diff --git a/kubernetes/apps/networking/multus/app/helmrelease.yaml b/kubernetes/apps/networking/multus/app/helmrelease.yaml index bb9d17bbbc..428701d22e 100644 --- a/kubernetes/apps/networking/multus/app/helmrelease.yaml +++ b/kubernetes/apps/networking/multus/app/helmrelease.yaml @@ -2,16 +2,16 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: - name: multus + name: &app multus spec: interval: 30m chart: spec: - chart: multus - version: 5.0.7 + chart: app-template + version: 3.5.1 sourceRef: kind: HelmRepository - name: angelnu + name: bjw-s namespace: flux-system install: remediation: @@ -22,21 +22,47 @@ spec: strategy: rollback retries: 3 values: - image: - repository: ghcr.io/buroa/multus-cni - tag: dev@sha256:873788c07144c6339fde6b734b67208f425a533607a7d915291f0f46bad92084 - cni: - image: - repository: ghcr.io/buroa/cni-plugins - tag: 1.6.1@sha256:01707442d33aa5fe57a19a669edc3e38e73ca9e9377aee4902f0c0dffd59f5f1 - logLevel: error - paths: - bin: /opt/cni/bin - config: /etc/cni/net.d - resources: - requests: - cpu: 10m - limits: - memory: 1024Mi - hostPaths: - netns: /var/run/netns + controllers: + multus: + type: daemonset + annotations: + reloader.stakater.com/auto: "true" + containers: + multus: + image: + repository: ghcr.io/buroa/multus-cni + tag: thin-dev@sha256:3b061386584a2b6c1e335768fdd0782e1d3ba379d67da41b013e5c81d73aee9b + command: + - /thin_entrypoint + args: + - --multus-conf-file=/config/00-multus.conf + - --cni-bin-dir=/opt/cni/bin + - --cni-conf-dir=/etc/cni/net.d + resources: + requests: + cpu: 10m + limits: + memory: 512Mi + securityContext: + privileged: true + defaultPodOptions: + hostNetwork: true + persistence: + config: + type: configMap + name: multus-configmap + globalMounts: + - path: /config/00-multus.conf + subPath: 00-multus.conf + readOnly: true + etc-cni-net-d: + type: hostPath + hostPath: /etc/cni/net.d + opt-cni-bin: + type: hostPath + hostPath: /opt/cni/bin + tmp: + type: emptyDir + serviceAccount: + create: true + name: *app diff --git a/kubernetes/apps/networking/multus/app/kustomization.yaml b/kubernetes/apps/networking/multus/app/kustomization.yaml index 5dd7baca73..c132c8dd36 100644 --- a/kubernetes/apps/networking/multus/app/kustomization.yaml +++ b/kubernetes/apps/networking/multus/app/kustomization.yaml @@ -3,3 +3,12 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./helmrelease.yaml + - ./rbac.yaml + # renovate: depName=k8snetworkplumbingwg/network-attachment-definition-client datasource=github-releases + - https://raw.githubusercontent.com/k8snetworkplumbingwg/network-attachment-definition-client/refs/tags/v1.7.5/artifacts/networks-crd.yaml +configMapGenerator: + - name: multus-configmap + files: + - ./resources/00-multus.conf +generatorOptions: + disableNameSuffixHash: true diff --git a/kubernetes/apps/networking/multus/app/rbac.yaml b/kubernetes/apps/networking/multus/app/rbac.yaml new file mode 100644 index 0000000000..4697c945c0 --- /dev/null +++ b/kubernetes/apps/networking/multus/app/rbac.yaml @@ -0,0 +1,28 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: multus +rules: + - apiGroups: ["k8s.cni.cncf.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: [""] + resources: ["pods", "pods/status"] + verbs: ["get", "update"] + - apiGroups: ["", "events.k8s.io"] + resources: ["events"] + verbs: ["create", "patch", "update"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: multus +roleRef: + kind: ClusterRole + name: multus + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + name: multus + namespace: networking diff --git a/kubernetes/apps/networking/multus/app/resources/00-multus.conf b/kubernetes/apps/networking/multus/app/resources/00-multus.conf new file mode 100644 index 0000000000..6c28fed153 --- /dev/null +++ b/kubernetes/apps/networking/multus/app/resources/00-multus.conf @@ -0,0 +1,14 @@ +{ + "name": "multus-cni-network", + "type": "multus", + "delegates": [ + { + "type": "cilium-cni", + "name": "cilium", + "delegate": { + "isDefaultGateway": true + } + } + ], + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" +} diff --git a/kubernetes/flux/repositories/helm/angelnu.yaml b/kubernetes/flux/repositories/helm/angelnu.yaml deleted file mode 100644 index b910ea0d69..0000000000 --- a/kubernetes/flux/repositories/helm/angelnu.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: HelmRepository -metadata: - name: angelnu - namespace: flux-system -spec: - interval: 2h - url: https://angelnu.github.io/helm-charts diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml index 072ade9c60..e1c3456660 100644 --- a/kubernetes/flux/repositories/helm/kustomization.yaml +++ b/kubernetes/flux/repositories/helm/kustomization.yaml @@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./actions-runner-controller.yaml - - ./angelnu.yaml - ./backube.yaml - ./bjw-s.yaml - ./cilium.yaml