From 538a1f279115b6d0e4a3cbca5217e6ef2b1ecda4 Mon Sep 17 00:00:00 2001
From: Qasim Mehmood <18313886+ThisIsQasim@users.noreply.github.com>
Date: Mon, 9 Sep 2024 07:56:27 +0500
Subject: [PATCH] Update multus to v4.1.0 and clarify cilium compatibility
 (#11434)

* Update multus to v4.1.0 and clarify cilium compatibility

* Fix: bug introduced by #10934 where the template would break if multus was defined

* Set priorityClassName to system-node-critical for multus pods
---
 docs/CNI/multus.md                            | 10 ++++++++
 .../network_plugin/multus/tasks/main.yml      |  2 +-
 .../defaults/main/download.yml                |  2 +-
 roles/network_plugin/multus/defaults/main.yml |  1 -
 .../multus/templates/multus-daemonset.yml.j2  | 24 +++++++++++++++++--
 5 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/docs/CNI/multus.md b/docs/CNI/multus.md
index 1f724848d..98d7554f8 100644
--- a/docs/CNI/multus.md
+++ b/docs/CNI/multus.md
@@ -17,6 +17,16 @@ kube_network_plugin_multus: true
 
 will install Multus and Calico and configure Multus to use Calico as the primary network plugin.
 
+### Cilium compatibility
+
+If you are using `cilium` as the primary CNI you'll have to set `cilium_cni_exclusive` to `false` to avoid cillium reverting multus config.
+
+```yml
+kube_network_plugin: cilium
+kube_network_plugin_multus: true
+cilium_cni_exclusive: false
+```
+
 ## Using Multus
 
 Once Multus is installed, you can create CNI configurations (as a CRD objects) for additional networks, in this case a macvlan CNI configuration is defined. You may replace the config field with any valid CNI configuration where the CNI binary is available on the nodes.
diff --git a/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml b/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml
index 54dd1ed61..d5dd01643 100644
--- a/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml
+++ b/roles/kubernetes-apps/network_plugin/multus/tasks/main.yml
@@ -9,7 +9,7 @@
     state: "latest"
   delegate_to: "{{ groups['kube_control_plane'][0] }}"
   run_once: true
-  with_items: "{{ (multus_manifest_1.results | default([])) + (multus_nodes_list | map('extract', hostvars, 'multus_manifest_2.results') | default([]) | list) }}"
+  with_items: "{{ (multus_manifest_1.results | default([])) + (multus_nodes_list | map('extract', hostvars, 'multus_manifest_2') | map('default', []) | list | json_query('[].results')) }}"
   loop_control:
     label: "{{ item.item.name if item != None else 'skipped' }}"
   vars:
diff --git a/roles/kubespray-defaults/defaults/main/download.yml b/roles/kubespray-defaults/defaults/main/download.yml
index 687dc1d92..067b673c9 100644
--- a/roles/kubespray-defaults/defaults/main/download.yml
+++ b/roles/kubespray-defaults/defaults/main/download.yml
@@ -122,7 +122,7 @@ cilium_enable_hubble: false
 kube_ovn_version: "v1.12.21"
 kube_ovn_dpdk_version: "19.11-{{ kube_ovn_version }}"
 kube_router_version: "v2.0.0"
-multus_version: "v3.8"
+multus_version: "v4.1.0"
 helm_version: "v3.15.4"
 nerdctl_version: "1.7.6"
 krew_version: "v0.4.4"
diff --git a/roles/network_plugin/multus/defaults/main.yml b/roles/network_plugin/multus/defaults/main.yml
index c6b7ecd97..2ddcc0f1a 100644
--- a/roles/network_plugin/multus/defaults/main.yml
+++ b/roles/network_plugin/multus/defaults/main.yml
@@ -6,5 +6,4 @@ multus_cni_run_dir_host: "/run"
 multus_cni_conf_dir: "{{ ('/host', multus_cni_conf_dir_host) | join }}"
 multus_cni_bin_dir: "{{ ('/host', multus_cni_bin_dir_host) | join }}"
 multus_cni_run_dir: "{{ ('/host', multus_cni_run_dir_host) | join }}"
-multus_cni_version: "0.4.0"
 multus_kubeconfig_file_host: "{{ (multus_cni_conf_dir_host, '/multus.d/multus.kubeconfig') | join }}"
diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
index 10c42c175..5f22d1bcb 100644
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@@ -24,6 +24,7 @@ spec:
     spec:
       hostNetwork: true
       dnsPolicy: ClusterFirstWithHostNet
+      priorityClassName: system-node-critical
       nodeSelector:
         kubernetes.io/arch: {{ image_arch }}
 {% if container_manager_types | length >= 2 %}
@@ -32,16 +33,34 @@ spec:
       tolerations:
       - operator: Exists
       serviceAccountName: multus
+      initContainers:
+      - name: install-multus-binary
+        image: {{ multus_image_repo }}:{{ multus_image_tag }}
+        command: ["/install_multus"]
+        args:
+        - "--type"
+        - "thin"
+        resources:
+          requests:
+            cpu: "10m"
+            memory: "15Mi"
+        securityContext:
+          privileged: true
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+        - name: cnibin
+          mountPath: {{ multus_cni_bin_dir }}
+          mountPropagation: Bidirectional
       containers:
       - name: kube-multus
         image: {{ multus_image_repo }}:{{ multus_image_tag }}
-        command: ["/entrypoint.sh"]
+        command: ["/thin_entrypoint"]
         args:
         - "--cni-conf-dir={{ multus_cni_conf_dir }}"
+        - "--multus-autoconfig-dir={{ multus_cni_conf_dir }}"
         - "--cni-bin-dir={{ multus_cni_bin_dir }}"
         - "--multus-conf-file={{ multus_conf_file }}"
         - "--multus-kubeconfig-file-host={{ multus_kubeconfig_file_host }}"
-        - "--cni-version={{ multus_cni_version }}"
         resources:
           requests:
             cpu: "100m"
@@ -55,6 +74,7 @@ spec:
           capabilities:
             add: ["SYS_ADMIN"]
 {% endif %}
+        terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
 {% if container_manager == 'crio' %}
         - name: run
-- 
GitLab