andata
/
rke2-charts
mirror of https://git.rancher.io/rke2-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix cni image version

main
actions 2025-01-24 13:53:01 +00:00
parent 6f873d79db
commit 2144ece10a
25 changed files with 1082 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rke2-multus/rke2-multus-v4.1.402.tgz Executable file
View File

Binary file not shown.

22
charts/rke2-multus/rke2-multus/v4.1.402/.helmignore Executable file
View File

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

17
charts/rke2-multus/rke2-multus/v4.1.402/Chart.yaml Executable file
View File

@ -0,0 +1,17 @@
apiVersion: v2
appVersion: 4.1.4
dependencies:
- condition: rke2-whereabouts.enabled
name: rke2-whereabouts
repository: file://./charts/rke2-whereabouts
description: Multus Helm chart for Kubernetes
home: https://github.com/k8snetworkplumbingwg/multus-cni
icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png
maintainers:
- email: charts@rancher.com
name: Rancher Labs
name: rke2-multus
sources:
- https://github.com/intel/multus-cni
type: application
version: v4.1.402

10
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/Chart.yaml Executable file
View File

@ -0,0 +1,10 @@
apiVersion: v2
appVersion: 0.8.0
description: A Helm chart to deploy the whereabouts CNI
home: https://github.com/k8snetworkplumbingwg/whereabouts
maintainers:
- email: charts@rancher.com
name: Rancher Labs
name: rke2-whereabouts
type: application
version: 0.8.0

71
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/crds/whereabouts.cni.cncf.io_ippools.yaml Executable file
View File

@ -0,0 +1,71 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: ippools.whereabouts.cni.cncf.io
spec:
group: whereabouts.cni.cncf.io
names:
kind: IPPool
listKind: IPPoolList
plural: ippools
singular: ippool
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IPPool is the Schema for the ippools API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IPPoolSpec defines the desired state of IPPool
properties:
allocations:
additionalProperties:
description: IPAllocation represents metadata about the pod/container
owner of a specific IP
properties:
id:
type: string
ifname:
type: string
podref:
type: string
required:
- id
- podref
type: object
description: |-
Allocations is the set of allocated IPs for the given range. Its` indices are a direct mapping to the
IP with the same index/offset for the pool's range.
type: object
range:
description: Range is a RFC 4632/4291-style string that represents
an IP address and prefix length in CIDR notation
type: string
required:
- allocations
- range
type: object
type: object
served: true
storage: true

57
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/crds/whereabouts.cni.cncf.io_overlappingrangeipreservations.yaml Executable file
View File

@ -0,0 +1,57 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
name: overlappingrangeipreservations.whereabouts.cni.cncf.io
spec:
group: whereabouts.cni.cncf.io
names:
kind: OverlappingRangeIPReservation
listKind: OverlappingRangeIPReservationList
plural: overlappingrangeipreservations
singular: overlappingrangeipreservation
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: OverlappingRangeIPReservation is the Schema for the OverlappingRangeIPReservations
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: OverlappingRangeIPReservationSpec defines the desired state
of OverlappingRangeIPReservation
properties:
containerid:
type: string
ifname:
type: string
podref:
type: string
required:
- podref
type: object
required:
- spec
type: object
served: true
storage: true

5
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/NOTES.txt Executable file
View File

@ -0,0 +1,5 @@
Whereabouts is installed!!
You can view the pods with the following command:
kubectl get pods -n {{ .Release.Namespace }} -l app=whereabouts

83
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/_helpers.tpl Executable file
View File

@ -0,0 +1,83 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "whereabouts.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "whereabouts.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Provide a method to override namespace so parent charts can set it
*/}}
{{- define "whereabouts.namespace" -}}
{{- if hasKey .Values "namespaceOverride" -}}
namespace: {{ .Values.namespaceOverride }}
{{- else }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "whereabouts.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "whereabouts.labels" -}}
app: whereabouts
helm.sh/chart: {{ include "whereabouts.chart" . }}
{{ include "whereabouts.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "whereabouts.selectorLabels" -}}
app: {{ include "whereabouts.name" . }}
app.kubernetes.io/name: {{ include "whereabouts.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "whereabouts.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "whereabouts.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "system_default_registry" -}}
{{- if .Values.global.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

52
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/cluster_role.yaml Executable file
View File

