mirror of https://github.com/linkerd/linkerd2.git
c3594bd373
This PR allows Linkerd-CNI to be called in non-chained (stand-alone) mode. Together with a separate controller https://github.com/ErmakovDmitriy/linkerd-multus-attach-operator this PR should allow to run Linkerd-CNI in Kubernetes clusters with Multus CNI. The main issue with Multus-CNI clusters is that Multus does not handle "*.conflist" CNI configuration files, so Linkerd-CNI is ignored. Please, take a look at some details in issue #8553. Short summary about the aforementioned controller: it adds Multus NetworkAttachmentDefinitions to namespaces which have special annotation `linkerd.io/multus=enabled` and patches Pod definitions with `k8s.cni.cncf.io/v1=linkerd-cni`. The result is that Linkerd-CNI binary is called by Multus with configuration from the NetworkAttachmentDefinition. For using with Openshift, one should manually annotate a namespace or a Pod with config.linkerd.io/proxy-uid annotation with some value in the allowed range, for instance: ```yaml apiVersion: v1 kind: Namespace metadata: annotations: # I used UID in the end of the range "openshift.io/sa.scc.uid-range" config.linkerd.io/proxy-uid: "1000739999" linkerd.io/inject: enabled linkerd.io/multus: enabled openshift.io/sa.scc.mcs: s0:c27,c14 openshift.io/sa.scc.supplemental-groups: 1000730000/10000 openshift.io/sa.scc.uid-range: 1000730000/10000 labels: config.linkerd.io/admission-webhooks: enabled kubernetes.io/metadata.name: emojivoto name: emojivoto ``` Signed-off-by: Dmitrii Ermakov <demonihin@gmail.com> |
||
|---|---|---|
| .. | ||
| deployment | ||
| test | ||
| Dockerfile | ||
| main.go | ||