Merge pull request #735 from thomasferrandiz/multus-dnc

Add multus dynamic networks controller

Author: thomasferrandiz

packages/rke2-multus/charts/templates/_helpers.tpl

@@ -18,6 +18,11 @@ tier: node
 app: {{ .Chart.Name }}
 {{- end }}
 
+{{- define "dynamicNetworksController.labels" }}
+tier: node
+app: {{ .Chart.Name }}-dnc
+{{- end }}
+
 {{- define "system_default_registry" -}}
 {{- if .Values.global.systemDefaultRegistry -}}
 {{- printf "%s/" .Values.global.systemDefaultRegistry -}}

packages/rke2-multus/charts/templates/daemonSet-thick.yaml

@@ -79,7 +79,7 @@ spec:
         image: {{ template "system_default_registry" . }}{{ .Values.thickPlugin.image.repository }}:{{ .Values.thickPlugin.image.tag }}
         imagePullPolicy: {{ .Values.thickPlugin.image.pullPolicy }}
         command: [ "/usr/src/multus-cni/bin/multus-daemon" ]
-        {{- if .Values.pod.resources.multus }}
+        {{- if .Values.pod.resources.enabled }}
         resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }}
         {{- end }}
         securityContext:

packages/rke2-multus/charts/templates/daemonSet.yaml

@@ -107,8 +107,8 @@ spec:
         {{- if .Values.config.cni_conf.cleanupConfigOnExit }}
         - "--cleanup-config-on-exit={{ .Values.config.cni_conf.cleanupConfigOnExit }}"
         {{- end }}
-        {{- if .Values.pod.resources.multus }}
-        resources: {{- toYaml .Values.pod.resources.multus | nindent 10 }}
+        {{- if .Values.pod.resources.enabled }}
+        resources: {{- toYaml .Values.pod.resources.multus.enabled | nindent 10 }}
         {{- end }}
         securityContext:
           privileged: true

packages/rke2-multus/charts/templates/dynamicNetworksController.yaml

@@ -0,0 +1,141 @@
+{{- if .Values.dynamicNetworksController.enabled }}
+{{- if .Values.manifests.clusterRole }}
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Chart.Name }}-dnc
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - network-attachment-definitions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - list
+      - update
+      - watch
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
+{{- end }}
+{{- if .Values.manifests.clusterRoleBinding }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ .Chart.Name }}-dnc
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ .Chart.Name }}-dnc
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Chart.Name }}-dnc
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+---
+{{- if .Values.manifests.serviceAccount }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ .Chart.Name }}-dnc
+  namespace: {{ .Release.Namespace }}
+{{- end }}
+---
+{{- if .Values.manifests.configMap }}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: dynamic-networks-controller-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{- include "dynamicNetworksController.labels" . | indent 8 }}
+data:
+  dynamic-networks-config.json: |
+    {
+        "criSocketPath": "/host{{ .Values.dynamicNetworksController.sockets.containerd }}",
+        "multusSocketPath": "/host{{ .Values.dynamicNetworksController.sockets.multus }}"
+    }
+{{- end }}
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ .Release.Name }}-dnc
+  namespace: {{ .Release.Namespace }}
+  labels:
+{{- include "dynamicNetworksController.labels" . | indent 8 }}
+spec:
+  selector:
+    matchLabels:
+      app: {{ .Chart.Name }}-dnc
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+{{- include "dynamicNetworksController.labels" . | indent 8 }}
+    spec:
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | trim | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ .Chart.Name }}-dnc
+      containers:
+        - name: dynamic-networks-controller
+          env:
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                    fieldPath: spec.nodeName
+          image: {{ template "system_default_registry" . }}{{ .Values.dynamicNetworksController.image.repository }}:{{ .Values.dynamicNetworksController.image.tag }}
+          command: [ "/dynamic-networks-controller" ]
+          args:
+            - "-config=/etc/dynamic-networks-controller/dynamic-networks-config.json"
+            - "-v=5"
+          {{- if .Values.pod.resources.enabled }}
+          resources: {{- toYaml .Values.pod.resources.dynamicNetworksController | nindent 10 }}
+          {{- end }}
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: dynamic-networks-controller-config-dir
+              mountPath: /etc/dynamic-networks-controller/
+              readOnly: true
+            - name: multus-server-socket
+              mountPath: /host{{ .Values.dynamicNetworksController.sockets.multus }}
+            - name: cri-socket
+              mountPath: /host{{ .Values.dynamicNetworksController.sockets.containerd }}
+          terminationMessagePolicy: FallbackToLogsOnError
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: dynamic-networks-controller-config-dir
+          configMap:
+            name: dynamic-networks-controller-config
+            items:
+              - key: dynamic-networks-config.json
+                path: dynamic-networks-config.json
+        -  name: multus-server-socket
+           hostPath:
+             path: {{ .Values.dynamicNetworksController.sockets.multus }}
+             type: Socket
+        -  name: cri-socket
+           hostPath:
+             path: {{ .Values.dynamicNetworksController.sockets.containerd }}
+             type: Socket
+{{- end }}

packages/rke2-multus/charts/values.yaml

@@ -46,6 +46,10 @@ pod:
       limits:
         memory: "1024Mi"
         cpu: "2000m"
+    dynamicNetworksController:
+      requests:
+        cpu: "100m"
+        memory: "50Mi"
 
 #podSecurityContext: {}
   # fsGroup: 2000
@@ -156,3 +160,15 @@ thickPlugin:
     tag: v4.2.1-build20250627
     pullPolicy: IfNotPresent
 
+# This deploys the dynamic networks controller add-on.
+# It can only be used with thickPlugin.enabled=true.
+# See https://github.com/k8snetworkplumbingwg/multus-dynamic-networks-controller/ for more details
+dynamicNetworksController:
+  enabled: false
+  image:
+    repository: rancher/hardened-multus-dynamic-networks-controller
+    tag: v0.3.7-build20250711
+    pullPolicy: IfNotPresent
+  sockets:
+    containerd: /run/k3s/containerd/containerd.sock
+    multus: /run/multus/multus.sock

packages/rke2-multus/package.yaml

@@ -1,3 +1,3 @@
 url: local
 workingDir: charts
-packageVersion: 05
+packageVersion: 06