Installing Kindnet CNI using resource Bundle
This section describes steps to install kindnet CNI solution on a CAPI cluster using Fleet Bundle resource.
Deploying Kindnet
We will use Fleet Bundle resource to deploy Kindnet on the docker cluster.
> kubectl get clusters
NAME CLUSTERCLASS PHASE AGE VERSION
docker-demo quick-start Provisioned 35h v1.29.2
First, let's review our targes for the kindnet bundle. They should match labels on the cluster, or the name of the cluster, as in this instance:
targets:
- clusterName: docker-demo
We will apply the resource from the:
kind: Bundle
apiVersion: fleet.cattle.io/v1alpha1
metadata:
name: kindnet-cni
spec:
resources:
# List of all resources that will be deployed
- content: |-
# kindnetd networking manifest
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kindnet
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- patch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kindnet
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kindnet
subjects:
- kind: ServiceAccount
name: kindnet
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kindnet
namespace: kube-system
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: kindnet
namespace: kube-system
labels:
tier: node
app: kindnet
k8s-app: kindnet
spec:
selector:
matchLabels:
app: kindnet
template:
metadata:
labels:
tier: node
app: kindnet
k8s-app: kindnet
spec:
hostNetwork: true
tolerations:
- operator: Exists
effect: NoSchedule
serviceAccountName: kindnet
containers:
- name: kindnet-cni
image: kindest/kindnetd:v20230511-dc714da8
env:
- name: HOST_IP
valueFrom:
fieldRef:
fieldPath: status.hostIP
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: POD_SUBNET
value: '10.1.0.0/16'
volumeMounts:
- name: cni-cfg
mountPath: /etc/cni/net.d
- name: xtables-lock
mountPath: /run/xtables.lock
readOnly: false
- name: lib-modules
mountPath: /lib/modules
readOnly: true
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
securityContext:
privileged: false
capabilities:
add: ["NET_RAW", "NET_ADMIN"]
volumes:
- name: cni-bin
hostPath:
path: /opt/cni/bin
type: DirectoryOrCreate
- name: cni-cfg
hostPath:
path: /etc/cni/net.d
type: DirectoryOrCreate
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
- name: lib-modules
hostPath:
path: /lib/modules
name: kindnet.yaml
targets:
- clusterName: docker-demo
> kubectl apply -f testdata/cni.yaml
bundle.fleet.cattle.io/kindnet-cni configured
After some time we should see the resource in a ready state:
> kubectl get bundles kindnet-cni
NAME BUNDLEDEPLOYMENTS-READY STATUS
kindnet-cni 1/1
This should result in a kindnet running on the matching cluster:
> kubectl get pods --context docker-demo -A | grep kindnet
kube-system kindnet-dqzwh 1/1 Running 0 2m11s
kube-system kindnet-jbkjq 1/1 Running 0 2m11s