From 341a46cb1deb0988a4285207941f3e6e7240609b Mon Sep 17 00:00:00 2001
From: actions <actions@github.com>
Date: Wed, 23 Jun 2021 18:02:33 +0000
Subject: [PATCH] Merge pull request #110 from
 mrostecki/multus-ds-init-privileged

multus: Make the daemonset init container privileged
---
 .../rke2-multus-v3.7.1-build2021041603.tgz    | Bin 0 -> 2153 bytes
 .../v3.7.1-build2021041603/Chart.yaml         |  12 ++++
 .../templates/_helpers.tpl                    |   7 ++
 .../templates/clusterrole.yaml                |  27 ++++++++
 .../templates/clusterrolebinding.yaml         |  12 ++++
 .../templates/daemonset.yaml                  |  61 ++++++++++++++++++
 .../networkattachmendefinitions.crd.yaml      |  44 +++++++++++++
 .../templates/serviceaccount.yaml             |   5 ++
 .../v3.7.1-build2021041603/values.yaml        |  16 +++++
 index.yaml                                    |  17 +++++
 10 files changed, 201 insertions(+)
 create mode 100755 assets/rke2-multus/rke2-multus-v3.7.1-build2021041603.tgz
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/Chart.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/_helpers.tpl
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrole.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrolebinding.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/daemonset.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/networkattachmendefinitions.crd.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/serviceaccount.yaml
 create mode 100755 charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/values.yaml

diff --git a/assets/rke2-multus/rke2-multus-v3.7.1-build2021041603.tgz b/assets/rke2-multus/rke2-multus-v3.7.1-build2021041603.tgz
new file mode 100755
index 0000000000000000000000000000000000000000..39590fcc6fce6537058c0fbac049a495abde104f
GIT binary patch
literal 2153
zcmV-v2$uIBiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PI>{Z`(K$@3TI|z>7nH!&#DJC)qQwz;)ANk=t#qNDjS+#i5|7
zk<1H4>d2AXY?1GNASug|?8Hr*rYO$yVv8b&Gn_yCaYS>CN8_@VRNLfi$qdCetd!3l
zmC`g#Pi8a!o2KdTH$9z9pG{`z$?W8GIy*UimQJR#^!OR1k1NJ*sx2||EdAoShRS^>
z#47O?jTKtWVKs?ZRc#)p@o7AXGPK-?ihSE^?<sJ0aSo{1LZSsm#Q0LE0-PI(N+Kwv
z_u5>8P=qFD94(NBN@o^?f?w+e8ij;5j+VN_IV_1PJ5Q2A(6U~{T$jo9kGA1b$+}z!
zRlF~f;HP7*L?pNqXFbrc_i-3pTQpoNLPej#Cn=dFG)bm;B1%@EO@fMXrHZIzLJ<=R
zjh#nhz>*0$2kyee{>?DOmuTE95rAS&k;~8qzp;glLQ^NeBCBh|(ewHYl~;Ykj2E?#
z*-?5lNoSLjbQ*n@{k!qMVzNg2_z7TN{2xz_hVg$gOAqn?6ckK9j{v;;yFUO1D{Td7
zb2Ep=&66cF87j=i9glQ<i50s&GK#nom8=V)9>kw3F>Z!+CP?GI4knmI5x@^%uSLa`
