From 71c856878c3f77731ab399720f71f6f0ea9c0c7e Mon Sep 17 00:00:00 2001
From: Christopher Randles <randles.chris@gmail.com>
Date: Fri, 13 Mar 2020 07:22:39 -0400
Subject: [PATCH] update multus to 3.4 and add crio support (#5701)

Signed-off-by: Chris Randles <randles.chris@gmail.com>
---
 README.md                                     |  2 +-
 roles/download/defaults/main.yml              |  2 +-
 roles/network_plugin/multus/defaults/main.yml |  5 +++-
 .../multus/files/multus-clusterrole.yml       | 13 +++++++----
 .../multus/files/multus-crd.yml               | 23 +++++++++++--------
 .../multus/templates/multus-daemonset.yml.j2  | 17 ++++++++++++++
 6 files changed, 45 insertions(+), 17 deletions(-)

diff --git a/README.md b/README.md
index d645176be..e5f76a5e3 100644
--- a/README.md
+++ b/README.md
@@ -125,7 +125,7 @@ Note: Upstart/SysV init based OS types are not supported.
   - [contiv](https://github.com/contiv/install) v1.2.1
   - [flanneld](https://github.com/coreos/flannel) v0.11.0
   - [kube-router](https://github.com/cloudnativelabs/kube-router) v0.2.5
-  - [multus](https://github.com/intel/multus-cni) v3.2.1
+  - [multus](https://github.com/intel/multus-cni) v3.4
   - [weave](https://github.com/weaveworks/weave) v2.5.2
 - Application
   - [cephfs-provisioner](https://github.com/kubernetes-incubator/external-storage) v2.1.0-k8s1.11
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index a1079964b..d2cbceef4 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -83,7 +83,7 @@ contiv_version: 1.2.1
 cilium_version: "v1.7.1"
 kube_ovn_version: "v0.6.0"
 kube_router_version: "v0.2.5"
-multus_version: "v3.2.1"
+multus_version: "v3.4"
 
 # Get kubernetes major version (i.e. 1.15.4 => 1.15)
 kube_major_version: "{{ kube_version | regex_replace('^v([0-9])+\\.([0-9]+)\\.[0-9]+', 'v\\1.\\2') }}"
diff --git a/roles/network_plugin/multus/defaults/main.yml b/roles/network_plugin/multus/defaults/main.yml
index 2fb723103..6c32cfa57 100644
--- a/roles/network_plugin/multus/defaults/main.yml
+++ b/roles/network_plugin/multus/defaults/main.yml
@@ -1,7 +1,10 @@
 ---
 multus_conf_file: "auto"
 multus_cni_conf_dir_host: "/etc/cni/net.d"
-multus_cni_bin_dir_host: "/opt/cni/bin"
+multus_cni_bin_dir_host: "{{ '/usr/libexec/cni' if container_manager == 'crio' else '/opt/cni/bin' }}"
+multus_cni_run_dir_host: "/run"
 multus_cni_conf_dir: "{{ ('/host',  multus_cni_conf_dir_host) | join }}"
 multus_cni_bin_dir: "{{ ('/host', multus_cni_bin_dir_host) | join }}"
+multus_cni_run_dir: "{{ ('/host', multus_cni_run_dir_host) | join }}"
+multus_cni_version: "0.3.1"
 multus_kubeconfig_file_host: "{{ (multus_cni_conf_dir_host, '/multus.d/multus.kubeconfig') | join }}"
diff --git a/roles/network_plugin/multus/files/multus-clusterrole.yml b/roles/network_plugin/multus/files/multus-clusterrole.yml
index 337775be2..39304c557 100644
--- a/roles/network_plugin/multus/files/multus-clusterrole.yml
+++ b/roles/network_plugin/multus/files/multus-clusterrole.yml
@@ -4,13 +4,16 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: multus
 rules:
-- apiGroups:
-  - '*'
+- apiGroups: ["k8s.cni.cncf.io"]
   resources:
   - '*'
   verbs:
   - '*'
-- nonResourceURLs:
-  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/status
   verbs:
-  - '*'
+  - get
+  - update
\ No newline at end of file
diff --git a/roles/network_plugin/multus/files/multus-crd.yml b/roles/network_plugin/multus/files/multus-crd.yml
index eab4406e2..0d3a9dd45 100644
--- a/roles/network_plugin/multus/files/multus-crd.yml
+++ b/roles/network_plugin/multus/files/multus-crd.yml
@@ -1,11 +1,10 @@
 ---
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
-apiVersion: apiextensions.k8s.io/v1beta1
 metadata:
   name: network-attachment-definitions.k8s.cni.cncf.io
 spec:
   group: k8s.cni.cncf.io
-  version: v1
   scope: Namespaced
   names:
     plural: network-attachment-definitions
@@ -13,10 +12,16 @@ spec:
     kind: NetworkAttachmentDefinition
     shortNames:
     - net-attach-def
-  validation:
-    openAPIV3Schema:
-      properties:
-        spec:
-          properties:
-            config:
-              type: string
+  versions:
+  - name: v1
+    served: true
+    storage: true
+    schema:
+      openAPIV3Schema:
+        type: object
+        properties:
+          spec:
+            type: object
+            properties:
+              config:
+                type: string
diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
index 3e2fbd9cd..0175a0c3f 100644
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@@ -36,6 +36,10 @@ spec:
         - "--cni-bin-dir={{ multus_cni_bin_dir }}"
         - "--multus-conf-file={{ multus_conf_file }}"
         - "--multus-kubeconfig-file-host={{ multus_kubeconfig_file_host }}"
+        - "--cni-version={{ multus_cni_version }}"
+{% if container_manager == 'crio' %}
+        - "--restart-crio=true"
+{% endif %}
         resources:
           requests:
             cpu: "100m"
@@ -45,12 +49,25 @@ spec:
             memory: "50Mi"
         securityContext:
           privileged: true
+{% if container_manager == 'crio' %}
+          capabilities:
+            add: ["SYS_ADMIN"]
+{% endif %}
         volumeMounts:
+{% if container_manager == 'crio' %}
+        - name: run
+          mountPath: {{ multus_cni_run_dir }}
+{% endif %}
         - name: cni
           mountPath: {{  multus_cni_conf_dir }}
         - name: cnibin
           mountPath: {{ multus_cni_bin_dir }}
       volumes:
+{% if container_manager == 'crio' %}
+      - name: run
+        hostPath:
+          path: {{ multus_cni_run_dir_host }}
+{% endif %}
       - name: cni
         hostPath:
           path: {{ multus_cni_conf_dir_host }}