feat: add Multus CNI integration with socket-based readiness (#1367)

**What problem does this PR solve?**:

Implement Multus CNI as an internal addon that automatically deploys
alongside primary CNI providers (Cilium/Calico) on supported cloud
providers (EKS/Nutanix).

- Add socket-based readiness detection using CNI socket paths
- Implement template function following CAREN standard pattern
- Register Multus handler in lifecycle hooks
- Add values template with Go template syntax for socket configuration
- Deploy Multus using HelmAddon strategy with readinessIndicatorFile

Multus is not exposed in the API and deploys automatically based on
cloud provider and CNI selection.
Current PR is to deploy by default(i.e always)



**Which issue(s) this PR fixes**:
Fixes #

**How Has This Been Tested?**:
<!--
Please describe the tests that you ran to verify your changes.
Provide output from the tests and any manual steps needed to replicate
the tests.
-->

**Special notes for your reviewer**:
<!--
Use this to provide any additional information to the reviewers.
This may include:
- Best way to review the PR.
- Where the author wants the most review attention on.
- etc.
-->

Currently it supports both Nutanix and EKS for testing purpose, will
remove Nutanix once we finalize handler implementation.

Author: legacyrj

charts/cluster-api-runtime-extensions-nutanix/README.md

@@ -78,6 +78,8 @@ A Helm chart for cluster-api-runtime-extensions-nutanix
 | hooks.cni.cilium.crsStrategy.defaultCiliumConfigMap.name | string | `"cilium"` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cni.cilium.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cilium-cni-helm-values-template"` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
+| hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-multus-values-template"` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |
 | hooks.cosi.controller.helmAddonStrategy.defaultValueTemplateConfigMap.name | string | `"default-cosi-controller-helm-values-template"` |  |
 | hooks.csi.aws-ebs.helmAddonStrategy.defaultValueTemplateConfigMap.create | bool | `true` |  |

charts/cluster-api-runtime-extensions-nutanix/addons/cni/multus/values-template.yaml

@@ -0,0 +1,18 @@
+# Multus daemon configuration overrides
+daemonConfig:
+  readinessIndicatorFile: "{{ .ReadinessSocketPath }}"
+
+{{- if .ReadinessSocketPath }}
+# Volumes for CNI readiness socket
+volumes:
+  - name: cni-readiness-sock
+    hostPath:
+      path: "{{ .ReadinessSocketPath }}"
+      type: Socket
+
+# Volume mounts for CNI readiness socket
+volumeMounts:
+  - name: cni-readiness-sock
+    mountPath: "{{ .ReadinessSocketPath }}"
+    readOnly: true
+{{- end }}

charts/cluster-api-runtime-extensions-nutanix/templates/cni/multus/manifests/helm-addon-installation.yaml

@@ -0,0 +1,12 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+{{- if .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.create }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: '{{ .Values.hooks.cni.multus.helmAddonStrategy.defaultValueTemplateConfigMap.name }}'
+data:
+  values.yaml: |-
+    {{- .Files.Get "addons/cni/multus/values-template.yaml" | nindent 4 }}
+{{- end -}}

charts/cluster-api-runtime-extensions-nutanix/templates/helm-config.yaml

@@ -43,6 +43,10 @@ data:
     ChartName: metallb
     ChartVersion: 0.15.2
     RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://metallb.github.io/metallb{{ end }}'
+  multus: |
+    ChartName: multus
+    ChartVersion: 0.1.0
+    RepositoryURL: '{{ if .Values.helmRepository.enabled }}oci://helm-repository.{{ .Release.Namespace }}.svc/charts{{ else }}https://mesosphere.github.io/charts/stable/{{ end }}'
   nfd: |
     ChartName: node-feature-discovery
     ChartVersion: 0.18.1

charts/cluster-api-runtime-extensions-nutanix/values.schema.json

@@ -381,6 +381,27 @@
                                     }
                                 }
                             }
+                        },
+                        "multus": {
+                            "type": "object",
+                            "properties": {
+                                "helmAddonStrategy": {
+                                    "type": "object",
+                                    "properties": {
+                                        "defaultValueTemplateConfigMap": {
+                                            "type": "object",
+                                            "properties": {
+                                                "create": {
+                                                    "type": "boolean"
+                                                },
+                                                "name": {
+                                                    "type": "string"
+                                                }
+                                            }
+                                        }
+                                    }
+                                }
+                            }
                         }
                     }
                 },