zuplfj;JPdsSge>~gc(R-33Luz30Mflj0m~Nje^|x(ER~~vc#kms)!?KInE)MOevI6
zR7kyG(g|;GEMfT)b5={b#6nndT8u`Y7k=NIy75m~R+16g<lPcwg~rBIJwhtj7yr|A
zxc?uYo=y+({}lA`;}|l`g+dqw-+q?`=YD4z?;gSU_BL`IMGo=Xut|i7h<AoV+rKhG
zQ4XU&*<|#vkti*;52K9)sIsm9-+BqZYuX+ET-FX287=V<;K084cklY~e{woG?Eg<f
z*Ft4;I1Bc^)DolaiNGuvk6BGiZNwkU9RcF&A8jmjvYJFC63ZB|c?*9Vm}_c@e#;*N
ztHdux*Oi^a?;|&qD-m<W^H}K7zZ)>n!ea0=hUb5N?*FgQEVi1vOxstZ(OtaUsiXIh
zSYl4f9TOBt?f<&U7~!7z++SRwBHOIXT~dTjyXNEu!#s_IjQDaO#MiX{-uPb#l{sMa
z1!-Vk{Lj(>{y$2OricCiNoXtne-8G3j5MGnUSjUr*Aa9Ns|a8_7Y#Vtdhs9R<PXrH
z^A(zv;P`@bT`L;)50AED9Ov-yBgB^|ky(r{*3EEx`>ieTZE1J>XADcNEIv*(a8LYC
zk0z7h{y&`@>VHo{-7sfWWnDyv(0b{8;0kF+gkRSSTo(eePmHt3R>=Jk8YOblChUQw
z+wgv43zY4qIEdl3TQ>bW!Z?z>p<9Ci*3&v#YD*WP#x@5s^?KhWEz$UF)Y+MJ<=V8F
z!>bR%l5MBJJV#D*xX@R8iCHc2A!A;BKwh^yzU?Kji=prULJ2z4n=<5jrl9ArSmH<c
zLW{G*dgbmp+Qo2t>nzqB&Nd~R*t3Z@r5d=so!{4!SmCU^mck;hji4JRJAR;zfxsOL
zS3+WeS<eUnD=q61U%Qp)ShS<-LZ}X((sg{pXgP<(SvJuXC0vQ5+YQxfo7L5?=WpJf
zU7WxB`TXL=<@u|t4p(0V4Q{-xYFlk;HRX5OrV}KOVw=EfpIv&r1~&24F&Epvj}la5
zZYnJl#dg_1aYxJ)y|o{W+lrr7`8XF6e_}Q1QNNFK#HK*~QyNd>$>#kQ91e~Dt<h4i
z4S-km97dBgEl0if5=&n!937{xMfa5yrT9W7U&T@H^HL=4y;LE^*`s(lp(%y(`Rf<M
zIKDw6basVYtIW<}l15#z_e$($@e}rzuL>eOQ2Kj$bv60c8{z*c?Z$u2cc}1buSDf5
zgu?HSF*n%*QQ<!PcX~X)e@92B(?k8|NvMzi1b!e?*4ue=!fVcDwIy9%Hp%>D>k&KP
zVdFmI)_-W+^`Jo=s0D^aI3f;T16ZyroI{Hyvo+!jS*4P-VRGNJ0SpRN)RLJ!oqgY+
zb^{k*wB26zd)cKn9=A2Zj2-8OtK%5?ijUnu%XO+;O*#;8u)|o=#sh_J8((6{HhEN6
zs9wA|e>=Szya4EZvVVS$2H~UG+2zZIy9di67ns4~255<E_2EtPNxGND|E0~fPzCt2
zJ&*?cP#Lt=j}-nRJmlJRt_b)$0Hi@H1Z|+y20`jVa3<YzwY;(Je{Yt?QZ|OyuDejV
zHl^R}fUTI2Y#|XCJ?t8R7&|jLb)R=8qZ{XE+E*ERIKbh05;#B_o#5%U4=v!#6#6ya
zTEYr7eu3F~^>q%k6c!A+WkfY#3P3?^odZ*in6a;cps~&qYneGfx<W%>kn2K;KU(&F
z;c1CmTz$@`a9cw$84&PafT;{hb^`|8JW#6+$L6ZQ#v;Q7fUY&xxy0emS_!&I9BMXV
zQIj?{$#8`-v7#6=!<T}PQ*AI|l^A<vR7e|T_CpILpAV)BhO=abF6x8$UgP{KR2JeO
z3=g`sHXzsJtabV7>Ypu^^>*4)Iap*f)NYL97E-7jO|Woobm_UG$~*}74_pdVw8hre
z3x{%B%nYPsIAcm_f(153;w*-91!t^8dFGDZ9n*XjQ@9nkW4FAYZj9mCy+2?p?D}W-
z-PXG=xw+B3fXmPd<Kltb!OKNadsS((4eZuthj4f21qkQDTol{w4^bfS2+sNUtAAXK
zL*^sQ{0*$|x(<blq1Z!1+_C@f#(zy!f`zKYmlgr{)&D26;r*Y}>G7fd|0FcH|F^TM
ferJXMP+vdLfev(_@0R`-00960*NLUc05AXmx;86C

literal 0
HcmV?d00001

diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/Chart.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/Chart.yaml
new file mode 100755
index 0000000..d4b19b0
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+appVersion: v3.7.1
+description: Multus CNI enables attaching multiple network interfaces to pods in Kubernetes.
