feat: add Multus CNI integration with socket-based readiness

Implement Multus CNI as an internal addon that automatically deploys
alongside primary CNI providers (Cilium/Calico) on supported cloud
providers (EKS/Nutanix).

- Add socket-based readiness detection using CNI socket paths
- Implement template function following CAREN standard pattern
- Register Multus handler in lifecycle hooks
- Add values template with Go template syntax for socket configuration
- Deploy Multus using HelmAddon strategy with readinessIndicatorFile

Multus is not exposed in the API and deploys automatically based on
cloud provider and CNI selection.

Author: legacyrj

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -78,6 +78,8 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | hooks.cni.cilium.crsStrategy.defaultCiliumConfigMap.name | string | `"cilium"` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cilium-cni-helm-values-template"` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-multus-values-template"` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cosi-controller-helm-values-template"` |  |
 | hooks.csi.aws-ebs.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |

charts/cluster-api-runtime-extensions-nutanix/addons/cni/multus/values-template.yaml

@@ -0,0 +1,102 @@
+# Default values for multus.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# Image configuration
+image:
+  repository: ghcr.io/k8snetworkplumbingwg/multus-cni
+  tag: ""  # If empty, will use Chart.AppVersion + suffix
+  suffix: "-thick"  # Default suffix (can be overridden)
+  pullPolicy: IfNotPresent
+
+# Image pull secrets
+imagePullSecrets: []
+
+# Service account configuration
+serviceAccount:
+  create: true
+  name: multus
+  annotations: {}
+
+# Pod security context
+podSecurityContext:
+  privileged: true
+
+# Container security context
+securityContext:
+  privileged: true
+  capabilities:
+    add:
+      - NET_ADMIN
+      - SYS_ADMIN
+
+# Priority class
+priorityClassName: system-node-critical
+
+# Pod network configuration
+hostNetwork: true
+hostPID: true
+
+# Pod lifecycle configuration
+terminationGracePeriodSeconds: 10
+
+# Update strategy
+updateStrategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 1
+
+# Tolerations
+tolerations:
+  - operator: Exists
+    effect: NoSchedule
+  - operator: Exists
+    effect: NoExecute
+
+# Node selector
+nodeSelector: {}
+
+# Affinity
+affinity: {}
+
+# Pod annotations
+podAnnotations: {}
+
+# Pod labels
+podLabels: {}
+
+# Resource limits and requests
+resources:
+  limits:
+    cpu: 100m
+    memory: 128Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+# Multus daemon configuration
+daemonConfig:
+  chrootDir: "/hostroot"
+  cniVersion: "0.3.1"
+  logLevel: "verbose"
+  logToStderr: true
+  readinessIndicatorFile: "{{ .ReadinessSocketPath }}"
+  cniConfigDir: "/host/etc/cni/net.d"
+  multusAutoconfigDir: "/host/etc/cni/net.d"
+  multusConfigFile: "auto"
+  socketDir: "/host/run/multus/"
+
+{{- if .ReadinessSocketPath }}
+# Volumes for CNI readiness socket
+volumes:
+  - name: {{ .SocketVolumeName }}
+    hostPath:
+      path: "{{ .ReadinessSocketPath }}"
+      type: Socket
+
+# Volume mounts for CNI readiness socket
+volumeMounts:
+  - name: {{ .SocketVolumeName }}
+    mountPath: "{{ .ReadinessSocketPath }}"
+    readOnly: true
+{{- end }}

charts/cluster-api-runtime-extensions-nutanix/templates/cni/multus/manifests/helm-addon-installation.yaml

@@ -0,0 +1,12 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    {{- .Files.Get "addons/cni/multus/values-template.yaml" | nindent 4 }}
+{{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -43,6 +43,10 @@ data:
     ChartName: metallb
     ChartVersion: 0.15.2
     RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }}'
+  multus: |
+    ChartName: multus
+    ChartVersion: 0.1.0
+    RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://mesosphere.github.io/charts/stable/{{ end }}'
   nfd: |
     ChartName: node-feature-discovery
     ChartVersion: 0.18.1

charts/cluster-api-runtime-extensions-nutanix/values.schema.json

@@ -381,6 +381,27 @@
                                     }
                                 }
                             }
+                        },
+                        "multus": {
+                            "type": "object",
+                            "properties": {
+                                "helmAddonStrategy": {
+                                    "type": "object",
+                                    "properties": {
+                                        "defaultValueTemplateConfigMap": {
+                                            "type": "object",
+                                            "properties": {
+                                                "create": {
+                                                    "type": "boolean"
+                                                },
+                                                "name": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        }
+                                    }
+                                }
+                            }
                         }
                     }
                 },