charts/cluster-api-runtime-extensions-nutanix/values.yaml

@@ -43,6 +43,11 @@ hooks:
         defaultValueTemplateConfigMap:
           create: true
           name: default-cilium-cni-helm-values-template
+    multus:
+      helmAddonStrategy:
+        defaultValueTemplateConfigMap:
+          create: true
+          name: default-multus-values-template
   csi:
     nutanix:
       helmAddonStrategy:

hack/addons/helm-chart-bundler/repos.yaml

@@ -51,6 +51,11 @@ repositories:
     charts:
       metallb:
       - 0.15.2
+  multus:
+    repoURL: https://mesosphere.github.io/charts/stable/
+    charts:
+      multus:
+      - 0.1.0
   node-feature-discovery:
     repoURL: https://kubernetes-sigs.github.io/node-feature-discovery/charts
     charts:

hack/addons/kustomize/multus/kustomization.yaml.tmpl

@@ -0,0 +1,20 @@
+# Copyright 2024 Nutanix. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+metadata:
+  name: multus
+
+sortOptions:
+  order: fifo
+
+helmCharts:
+- name: multus
+  namespace: kube-system
+  repo: https://mesosphere.github.io/charts/stable/
+  releaseName: multus
+  version: 0.1.0
+  includeCRDs: true
+  skipTests: true

pkg/handlers/lifecycle/cni/multus/doc.go

@@ -0,0 +1,24 @@
+// Copyright 2024 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+// Package multus provides a standalone lifecycle handler for Multus CNI that automatically
+// deploys Multus when:
+// - The cluster is on EKS cloud provider
+// - A supported CNI provider is configured (Cilium or Calico)
+//
+// MultusHandler implements the cluster lifecycle hooks and:
+// - Detects the cloud provider from the cluster infrastructure
+// - Reads CNI configuration from cluster variables
+// - Gets the readiness socket path for the configured CNI (via cni.ReadinessSocketPath)
+// - Automatically deploys Multus with socket-based configuration
+//
+// helmAddonStrategy is the internal strategy that handles:
+// - Templating Helm values with the CNI socket path
+// - Deploying Multus using HelmAddon strategy with Go template-based values
+//
+// Multus relies on the readinessIndicatorFile configuration to wait for the primary CNI
+// to be ready, eliminating the need for explicit wait logic in the strategy.
+//
+// This package does NOT expose Multus in the API - it's an internal addon
+// that deploys automatically based on cloud provider and CNI selection.
+package multus

