From fdca7621bedeaf1ee9eb74108e0a33d7072d35b8 Mon Sep 17 00:00:00 2001
From: Ben Dronen <dronenb@users.noreply.github.com>
Date: Sun, 17 Nov 2024 07:28:10 -0700
Subject: [PATCH] feat(multus): wip

Signed-off-by: Ben Dronen <dronenb@users.noreply.github.com>
---
 .../workloads/multus-cni/create_manifests.sh  | 28 ++------
 .../manifests/base/clusterrole.yaml           |  2 -
 .../manifests/base/clusterrolebinding.yaml    |  2 -
 .../multus-cni/manifests/base/configmap.yaml  |  2 -
 .../base/customresourcedefinition.yaml        |  2 -
 .../multus-cni/manifests/base/daemonset.yaml  | 72 ++++++++++++++++++-
 .../manifests/base/kustomization.yaml         |  3 +-
 .../manifests/base/serviceaccount.yaml        |  2 -
 8 files changed, 78 insertions(+), 35 deletions(-)

diff --git a/kubernetes/workloads/multus-cni/create_manifests.sh b/kubernetes/workloads/multus-cni/create_manifests.sh
index e88d919..0963025 100755
--- a/kubernetes/workloads/multus-cni/create_manifests.sh
+++ b/kubernetes/workloads/multus-cni/create_manifests.sh
@@ -11,11 +11,14 @@ pushd "${multus_tmpdir}" || exit 1
 # This way I don't have to mess w/ installing CNI's to /opt/cni/bin myself
 helm repo add rke2-charts https://rke2-charts.rancher.io
 helm repo update
-helm template rke2-multus rke2-charts/rke2-multus | \
+helm template rke2-multus rke2-charts/rke2-multus \
+    --set manifests.dhcpDaemonSet=true \
+    --namespace kube-system | \
     yq --no-colors --prettyPrint '... comments=""' | \
     kubectl-slice -o . --template "{{ .kind | lower }}.yaml"
 
-initContainer=$(yq --no-colors '.spec.template.spec.initContainers[] | del(.env)' daemonset.yaml)
+initContainer=$(yq --no-colors 'select(di==0) | .spec.template.spec.initContainers[] | del(.env)' daemonset.yaml)
+dhcpDaemonSet=$(yq 'select(di==1)' daemonset.yaml)
 popd || exit 1
 rm -rf "${multus_tmpdir}"
 mkdir -p manifests/base
@@ -39,27 +42,10 @@ echo -n "${tmpvar}" |
     yq --no-colors --prettyPrint | \
     kubectl-slice -o . --skip-non-k8s --template "{{ .kind | lower }}.yaml"
 
-# Iterate over each yaml file
-files=()
-for file in *.yaml; do
-    if [[ "${file}" == "kustomization.yaml" ]]; then
-        continue
-    fi
-    files+=("${file}")
-    contents="$(cat "${file}")"
-    printf -- "---\n# yamllint disable rule:line-length\n%s" "${contents}" > "${file}"
-done
-
 yq -i '.spec.template.spec.initContainers += load("'<(echo -n "${initContainer}")'")' daemonset.yaml
-
+echo -e "\n---\n${dhcpDaemonSet}" >> daemonset.yaml
 # Create kustomize file
-cat <<EOF > kustomization.yaml
----
-kind: Kustomization
-apiVersion: kustomize.config.k8s.io/v1beta1
-resources:
-$(printf "  - %s\n" "${files[@]}")
-EOF
+kustomize create --autodetect
 
 # Format YAML
 prettier . --write
diff --git a/kubernetes/workloads/multus-cni/manifests/base/clusterrole.yaml b/kubernetes/workloads/multus-cni/manifests/base/clusterrole.yaml
index c5294fa..9fbb7fc 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/clusterrole.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/clusterrole.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
diff --git a/kubernetes/workloads/multus-cni/manifests/base/clusterrolebinding.yaml b/kubernetes/workloads/multus-cni/manifests/base/clusterrolebinding.yaml
index a2a79ac..6b9f1c8 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/clusterrolebinding.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/clusterrolebinding.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
diff --git a/kubernetes/workloads/multus-cni/manifests/base/configmap.yaml b/kubernetes/workloads/multus-cni/manifests/base/configmap.yaml
index 86e5e5e..15c5417 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/configmap.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/configmap.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 kind: ConfigMap
 apiVersion: v1
 metadata:
diff --git a/kubernetes/workloads/multus-cni/manifests/base/customresourcedefinition.yaml b/kubernetes/workloads/multus-cni/manifests/base/customresourcedefinition.yaml
index 51d4779..f0aa31d 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/customresourcedefinition.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/customresourcedefinition.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
diff --git a/kubernetes/workloads/multus-cni/manifests/base/daemonset.yaml b/kubernetes/workloads/multus-cni/manifests/base/daemonset.yaml
index e9346d2..a1828cd 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/daemonset.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/daemonset.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -133,3 +131,73 @@ spec:
         - name: host-run-netns
           hostPath:
             path: /run/netns/
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: rke2-multus-dhcp
+  namespace: kube-system
+  labels:
+    tier: node
+    app: rke2-multus
+spec:
+  selector:
+    matchLabels:
+      app: rke2-multus
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: rke2-multus
+    spec:
+      hostNetwork: true
+      tolerations:
+        - effect: NoSchedule
+          operator: Exists
+        - effect: NoExecute
+          operator: Exists
+      nodeSelector:
+        kubernetes.io/os: linux
+      initContainers:
+        - name: kube-rke2-multus-dhcp-cleanup
+          image: rancher/mirrored-library-busybox:1.36.1
+          command:
+            - rm
+            - -f
+            - /run/cni/dhcp.sock
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: socketpath
+              mountPath: /host/run/cni
+      containers:
+        - name: kube-rke2-multus-dhcp
+          image: rancher/mirrored-library-busybox:1.36.1
+          command:
+            - /opt/cni/bin/dhcp
+            - daemon
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - name: binpath
+              mountPath: /opt/cni/bin
+            - name: socketpath
+              mountPath: /run/cni
+            - name: netnspath
+              mountPath: /var/run/netns
+              mountPropagation: HostToContainer
+      volumes:
+        - name: binpath
+          hostPath:
+            path: /opt/cni/bin
+        - name: socketpath
+          hostPath:
+            path: /run/cni
+        - name: netnspath
+          hostPath:
+            path: /run/netns
diff --git a/kubernetes/workloads/multus-cni/manifests/base/kustomization.yaml b/kubernetes/workloads/multus-cni/manifests/base/kustomization.yaml
index 82fed19..56d657e 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/kustomization.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/kustomization.yaml
@@ -1,6 +1,5 @@
----
-kind: Kustomization
 apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
 resources:
   - clusterrole.yaml
   - clusterrolebinding.yaml
diff --git a/kubernetes/workloads/multus-cni/manifests/base/serviceaccount.yaml b/kubernetes/workloads/multus-cni/manifests/base/serviceaccount.yaml
index 6143584..396a4f9 100644
--- a/kubernetes/workloads/multus-cni/manifests/base/serviceaccount.yaml
+++ b/kubernetes/workloads/multus-cni/manifests/base/serviceaccount.yaml
@@ -1,5 +1,3 @@
----
-# yamllint disable rule:line-length
 apiVersion: v1
 kind: ServiceAccount
 metadata: