diff --git a/bitnami/multus-cni/Chart.lock b/bitnami/multus-cni/Chart.lock index d8abc40ffa..2441f8075b 100644 --- a/bitnami/multus-cni/Chart.lock +++ b/bitnami/multus-cni/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-10T22:06:36.402834487Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T15:35:43.783970147+01:00" diff --git a/bitnami/multus-cni/Chart.yaml b/bitnami/multus-cni/Chart.yaml index 97baee2e41..14d9722575 100644 --- a/bitnami/multus-cni/Chart.yaml +++ b/bitnami/multus-cni/Chart.yaml @@ -27,4 +27,4 @@ maintainers: name: multus-cni sources: - https://github.com/bitnami/charts/tree/main/bitnami/multus-cni -version: 1.5.0 +version: 1.6.0 diff --git a/bitnami/multus-cni/README.md b/bitnami/multus-cni/README.md index 344afc4001..96ea2c6ef3 100644 --- a/bitnami/multus-cni/README.md +++ b/bitnami/multus-cni/README.md @@ -80,86 +80,86 @@ The command removes all the Kubernetes components associated with the chart and ### Multus CNI parameters -| Name | Description | Value | -| ---------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ---------------------------- | -| `image.registry` | Multus CNI image registry | `REGISTRY_NAME` | -| `image.repository` | Multus CNI Image name | `REPOSITORY_NAME/multus-cni` | -| `image.digest` | Multus CNI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Multus CNI image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `CNIVersion` | CNI version | `0.3.0` | -| `hostCNIBinDir` | CNI binary dir in the host machine to mount | `/opt/cni/bin` | -| `hostCNINetDir` | CNI net.d dir in the host machine to mount | `/etc/cni/net.d` | -| `CNIMountPath` | Path inside the container to mount the CNI dirs | `/bitnami/multus-cni/host` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `priorityClassName` | Multus CNI pods' priorityClassName | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `extraEnvVars` | Extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the init container | `{}` | -| `resources.limits` | The resources limits for the init container | `{}` | -| `podSecurityContext.enabled` | Enable Multus CNI pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Multus CNI pods' group ID | `0` | -| `containerSecurityContext.enabled` | Enable Multus CNI containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Multus CNI containers' Security Context | `0` | -| `containerSecurityContext.runAsNonRoot` | Set Multus CNI container's Security Context runAsNonRoot | `false` | -| `containerSecurityContext.privileged` | Set Multus CNI container's Security Context privileged | `true` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | +| Name | Description | Value | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `image.registry` | Multus CNI image registry | `REGISTRY_NAME` | +| `image.repository` | Multus CNI Image name | `REPOSITORY_NAME/multus-cni` | +| `image.digest` | Multus CNI image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Multus CNI image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `CNIVersion` | CNI version | `0.3.0` | +| `hostCNIBinDir` | CNI binary dir in the host machine to mount | `/opt/cni/bin` | +| `hostCNINetDir` | CNI net.d dir in the host machine to mount | `/etc/cni/net.d` | +| `CNIMountPath` | Path inside the container to mount the CNI dirs | `/bitnami/multus-cni/host` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | +| `priorityClassName` | Multus CNI pods' priorityClassName | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `extraEnvVars` | Extra environment variables | `[]` | +| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | +| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | +| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | +| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | +| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `podSecurityContext.enabled` | Enable Multus CNI pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Multus CNI pods' group ID | `0` | +| `containerSecurityContext.enabled` | Enable Multus CNI containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Multus CNI containers' Security Context | `0` | +| `containerSecurityContext.runAsNonRoot` | Set Multus CNI container's Security Context runAsNonRoot | `false` | +| `containerSecurityContext.privileged` | Set Multus CNI container's Security Context privileged | `true` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | ### Other Parameters @@ -194,6 +194,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/multu ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/multus-cni/templates/NOTES.txt b/bitnami/multus-cni/templates/NOTES.txt index 584d3dfa37..a4e9d59727 100644 --- a/bitnami/multus-cni/templates/NOTES.txt +++ b/bitnami/multus-cni/templates/NOTES.txt @@ -29,3 +29,4 @@ Watch the Multus CNI Daemonset status using the command: IMPORTANT: Please ensure that {{ .Values.hostCNIBinDir }} and {{ .Values.hostCNINetDir }} are where the CNI binary and configuration files are located in the Kubernetes nodes, otherwise the deployment will fail. {{ include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }} diff --git a/bitnami/multus-cni/templates/daemonset.yaml b/bitnami/multus-cni/templates/daemonset.yaml index 66472aad38..53fd38f3a5 100644 --- a/bitnami/multus-cni/templates/daemonset.yaml +++ b/bitnami/multus-cni/templates/daemonset.yaml @@ -185,6 +185,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: cni-net-dir diff --git a/bitnami/multus-cni/values.yaml b/bitnami/multus-cni/values.yaml index 9f40ab5d12..d164f96f62 100644 --- a/bitnami/multus-cni/values.yaml +++ b/bitnami/multus-cni/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -41,11 +40,9 @@ commonAnnotations: {} ## @param commonLabels Common labels to add to all Multus CNI resources (sub-charts are not considered). Evaluated as a template ## commonLabels: {} - ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -60,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section Multus CNI parameters ## @@ -170,7 +166,6 @@ sidecars: [] ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ ## tolerations: [] - ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -229,7 +224,6 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @@ -267,12 +261,21 @@ affinity: {} nodeSelector: {} ## Multus CNI container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resources.requests [object] The requested resources for the init container -## @param resources.limits The resources limits for the init container +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## -resources: - limits: {} - requests: {} +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable Multus CNI pods' Security Context @@ -372,7 +375,6 @@ podAnnotations: {} ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} - ## @section Other Parameters ## @@ -382,7 +384,6 @@ rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## create: true - ## Service account for Multus CNI to use. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ##