antaloala/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: antaloala:kubectl-1.32.4
Branches Tags
antaloala:main antaloala:3.2 antaloala:3.4 antaloala:3.3 antaloala:dprodanov-patch-1 antaloala:kubectl-1.32.4 antaloala:update-eib antaloala:devel suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel
..
compare: suse-edge:devel
Branches Tags
suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel antaloala:main antaloala:3.2 antaloala:3.4 antaloala:3.3 antaloala:dprodanov-patch-1 antaloala:kubectl-1.32.4 antaloala:update-eib antaloala:devel

17 Commits
kubectl-1. ... devel

Author SHA256 Message Date
Nicolas Belouin
b1dfe698ff Merge pull request 'update-devel' (#141) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#141
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-05-07 10:19:14 +02:00
Nicolas Belouin
9581e030ce Merge branch 'main' into update-devel 2025-05-06 16:04:05 +02:00
Nicolas Belouin
76036c2dd8 Merge pull request 'update-devel' (#81) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#81
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:37:18 +01:00
Nicolas Belouin
0c6db5d5cc Merge branch 'main' into devel 2025-02-25 14:32:32 +01:00
Nicolas Belouin
0b03d14cee Merge pull request 'Add a script to trigger refresh on packages that need one' (#79) from nbelouin/Factory:devel-trigger into devel 
Reviewed-on: suse-edge/Factory#79
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 13:10:39 +01:00
Nicolas Belouin
9f2dc045e9 Add a script to trigger refresh on packages that need one 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 11:35:43 +01:00
Denislav Prodanov
f90f614746 update eib image to use package version 2025-01-31 14:59:32 +02:00
Denislav Prodanov
35f06da226 Update edge-image-builder/_service 2025-01-29 09:52:25 +01:00
Denislav Prodanov
8dd6d7d9d7 Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:54:58 +01:00
Denislav Prodanov
f9c5a29a9f Update edge-image-builder/_service 2025-01-28 13:54:39 +01:00
Denislav Prodanov
1b83b54b58 Update edge-image-builder/_service 2025-01-28 13:47:41 +01:00
Denislav Prodanov
c6b64a252f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:43:23 +01:00
Denislav Prodanov
689c80ffcc Update edge-image-builder/_service 2025-01-28 13:39:56 +01:00
Denislav Prodanov
d8745fe060 Update edge-image-builder/_service 2025-01-28 13:35:25 +01:00
Denislav Prodanov
9e39bdcf7f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:30:15 +01:00
Denislav Prodanov
9e376ffb74 Update edge-image-builder/_service 2025-01-28 13:29:50 +01:00
Denislav Prodanov
0fc166ff06 Add _config 2025-01-28 11:37:52 +01:00
144 changed files with 2700 additions and 4578 deletions
Expand all files Collapse all files

23
.gitea/workflows/check_manifest.yaml
View File

@@ -1,23 +0,0 @@
name: Check Release Manifest Local Charts Versions
on:
pull_request:
branches-ignore:
- "devel"
jobs:
sync-pr-project:
name: "Check Release Manifest Local Charts Versions"
runs-on: tumbleweed
steps:
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: Setup dependencies
run: |
zypper in -y python3-PyYAML
- name: Check release manifest
run: |
python3 .obs/manifest-check.py

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
*/.osc
*/__pycache__
.venv/
.idea/

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:3.3"
PROJECT = "isv:SUSE:Edge:Factory:Devel"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "3.3"
BRANCH = "devel"

45
.obs/manifest-check.py
View File

@@ -1,45 +0,0 @@
#!/usr/bin/python3
import yaml
import sys
def get_chart_version(chart_name: str) -> str:
with open(f"./{chart_name}-chart/Chart.yaml") as f:
chart = yaml.safe_load(f)
return chart["version"]
def get_charts(chart):
if not chart["chart"].startswith("%%CHART_REPO%%"):
# Not a locally managed chart
return {}
chart_name = chart["chart"][len("%%CHART_REPO%%/%%CHART_PREFIX%%"):]
charts = { chart_name: chart["version"] }
for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
charts.update(get_charts(child_chart))
return charts
def get_charts_list():
with open("./release-manifest-image/release_manifest.yaml") as f:
manifest = yaml.safe_load(f)
charts = {}
for chart in manifest["spec"]["components"]["workloads"]["helm"]:
charts.update(get_charts(chart))
return charts
def main():
print("Checking charts versions in release manifest")
success = True
charts = get_charts_list()
for chart in charts:
expected_version = get_chart_version(chart)
if expected_version != charts[chart]:
success = False
print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
if not success:
sys.exit(1)
else:
print("All local charts in release manifest are using the right version")
if __name__ == "__main__":
main()

