing. + skipcnis: flannel + +global: + systemDefaultRegistry: "" + +rke2-whereabouts: + enabled: false + \ No newline at end of file diff --git a/packages/rke2-multus/generated-changes/patch/Chart.yaml.patch b/packages/rke2-multus/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index e4cd0e1d8..000000000 --- a/packages/rke2-multus/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -1,16 +1,17 @@ - apiVersion: v2 --appVersion: 0.1.0 -+appVersion: 4.0.2 - dependencies: - - condition: rke2-whereabouts.enabled - name: rke2-whereabouts - repository: file://./charts/rke2-whereabouts - description: Multus Helm chart for Kubernetes --home: https://github.com/intel/multus-cni --icon: https://raw.githubusercontent.com/intel/multus-cni/master/doc/images/Multus.png -+home: https://github.com/k8snetworkplumbingwg/multus-cni -+icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png - maintainers: --- name: Network Plumbing Group --name: multus -+- name: Rancher Labs -+ email: charts@rancher.com -+name: rke2-multus - sources: - - https://github.com/intel/multus-cni - type: application --version: 0.1.2 -+version: v4.0.2-build20230707 diff --git a/packages/rke2-multus/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rke2-multus/generated-changes/patch/templates/_helpers.tpl.patch deleted file mode 100644 index 3b200cfa7..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/_helpers.tpl.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- charts-original/templates/_helpers.tpl -+++ charts/templates/_helpers.tpl -@@ -17,3 +17,11 @@ - tier: node - app: {{ .Chart.Name }} - {{- end }} -+ -+{{- define "system_default_registry" -}} -+{{- if .Values.global.systemDefaultRegistry -}} -+{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -+{{- else -}} -+{{- "" -}} -+{{- end -}} -+{{- end -}} diff --git a/packages/rke2-multus/generated-changes/patch/templates/clusterRole.yaml.patch b/packages/rke2-multus/generated-changes/patch/templates/clusterRole.yaml.patch deleted file mode 100644 index 0ec20ce1f..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/clusterRole.yaml.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- charts-original/templates/clusterRole.yaml -+++ charts/templates/clusterRole.yaml -@@ -16,7 +16,7 @@ - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRole - metadata: -- name: {{ .Values.serviceAccount.name }} -+ name: {{ .Chart.Name }} - rules: - - apiGroups: ["k8s.cni.cncf.io"] - resources: diff --git a/packages/rke2-multus/generated-changes/patch/templates/clusterRoleBinding.yaml.patch b/packages/rke2-multus/generated-changes/patch/templates/clusterRoleBinding.yaml.patch deleted file mode 100644 index ccb8da75f..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/clusterRoleBinding.yaml.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- charts-original/templates/clusterRoleBinding.yaml -+++ charts/templates/clusterRoleBinding.yaml -@@ -24,6 +24,6 @@ - subjects: - - kind: ServiceAccount - name: {{ .Values.serviceAccount.name }} -- namespace: kube-system -+ namespace: {{ .Release.Namespace }} - {{- end }} - {{- end }} diff --git a/packages/rke2-multus/generated-changes/patch/templates/configMap.yaml.patch b/packages/rke2-multus/generated-changes/patch/templates/configMap.yaml.patch deleted file mode 100644 index cd934fb11..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/configMap.yaml.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- charts-original/templates/configMap.yaml -+++ charts/templates/configMap.yaml -@@ -16,8 +16,8 @@ - apiVersion: v1 - kind: ConfigMap - metadata: -- name: {{ .Release.Name }}-{{ .Chart.Name }}-{{ .Chart.Version }}-config -- namespace: kube-system -+ name: {{ .Release.Name }}-{{ .Chart.Version }}-config -+ namespace: {{ .Release.Namespace }} - labels: - {{- include "multus.labels" . | indent 4 }} - data: diff --git a/packages/rke2-multus/generated-changes/patch/templates/daemonSet.yaml.patch b/packages/rke2-multus/generated-changes/patch/templates/daemonSet.yaml.patch deleted file mode 100644 index 20c7f86d6..