neonvm: use 3.9.3 multus for arm

Signed-off-by: Misha Sakhnov <[email protected]>

Author: mikhail-sakhnov

neonvm/config/multus-arm64/daemonset_patch.yaml

@@ -1,137 +1,112 @@
+---
+# Source: multus-cni/templates/daemonset.yaml
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
+  name: kube-multus-ds
+  namespace: kube-system
   labels:
+    tier: node
     app: multus
     name: multus
-    tier: node
-  name: kube-multus-ds
-  namespace: kube-system
 spec:
   selector:
     matchLabels:
-      name: multus
+      app: multus
+  updateStrategy:
+    type: RollingUpdate
   template:
     metadata:
-      labels:
-        app: multus
-        name: multus
-        tier: node
+      annotations:
     spec:
+      
+      hostNetwork: true
+      serviceAccountName: multus
+      securityContext:
+        fsGroup: 0
       affinity:
+        podAffinity:
+         
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             nodeSelectorTerms:
             - matchExpressions:
-              - key: kubernetes.io/arch
-                operator: In
-                values:
-                - arm64
               - key: kubernetes.io/os
                 operator: In
                 values:
-                - linux
-      containers:
-      - command:
-        - /usr/src/multus-cni/bin/multus-daemon
-        image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.3-thick
-        name: kube-multus
-        resources:
-          limits:
-            cpu: 100m
-            memory: 50Mi
-          requests:
-            cpu: 100m
-            memory: 50Mi
-        securityContext:
-          privileged: true
-        volumeMounts:
-            - name: cni
-              mountPath: /host/etc/cni/net.d
-            # multus-daemon expects that cnibin path must be identical between pod and container host.
-            # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon,
-            # not to any other directory, like '/opt/bin' or '/usr/bin'.
-            - name: cnibin
-              mountPath: /opt/cni/bin
-            - name: host-run
-              mountPath: /host/run
-            - name: host-var-lib-cni-multus
-              mountPath: /var/lib/cni/multus
-            - name: host-var-lib-kubelet
-              mountPath: /var/lib/kubelet
-              mountPropagation: HostToContainer
-            - name: host-run-k8s-cni-cncf-io
-              mountPath: /run/k8s.cni.cncf.io
-            - name: host-run-netns
-              mountPath: /run/netns
-              mountPropagation: HostToContainer
-            - name: multus-daemon-config
-              mountPath: /etc/cni/net.d/multus.d
-              readOnly: true
-            - name: hostroot
-              mountPath: /hostroot
-              mountPropagation: HostToContainer
-        env:
-          - name: MULTUS_NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName              
-      hostNetwork: true
-      hostPID: true
+                - linux 
+      priorityClassName: ""
       initContainers:
         - name: install-multus-binary
-          image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.3-thick
+          image: docker.io/bitnami/multus-cni:3.9.3
           command:
-            - "cp"
-            - "/usr/src/multus-cni/bin/multus-shim"
-            - "/host/opt/cni/bin/multus-shim"
-          resources:
-            requests:
-              cpu: "10m"
-              memory: "15Mi"
+            - cp
+            - "/usr/src/multus-cni/bin/multus"
+            - "/bitnami/multus-cni/host/opt/cni/bin"
           securityContext:
             privileged: true
-          terminationMessagePolicy: FallbackToLogsOnError
+            runAsNonRoot: false
+            runAsUser: 0
           volumeMounts:
-            - name: cnibin
-              mountPath: /host/opt/cni/bin
+            - name: cni-bin-dir
+              mountPath: /bitnami/multus-cni/host/opt/cni/bin
               mountPropagation: Bidirectional
-      serviceAccountName: multus
-      terminationGracePeriodSeconds: 10
-      tolerations:
-      - effect: NoSchedule
-        operator: Exists
+        - name: generate-kubeconfig
+          image: docker.io/bitnami/multus-cni:3.9.3
+          command:
+            - generate-kubeconfig
+          args:
+            - "-k8s-service-host=$(KUBERNETES_SERVICE_HOST)"
+            - "-k8s-service-port=$(KUBERNETES_SERVICE_PORT)"
+            - "-cni-config-dir=/bitnami/multus-cni/host/etc/cni/net.d"
+          securityContext:
+            privileged: true
+            runAsNonRoot: false
+            runAsUser: 0
+          volumeMounts:
+            - name: cni-net-dir
+              mountPath: /bitnami/multus-cni/host/etc/cni/net.d
+              mountPropagation: Bidirectional
+      containers:
+        - name: kube-multus
+          image: docker.io/bitnami/multus-cni:3.9.3
+          imagePullPolicy: "IfNotPresent"
+          command:
+            - multus-daemon
+          args:
+            - "-cni-version=0.3.0"
+            - "-cni-config-dir=/bitnami/multus-cni/host/etc/cni/net.d"
+            - "-multus-autoconfig-dir=/bitnami/multus-cni/host/etc/cni/net.d"
+            - "-multus-log-to-stderr=true"
+            - "-multus-log-level=verbose"
+          securityContext:
+            privileged: true
+            runAsNonRoot: false
+            runAsUser: 0
+          env:
+            - name: BITNAMI_DEBUG
+              value: "false"
+          envFrom:
+          livenessProbe:
+            exec:
+              command:
+                - pgrep
+                - multus-daemon
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+          resources:
+            limits: {}
+            requests: {}
+          volumeMounts:
+            - name: cni-net-dir
+              mountPath: /bitnami/multus-cni/host/etc/cni/net.d
       volumes:
-      - hostPath:
-          path: /etc/cni/net.d
-        name: cni
-      - hostPath:
-          path: /opt/cni/bin
-        name: cnibin
-      - name: hostroot
-        hostPath:
-          path: /        
-      - name: multus-daemon-config
-        configMap:
-          name: multus-daemon-config
-          items:
-          - key: daemon-config.json
-            path: daemon-config.json
-      - name: host-run
-        hostPath:
-          path: /run
-      - name: host-var-lib-cni-multus
-        hostPath:
-          path: /var/lib/cni/multus
-      - name: host-var-lib-kubelet
-        hostPath:
-          path: /var/lib/kubelet
-      - name: host-run-k8s-cni-cncf-io
-        hostPath:
-          path: /run/k8s.cni.cncf.io
-      - name: host-run-netns
-        hostPath:
-          path: /run/netns/
-
-  updateStrategy:
-    type: RollingUpdate
+        - name: cni-bin-dir
+          hostPath:
+            path: /opt/cni/bin
+        - name: cni-net-dir
+          hostPath:
+            path: /etc/cni/net.d

neonvm/config/multus-arm64/kustomization.yaml

@@ -8,21 +8,17 @@ images:
 - name: kube-multus
   newName: ghcr.io/k8snetworkplumbingwg/multus-cni
   newTag: v4.1.3-thick
-  
-resources:
-- config_map.yaml
+
+
 patchesStrategicMerge:
 - cluster_role.yaml
 - daemonset_patch.yaml
 
 patches:
-- target:
-    kind: DaemonSet
-    name: kube-multus-ds
+- target: 
+    kind: ServiceAccount
+    name: multus
   patch: |-
     - op: replace
-      path: /spec/template/spec/containers/0/command
-      value: ["/usr/src/multus-cni/bin/multus-daemon"]
-    - op: replace
-      path: /spec/template/spec/containers/0/args
-      value: []
+      path: /automountServiceAccountToken
+      value: true