Initial M-CORD services charts
Change-Id: I36bcfcb3f7800b95e54b5b8a375e113696f6d5b1
diff --git a/mcord/cni-config/01-cni-service-account.yaml b/mcord/cni-config/01-cni-service-account.yaml
new file mode 100644
index 0000000..022e248
--- /dev/null
+++ b/mcord/cni-config/01-cni-service-account.yaml
@@ -0,0 +1,50 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: pod-networks-operator
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- nonResourceURLs:
+ - '*'
+ verbs:
+ - '*'
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: sriov-dp
+ namespace: kube-system
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: sriov-dp
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: pod-networks-operator
+subjects:
+- kind: ServiceAccount
+ name: sriov-dp
+ namespace: kube-system
diff --git a/mcord/cni-config/02-network-crd.yaml b/mcord/cni-config/02-network-crd.yaml
new file mode 100644
index 0000000..3c1590a
--- /dev/null
+++ b/mcord/cni-config/02-network-crd.yaml
@@ -0,0 +1,38 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ # name must match the spec fields below, and be in the form: <plural>.<group>
+ name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+ # group name to use for REST API: /apis/<group>/<version>
+ group: k8s.cni.cncf.io
+ # version name to use for REST API: /apis/<group>/<version>
+ version: v1
+ # either Namespaced or Cluster
+ scope: Namespaced
+ names:
+ # plural name to be used in the URL: /apis/<group>/<version>/<plural>
+ plural: network-attachment-definitions
+ # singular name to be used as an alias on the CLI and for display
+ singular: network-attachment-definition
+ # kind is normally the CamelCased singular type. Your resource manifests use this.
+ kind: NetworkAttachmentDefinition
+ # shortNames allow shorter string to match your resource on the CLI
+ shortNames:
+ - net-attach-def
diff --git a/mcord/cni-config/03-network-definition.yaml b/mcord/cni-config/03-network-definition.yaml
new file mode 100644
index 0000000..5b0b62f
--- /dev/null
+++ b/mcord/cni-config/03-network-definition.yaml
@@ -0,0 +1,53 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: s1u-net
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: intel.com/sriov
+spec:
+ config: '{
+ "type": "sriov",
+ "name": "s1u-net",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "119.0.0.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+}'
+---
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: sgi-net
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: intel.com/sriov
+spec:
+ config: '{
+ "type": "sriov",
+ "name": "sgi-net",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "13.1.1.0/24",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ]
+ }
+}'
diff --git a/mcord/cni-config/04-sriov-device-plugin-configmap.yaml b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
new file mode 100644
index 0000000..086b9e7
--- /dev/null
+++ b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
@@ -0,0 +1,94 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: multus-certs
+ namespace: kube-system
+data:
+ install-certs.sh: |
+ # Copied from Calico
+ # https://github.com/projectcalico/cni-plugin/blob/master/k8s-install/scripts/install-cni.sh
+ touch /host/etc/cni/net.d/multus-kubeconfig
+ chmod 600 /host/etc/cni/net.d/multus-kubeconfig
+ SERVICE_ACCOUNT_PATH=/var/run/secrets/kubernetes.io/serviceaccount
+ KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
+ TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
+ SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
+ #cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+ # Kubeconfig file for Multus CNI plugin.
+ apiVersion: v1
+ kind: Config
+ clusters:
+ - name: local
+ cluster:
+ server: https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}
+ $TLS_CFG
+ users:
+ - name: multus
+ user:
+ token: "${SERVICEACCOUNT_TOKEN}"
+ contexts:
+ - name: multus-context
+ context:
+ cluster: local
+ user: multus
+ current-context: multus-context
+ EOF
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: sriov-config
+ namespace: kube-system
+data:
+ config.json: |
+ {
+ "resourceList":
+ [
+ {
+ "resourceName": "sriov",
+ "rootDevices": ["04:00.0"],
+ "sriovMode": true,
+ "deviceType": "netdevice"
+ }
+ ]
+ }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: multus-conf
+ namespace: kube-system
+data:
+ 01-cni-conf.json: |
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "logLevel": "debug",
+ "logFile": "/tmp/multus.log",
+ "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+ "delegates": [
+ {
+ "name": "cbr0",
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true
+ }
+ }
+ ]
+ }
diff --git a/mcord/cni-config/05-sriov-device-plugin.yaml b/mcord/cni-config/05-sriov-device-plugin.yaml
new file mode 100644
index 0000000..9b358a9
--- /dev/null
+++ b/mcord/cni-config/05-sriov-device-plugin.yaml
@@ -0,0 +1,109 @@
+---
+# Copyright 2017-present Open Networking Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+---
+kind: DaemonSet
+apiVersion: apps/v1
+metadata:
+ name: sriov-device-plugin
+ namespace: kube-system
+spec:
+ selector:
+ matchLabels:
+ name: sriov-device-plugin
+ template:
+ metadata:
+ labels:
+ name: sriov-device-plugin
+ spec:
+ serviceAccountName: sriov-dp
+ initContainers:
+ - name: init-sriov-dp
+ image: ngick8stesting/aio-cni:k8s-1.13
+ command: [ "bash", "-c" ]
+ args:
+ - cp /tmp/cni/bin/{multus,sriov,centralip} /host/opt/cni/bin/;
+ echo "Restarting crio/containerd, kubelet";
+ systemctl daemon-reload;
+ systemctl restart containerd;
+ systemctl restart crio;
+ systemctl restart kubelet;
+ volumeMounts:
+ - name: usr-bin
+ mountPath: /host/usr/bin
+ - name: cni-bin
+ mountPath: /host/opt/cni/bin
+ - name: multus-cm
+ mountPath: /tmp/etc/cni/net.d
+ - name: multus-certs
+ mountPath: /tmp/multus
+ - name: cni-conf
+ mountPath: /host/etc/cni/net.d
+ - name: dbus
+ mountPath: /var/run/dbus
+ - name: systemd
+ mountPath: /run/systemd
+ containers:
+ - name: sriov-device-plugin
+ image: ngick8stesting/aio-cni:k8s-1.13
+ imagePullPolicy: IfNotPresent
+ command: [ "/bin/sh", "-c" ]
+ args:
+ - /usr/bin/sriovdp --logtostderr -v 10;
+ echo "exit status $?";
+ volumeMounts:
+ - mountPath: /var/lib/kubelet/device-plugins/
+ name: devicesock
+ readOnly: false
+ - mountPath: /sys/class/net/
+ name: net
+ readOnly: true
+ - mountPath: /etc/pcidp/
+ name: sriov-config
+ readOnly: false
+ volumes:
+ - name: sriov-config
+ configMap:
+ name: sriov-config
+ - name: usr-bin
+ hostPath:
+ path: /usr/bin
+ - name: cni-bin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-cm
+ configMap:
+ name: multus-conf
+ - name: multus-certs
+ configMap:
+ defaultMode: 511
+ name: multus-certs
+ - name: cni-conf
+ hostPath:
+ path: /etc/cni/net.d
+ - name: dbus
+ hostPath:
+ path: /var/run/dbus
+ - name: systemd
+ hostPath:
+ path: /run/systemd
+ - name: net
+ hostPath:
+ path: /sys/class/net
+ - name: devicesock
+ hostPath:
+ path: /var/lib/kubelet/device-plugins/
+ hostNetwork: true
+ hostPID: true