M-CORD Release service charts
Change-Id: Ib6ea6b38abf802db15cabf3ed06fcfceae42cc05
diff --git a/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
new file mode 100644
index 0000000..135e769
--- /dev/null
+++ b/mcord-release/mcord-setup/templates/multus-sriov-ds.yaml
@@ -0,0 +1,234 @@
+---
+# Copyright 2018-present Open Networking Foundation
+# Copyright 2018 Intel Corporation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ # name must match the spec fields below, and be in the form: <plural>.<group>
+ name: network-attachment-definitions.k8s.cni.cncf.io
+ annotations:
+ "helm.sh/hook": "crd-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+spec:
+ # group name to use for REST API: /apis/<group>/<version>
+ group: k8s.cni.cncf.io
+ # version name to use for REST API: /apis/<group>/<version>
+ version: v1
+ # either Namespaced or Cluster
+ scope: Namespaced
+ names:
+ # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+ plural: network-attachment-definitions
+ # singular name to be used as an alias on the CLI and for display
+ singular: network-attachment-definition
+ # kind is normally the CamelCased singular type. Your resource manifests use this.
+ kind: NetworkAttachmentDefinition
+ # shortNames allow shorter string to match your resource on the CLI
+ shortNames:
+ - net-attach-def
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: multus-sa
+ namespace: kube-system
+ annotations:
+ "helm.sh/hook": "pre-install"
+ "helm.sh/hook-delete-policy": "before-hook-creation"
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: multus-sa-secret
+ namespace: kube-system
+ annotations:
+ kubernetes.io/service-account.name: multus-sa
+type: kubernetes.io/service-account-token
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus-pod-networks-lister
+rules:
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["pods/status"]
+ verbs: ["update"]
+- apiGroups: ["k8s.cni.cncf.io"]
+ resources: ["*"]
+ verbs: ["get"]
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: multus-scripts
+ namespace: kube-system
+data:
+ install-certs.sh: |
+ # Copied from Calico
+ # https://github.com/projectcalico/cni-plugin/blob/master/k8s-install/scripts/install-cni.sh
+ touch /host/etc/cni/net.d/multus-kubeconfig
+ chmod 600 /host/etc/cni/net.d/multus-kubeconfig
+ SERVICE_ACCOUNT_PATH=/var/run/secrets/multus/serviceaccount
+ KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
+ TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
+ SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
+ cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+ # Kubeconfig file for Multus CNI plugin.
+ apiVersion: v1
+ kind: Config
+ clusters:
+ - name: local
+ cluster:
+ server: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}
+ $TLS_CFG
+ users:
+ - name: multus
+ user:
+ token: "${SERVICEACCOUNT_TOKEN}"
+ contexts:
+ - name: multus-context
+ context:
+ cluster: local
+ user: multus
+ current-context: multus-context
+ EOF
+ install-multus-conf.sh: |
+ # copied from https://github.com/intel/multus-cni/blob/master/images/entrypoint.sh
+ rm -f /host/etc/cni/net.d/00-multus.conf
+ MASTER_PLUGIN="$(ls /host/etc/cni/net.d | grep -E '\.conf(list)?$' | head -1)"
+ MASTER_PLUGIN_JSON="$(cat /host/etc/cni/net.d/$MASTER_PLUGIN)"
+ cat > /host/etc/cni/net.d/00-multus.conf <<EOF
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "logFile": "/var/log/multus.log",
+ "logLevel": "debug",
+ "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+ "delegates": [
+ $MASTER_PLUGIN_JSON
+ ]
+ }
+ EOF
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus-rb
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: multus-pod-networks-lister
+subjects:
+- kind: ServiceAccount
+ name: multus-sa
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: sriov-device-plugin
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: sriov-device-plugin
+ template:
+ metadata:
+ labels:
+ name: sriov-device-plugin
+ spec:
+ initContainers:
+ - name: init-sriovds
+ image: {{ .Values.sriovds.initimage }}
+ command: [ "bash", "-c" ]
+ args:
+ - cp /tmp/cni/bin/{multus,sriov,vfioveth,centralip,jq} /host/opt/cni/bin/;
+ /tmp/multus/install-multus-conf.sh;
+ /tmp/multus/install-certs.sh;
+ systemctl stop kubelet;
+ echo "Restarting crio/containerd, kubelet";
+ systemctl restart containerd;
+ systemctl restart crio;
+ systemctl restart kubelet;
+ volumeMounts:
+ - name: usr-bin
+ mountPath: /host/usr/bin
+ - name: cni-bin
+ mountPath: /host/opt/cni/bin
+ - name: multus-sa
+ mountPath: /var/run/secrets/multus/serviceaccount
+ - name: multus-scripts
+ mountPath: /tmp/multus
+ - name: cni-conf
+ mountPath: /host/etc/cni/net.d
+ - name: dbus
+ mountPath: /var/run/dbus
+ - name: systemd
+ mountPath: /run/systemd
+ containers:
+ - name: sriovds
+ image: {{ .Values.sriovds.image }}
+ command: [ "sh", "-c" ]
+ args:
+ - /usr/bin/sriovdp --logtostderr -v 10;
+ sleep infinity;
+ volumeMounts:
+ - name: net
+ mountPath: /sys/class/net
+ readOnly: true
+ - name: dp-sock
+ mountPath: /var/lib/kubelet/device-plugins/
+ readOnly: false
+ - mountPath: /etc/pcidp
+ name: sriov-config
+ readOnly: false
+ volumes:
+ - name: sriov-config
+ configMap:
+ name: sriov-config
+ - name: usr-bin
+ hostPath:
+ path: /usr/bin
+ - name: cni-bin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-sa
+ secret:
+ secretName: multus-sa-secret
+ - name: multus-scripts
+ configMap:
+ defaultMode: 511
+ name: multus-scripts
+ - name: cni-conf
+ hostPath:
+ path: /etc/cni/net.d
+ - name: dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: systemd
+ hostPath:
+ path: /run/systemd
+ - name: net
+ hostPath:
+ path: /sys/class/net
+ - name: dp-sock
+ hostPath:
+ path: /var/lib/kubelet/device-plugins/
+ hostNetwork: true
+ hostPID: true