From 71c856878c3f77731ab399720f71f6f0ea9c0c7e Mon Sep 17 00:00:00 2001
From: Christopher Randles <randles.chris@gmail.com>
Date: Fri, 13 Mar 2020 07:22:39 -0400
Subject: [PATCH] update multus to 3.4 and add crio support (#5701)
Signed-off-by: Chris Randles <randles.chris@gmail.com>
---
README.md | 2 +-
roles/download/defaults/main.yml | 2 +-
roles/network_plugin/multus/defaults/main.yml | 5 +++-
.../multus/files/multus-clusterrole.yml | 13 +++++++----
.../multus/files/multus-crd.yml | 23 +++++++++++--------
.../multus/templates/multus-daemonset.yml.j2 | 17 ++++++++++++++
6 files changed, 45 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index d645176be..e5f76a5e3 100644
--- a/README.md
+++ b/README.md
@@ -125,7 +125,7 @@ Note: Upstart/SysV init based OS types are not supported.
- [contiv](https://github.com/contiv/install) v1.2.1
- [flanneld](https://github.com/coreos/flannel) v0.11.0
- [kube-router](https://github.com/cloudnativelabs/kube-router) v0.2.5
- - [multus](https://github.com/intel/multus-cni) v3.2.1
+ - [multus](https://github.com/intel/multus-cni) v3.4
- [weave](https://github.com/weaveworks/weave) v2.5.2
- Application
- [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a1079964b..d2cbceef4 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -83,7 +83,7 @@ contiv_version: 1.2.1
cilium_version: "v1.7.1"
kube_ovn_version: "v0.6.0"
kube_router_version: "v0.2.5"
-multus_version: "v3.2.1"
+multus_version: "v3.4"
# Get kubernetes major version (i.e. 1.15.4 => 1.15)
kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
diff --git a/roles/network_plugin/multus/defaults/main.yml b/roles/network_plugin/multus/defaults/main.yml
index 2fb723103..6c32cfa57 100644
--- a/roles/network_plugin/multus/defaults/main.yml
+++ b/roles/network_plugin/multus/defaults/main.yml
@@ -1,7 +1,10 @@
---
multus_conf_file: "auto"
multus_cni_conf_dir_host: "/etc/cni/net.d"
-multus_cni_bin_dir_host: "/opt/cni/bin"
+multus_cni_bin_dir_host: "{{ '/usr/libexec/cni' if container_manager == 'crio' else '/opt/cni/bin' }}"
+multus_cni_run_dir_host: "/run"
multus_cni_conf_dir: "{{ ('/host', multus_cni_conf_dir_host) | join }}"
multus_cni_bin_dir: "{{ ('/host', multus_cni_bin_dir_host) | join }}"
+multus_cni_run_dir: "{{ ('/host', multus_cni_run_dir_host) | join }}"
+multus_cni_version: "0.3.1"
multus_kubeconfig_file_host: "{{ (multus_cni_conf_dir_host, '/multus.d/multus.kubeconfig') | join }}"
diff --git a/roles/network_plugin/multus/files/multus-clusterrole.yml b/roles/network_plugin/multus/files/multus-clusterrole.yml
index 337775be2..39304c557 100644
--- a/roles/network_plugin/multus/files/multus-clusterrole.yml
+++ b/roles/network_plugin/multus/files/multus-clusterrole.yml
@@ -4,13 +4,16 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: multus
rules:
-- apiGroups:
- - '*'
+- apiGroups: ["k8s.cni.cncf.io"]
resources:
- '*'
verbs:
- '*'
-- nonResourceURLs:
- - '*'
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/status
verbs:
- - '*'
+ - get
+ - update
\ No newline at end of file
diff --git a/roles/network_plugin/multus/files/multus-crd.yml b/roles/network_plugin/multus/files/multus-crd.yml
index eab4406e2..0d3a9dd45 100644
--- a/roles/network_plugin/multus/files/multus-crd.yml
+++ b/roles/network_plugin/multus/files/multus-crd.yml
@@ -1,11 +1,10 @@
---
+apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
-apiVersion: apiextensions.k8s.io/v1beta1
metadata:
name: network-attachment-definitions.k8s.cni.cncf.io
spec:
group: k8s.cni.cncf.io
- version: v1
scope: Namespaced
names:
plural: network-attachment-definitions
@@ -13,10 +12,16 @@ spec:
kind: NetworkAttachmentDefinition
shortNames:
- net-attach-def
- validation:
- openAPIV3Schema:
- properties:
- spec:
- properties:
- config:
- type: string
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ config:
+ type: string
diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
index 3e2fbd9cd..0175a0c3f 100644
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@@ -36,6 +36,10 @@ spec:
- "--cni-bin-dir={{ multus_cni_bin_dir }}"
- "--multus-conf-file={{ multus_conf_file }}"
- "--multus-kubeconfig-file-host={{ multus_kubeconfig_file_host }}"
+ - "--cni-version={{ multus_cni_version }}"
+{% if container_manager == 'crio' %}
+ - "--restart-crio=true"
+{% endif %}
resources:
requests:
cpu: "100m"
@@ -45,12 +49,25 @@ spec:
memory: "50Mi"
securityContext:
privileged: true
+{% if container_manager == 'crio' %}
+ capabilities:
+ add: ["SYS_ADMIN"]
+{% endif %}
volumeMounts:
+{% if container_manager == 'crio' %}
+ - name: run
+ mountPath: {{ multus_cni_run_dir }}
+{% endif %}
- name: cni
mountPath: {{ multus_cni_conf_dir }}
- name: cnibin
mountPath: {{ multus_cni_bin_dir }}
volumes:
+{% if container_manager == 'crio' %}
+ - name: run
+ hostPath:
+ path: {{ multus_cni_run_dir_host }}
+{% endif %}
- name: cni
hostPath:
path: {{ multus_cni_conf_dir_host }}
--
GitLab