@ -0,0 +1,52 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "whereabouts.serviceAccountName" . }}
rules:
- apiGroups:
- whereabouts.cni.cncf.io
resources:
- ippools
- overlappingrangeipreservations
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- '*'
- apiGroups: [""]
resources:
- pods
verbs:
- list
- watch
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- apiGroups: ["k8s.cni.cncf.io"]
resources:
- network-attachment-definitions
verbs:
- get
- list
- watch
- apiGroups:
- ""
- events.k8s.io
resources:
- events
verbs:
- create
- patch
- update
- get

15
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/cluster_role_binding.yaml Executable file
View File

@ -0,0 +1,15 @@
{{- if .Values.serviceAccount.create -}}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "whereabouts.serviceAccountName" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "whereabouts.serviceAccountName" . }}
subjects:
- kind: ServiceAccount
name: {{ include "whereabouts.serviceAccountName" . }}
{{- include "whereabouts.namespace" . | nindent 2 }}
{{- end }}

10
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/configmap.yaml Executable file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "whereabouts.fullname" . }}-config
{{- include "whereabouts.namespace" . | nindent 2 }}
annotations:
kubernetes.io/description: |
Configmap containing user customizable cronjob schedule
data:
cron-expression: "30 4 * * *" # Default schedule is once per day at 4:30am. Users may configure this value to their liking.

96
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/daemonset.yaml Executable file
View File

@ -0,0 +1,96 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "whereabouts.fullname" . }}
{{- include "whereabouts.namespace" . | nindent 2 }}
labels:
{{- include "whereabouts.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
name: whereabouts
{{- include "whereabouts.selectorLabels" . | nindent 6 }}
updateStrategy:
type: {{ .Values.updateStrategy }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
name: whereabouts
{{- include "whereabouts.selectorLabels" . | nindent 8 }}
spec:
hostNetwork: true
serviceAccountName: {{ include "whereabouts.serviceAccountName" . }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
securityContext: #TODO still needed?
{{- toYaml .Values.podSecurityContext | nindent 8 }}
tolerations:
- operator: Exists
effect: NoSchedule
containers:
- name: {{ .Chart.Name }}
command: [ "/bin/sh" ]
args:
- -c
- >
SLEEP=false /install-cni.sh &&
/ip-control-loop -log-level debug
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: NODENAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: WHEREABOUTS_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: CNI_CONF_DIR
value: /host{{ .Values.cniConf.confDir }}
- name: CNI_BIN_DIR
value: /host{{ .Values.cniConf.binDir }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- name: cnibin
mountPath: /host{{ .Values.cniConf.binDir }}
- name: cni-net-dir
mountPath: /host{{ .Values.cniConf.confDir }}
- name: cron-scheduler-configmap
mountPath: /cron-schedule
volumes:
- name: cnibin
hostPath:
path: {{ .Values.cniConf.binDir }}
- name: cni-net-dir
hostPath:
path: {{ .Values.cniConf.confDir }}
- name: cron-scheduler-configmap
configMap:
name: {{ include "whereabouts.fullname" . }}-config
defaultMode: 0744
items:
- key: "cron-expression"
path: "config"
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

13
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/templates/serviceaccount.yaml Executable file
View File

@ -0,0 +1,13 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "whereabouts.serviceAccountName" . }}
{{- include "whereabouts.namespace" . | nindent 2 }}
labels:
{{- include "whereabouts.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

57
charts/rke2-multus/rke2-multus/v4.1.402/charts/rke2-whereabouts/values.yaml Executable file
View File

@ -0,0 +1,57 @@
# Default values for whereabouts.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: rancher/hardened-whereabouts
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: v0.8.0-build20241011
updateStrategy: RollingUpdate
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
namespaceOverride: "kube-system"
successfulJobsHistoryLimit: 0
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
#name: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
privileged: true
resources:
requests:
cpu: "100m"
memory: "100Mi"
nodeSelector:
kubernetes.io/os: linux
tolerations:
- operator: Exists
effect: NoSchedule
affinity: {}
cniConf:
confDir: /etc/cni/net.d
binDir: /opt/cni/bin
nodeSliceController:
enabled: true
global:
systemDefaultRegistry: ""

33
charts/rke2-multus/rke2-multus/v4.1.402/templates/NOTES.txt Executable file
View File

