Deploy Kubevirt passt binding CNI on K8s

buid-passt-binding-cni-image.sh

# Author: Or Mergi
#
# This script build basic container image to deploy Kubevirt passt binding CNI.
# 
#
#!/bin/bash
curl -LO https://github.com/kubevirt/kubevirt/releases/download/v1.2.0/kubevirt-passt-binding
chmod +x kubevirt-passt-binding

cat <<EOF > Containerfile
FROM alpine:3.14
ADD kubevirt-passt-binding /cni/network-passt-binding
EOF

registry=quay.io/kubevirt

podman build -f ./Containerfile -t ${registry}/kubevirt-passt-binding-cni:v1.2.0 
podman push ${registry}/kubevirt-passt-binding-cni:v1.2.0

passt-binding-cni-ds-ocp.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: passt-binding-cni
  namespace: kube-system
---
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
  name: passt-binding-cni
allowPrivilegedContainer: true
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
readOnlyRootFilesystem: false
runAsUser:
  type: RunAsAny
seLinuxContext:
  type: RunAsAny
users:
- system:serviceaccount:kube-system:passt-binding-cni
volumes:
- "*"
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: passt-binding-cni
  namespace: kube-system
  labels:
    app: passt-binding-cni
spec:
  selector:
    matchLabels:
      name: passt-binding-cni
  template:
    metadata:
      labels:
        name: passt-binding-cni
        app: passt-binding-cni
    spec:
      serviceAccountName: passt-binding-cni
      nodeSelector:
        kubernetes.io/os: linux
      containers:
      - name: installer
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        image: quay.io/kubevirt/network-passt-binding:v1.2.0
        command: [ "/bin/sh", "-cex" ]
        args:
        - |
          ls -la "/cni/network-passt-binding" 
          cp -f  "/cni/network-passt-binding" "/opt/cni/bin"
          echo "passt binding CNI plugin installation complete"
          sleep infinity
        volumeMounts:
        - name: cnibin
          mountPath: /opt/cni/bin
      volumes:
      - name: cnibin
        hostPath:
          path: /opt/cni/bin

passt-binding-cni-ds.yaml

apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: passt-binding-cni
  namespace: kube-system
  labels:
    app: passt-binding-cni
spec:
  selector:
    matchLabels:
      name: passt-binding-cni
  template:
    metadata:
      labels:
        name: passt-binding-cni
        app: passt-binding-cni
    spec:
      nodeSelector:
        kubernetes.io/os: linux
      containers:
      - name: installer
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        securityContext:
          privileged: true
        image: quay.io/kubevirt/network-passt-binding:v1.2.0
        command: [ "/bin/sh", "-cex" ]
        args:
        - |
          ls -la "/cni/network-passt-binding" 
          cp -f  "/cni/network-passt-binding" "/opt/cni/bin"
          echo "passt binding CNI plugin installation complete"
          sleep infinity
        volumeMounts:
        - name: cnibin
          mountPath: /opt/cni/bin
      volumes:
      - name: cnibin
        hostPath:
          path: /opt/cni/bin