65
.obs/trigger_package.py Normal file
View File

@@ -0,0 +1,65 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

12
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.1
appVersion: 303.0.1+up1.3.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.1"
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
akri-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

12
baremetal-operator-image/Dockerfile
View File

@@ -1,13 +1,13 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,8 +29,6 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
COPY bmo-run /usr/bin/bmo-run
RUN chmod +x /usr/bin/bmo-run
RUN groupadd -r -g 11000 bmo
RUN useradd -u 11000 -g 11000 bmo
ENTRYPOINT [ "/usr/bin/bmo-run" ]
ENTRYPOINT [ "/usr/bin/baremetal-operator" ]

12
baremetal-operator-image/bmo-run
View File

@@ -1,12 +0,0 @@
#!/bin/bash
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
kill $(pgrep baremetal-opera)
done &
fi
exec /usr/bin/baremetal-operator $@

8
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.61.0
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
version: "%%CHART_MAJOR%%.0.0+up0.4.0"

18
cdi-chart/templates/cdi-operator.yaml
View File

@@ -606,7 +606,17 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@@ -640,7 +650,9 @@ spec:
name: metrics
protocol: TCP
resources:
{{- .Values.deployment.resources | toYaml | nindent 12 }}
requests:
cpu: 100m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -649,8 +661,6 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:

18
cdi-chart/values.yaml
View File

@@ -1,5 +1,5 @@
deployment:
version: 1.61.0-150600.3.12.1
version: 1.60.1-150600.3.9.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,22 +8,6 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:

1
edge-build-checks/20-helm-images
View File

@@ -8,7 +8,6 @@ import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.suse.com/rancher",
"registry.rancher.com",
]

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.2.1"
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -1,5 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

11
edge-image-builder/_service
View File

@@ -1,15 +1,12 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.2.1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">1.2.0~rc1</param> -->
<!-- Uncomment and this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 1.2.1
Version: 0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

9
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

45
ironic-ipa-downloader-image/Dockerfile.aarch64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

45
ironic-ipa-downloader-image/Dockerfile.x86_64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

4
ironic-ipa-downloader-image/_multibuild
View File

@@ -1,4 +0,0 @@
<multibuild>
<flavor>x86_64</flavor>
<flavor>aarch64</flavor>
</multibuild>

2
ironic-ipa-downloader-image/_service
View File

@@ -2,8 +2,6 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile.aarch64</param>
<param name="file">Dockerfile.x86_64</param>
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

12
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -26,15 +26,11 @@ if [ -z "${IPA_BASEURI}" ]; then
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
if [ -f /tmp/initrd-x86_64.zst ]; then
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
fi
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
if [ -f /tmp/initrd-aarch64.zst ]; then
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
fi
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else

44
ironic-ipa-ramdisk/config.sh
View File

@@ -13,6 +13,11 @@ echo "Configure image: [$kiwi_iname]..."
#------------------------------------------
baseSetupBuildDay
#======================================
# Mount system filesystems
#--------------------------------------
#baseMount
#==========================================
# remove unneded kernel files
#------------------------------------------
@@ -34,8 +39,12 @@ suseImportBuildKey
#--------------------------------------
baseInsertService openstack-ironic-python-agent
baseInsertService suse-ironic-image-setup
baseInsertService suse-network-setup
baseInsertService sshd
baseInsertService NetworkManager
#suseInsertService sshd
#suseInsertService openstack-ironic-python-agent
#suseInsertService suse-ironic-image-setup
echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -55,7 +64,42 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
#------------------------------------------
echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
#==========================================
# remove package docs and manuals
#------------------------------------------
#baseStripDocs
#baseStripMans
#baseStripInfos
#======================================
# only basic version of vim is
# installed; no syntax highlighting
#--------------------------------------
sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
#======================================
# Remove yast if not in use
#--------------------------------------
#suseRemoveYaST
#======================================
# Remove package manager
#--------------------------------------
#suseStripPackager
#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
#======================================
# Umount kernel filesystems
#--------------------------------------
#baseCleanMount
ln -s /sbin/init /init
#==========================================
# umount
#------------------------------------------
umount /proc >/dev/null 2>&1
exit 0