@ -0,0 +1,33 @@
======
1. The following components have been deployed as part of this helm chart:
{{- if .Values.manifests.clusterRole }}
Cluster Role: {{ .Values.serviceAccount.name }}
{{- end}}
{{- if .Values.manifests.clusterRoleBinding }}
Cluster Role Binding: {{ .Chart.Name }}
{{- end }}
{{- if .Values.manifests.configMap }}
Config Map: {{ .Release.Name }}-{{ .Chart.Version }}-config
{{- end }}
{{- if .Values.manifests.customResourceDefinition }}
Custom Resource Definition: network-attachment-definitions.k8s.cni.cncf.io
{{- end }}
{{- if .Values.manifests.daemonSet }}
Daemon Set: {{ .Release.Name }}
{{- end }}
{{- if .Values.manifests.dhcpDaemonSet }}
Daemon Set: {{ .Release.Name }}-dhcp
{{- end}}
{{- if .Values.manifests.serviceAccount }}
Service Account: {{ .Values.serviceAccount.name }}
{{- end }}
You can now deploy any other CNI and create its Network Attachment Defintion.
---------
2. To uninstall helm chart use the command:
helm delete {{ .Release.Name }}
You may have to manually delete CRD -
kubectl delete crd network-attachment-definitions.k8s.cni.cncf.io
---------

27
charts/rke2-multus/rke2-multus/v4.1.402/templates/_helpers.tpl Executable file
View File

@ -0,0 +1,27 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{/* Generate basic labels */}}
{{- define "multus.labels" }}
tier: node
app: {{ .Chart.Name }}
{{- end }}
{{- define "system_default_registry" -}}
{{- if .Values.global.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

39
charts/rke2-multus/rke2-multus/v4.1.402/templates/clusterRole.yaml Executable file
View File

@ -0,0 +1,39 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.clusterRole }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Chart.Name }}
rules:
- apiGroups: ["k8s.cni.cncf.io"]
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- pods
- pods/status
verbs:
- get
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
{{- end }}

27
charts/rke2-multus/rke2-multus/v4.1.402/templates/clusterRoleBinding.yaml Executable file
View File

@ -0,0 +1,27 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.clusterRoleBinding }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Chart.Name }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ .Chart.Name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}

25
charts/rke2-multus/rke2-multus/v4.1.402/templates/configMap.yaml Executable file
View File

@ -0,0 +1,25 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.configMap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-{{ .Chart.Version }}-config
namespace: {{ .Release.Namespace }}
labels:
{{- include "multus.labels" . | indent 4 }}
data:
cni-conf.json: |-
{{ toJson .Values.config.cni_conf | indent 4 }}
{{- end }}

41
charts/rke2-multus/rke2-multus/v4.1.402/templates/customResourceDefinition.yaml Executable file
View File

@ -0,0 +1,41 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.customResourceDefinition }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: network-attachment-definitions.k8s.cni.cncf.io
spec:
group: k8s.cni.cncf.io
scope: Namespaced
names:
plural: network-attachment-definitions
singular: network-attachment-definition
kind: NetworkAttachmentDefinition
shortNames:
- net-attach-def
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
config:
type: string
{{- end }}

135
charts/rke2-multus/rke2-multus/v4.1.402/templates/daemonSet.yaml Executable file
View File

