add Multus (#912)

Co-authored-by: angelnu <git@angelnucom>

.github/ct-install.yaml

@@ -7,6 +7,7 @@ chart-dirs:
 excluded-charts:
 - charts/stable/alertmanager-bot
 - charts/stable/dnsmadeeasy-webhook
+- charts/stable/multus
 - charts/stable/promcord
 - charts/stable/reg
 - charts/stable/ser2sock

charts/stable/multus/.helmignore

@@ -0,0 +1,26 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+# OWNERS file for Kubernetes
+OWNERS
+# helm-docs templates
+*.gotmpl

charts/stable/multus/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+appVersion: v3.7.1
+description: multus CNI allows multiple NICs per pod
+name: multus
+version: 1.0.0
+kubeVersion: ">=1.16.0-0"
+keywords:
+- multus
+home: https://github.com/k8s-at-home/charts/tree/master/charts/stable/multus
+icon: https://multus.org/icon
+sources:
+- https://github.com/k8snetworkplumbingwg/multus-cni
+maintainers:
+- name: angelnu
+  email: git@angelnu.com
+dependencies:
+- name: common
+  repository: https://library-charts.k8s-at-home.com
+  version: 2.4.0

charts/stable/multus/README.md

@@ -0,0 +1,152 @@
+# multus
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![AppVersion: v3.7.1](https://img.shields.io/badge/AppVersion-v3.7.1-informational?style=flat-square)
+
+multus CNI allows multiple NICs per pod
+
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+
+## Source Code
+
+* <https://github.com/k8snetworkplumbingwg/multus-cni>
+
+## Requirements
+
+Kubernetes: `>=1.16.0-0`
+
+## Dependencies
+
+| Repository | Name | Version |
+|------------|------|---------|
+| https://library-charts.k8s-at-home.com | common | 2.4.0 |
+
+## TL;DR
+
+```console
+helm repo add k8s-at-home https://k8s-at-home.com/charts/
+helm repo update
+helm install multus k8s-at-home/multus
+```
+
+## Installing the Chart
+
+To install the chart with the release name `multus`
+
+```console
+helm install multus k8s-at-home/multus
+```
+
+## Uninstalling the Chart
+
+To uninstall the `multus` deployment
+
+```console
+helm uninstall multus
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+
+## Configuration
+
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install multus \
+  --set env.TZ="America/New York" \
+    k8s-at-home/multus
+```
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install multus k8s-at-home/multus -f values.yaml
+```
+
+## Custom configuration
+
+### Error setting up network for sandbox
+
+If you remove multus by force, the helm uninstall hook will not
+be called. In this situation kubelet will still try to call
+multus to during the creation of every single pod. you wil see
+this error:
+
+```
+Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox
+```
+
+If you hit this problem you can manually remove multus config.
+For k3s you can do so with:
+
+```sh
+rm -rf  /var/lib/rancher/k3s/agent/etc/cni/net.d/*multus*
+```
+
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| additionalVolumeMounts[0].mountPath | string | `"/host/etc/cni/net.d"` |  |
+| additionalVolumeMounts[0].name | string | `"cni"` |  |
+| additionalVolumeMounts[1].mountPath | string | `"/host/opt/cni/bin"` |  |
+| additionalVolumeMounts[1].name | string | `"cnibin"` |  |
+| additionalVolumes[0].hostPath.path | string | `"/var/lib/rancher/k3s/agent/etc/cni/net.d"` |  |
+| additionalVolumes[0].hostPath.type | string | `"Directory"` |  |
+| additionalVolumes[0].name | string | `"cni"` |  |
+| additionalVolumes[1].hostPath.path | string | `"/var/lib/rancher/k3s/data/current/bin"` |  |
+| additionalVolumes[1].hostPath.type | string | `"Directory"` |  |
+| additionalVolumes[1].name | string | `"cnibin"` |  |
+| args[0] | string | `"--multus-conf-file=auto"` |  |
+| args[1] | string | `"--cleanup-config-on-exit=true"` |  |
+| args[2] | string | `"--cni-version=0.3.1"` |  |
+| args[3] | string | `"--multus-kubeconfig-file-host=/var/lib/rancher/k3s/agent/etc/cni/net.d/multus.d/multus.kubeconfig"` |  |
+| command[0] | string | `"/entrypoint.sh"` |  |
+| controllerType | string | `"daemonset"` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"ghcr.io/k8snetworkplumbingwg/multus-cni"` |  |
+| image.tag | string | `"v3.7.1"` |  |
+| initContainers | list | `[{"image":"ghcr.io/k8s-at-home/cni-plugins:v0.9.1","name":"cni-installer","volumeMounts":[{"mountPath":"/host/opt/cni/bin","name":"cnibin"}]}]` | Init container that install reference CNI plugins |
+| probes.liveness.enabled | bool | `false` |  |
+| probes.readiness.enabled | bool | `false` |  |
+| probes.startup.enabled | bool | `false` |  |
+| securityContext.privileged | bool | `true` |  |
+| service.enabled | bool | `false` |  |
+| serviceAccount.create | bool | `true` |  |
+| strategy.type | string | `"RollingUpdate"` |  |
+
+## Changelog
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [1.0.0]
+
+#### Added
+
+- Initial version
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.5.0](https://github.com/norwoodj/helm-docs/releases/v1.5.0)