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/daemonSet.yaml.patch +++ /dev/null @@ -1,63 +0,0 @@ ---- charts-original/templates/daemonSet.yaml -+++ charts/templates/daemonSet.yaml -@@ -16,14 +16,14 @@ - apiVersion: apps/v1 - kind: DaemonSet - metadata: -- name: {{ .Release.Name }}-{{ .Chart.Name }}-ds -- namespace: kube-system -+ name: {{ .Release.Name }}-ds -+ namespace: {{ .Release.Namespace }} - labels: - {{- include "multus.labels" . | indent 4 }} - spec: - selector: - matchLabels: -- app: multus -+ app: {{ .Chart.Name }} - updateStrategy: - type: RollingUpdate - rollingUpdate: -@@ -45,24 +45,33 @@ - tolerations: - - operator: Exists - effect: NoSchedule -+ - operator: Exists -+ effect: NoExecute - serviceAccountName: {{ .Values.serviceAccount.name }} -+ initContainers: -+ - name: cni-plugins -+ image: {{ template "system_default_registry" . }}{{ .Values.cniplugins.image.repository }}:{{ .Values.cniplugins.image.tag }} -+ securityContext: -+ privileged: true -+ volumeMounts: -+ - name: cnibin -+ mountPath: /host/opt/cni/bin -+ env: -+ - name: SKIP_CNI_BINARIES -+ value: {{ .Values.cniplugins.skipcnis }} - containers: - - name: kube-{{ .Chart.Name }} -- image: {{ .Values.image.repository }}:{{ .Values.image.tag }} -+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: KUBERNETES_NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName -- command: -- - /bin/bash -- - -cex -- - | -- #!/bin/bash -- sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/00-multus.conf.template > /tmp/multus-conf/00-multus.conf -- /entrypoint.sh \ -- --multus-conf-file=/tmp/multus-conf/00-multus.conf -+ command: ["/thin_entrypoint"] -+ args: -+ - "--multus-conf-file=auto" -+ - "--cni-version=0.3.1" - {{- if .Values.pod.resources.multus }} - resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }} - {{- end }} diff --git a/packages/rke2-multus/generated-changes/patch/templates/serviceAccount.yaml.patch b/packages/rke2-multus/generated-changes/patch/templates/serviceAccount.yaml.patch deleted file mode 100644 index 8cb6ae7f6..000000000 --- a/packages/rke2-multus/generated-changes/patch/templates/serviceAccount.yaml.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- charts-original/templates/serviceAccount.yaml -+++ charts/templates/serviceAccount.yaml -@@ -17,6 +17,6 @@ - kind: ServiceAccount - metadata: - name: {{ .Values.serviceAccount.name }} -- namespace: kube-system -+ namespace: {{ .Release.Namespace }} - {{- end }} - {{- end }} diff --git a/packages/rke2-multus/generated-changes/patch/values.yaml.patch b/packages/rke2-multus/generated-changes/patch/values.yaml.patch deleted file mode 100644 index 7ab5b9320..000000000 --- a/packages/rke2-multus/generated-changes/patch/values.yaml.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- charts-original/values.yaml -+++ charts/values.yaml -@@ -19,8 +19,8 @@ - #replicaCount: 1 - - image: -- repository: ghcr.io/k8snetworkplumbingwg/multus-cni -- tag: v3.8 -+ repository: rancher/hardened-multus-cni -+ tag: v4.0.2-build20230707 - pullPolicy: IfNotPresent - - #imagePullSecrets: [] -@@ -77,6 +77,7 @@ - - labels: - nodeSelector: -+ kubernetes.io/os: linux - kubernetes.io/arch: amd64 - - config: -@@ -103,10 +104,28 @@ - serviceAccount: true - clusterRole: true - clusterRoleBinding: true -- configMap: true -+ configMap: false - daemonSet: true - customResourceDefinition: true - - #tolerations: [] - - #affinity: {} -+ -+ -+## RANCHER ADDDED INFO ## -+cniplugins: -+ image: -+ repository: rancher/hardened-cni-plugins -+ tag: v1.2.0-build20230523 -+ -+ # skipcnis is a comma separated list of cni binaries to skip from -+ # installing. -+ skipcnis: flannel -+ -+global: -+ systemDefaultRegistry: "" -+ -+rke2-whereabouts: -+ enabled: false -+ -\ No newline at end of file diff --git a/packages/rke2-multus/package.yaml b/packages/rke2-multus/package.yaml index 41178fd26..1b8bd4957 100644 --- a/packages/rke2-multus/package.yaml +++ b/packages/rke2-multus/package.yaml @@ -1,4 +1,3 @@ -url: https://github.com/k8snetworkplumbingwg/helm-charts.git -subdirectory: multus -commit: ca7c0a7549952660eab8f4b12e7ec7be133b381c -packageVersion: 03 +url: local +workingDir: charts +packageVersion: 04