119
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -12,7 +12,6 @@
<locale>en_US</locale>
<packagemanager>zypper</packagemanager>
<rpm-check-signatures>false</rpm-check-signatures>
<rpm-excludedocs>true</rpm-excludedocs>
<timezone>UTC</timezone>
<version>1.0.0</version>
</preferences>
@@ -103,23 +102,62 @@
<package name="libxcb-render0"/>
<package name="libxcb-shm0"/>
<package name="libxcb1"/>
<package name="kernel-firmware-amdgpu"/>
<package name="kernel-firmware-ath10k"/>
<package name="kernel-firmware-ath11k"/>
<package name="kernel-firmware-ath12k"/>
<package name="kernel-firmware-atheros"/>
<package name="kernel-firmware-bluetooth"/>
<package name="kernel-firmware-brcm"/>
<package name="kernel-firmware-i915"/>
<package name="kernel-firmware-iwlwifi"/>
<package name="kernel-firmware-media"/>
<package name="kernel-firmware-nvidia"/>
<package name="kernel-firmware-qcom"/>
<package name="kernel-firmware-radeon"/>
<package name="kernel-firmware-realtek"/>
<package name="kernel-firmware-sound"/>
<package name="kernel-firmware-ti"/>
<package name="kernel-firmware-ueagle"/>
<package name="plymouth"/>
<package name="plymouth-branding-SLE"/>
</packages>
<packages type="image">
<package name="checkmedia"/>
<package name="plymouth-branding-SLE"/>
<package name="plymouth-dracut"/>
<package name="plymouth-theme-bgrt"/>
<package name="grub2-branding-SLE"/>
<package name="iputils"/>
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="openssh"/>
<package name="iproute2"/>
<package name="which"/>
<package name="kernel-firmware"/>
<package name="kernel-default"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="timezone"/>
<package name="haveged"/>
<!-- ironic-python-agent specific -->
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="timezone"/>
<package name="which"/>
<package name="kbd"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="bootstrap">
@@ -129,50 +167,5 @@
<package name="cracklib-dict-full"/>
<package name="ca-certificates"/>
<package name="sles-release"/>
<package name="checkmedia"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-branding-SLE"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2"/>
<package name="iproute2"/>
<package name="iputils"/>
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
<package name="lvm2"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="openssh"/>
<package name="timezone"/>
<package name="which"/>
<!-- ironic-python-agent specific -->
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="hdparm"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="kbd"/>
<package name="lshw"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="open-iscsi"/>
<package name="openstack-ironic-python-agent"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="python311-proliantutils"/>
<package name="qemu-tools"/>
<package name="timezone"/>
<package name="which"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
</image>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.7
Version: 3.0.3
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -27,7 +27,7 @@ Group: System/Management
URL: https://github.com/SUSE-Cloud/
Source0: config.sh
Source10: ironic-ipa-ramdisk.kiwi
Source20: root
Source20: root.tar.bz2
BuildRequires: -post-build-checks
BuildRequires: bash
@@ -38,7 +38,7 @@ BuildArch: noarch
BuildRequires: checkmedia
BuildRequires: acl
BuildRequires: ca-certificates-mozilla-prebuilt
BuildRequires: ca-certificates
BuildRequires: cracklib-dict-full
BuildRequires: cron
BuildRequires: dbus-1
@@ -62,7 +62,7 @@ BuildRequires: ipmitool
BuildRequires: iproute2
BuildRequires: iputils
BuildRequires: kernel-default
BuildRequires: kernel-firmware-all
BuildRequires: kernel-firmware
BuildRequires: lvm2
BuildRequires: net-tools
BuildRequires: ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
For %{_arch}
%prep
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
%build
if ! which kiwi; then

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

24
ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf
View File

@@ -1,24 +0,0 @@
# WARNING: This file has been modified by the diskimage-builder
# dhcp-all-interfaces element as this machine is likely running
# a ramdisk or needs to attempt auto-configuration on all interfaces.
[main]
# This makes sense even with dhcp on all interfaces in the event
# that the configuration has been or is being supplied via external means.
ignore-carrier=*
# Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
# This is because dhclient shuts the interface down after a retry attempt
# which allows the link state to reset with some switches, which may be
# important for the ramdisk to recover networking.
dhcp=dhclient
[connection]
# Keep retrying, this is important for this important espescialy for
# ramdisks in environments where varying switch configurations may
# cause traffic to be blocked or intermittent connectivity failures
# such as those at an edge site may cause issues.
autoconnect-retries=-1
# Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
# second default. NetworkManager, by default, is 45 seconds.
# In some cases where ramdisks are in use, 60 seconds is advisable.
ipv4.dhcp-timeout=30
ipv6.dhcp-timeout=30