charts/stable/multus/README.md.gotmpl

@@ -0,0 +1,146 @@
+{{- define "custom.repository.organization" -}}
+k8s-at-home
+{{- end -}}
+
+{{- define "custom.repository.url" -}}
+https://github.com/k8s-at-home/charts
+{{- end -}}
+
+{{- define "custom.helm.url" -}}
+https://k8s-at-home.com/charts/
+{{- end -}}
+
+{{- define "custom.helm.path" -}}
+{{ template "custom.repository.organization" . }}/{{ template "chart.name" . }}
+{{- end -}}
+
+{{- define "custom.notes" -}}
+**This chart is not maintained by the upstream project and any issues with the chart should be raised [here](https://github.com/k8s-at-home/charts/issues/new/choose)**
+{{- end -}}
+
+{{- define "custom.requirements" -}}
+## Requirements
+
+{{ template "chart.kubeVersionLine" . }}
+{{- end -}}
+
+{{- define "custom.dependencies" -}}
+## Dependencies
+
+{{ template "chart.requirementsTable" . }}
+{{- end -}}
+
+{{- define "custom.install.tldr" -}}
+## TL;DR
+
+```console
+helm repo add {{ template "custom.repository.organization" . }} {{ template "custom.helm.url" . }}
+helm repo update
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.install" -}}
+## Installing the Chart
+
+To install the chart with the release name `{{ template "chart.name" . }}`
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.uninstall" -}}
+## Uninstalling the Chart
+
+To uninstall the `{{ template "chart.name" . }}` deployment
+
+```console
+helm uninstall {{ template "chart.name" . }}
+```
+
+The command removes all the Kubernetes components associated with the chart **including persistent volumes** and deletes the release.
+{{- end -}}
+
+{{- define "custom.configuration.header" -}}
+## Configuration
+{{- end -}}
+
+{{- define "custom.configuration.readValues" -}}
+Read through the [values.yaml](./values.yaml) file. It has several commented out suggested values.
+Other values may be used from the [values.yaml](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml) from the [common library](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common).
+{{- end -}}
+
+{{- define "custom.configuration.example.set" -}}
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+```console
+helm install {{ template "chart.name" . }} \
+  --set env.TZ="America/New York" \
+    {{ template "custom.helm.path" . }}
+```
+{{- end -}}
+
+{{- define "custom.configuration.example.file" -}}
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart.
+
+```console
+helm install {{ template "chart.name" . }} {{ template "custom.helm.path" . }} -f values.yaml
+```
+{{- end -}}
+
+{{- define "custom.valuesSection" -}}
+## Values
+
+**Important**: When deploying an application Helm chart you can add more values from our common library chart [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common)
+
+{{ template "chart.valuesTable" . }}
+{{- end -}}
+
+{{- define "custom.support" -}}
+## Support
+
+- See the [Docs](https://docs.k8s-at-home.com/our-helm-charts/getting-started/)
+- Open an [issue](https://github.com/k8s-at-home/charts/issues/new/choose)
+- Ask a [question](https://github.com/k8s-at-home/organization/discussions)
+- Join our [Discord](https://discord.gg/sTMX7Vh) community
+{{- end -}}
+
+{{ template "chart.header" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "custom.notes" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "custom.requirements" . }}
+
+{{ template "custom.dependencies" . }}
+
+{{ template "custom.install.tldr" . }}
+
+{{ template "custom.install" . }}
+
+{{ template "custom.uninstall" . }}
+
+{{ template "custom.configuration.header" . }}
+
+{{ template "custom.configuration.readValues" . }}
+
+{{ template "custom.configuration.example.set" . }}
+
+{{ template "custom.configuration.example.file" . }}
+
+{{ template "custom.custom.configuration" . }}
+
+{{ template "custom.valuesSection" . }}
+
+{{ template "custom.changelog" . }}
+
+{{ template "custom.support" . }}
+
+{{ template "helm-docs.versionFooter" . }}
+{{ "" }}