pkg/handlers/lifecycle/cni/multus/handler.go

@@ -0,0 +1,181 @@
+// Copyright 2024 Nutanix. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package multus
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/pflag"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+	ctrl "sigs.k8s.io/controller-runtime"
+	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/api/v1alpha1"
+	commonhandlers "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/handlers/lifecycle"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/clustertopology/variables"
+	capiutils "github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/common/pkg/capi/utils"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/lifecycle/addons"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/lifecycle/config"
+	"github.com/nutanix-cloud-native/cluster-api-runtime-extensions-nutanix/pkg/handlers/options"
+)
+
+const (
+	defaultMultusReleaseName = "multus"
+	defaultMultusNamespace   = metav1.NamespaceSystem
+)
+
+type MultusConfig struct {
+	*options.GlobalOptions
+
+	helmAddonConfig *addons.HelmAddonConfig
+}
+
+func NewMultusConfig(globalOptions *options.GlobalOptions) *MultusConfig {
+	return &MultusConfig{
+		GlobalOptions: globalOptions,
+		helmAddonConfig: addons.NewHelmAddonConfig(
+			"default-multus-values-template",
+			defaultMultusNamespace,
+			defaultMultusReleaseName,
+		),
+	}
+}
+
+func (m *MultusConfig) AddFlags(prefix string, flags *pflag.FlagSet) {
+	m.helmAddonConfig.AddFlags(prefix+".helm-addon", flags)
+}
+
+type MultusHandler struct {
+	client              ctrlclient.Client
+	config              *MultusConfig
+	helmChartInfoGetter *config.HelmChartGetter
+}
+
+var (
+	_ commonhandlers.Named                   = &MultusHandler{}
+	_ lifecycle.AfterControlPlaneInitialized = &MultusHandler{}
+	_ lifecycle.BeforeClusterUpgrade         = &MultusHandler{}
+)
+
+func New(
+	c ctrlclient.Client,
+	cfg *MultusConfig,
+	helmChartInfoGetter *config.HelmChartGetter,
+) *MultusHandler {
+	return &MultusHandler{
+		client:              c,
+		config:              cfg,
+		helmChartInfoGetter: helmChartInfoGetter,
+	}
+}
+
+func (m *MultusHandler) Name() string {
+	return "MultusHandler"
+}
+
+func (m *MultusHandler) AfterControlPlaneInitialized(
+	ctx context.Context,
+	req *runtimehooksv1.AfterControlPlaneInitializedRequest,
+	resp *runtimehooksv1.AfterControlPlaneInitializedResponse,
+) {
+	commonResponse := &runtimehooksv1.CommonResponse{}
+	m.apply(ctx, &req.Cluster, commonResponse)
+	resp.Status = commonResponse.GetStatus()
+	resp.Message = commonResponse.GetMessage()
+}
+
+func (m *MultusHandler) BeforeClusterUpgrade(
+	ctx context.Context,
+	req *runtimehooksv1.BeforeClusterUpgradeRequest,
+	resp *runtimehooksv1.BeforeClusterUpgradeResponse,
+) {
+	commonResponse := &runtimehooksv1.CommonResponse{}
+	m.apply(ctx, &req.Cluster, commonResponse)
+	resp.Status = commonResponse.GetStatus()
+	resp.Message = commonResponse.GetMessage()
+}
+
+func (m *MultusHandler) apply(
+	ctx context.Context,
+	cluster *clusterv1.Cluster,
+	resp *runtimehooksv1.CommonResponse,
+) {
+	clusterKey := ctrlclient.ObjectKeyFromObject(cluster)
+
+	log := ctrl.LoggerFrom(ctx).WithValues(
+		"cluster",
+		clusterKey,
+	)
+
+	// Check if Multus is supported for this cloud provider
+	provider := capiutils.GetProvider(cluster)
+	if provider != "eks" {
+		log.V(5).Info(
+			"Multus is not supported for this cloud provider. Skipping Multus deployment.",
+		)
+		return
+	}
+
+	log.Info(fmt.Sprintf("Cluster is %s. Checking CNI configuration for Multus deployment.", provider))
+
+	// Read CNI configuration to detect which CNI is deployed
+	varMap := variables.ClusterVariablesToVariablesMap(cluster.Spec.Topology.Variables)
+
+	cniVar, err := variables.Get[v1alpha1.CNI](
+		varMap,
+		v1alpha1.ClusterConfigVariableName,
+		[]string{"addons", v1alpha1.CNIVariableName}...)
+	if err != nil {
+		if variables.IsNotFoundError(err) {
+			log.V(5).Info("No CNI specified in cluster config. Skipping Multus deployment.")
+			return
+		}
+		log.Error(err, "failed to read CNI configuration from cluster definition")
+		resp.SetStatus(runtimehooksv1.ResponseStatusFailure)
+		resp.SetMessage(fmt.Sprintf("failed to read CNI configuration: %v", err))
+		return
+	}
+
+	log.Info(fmt.Sprintf("Auto-deploying Multus for %s cluster with %s CNI", provider, cniVar.Provider))
+
+	// Get helm chart configuration
+	helmChart, err := m.helmChartInfoGetter.For(ctx, log, config.Multus)
+	if err != nil {
+		log.Error(
+			err,
+			"failed to get configmap with helm settings",
+		)
+		resp.SetStatus(runtimehooksv1.ResponseStatusFailure)
+		resp.SetMessage(
+			fmt.Sprintf("failed to get configuration to create helm addon: %v",
+				err,
+			),
+		)
+		return
+	}
+
+	// Create and apply helm addon using existing addons package
+	targetNamespace := m.config.DefaultsNamespace()
+	strategy := addons.NewHelmAddonApplier(
+		m.config.helmAddonConfig,
+		m.client,
+		helmChart,
+	).
+		WithValueTemplater(templateValuesFunc(cniVar)).
+		WithDefaultWaiter()
+
+	if err := strategy.Apply(ctx, cluster, targetNamespace, log); err != nil {
+		log.Error(err, "failed to deploy Multus")
+		resp.SetStatus(runtimehooksv1.ResponseStatusFailure)
+		resp.SetMessage(fmt.Sprintf("failed to deploy Multus: %v", err))
+		return
+	}
+
+	resp.SetStatus(runtimehooksv1.ResponseStatusSuccess)
+	resp.SetMessage("Multus deployed successfully")
+}