000-ns.yaml

apiVersion: v1
kind: Namespace
metadata:
  name: multus
  labels:
    name: multus
    openshift.io/run-level: "0"
  annotations:
    openshift.io/node-selector: "" #override default node selector
    openshift.io/description: "Multus network plugin components"

002-rbac.yaml

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: multus
rules:
- apiGroups: ["apiextensions.k8s.io"]
  resources:
  - customresourcedefinitions
  - customresourcedefinitions/status
  verbs:
  - get
  - list
  - watch
- apiGroups: ["k8s.cni.cncf.io"]
  resources: ["*"]
  verbs:
  - get
  - list
  - watch
- apiGroups: [""]
  resources:
  - namespaces
  verbs:
  - get
  - list
  - watch
- apiGroups: [""]
  resources:
  - pods
  - pods/status
  verbs:
  - get
  - list
  - watch
  - patch
  - update
- apiGroups: [""]
  resources:
  - events
  verbs:
  - create
  - patch
  - update

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: multus
  namespace: multus

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: multus
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: multus
subjects:
- kind: ServiceAccount
  name: multus
  namespace: multus

multus.yaml

kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: multus
  namespace: multus
  annotations:
    kubernetes.io/description: |
      This daemon set launches the Multus networking component on each node.
spec:
  selector:
    matchLabels:
      app: multus
  updateStrategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: multus
        component: network
        type: infra
        openshift.io/component: network
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      hostNetwork: true
      nodeSelector:
        beta.kubernetes.io/os: linux
      tolerations:
      - operator: Exists
      serviceAccountName: multus
      initContainers:
      - name: cni-plugins-supported
        image: {{.CNIPluginsSupportedImage}}
        command: ["/bin/sh"]
        args: ["-c", "cp -rf /usr/src/plugins/bin/* /host/opt/cni/bin"]
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /host/opt/cni/bin
          name: cnibin
      - name: cni-plugins-unsupported
        image: {{.CNIPluginsUnsupportedImage}}
        command: ["/bin/sh"]
        args: ["-c", "cp -rf /usr/src/plugins/bin/* /host/opt/cni/bin"]
        securityContext:
          privileged: true
        volumeMounts:
        - mountPath: /host/opt/cni/bin
          name: cnibin
      containers:
      - name: kube-multus
        image: {{.MultusImage}}
        command: ["/entrypoint.sh"]
        args:
        - "--multus-conf-file=auto"
        - "--multus-kubeconfig-file-host=/etc/kubernetes/cni/net.d/multus.d/multus.kubeconfig"
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        volumeMounts:
        - name: cni
          mountPath: /host/etc/cni/net.d
        - name: cnibin
          mountPath: /host/opt/cni/bin
      volumes:
        - name: cni
          hostPath:
            path: /etc/kubernetes/cni/net.d
        - name: cnibin
          hostPath:
            path: /var/lib/cni/bin