Feature request: Multus configuration add namespace isolation

[Sispheor]

What would you like to be added

Seems that we can only enable multus and then use it with the default config. It works fine but we could move one step further by adding the possibility to configure it (/etc/cni/net.d/) like described in the doc.

Why is this needed

For example, by default Multus networks config are only namespace scoped. So we cannot decalre a network config once in a dedicated namesapace to be then consumed in all other NS. To do that we need to set the "namespaceIsolation" flag to true in the conf.

[Sispheor]

Sorry, the config is actually available from the host (workers) in /etc/cni/net.d/00-multus.conf.

But overridden on pod start.

[Sispheor]

I've added my flag to the daemon set and it works.

      containers:
      - name: kube-multus
        image: {{ multus_image_repo }}:{{ multus_image_tag }}
        command: ["/thin_entrypoint"]
        args:
        - "--cni-conf-dir={{ multus_cni_conf_dir }}"
        - "--multus-autoconfig-dir={{ multus_cni_conf_dir }}"
        - "--cni-bin-dir={{ multus_cni_bin_dir }}"
        - "--multus-conf-file={{ multus_conf_file }}"
        - "--multus-kubeconfig-file-host={{ multus_kubeconfig_file_host }}"
        - "--namespace-isolation=false"  # <-------- here

Should I PR the project with just this flag as an option? E.g:

- "--namespace-isolation={{ multus_namespace_isolation | default(true) | string | lower  }}"

[tico88612]

Please free to open the PR if you think this will make the option flexible, but you need to follow the upstream's default value.

[tico88612]

/retitle Feature request: Multus configuration add namespace isolation