Merge pull request #828 from s1061123/dev/chroot

Add chroot option in multus-daemon
2022-04-13 15:38:56 -04:00
parent bf4d6c716c 282b40a503
commit 13e4b3a1c4
13 changed files with 269 additions and 54 deletions
--- a/docs/how-to-use.md
+++ b/docs/how-to-use.md
@@ -39,7 +39,7 @@ cat >/etc/cni/net.d/00-multus.conf <<EOF
 {
  "name": "multus-cni-network",
  "type": "multus",
-  "readinessindicatorfile": "/var/run/flannel/subnet.env",
+  "readinessindicatorfile": "/run/flannel/subnet.env",
  "delegates": [
    {
      "NOTE1": "This is example, wrote your CNI config in delegates",
--- a/docs/thick-plugin.md
+++ b/docs/thick-plugin.md
@@ -79,7 +79,14 @@ specifies the path to the server configuration:

 The server configuration is encoded in JSON, and allows the following keys:

+- `"chrootDir"`: Specify the directory which points to host root from the pod. See 'Chroot configuration' section for the details.
 - `"socketDir"`: Specify the location where the unix domain socket used for
-client/server communication will be located. Defaults to `"/var/run/multus-cni/"`.
+client/server communication will be located. Defaults to `"/run/multus-cni"`.

 In addition, you can add any configuration which is in [configuration reference](https://github.com/k8snetworkplumbingwg/multus-cni/blob/master/docs/configuration.md#multus-cni-configuration-reference). Server configuration override multus CNI configuration (e.g. `/etc/cni/net.d/00-multus.conf`)
+
+#### Chroot configuration
+
+In thick plugin case, delegate CNI plugin is executed by multus-daemon from Pod, hence if the delegate CNI requires resources in container host, for example unix socket or even file, then CNI plugin is failed to execute because multus-daemon runs in Pod. Multus-daemon supports "chrootDir" option which executes delegate CNI under chroot (to container host).
+
+This configuration is enabled in deployments/multus-daemonset-thick.yml as default.