1
ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d
View File

@@ -1 +0,0 @@
ironic-python-agent/ironic-python-agent.conf.d

1
ironic-ipa-ramdisk/root/etc/issue
View File

@@ -1 +0,0 @@
SUSE Ironic Python Agent Ramdisk - terminal \l

2
ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf
View File

@@ -1,2 +0,0 @@
# avoid problems with multiple network interfaces
net.ipv4.conf.all.rp_filter=0

7
ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf
View File

@@ -1,7 +0,0 @@
[Unit]
#WantsMountsFor=/mnt/ipa
After=mnt-ipa.mount
Wants=mnt-ipa.mount
[Service]
ExecStartPre=-/usr/local/bin/suse-network-setup.sh

7
ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount
View File

@@ -1,7 +0,0 @@
[Unit]
Description=config-2 rom consumed by IPA for networking configuration
[Mount]
What=/dev/ipa
Where=/mnt/ipa
TimeoutSec=30

12
ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Setup ironic-python-agent image
After=getty.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
StandardOutput=journal+console
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

3
ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf
View File

@@ -1,3 +0,0 @@
[Unit]
Before=local-fs.target
WantedBy=local-fs.target

1
ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules
View File

@@ -1 +0,0 @@
ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"

52
ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh
View File

@@ -1,52 +0,0 @@
#!/bin/sh
PARAMS=$(</proc/cmdline)
# find vfloppy device (based on IPA code)
VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
# read params from vmedia and prepend them to params from kernel cmdline
if [[ -b "$VMEDIA_DEVICE" ]]; then
VMEDIA_MOUNT=$(mktemp -d)
if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
# parameters.txt has one param per line, reformat to match cmdline
VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
umount $VMEDIA_MOUNT
PARAMS="$VMEDIA_PARAMS $PARAMS"
fi
rmdir $VMEDIA_MOUNT
fi
# resize /tmp
if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
mount -o remount,size=${BASH_REMATCH[1]} /tmp
fi
# deploy authorized sshkey from kernel command line
if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
echo "Adding authorized SSH key..."
(umask 077 ; mkdir -p /root/.ssh)
echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
fi
# Inject certs
if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
update-ca-certificates
fi
# autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
tty="${BASH_REMATCH[2]:-tty1}"
echo "Enabling autologin on $tty..."
systemctl stop getty@$tty
systemctl disable getty@$tty
systemctl start autologin@$tty
fi
# Append to /etc/hosts
# hosts.append=1.2.3.4_foo,4.5.6.7_foo2
if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
HOSTS=${BASH_REMATCH[1]}
echo "Appending to hosts ${HOSTS}..."
for h in ${HOSTS/,/ }; do
echo "${h/_/ }" >> /etc/hosts
done
cat /etc/hosts
fi

24
ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh
View File

@@ -1,24 +0,0 @@
#!/bin/bash
set -eux
# Inspired by/based on glean-early.sh
# https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
# NOTE(TheJulia): We care about iso images, and would expect lower case as a
# result. In the case of VFAT partitions, they would be upper case.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
if [ ! -f "${NETWORK_DATA_FILE}" ]; then
echo "No network_data.json found, skipping network configuration"
exit 1
fi
mkdir -p /tmp/nmc/{desired,generated}
cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
nmc apply --config-dir /tmp/nmc/generated

23
ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh
View File

@@ -1,23 +0,0 @@
#!/bin/bash
set -eux
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# Transform the ID from the drive being considered to lower case
device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
# Retrieve the publisher ID from the command line and convert to lower case
cmdline_publisher_id=""
if grep -q "ir_pub_id" /proc/cmdline; then
cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
fi
# Is this the filesystem we are looking for?
if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
# It is the device we are looking for, return success
exit 0
else
# Not a match, return failure
exit 1
fi

8
kubectl-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kubectl image"
LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.32.4"
LABEL org.opencontainers.image.version="1.30.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

4
kubectl/kubectl.spec
View File

@@ -1,7 +1,7 @@
%global debug_package %{nil}
Name: kubectl
Version: 1.32.4
Version: 1.30.3
Release: 0
Summary: Command-line utility for interacting with a Kubernetes cluster
@@ -12,7 +12,7 @@ Group: admin
Packager: Kubernetes Authors <dev@kubernetes.io>
License: Apache-2.0
URL: https://kubernetes.io
Source0: %{name}_%{version}.orig.tar.gz
Source0: kubectl_%{version}.orig.tar.gz
%description
%{summary}.