+home: https://github.com/k8snetworkplumbingwg/multus-cni
+icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png
+maintainers:
+- email: charts@rancher.com
+  name: Rancher Labs
+name: rke2-multus
+sources:
+- https://github.com/k8snetworkplumbingwg/multus-cni
+version: v3.7.1-build2021041603
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/_helpers.tpl b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/_helpers.tpl
new file mode 100755
index 0000000..b647c75
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrole.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrole.yaml
new file mode 100755
index 0000000..0a37472
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrole.yaml
@@ -0,0 +1,27 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
\ No newline at end of file
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrolebinding.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrolebinding.yaml
new file mode 100755
index 0000000..61af8e9
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: multus
+subjects:
+- kind: ServiceAccount
+  name: multus
+  namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/daemonset.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/daemonset.yaml
new file mode 100755
index 0000000..6c45c5b
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/daemonset.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-multus-ds
+  namespace: {{ .Release.Namespace }}
+spec:
+  selector:
+    matchLabels:
+      name: multus
+  template:
+    metadata:
+      labels:
+        name: multus
+    spec:
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      - operator: Exists
+        effect: NoExecute
+      serviceAccountName: multus
+      initContainers:
+      - name: cni-plugins
+        image: {{ template "system_default_registry" . }}{{ .Values.cniplugins.image.repository }}:{{ .Values.cniplugins.image.tag }}
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cnibin
+          mountPath: /host/opt/cni/bin
+        env:
+        - name: SKIP_CNI_BINARIES
+          value: {{ .Values.cniplugins.skipcnis }}
+      containers:
+      - name: kube-multus
+        image: {{ template "system_default_registry" . }}{{ .Values.multus.image.repository }}:{{ .Values.multus.image.tag }}
+        command: ["/entrypoint.sh"]
+        args:
+        - "--multus-conf-file=auto"
+        - "--cni-version=0.3.1"
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cni
+          mountPath: /host/etc/cni/net.d
+        - name: cnibin
+          mountPath: /host/opt/cni/bin
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cni
+          hostPath:
+            path: /etc/cni/net.d
+        - name: cnibin
+          hostPath:
+            path: /opt/cni/bin
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/networkattachmendefinitions.crd.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/networkattachmendefinitions.crd.yaml
new file mode 100755
index 0000000..5b21ab6
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/networkattachmendefinitions.crd.yaml
@@ -0,0 +1,44 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+  group: k8s.cni.cncf.io
+  scope: Namespaced
+  names:
+    plural: network-attachment-definitions
+    singular: network-attachment-definition
+    kind: NetworkAttachmentDefinition
+    shortNames:
+    - net-attach-def
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+            Working Group to express the intent for attaching pods to one or more logical or physical
+            networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+          type: object
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this represen
+                tation of an object. Servers should convert recognized schemas to the
+                latest internal value, and may reject unrecognized values. More info:
+                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+              type: object
+              properties:
+                config:
+                  description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+                  type: string
\ No newline at end of file
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/serviceaccount.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/serviceaccount.yaml
new file mode 100755
index 0000000..f66d274
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: multus
+  namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/values.yaml b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/values.yaml
new file mode 100755
index 0000000..73f6b2b
--- /dev/null
+++ b/charts/rke2-multus/rke2-multus/v3.7.1-build2021041603/values.yaml
@@ -0,0 +1,16 @@
+multus:
+  image:
+    repository: rancher/hardened-multus-cni
+    tag: v3.7.1-build20210416
+
+cniplugins:
+  image:
+    repository: rancher/hardened-cni-plugins
+    tag: v0.9.1-build20210414
+
+  # skipcnis is a comma separated list of cni binaries to skip from
+  # installing.
+  skipcnis: flannel
+
+global:
+  systemDefaultRegistry: ""
diff --git a/index.yaml b/index.yaml
index 83d0677..2f4781e 100755
--- a/index.yaml
+++ b/index.yaml
@@ -1478,6 +1478,23 @@ entries:
     - assets/rke2-metrics-server/rke2-metrics-server-2.11.100-build2021022300.tgz
     version: 2.11.100-build2021022300
   rke2-multus:
+  - apiVersion: v1
+    appVersion: v3.7.1
+    created: "2021-06-23T18:02:33.469096164Z"
+    description: Multus CNI enables attaching multiple network interfaces to pods
+      in Kubernetes.
+    digest: e3dc2dd4b1c5a0b193c83a59ed35d69d8463d8c89fbc93671e6dbaeb34111dfd
+    home: https://github.com/k8snetworkplumbingwg/multus-cni
+    icon: https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/doc/images/Multus.png
+    maintainers:
+    - email: charts@rancher.com
+      name: Rancher Labs
+    name: rke2-multus
+    sources:
+    - https://github.com/k8snetworkplumbingwg/multus-cni
+    urls:
+    - assets/rke2-multus/rke2-multus-v3.7.1-build2021041603.tgz
+    version: v3.7.1-build2021041603
   - apiVersion: v1
     appVersion: v3.7.1
     created: "2021-05-27T19:13:47.820940509Z"