@ -0,0 +1,135 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.daemonSet }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "multus.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: {{ .Chart.Name }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
{{- include "multus.labels" . | indent 8 }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/configMap.yaml") . | sha256sum }}
spec:
priorityClassName: system-node-critical
hostNetwork: true
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
nodeSelector: {{- toYaml .Values.labels.nodeSelector | nindent 8 }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | trim | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.serviceAccount.name }}
initContainers:
- name: cni-plugins
image: {{ template "system_default_registry" . }}{{ .Values.cniplugins.image.repository }}:{{ .Values.cniplugins.image.tag }}
securityContext:
privileged: true
volumeMounts:
- name: cnibin
mountPath: /host/opt/cni/bin
env:
- name: SKIP_CNI_BINARIES
value: {{ .Values.cniplugins.skipcnis }}
containers:
- name: kube-{{ .Chart.Name }}
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command: ["/thin_entrypoint"]
args:
- "--multus-conf-file={{ .Values.config.cni_conf.multusConfFile }}"
{{- if .Values.config.cni_conf.cniVersion }}
- "--cni-version={{ .Values.config.cni_conf.cniVersion }}"
{{- end }}
{{- if .Values.config.cni_conf.multusAutoconfigDir }}
- "--multus-autoconfig-dir={{ .Values.config.cni_conf.multusAutoconfigDir }}"
{{- end }}
{{- if .Values.config.cni_conf.kubeconfig }}
- "--multus-kubeconfig-file-host={{ .Values.config.cni_conf.kubeconfig }}"
{{- end }}
{{- if .Values.config.cni_conf.masterCniFilename }}
- "--multus-master-cni-file-name={{ .Values.config.cni_conf.masterCniFilename }}"
{{- end }}
{{- if .Values.config.cni_conf.additionalBinDir }}
- "--additional-bin-dir={{ .Values.config.cni_conf.additionalBinDir }}"
{{- end }}
{{- if .Values.config.cni_conf.skipMultusBinaryCopy }}
- "--skip-multus-binary-copy={{ .Values.config.cni_conf.skipMultusBinaryCopy }}"
{{- end }}
{{- if .Values.config.cni_conf.readinessIndicatorFile }}
- "--readiness-indicator-file={{ .Values.config.cni_conf.readinessIndicatorFile }}"
{{- end }}
{{- if .Values.config.cni_conf.namespaceIsolation }}
- "--cni-namespace-isolation={{ .Values.config.cni_conf.namespaceIsolation }}"
{{- end }}
{{- if .Values.config.cni_conf.globalNamespaces }}
- "--global-namespaces={{ .Values.config.cni_conf.globalNamespaces }}"
{{- end }}
{{- if .Values.config.cni_conf.logLevel }}
- "--multus-log-level={{ .Values.config.cni_conf.logLevel }}"
{{- end }}
{{- if .Values.config.cni_conf.logFile }}
- "--multus-log-file={{ .Values.config.cni_conf.logFile }}"
{{- end }}
{{- if .Values.config.cni_conf.cleanupConfigOnExit }}
- "--cleanup-config-on-exit={{ .Values.config.cni_conf.cleanupConfigOnExit }}"
{{- end }}
{{- if .Values.pod.resources.multus }}
resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }}
{{- end }}
securityContext:
privileged: true
volumeMounts:
- name: cni
mountPath: /host/etc/cni/net.d
- name: cnibin
mountPath: /host/opt/cni/bin
{{- if .Values.manifests.configMap }}
- name: multus-cfg
mountPath: /tmp/multus-conf/00-multus.conf
subPath: "cni-conf.json"
{{- end }}
volumes:
- name: cni
hostPath:
path: {{ .Values.config.cni_conf.confDir }}
- name: cnibin
hostPath:
path: {{ .Values.config.cni_conf.binDir }}
{{- if .Values.manifests.configMap }}
- name: multus-cfg
configMap:
name: {{ .Release.Name }}-{{ .Chart.Version }}-config
{{- end }}
{{- end }}

65
charts/rke2-multus/rke2-multus/v4.1.402/templates/dhcp-daemonSet.yaml Executable file
View File

@ -0,0 +1,65 @@
{{- if .Values.manifests.dhcpDaemonSet }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ .Release.Name }}-dhcp
namespace: {{ .Release.Namespace }}
labels:
{{- include "multus.labels" . | indent 4 }}
spec:
selector:
matchLabels:
app: {{ .Chart.Name }}
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
{{- include "multus.labels" . | indent 8 }}
spec:
hostNetwork: true
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | trim | nindent 8 }}
{{- end }}
nodeSelector: {{- toYaml .Values.labels.nodeSelector | nindent 8 }}
initContainers:
- name: kube-{{ .Chart.Name }}-dhcp-cleanup
image: {{ template "system_default_registry" . }}{{ .Values.dhcpDaemonSet.image.repository }}:{{ .Values.dhcpDaemonSet.image.tag }}
command: ["rm", "-f", "/run/cni/dhcp.sock"]
securityContext:
privileged: true
volumeMounts:
- name: socketpath
mountPath: /host/run/cni
containers:
- name: kube-{{ .Chart.Name }}-dhcp
image: {{ template "system_default_registry" . }}{{ .Values.dhcpDaemonSet.image.repository }}:{{ .Values.dhcpDaemonSet.image.tag }}
command: ["/opt/cni/bin/dhcp", "daemon"]
securityContext:
privileged: true
volumeMounts:
- name: binpath
mountPath: /opt/cni/bin
- name: socketpath
mountPath: /run/cni
- name: netnspath
mountPath: /var/run/netns
mountPropagation: HostToContainer
volumes:
- name: binpath
hostPath:
path: {{ .Values.config.cni_conf.binDir }}
- name: socketpath
hostPath:
path: /run/cni
- name: netnspath
hostPath:
path: /run/netns
{{- end }}