charts/stable/multus/README_CHANGELOG.md.gotmpl

@@ -0,0 +1,27 @@
+{{- define "custom.changelog.header" -}}
+## Changelog
+{{- end -}}
+
+{{- define "custom.changelog" -}}
+{{ template "custom.changelog.header" . }}
+
+All notable changes to this application Helm chart will be documented in this file but does not include changes from our common library. To read those click [here](https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common#changelog).
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+### [1.0.0]
+
+#### Added
+
+- Initial version
+
+#### Changed
+
+- N/A
+
+#### Removed
+
+- N/A
+
+[1.0.0]: #1.0.0
+{{- end -}}

charts/stable/multus/README_CONFIG.md.gotmpl

@@ -0,0 +1,26 @@
+{{- define "custom.custom.configuration.header" -}}
+## Custom configuration
+{{- end -}}
+
+{{- define "custom.custom.configuration" -}}
+{{ template "custom.custom.configuration.header" . }}
+
+### Error setting up network for sandbox
+
+If you remove multus by force, the helm uninstall hook will not
+be called. In this situation kubelet will still try to call
+multus to during the creation of every single pod. you wil see
+this error:
+
+```
+Failed to create pod sandbox: rpc error: code = Unknown desc = failed to setup network for sandbox
+```
+
+If you hit this problem you can manually remove multus config.
+For k3s you can do so with:
+
+```sh
+rm -rf  /var/lib/rancher/k3s/agent/etc/cni/net.d/*multus*
+```
+
+{{- end -}}

charts/stable/multus/crds/crd.yaml

@@ -0,0 +1,44 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+  group: k8s.cni.cncf.io
+  scope: Namespaced
+  names:
+    plural: network-attachment-definitions
+    singular: network-attachment-definition
+    kind: NetworkAttachmentDefinition
+    shortNames:
+    - net-attach-def
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+            Working Group to express the intent for attaching pods to one or more logical or physical
+            networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+          type: object
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this represen
+                tation of an object. Servers should convert recognized schemas to the
+                latest internal value, and may reject unrecognized values. More info:
+                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+              type: object
+              properties:
+                config:
+                  description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+                  type: string

charts/stable/multus/templates/ClusterRole.yaml

@@ -0,0 +1,29 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update

charts/stable/multus/templates/ClusterRoleBinding.yaml

@@ -0,0 +1,14 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "common.names.fullname" . }}
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "common.names.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.names.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}

