richard
/
kubespray
mirror of https://github.com/kubernetes-sigs/kubespray.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Multus configuration add namespace isolation (#11605) 

#11594
pull/11632/head
Nicolas Marcq 6 months ago
committed by GitHub
parent
b4768cfa91
commit
4e62e36f3a
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 8 additions and 0 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      docs/CNI/multus.md
  2. 1
      roles/network_plugin/multus/defaults/main.yml
  3. 1
      roles/network_plugin/multus/templates/multus-daemonset.yml.j2

6
docs/CNI/multus.md
View File

@ -17,6 +17,12 @@ kube_network_plugin_multus: true
will install Multus and Calico and configure Multus to use Calico as the primary network plugin.
Namespace isolation enables a mode where Multus only allows pods to access custom resources (the `NetworkAttachmentDefinitions`) within the namespace where that pod resides. To enable namespace isolation:
```yml
multus_namespace_isolation: true
```
### Cilium compatibility
If you are using `cilium` as the primary CNI you'll have to set `cilium_cni_exclusive` to `false` to avoid cillium reverting multus config.

1
roles/network_plugin/multus/defaults/main.yml
View File

@ -7,3 +7,4 @@ multus_cni_conf_dir: "{{ ('/host', multus_cni_conf_dir_host) | join }}"
multus_cni_bin_dir: "{{ ('/host', multus_cni_bin_dir_host) | join }}"
multus_cni_run_dir: "{{ ('/host', multus_cni_run_dir_host) | join }}"
multus_kubeconfig_file_host: "{{ (multus_cni_conf_dir_host, '/multus.d/multus.kubeconfig') | join }}"
multus_namespace_isolation: false

1
roles/network_plugin/multus/templates/multus-daemonset.yml.j2
View File

@ -61,6 +61,7 @@ spec:
- "--cni-bin-dir={{ multus_cni_bin_dir }}"
- "--multus-conf-file={{ multus_conf_file }}"
- "--multus-kubeconfig-file-host={{ multus_kubeconfig_file_host }}"
- "--namespace-isolation={{ multus_namespace_isolation | string | lower }}"
resources:
requests:
cpu: "100m"

Write Preview
Loading…
Cancel
Save