apiVersion: apps/v1 kind: DaemonSet metadata: name: kube-multus-ds namespace: kube-system labels: tier: node app: multus name: multus spec: selector: matchLabels: name: multus updateStrategy: type: RollingUpdate template: metadata: labels: tier: node app: multus name: multus spec: hostNetwork: true hostPID: true tolerations: - operator: Exists effect: NoSchedule - operator: Exists effect: NoExecute serviceAccountName: multus containers: - name: kube-multus image: ghcr.io/k8snetworkplumbingwg/multus-cni:snapshot-thick command: [ "/usr/src/multus-cni/bin/multus-daemon" ] resources: requests: cpu: "100m" memory: "50Mi" limits: cpu: "100m" memory: "50Mi" securityContext: privileged: true terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: cni mountPath: /host/etc/cni/net.d # multus-daemon expects that cnibin path must be identical between pod and container host. # e.g. if the cni bin is in '/opt/cni/bin' on the container host side, then it should be mount to '/opt/cni/bin' in multus-daemon, # not to any other directory, like '/opt/bin' or '/usr/bin'. - name: cnibin mountPath: /opt/cni/bin - name: host-run mountPath: /host/run - name: host-var-lib-cni-multus mountPath: /var/lib/cni/multus - name: host-var-lib-kubelet mountPath: /var/lib/kubelet mountPropagation: HostToContainer - name: host-run-k8s-cni-cncf-io mountPath: /run/k8s.cni.cncf.io - name: host-run-netns mountPath: /run/netns mountPropagation: HostToContainer - name: multus-daemon-config mountPath: /etc/cni/net.d/multus.d readOnly: true - name: hostroot mountPath: /hostroot mountPropagation: HostToContainer - mountPath: /etc/cni/multus/net.d name: multus-conf-dir env: - name: MULTUS_NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName initContainers: - name: install-multus-binary image: ghcr.io/k8snetworkplumbingwg/multus-cni:snapshot-thick command: - "/usr/src/multus-cni/bin/install_multus" - "-d" - "/host/opt/cni/bin" - "-t" - "thick" resources: requests: cpu: "10m" memory: "15Mi" securityContext: privileged: true terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: cnibin mountPath: /host/opt/cni/bin mountPropagation: Bidirectional - name: install-dhcp image: alpine:3.22.1 env: - name: VERSION value: "1.8.0" command: ["/bin/sh"] args: - -c - | if [ "${uname -m}" = "x86_64" ] || [ "${uname -m}" = "amd64" ]; then ARCH="amd64" elif [ "${uname -m}" = "arm64" ] || [ "${uname -m}" = "aarch64" ]; then ARCH="arm64" else exit 1 fi set -e apk add --no-cache wget tar wget https://github.com/containernetworking/plugins/releases/download/v${VERSION}/cni-plugins-linux-${ARCH}-v${VERSION}.tgz tar -xzf cni-plugins-linux-${ARCH}-v${VERSION}.tgz -C /host/opt/cni/bin --strip-components=1 --wildcards '*/dhcp' rm cni-plugins-linux-${ARCH}-v${VERSION}.tgz resources: requests: cpu: "10m" memory: "15Mi" securityContext: privileged: true terminationMessagePolicy: FallbackToLogsOnError volumeMounts: - name: cnibin mountPath: /host/opt/cni/bin mountPropagation: Bidirectional terminationGracePeriodSeconds: 10 volumes: - name: cni hostPath: path: /etc/cni/net.d - name: cnibin hostPath: path: /opt/cni/bin - name: hostroot hostPath: path: / - name: multus-daemon-config configMap: name: multus-daemon-config items: - key: daemon-config.json path: daemon-config.json - name: host-run hostPath: path: /run - name: host-var-lib-cni-multus hostPath: path: /var/lib/cni/multus - name: host-var-lib-kubelet hostPath: path: /var/lib/kubelet - name: host-run-k8s-cni-cncf-io hostPath: path: /run/k8s.cni.cncf.io - name: host-run-netns hostPath: path: /var/run/netns/ - name: multus-conf-dir hostPath: path: /etc/cni/multus/net.d