charts/stable/multus/templates/NOTES.txt

@@ -0,0 +1 @@
+{{- include "common.notes.defaultNotes" . -}}

charts/stable/multus/templates/common.yaml

@@ -0,0 +1,2 @@
+{{/* Render the templates */}}
+{{ include "common.all" . }}

charts/stable/multus/templates/tests/network.yaml

@@ -0,0 +1,15 @@
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+  name: {{ include "common.names.fullname" . }}-test
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  config: '{
+      "cniVersion": "0.3.1",
+      "name": "{{ include "common.names.fullname" . }}-test",
+      "type": "macvlan",
+      "capabilities": { "ips": true }
+    }'

charts/stable/multus/templates/tests/pod-test.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ include "common.names.fullname" . }}-pod-test
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    k8s.v1.cni.cncf.io/networks: |
+      [{
+        "name": "{{ include "common.names.fullname" . }}-test"
+      }]
+spec:
+  containers:
+  - name: podt-test
+    image: "alpine"
+    command: ["/bin/true"]
+  restartPolicy: Never

charts/stable/multus/templates/uninstallJob.yaml

@@ -0,0 +1,32 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "common.names.fullname" . }}-uninstall
+  labels:
+    {{- include "common.labels" . | nindent 4 }}
+  annotations:
+    # This is what defines this resource as a hook. Without this line, the
+    # job is considered part of the release.
+    "helm.sh/hook": pre-delete
+    "helm.sh/hook-weight": "-5"
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      name: {{ include "common.names.fullname" . }}-uninstall
+      labels:
+        {{- include "common.labels" . | nindent 8 }}
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: remove-config
+        image: "alpine"
+        command: ["/bin/sh","-c", "rm -rf  /host/etc/cni/net.d/*multus*"]
+        {{- with (include "common.controller.volumeMounts" . | trim) }}
+        volumeMounts:
+          {{- . | nindent 10 }}
+        {{- end }}
+      {{- with (include "common.controller.volumes" . | trim) }}
+      volumes:
+        {{- . | nindent 8 }}
+      {{- end }}

charts/stable/multus/values.yaml

@@ -0,0 +1,69 @@
+#
+# IMPORTANT NOTE
+#
+# This chart inherits from our common library chart. You can check the default values/options here:
+# https://github.com/k8s-at-home/library-charts/tree/main/charts/stable/common/values.yaml
+#
+
+image:
+  repository: ghcr.io/k8snetworkplumbingwg/multus-cni
+  tag: v3.7.1
+  pullPolicy: IfNotPresent
+
+controllerType: daemonset
+
+serviceAccount:
+  create: true
+
+# -- Init container that install reference CNI plugins
+initContainers:
+- name: cni-installer
+  image: ghcr.io/k8s-at-home/cni-plugins:v0.9.1
+  volumeMounts:
+  - name: cnibin
+    mountPath: /host/opt/cni/bin
+
+
+command:
+- /entrypoint.sh
+
+args:
+  - "--multus-conf-file=auto"
+  - "--cleanup-config-on-exit=true"
+  - "--cni-version=0.3.1"
+  - "--multus-kubeconfig-file-host=/var/lib/rancher/k3s/agent/etc/cni/net.d/multus.d/multus.kubeconfig"
+
+securityContext:
+  privileged: true
+
+strategy:
+  type: RollingUpdate
+
+additionalVolumes:
+- name: cni
+  hostPath:
+    # path: /etc/cni/net.d
+    path: /var/lib/rancher/k3s/agent/etc/cni/net.d
+    type: Directory
+- name: cnibin
+  hostPath:
+    # path: /opt/cni/bin
+    path: /var/lib/rancher/k3s/data/current/bin
+    type: Directory
+
+additionalVolumeMounts:
+- name: cni
+  mountPath: /host/etc/cni/net.d
+- name: cnibin
+  mountPath: /host/opt/cni/bin
+
+probes:
+  liveness:
+    enabled: false
+  readiness:
+    enabled: false
+  startup:
+    enabled: false
+
+service:
+  enabled: false