diff --git a/infra/capi/multus/multus-daemonset-thick.yml b/infra/capi/multus/multus-daemonset-thick.yml index 1775f53..e7dd6e6 100644 --- a/infra/capi/multus/multus-daemonset-thick.yml +++ b/infra/capi/multus/multus-daemonset-thick.yml @@ -69,7 +69,9 @@ rules: - pods/status verbs: - get + - list - update + - watch - apiGroups: - "" - events.k8s.io @@ -111,13 +113,13 @@ data: daemon-config.json: | { "chrootDir": "/hostroot", - "confDir": "/host/etc/cni/net.d", - "logLevel": "verbose", - "socketDir": "/host/run/multus/", "cniVersion": "0.3.1", + "logLevel": "verbose", + "logToStderr": true, "cniConfigDir": "/host/etc/cni/net.d", + "multusAutoconfigDir": "/host/etc/cni/net.d", "multusConfigFile": "auto", - "multusAutoconfigDir": "/host/etc/cni/net.d" + "socketDir": "/host/run/multus/" } --- apiVersion: apps/v1 @@ -152,7 +154,7 @@ spec: serviceAccountName: multus containers: - name: kube-multus - image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.0-thick command: [ "/usr/src/multus-cni/bin/multus-daemon" ] resources: requests: @@ -163,15 +165,22 @@ spec: memory: "50Mi" securityContext: privileged: true + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: cni mountPath: /host/etc/cni/net.d + # multus-daemon expects that cnibin path must be identical between pod and container host. + # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, + # not to any other directory, like '/opt/bin' or '/usr/bin'. + - name: cnibin + mountPath: /opt/cni/bin - name: host-run mountPath: /host/run - name: host-var-lib-cni-multus mountPath: /var/lib/cni/multus - name: host-var-lib-kubelet mountPath: /var/lib/kubelet + mountPropagation: HostToContainer - name: host-run-k8s-cni-cncf-io mountPath: /run/k8s.cni.cncf.io - name: host-run-netns @@ -183,9 +192,14 @@ spec: - name: hostroot mountPath: /hostroot mountPropagation: HostToContainer + env: + - name: MULTUS_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName initContainers: - name: install-multus-binary - image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.0.2-thick + image: ghcr.io/k8snetworkplumbingwg/multus-cni:v4.1.0-thick command: - "cp" - "/usr/src/multus-cni/bin/multus-shim" @@ -196,6 +210,7 @@ spec: memory: "15Mi" securityContext: privileged: true + terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: cnibin mountPath: /host/opt/cni/bin @@ -231,4 +246,4 @@ spec: path: /run/k8s.cni.cncf.io - name: host-run-netns hostPath: - path: /run/netns/ + path: /run/netns/ \ No newline at end of file