add a multus with sriov interfaces installation

Support deploying multus sriov CNI plugins by setting environment "kube_network_plugin" to "sriov". Change-Id: I3672fd7b6036063bdee57450c2100f39aa5ef68b Signed-off-by: Di Xu <di.xu@arm.com>
author: Di Xu <di.xu@arm.com> 2018-01-04 18:21:20 +0800
committer: Di Xu <di.xu@arm.com> 2018-03-08 15:09:00 +0800
commit: 3ad4238fbf8a8043cfbe6623b22b8d16e82a408f (patch)
tree: f2cd6c145584d8a155d8e1e221120a69acd59552 /deploy/adapters/ansible/kubernetes/roles/sriov/templates
parent: d9c78464420c0e40beeca60e982d6f86f96509af (diff)
3 files changed, 259 insertions, 0 deletions
diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2
new file mode 100644
index 00000000..1298aeaa
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov-rbac.yml.j2
@@ -0,0 +1,49 @@
+# Copyright (C) 2018, ARM Limited and contributors.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sriov
+  namespace: "{{system_namespace}}"
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: sriov
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: sriov
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sriov
+subjects:
+- kind: ServiceAccount
+  name: sriov
+  namespace: "{{system_namespace}}"
diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2 b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2
new file mode 100644
index 00000000..90c7f28c
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/cni-sriov.yml.j2
@@ -0,0 +1,159 @@
+# Copyright (C) 2018, ARM Limited and contributors.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+---
+apiVersion: extensions/v1beta1
+kind: ThirdPartyResource
+metadata:
+  name: network.kubernetes.com
+description: "A specification of a Network obj in the kubernetes"
+versions:
+- name: v1
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel
+  namespace: {{system_namespace}}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: kube-flannel-cfg
+  namespace: {{system_namespace}}
+  labels:
+    tier: node
+    app: flannel
+data:
+  cni-conf.json: |
+    {
+      "name": "cbr0",
+      "type": "flannel",
+      "delegate": {
+        "isDefaultGateway": true
+      }
+    }
+  net-conf.json: |
+    {
+      "Network": "10.244.0.0/16",
+      "Backend": {
+        "Type": "udp"
+      }
+    }
+---
+apiVersion: extensions/v1beta1
+kind: DaemonSet
+metadata:
+  name: kube-flannel-ds
+  namespace: {{system_namespace}}
+  labels:
+    tier: node
+    app: flannel
+spec:
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: flannel
+    spec:
+      hostNetwork: true
+      tolerations:
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
+      serviceAccountName: flannel
+      containers:
+      - name: kube-flannel
+        image: {{ flannel_image_repo }}:{{ flannel_image_tag }}
+        imagePullPolicy: {{ k8s_image_pull_policy }}
+        command: [ "/opt/bin/flanneld", "--ip-masq", "--kube-subnet-mgr" ]
+        securityContext:
+          privileged: true
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        volumeMounts:
+        - name: run
+          mountPath: /run
+        - name: flannel-cfg
+          mountPath: /etc/kube-flannel/
+      volumes:
+        - name: run
+          hostPath:
+            path: /run
+        - name: flannel-cfg
+          configMap:
+            name: kube-flannel-cfg
+---
+apiVersion: "kubernetes.com/v1"
+kind: Network
+metadata:
+  name: flannel-conf
+  namespace: default
+plugin: flannel
+args: '[
+  {
+    "masterplugin": true,
+    "delegate": {
+      "isDefaultGateway": true
+    }
+  }
+]'
+---
+apiVersion: "kubernetes.com/v1"
+kind: Network
+metadata:
+  name: sriov-conf1
+  namespace: default
+plugin: sriov
+args: '[
+  {
+    "master": "eth1.101",
+    "pfOnly": true,
+    "ipam": {
+      "type": "host-local",
+      "subnet": "192.168.123.0/24",
+      "rangeStart": "192.168.123.11",
+      "rangeEnd": "192.168.123.21",
+      "routes": [
+        {
+          "dst": "0.0.0.0/0"
+        }
+      ],
+      "gateway": "192.168.123.1"
+    }
+  }
+]'
+---
+apiVersion: "kubernetes.com/v1"
+kind: Network
+metadata:
+  name: sriov-conf2
+  namespace: default
+plugin: sriov
+args: '[
+  {
+    "master": "eth1.101",
+    "pfOnly": true,
+    "ipam": {
+      "type": "host-local",
+      "subnet": "192.168.123.0/24",
+      "rangeStart": "192.168.123.31",
+      "rangeEnd": "192.168.123.41",
+      "routes": [
+        {
+          "dst": "0.0.0.0/0"
+        }
+      ],
+      "gateway": "192.168.123.1"
+    }
+  }
+]'
diff --git a/deploy/adapters/ansible/kubernetes/roles/sriov/templates/sriov-test-pod.yml b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/sriov-test-pod.yml
new file mode 100644
index 00000000..849aca85
--- /dev/null
+++ b/deploy/adapters/ansible/kubernetes/roles/sriov/templates/sriov-test-pod.yml
@@ -0,0 +1,51 @@
+# Copyright (C) 2018, ARM Limited and contributors.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: multus-test1
+  annotations:
+    networks: '[
+      { "name": "flannel-conf" },
+      { "name": "sriov-conf1" }
+    ]'
+spec:
+  containers:
+    - name: multus-test
+      image: "busybox"
+      command: ["top"]
+      stdin: true
+      tty: true
+  nodeSelector:
+    kubernetes.io/hostname: "host1"
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: multus-test2
+  annotations:
+    networks: '[
+      { "name": "flannel-conf" },
+      { "name": "sriov-conf2" }
+    ]'
+spec:
+  containers:
+    - name: multus-test
+      image: "busybox"
+      command: ["top"]
+      stdin: true
+      tty: true
+  nodeSelector:
+    kubernetes.io/hostname: "host2"
+  tolerations:
+    - key: "node-role.kubernetes.io/master"
+      operator: "Exists"
+      effect: "NoSchedule"
author	Di Xu <di.xu@arm.com>	2018-01-04 18:21:20 +0800
committer	Di Xu <di.xu@arm.com>	2018-03-08 15:09:00 +0800
commit	3ad4238fbf8a8043cfbe6623b22b8d16e82a408f (patch)
tree	f2cd6c145584d8a155d8e1e221120a69acd59552 /deploy/adapters/ansible/kubernetes/roles/sriov/templates
parent	d9c78464420c0e40beeca60e982d6f86f96509af (diff)