ponnet/templates/ponnet-cni.yaml

---
# Copyright 2017-present Open Networking Foundation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ponnet-plugin
rules:
  - apiGroups:
      - ""
    resources:
      - pods
    verbs:
      - get
      - update
      - patch
  - apiGroups:
      - "alpha.network.k8s.io"
    resources:
      - logicalnetworks
    verbs:
      - get
      - update
      - patch
  - apiGroups:
      - "alpha.network.k8s.io"
    resources:
      - physicalnetworks
    verbs:
      - get
      - update
      - patch
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
  - apiGroups:
      - "admissionregistration.k8s.io"
    resources:
      - validatingwebhookconfigurations
    verbs:
      - get
      - update
      - create
      - delete

---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ponnet-plugin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ponnet-plugin
subjects:
- kind: ServiceAccount
  name: ponnnet-plugin
  namespace: kube-system
- kind: Group
  name: system:authenticated
  apiGroup: rbac.authorization.k8s.io

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: ponnet-plugin
  namespace: kube-system

---
# This ConfigMap can be used to configure a self-hosted Ponnet installation.
kind: ConfigMap
apiVersion: v1
metadata:
  name: ponnet-config
  namespace: kube-system
data:
{{- $onucount := (.Values.numOnus|int) -}}
{{- range $i, $junk := until (.Values.numOlts|int) }}
  nni{{ $i }}.conf: |
    {
      "name": "nni{{ $i }}",
      "type": "bridge",
      "bridge": "nni{{ $i }}",
      "isGateway": false,
      "ipMask": false,
      "ipam": {
        "type": "host-local",
        "subnet": "10.23.0.0/16"
      }
    }
{{- range $j, $junk1 := until ($onucount) }}
  pon{{ $i }}.{{ $j }}.conf: |
    {
      "name": "pon{{ $i }}.{{ $j }}",
      "type": "bridge",
      "bridge": "pon{{ $i }}.{{ $j }}",
      "isGateway": false,
      "ipMask": false,
      "ipam": {
        "type": "host-local",
        "subnet": "10.22.0.0/16"
      }
    }
{{- end }}
{{- end }}
---
# Install Ponnnet CNI conf on each slave node.
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: ponnet-plugin
  namespace: kube-system
  labels:
    k8s-app: ponnet
spec:
  selector:
    matchLabels:
      k8s-app: ponnet
  template:
    metadata:
      labels:
        k8s-app: ponnet
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        scheduler.alpha.kubernetes.io/tolerations: |
          [
            {
              "key": "dedicated",
              "value": "master",
              "effect": "NoSchedule"
            },
            {
              "key": "CriticalAddonsOnly",
              "operator": "Exists"
            }
          ]
    spec:
      hostNetwork: true
      hostPID: true
      serviceAccountName: ponnet-plugin
      initContainers:
        # Installs CNI config files on each node
        - name: install-cni
          image: {{ .Values.pull_docker_registry }}{{ .Values.images.ponnet.repository }}:{{ .Values.images.ponnet.tag }} 
          imagePullPolicy: {{ .Values.images.ponnet.pullPolicy }}
          command: ["/bin/sh", "-c", "cp /tmp/cni/* /host/etc/cni/net.d"]
          env:
            - name: KUBERNETES_NODE_NAME
              valueFrom:
                fieldRef:
                  fieldPath: spec.nodeName
          volumeMounts:
            - mountPath: /host/opt/cni/bin
              name: cni-bin-dir
            - mountPath: /host/etc/cni/net.d
              name: cni-net-dir
            - mountPath: /tmp/cni
              name: ponnet-config
      volumes:
        - name: cni-bin-dir
          hostPath:
            path: /opt/cni/bin
        - name: cni-net-dir
          hostPath:
            path: /etc/cni/net.d
        - name: ponnet-config
          configMap:
            name: ponnet-config
      containers:
        - name: pause
          image: gcr.io/google_containers/pause