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -43,6 +43,11 @@ hooks:
         defaultValueTemplateConfigMap:
           create: true
           name: default-cilium-cni-helm-values-template
+    multus:
+      helmAddonStrategy:
+        defaultValueTemplateConfigMap:
+          create: true
+          name: default-multus-values-template
   csi:
     nutanix:
       helmAddonStrategy:

hack/addons/helm-chart-bundler/Dockerfile

@@ -1,4 +1,4 @@
-ARG MINDTHEGAP_VERSION=v1.24.0
+ARG MINDTHEGAP_VERSION=v1.17.0
 
 FROM --platform=${BUILDPLATFORM} ghcr.io/mesosphere/mindthegap:${MINDTHEGAP_VERSION} as bundle_builder
 # This gets called by goreleaser so the copy source has to be the path relative to the repo root.

hack/addons/helm-chart-bundler/repos.yaml

@@ -51,6 +51,11 @@ repositories:
     charts:
       metallb:
       - 0.15.2
+  multus:
+    repoURL: https://mesosphere.github.io/charts/stable/
+    charts:
+      multus:
+      - 0.1.0
   node-feature-discovery:
     repoURL: https://kubernetes-sigs.github.io/node-feature-discovery/charts
     charts:

hack/addons/kustomize/multus/kustomization.yaml.tmpl

@@ -0,0 +1,20 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: multus
+
+sortOptions:
+  order: fifo
+
+helmCharts:
+- name: multus
+  namespace: kube-system
+  repo: https://mesosphere.github.io/charts/stable/
+  releaseName: multus
+  version: 0.1.0
+  includeCRDs: true
+  skipTests: true

pkg/handlers/lifecycle/cni/multus/deployer.go

@@ -0,0 +1,104 @@
+// Copyright 2024 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package multus
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/lifecycle/addons"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/lifecycle/config"
+)
+
+const (
+	defaultMultusReleaseName = "multus"
+	defaultMultusNamespace   = metav1.NamespaceSystem
+)
+
+type MultusDeployer struct {
+	client              ctrlclient.Client
+	helmChartInfoGetter *config.HelmChartGetter
+}
+
+func NewMultusDeployer(client ctrlclient.Client, helmChartInfoGetter *config.HelmChartGetter) *MultusDeployer {
+	return &MultusDeployer{
+		client:              client,
+		helmChartInfoGetter: helmChartInfoGetter,
+	}
+}
+
+func (m *MultusDeployer) Deploy(
+	ctx context.Context,
+	cluster *clusterv1.Cluster,
+	readinessSocketPath string,
+	targetNamespace string,
+	log logr.Logger,
+) error {
+	// Check if Multus deployment is supported for this cloud provider
+	isSupported, providerName := m.isCloudProviderSupported(cluster)
+
+	// Currently, Multus is only supported for EKS and Nutanix clusters
+	if !isSupported {
+		log.Info("Multus deployment is only supported for EKS and Nutanix clusters. Skipping deployment.")
+		return nil
+	}
+
+	log.Info(fmt.Sprintf("Cluster is %s. Proceeding with Multus deployment.", providerName))
+
+	// Get Multus Helm chart info
+	helmChart, err := m.helmChartInfoGetter.For(ctx, log, config.Multus)
+	if err != nil {
+		// For local testing, provide a placeholder chart info
+		log.Info("Multus not found in helm-config.yaml, using placeholder chart info for local development")
+		helmChart = &config.HelmChart{
+			Name:       "multus",
+			Version:    "dev",
+			Repository: "",
+		}
+	}
+
+	// Deploy Multus using HelmAddonApplier with template function
+	strategy := addons.NewHelmAddonApplier(
+		addons.NewHelmAddonConfig(
+			"default-multus-values-template",
+			defaultMultusNamespace,
+			defaultMultusReleaseName,
+		),
+		m.client,
+		helmChart,
+	).WithValueTemplater(templateValuesFunc(readinessSocketPath)).
+		WithDefaultWaiter()
+
+	if err := strategy.Apply(ctx, cluster, targetNamespace, log); err != nil {
+		return fmt.Errorf("failed to apply Multus deployment: %w", err)
+	}
+
+	log.Info("Successfully deployed Multus")
+	return nil
+}
+
+// isCloudProviderSupported checks if the cluster is a supported cloud provider
+// by inspecting the infrastructure reference.
+func (m *MultusDeployer) isCloudProviderSupported(cluster *clusterv1.Cluster) (
+	isSupported bool,
+	providerName string,
+) {
+	if cluster.Spec.InfrastructureRef == nil {
+		return false, ""
+	}
+
+	switch cluster.Spec.InfrastructureRef.Kind {
+	case "AWSManagedCluster":
+		return true, "EKS"
+	case "NutanixCluster":
+		return true, "Nutanix"
+	default:
+		return false, ""
+	}
+}