20
charts/rke2-multus/rke2-multus/v4.1.402/templates/serviceAccount.yaml Executable file
View File

@ -0,0 +1,20 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.manifests.serviceAccount }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{ .Release.Namespace }}
{{- end }}

141
charts/rke2-multus/rke2-multus/v4.1.402/values.yaml Executable file
View File

@ -0,0 +1,141 @@
# Copyright 2020 K8s Network Plumbing Group
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for multus.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
#replicaCount: 1
image:
repository: rancher/hardened-multus-cni
tag: v4.1.4-build20250108
pullPolicy: IfNotPresent
#imagePullSecrets: []
#nameOverride: ""
#fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
#create: true
# Annotations to add to the service account
#annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: multus
pod:
resources:
enabled: false
multus:
requests:
memory: "128Mi"
cpu: "250m"
limits:
memory: "1024Mi"
cpu: "2000m"
#podSecurityContext: {}
# fsGroup: 2000
#securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
#service:
#type: ClusterIP
#port: 80
#ingress:
#enabled: false
#annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
#hosts:
#- host: chart-example.local
# paths: []
#tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
labels:
nodeSelector:
kubernetes.io/os: linux
# Multus configuration
# For more details, see https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/how-to-use.md#entrypoint-script-parameters
config:
cni_conf:
confDir: /etc/cni/net.d
binDir: /opt/cni/bin
#namespaceIsolation: false
#globalNamespaces: default,foo,bar
#skipMultusBinaryCopy: false
#readinessIndicatorFile: ""
multusConfFile: auto #or specify a file to be copied on each node
#The following options can be used only when multusConfFile=auto
#multusAutoconfigDir: /host/etc/cni/net.d
kubeconfig: /etc/cni/net.d/multus.d/multus.kubeconfig
#masterCniFilename:
#logFile: /var/log/multus.log
#logLevel: panic
#cniVersion: 1.0.0
#cleanupConfigOnExit: true
#additionalBinDir: /opt/multus/bin
manifests:
serviceAccount: true
clusterRole: true
clusterRoleBinding: true
configMap: false
daemonSet: true
customResourceDefinition: true
dhcpDaemonSet: false
tolerations:
- operator: Exists
effect: NoSchedule
- operator: Exists
effect: NoExecute
#affinity: {}
## RANCHER ADDDED INFO ##
cniplugins:
image:
repository: rancher/hardened-cni-plugins
tag: v1.6.2-build20250124
# skipcnis is a comma separated list of cni binaries to skip from
# installing.
skipcnis: flannel
dhcpDaemonSet:
image:
repository: rancher/mirrored-library-busybox
tag: "1.36.1"
global:
systemDefaultRegistry: ""
rke2-whereabouts:
enabled: false

21
index.yaml
View File

@ -15692,6 +15692,27 @@ entries:
- assets/rke2-metrics-server/rke2-metrics-server-2.11.100-build2021022300.tgz
version: 2.11.100-build2021022300
rke2-multus:
- apiVersion: v2
appVersion: 4.1.4
created: "2025-01-24T13:53:01.289031894Z"
dependencies:
- condition: rke2-whereabouts.enabled
name: rke2-whereabouts
repository: file://./charts/rke2-whereabouts
description: Multus Helm chart for Kubernetes
digest: af8e538727ee9de0b66cb56597c5dc956968b92fd17c4f5adc4e6cd75ae05525
home: https://github.com/k8snetworkplumbingwg/multus-cni
icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png
maintainers:
- email: charts@rancher.com
name: Rancher Labs
name: rke2-multus
sources:
- https://github.com/intel/multus-cni
type: application
urls:
- assets/rke2-multus/rke2-multus-v4.1.402.tgz
version: v4.1.402
- apiVersion: v2
appVersion: 4.1.4
created: "2025-01-22T19:51:56.283735296Z"