BIN
kubectl/kubectl_1.30.3.orig.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
kubectl/kubectl_1.32.4.orig.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

12
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.2
appVersion: 303.0.1+up1.3.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.2"
version: "%%CHART_MAJOR%%.0.1+up1.3.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

2
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.2+up1.3.2
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
kubevirt-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

14
metal3-chart/Chart.yaml
View File

@@ -1,16 +1,16 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.7_up0.11.5-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2
appVersion: 0.11.5
appVersion: 0.11.0
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.9.2
version: 0.9.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.10.5
version: 0.10.0
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -20,9 +20,9 @@ dependencies:
condition: global.enable_metal3_media_server
name: media
repository: file://./charts/media
version: 0.6.2
version: 0.6.1
description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.7+up0.11.5"
version: "%%CHART_MAJOR%%.0.2+up0.11.0"

2
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.9.2
version: 0.9.1

3
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -10,15 +10,14 @@
apiVersion: v1
data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }}
{{- $protocol = "http" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"

19
metal3-chart/charts/baremetal-operator/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :9440
metrics:
bindAddress: 127.0.0.1:8085
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: a9498140.metal3.io
kind: ConfigMap
metadata:
name: baremetal-operator-manager-config
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}

2
metal3-chart/charts/baremetal-operator/templates/deployment.yaml
View File

@@ -17,8 +17,6 @@ spec:
control-plane: controller-manager
template:
metadata:
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
labels:
{{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
control-plane: controller-manager

4
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -22,13 +22,15 @@ global:
# Comment this out when pinning the baremetal-operator container to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent
tag: "0.9.1.1"
tag: "0.9.1"
imagePullSecrets: []
nameOverride: "manger"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.10.5
version: 0.10.0

7
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -14,11 +14,10 @@ spec:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ironic.selectorLabels" . | nindent 8 }}
spec:

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -50,6 +50,8 @@ global:
# Comment this out when pinning the pdns containers to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
@@ -60,7 +62,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.7
tag: 3.0.3
nameOverride: ""
fullnameOverride: ""

2
metal3-chart/charts/media/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 1.16.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.6.2
version: 0.6.1

2
metal3-chart/charts/media/values.yaml
View File

@@ -24,7 +24,7 @@ replicaCount: 1
image:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 26.1.2.4
tag: 26.1.2.2
imagePullSecrets: []
nameOverride: ""

2
nm-configurator/_service
View File

@@ -3,7 +3,7 @@
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="revision">v0.3.3</param>
<param name="revision">v0.3.2</param>
<param name="match-tag">*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>

2
nm-configurator/_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="changesrevision">4563857d761c6d83e4013721f68ec4ac5828a1a7</param></service></servicedata>
<param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>

BIN
nm-configurator/nm-configurator-0.3.2.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
nm-configurator/nm-configurator-0.3.3.obscpio (Stored with Git LFS)
View File

Binary file not shown.

6
nm-configurator/nm-configurator.obsinfo
View File

@@ -1,4 +1,4 @@
name: nm-configurator
version: 0.3.3
mtime: 1748341626
commit: 4563857d761c6d83e4013721f68ec4ac5828a1a7
version: 0.3.2
mtime: 1744218621
commit: 747301ba15a28e758d1f06070dc7ff29a5e80242

BIN
nm-configurator/vendor.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.3_up0.20.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.3_up0.20.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
apiVersion: v2
appVersion: 0.20.0
appVersion: 0.17.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.3+up0.20.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

2
rancher-turtles-airgap-resources-chart/_service
View File

@@ -2,7 +2,7 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>

2
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

895
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,900 +1,11 @@
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: '`AgentEnvVars` are extra environment variables to
be added to the agent deployment.'
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a `ClusterGroup` for a `ClusterClass` referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
bootstrapLocalCluster:
description: Enable auto-installation of a fleet agent in the
local cluster.
nullable: true
type: boolean
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: '`FeaturesConfigMap` references a `ConfigMap`
where to apply feature flags. If a `ConfigMap` is referenced,
the controller will update it instead of upgrading the Fleet
chart.'
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfigValidated
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
- args:
- --helm-install
image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
name: helm-manager
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
components: Not Found
metadata: Not Found
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.10.0
name: v0.6.0
namespace: rancher-turtles-system
labels:
provider-components: fleet

22
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1218,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2525,11 +2525,9 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2752,22 +2750,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
- major: 0
minor: 16
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.16.1
name: v0.12.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

226
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1744,23 +1744,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -1985,54 +1974,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy that controls
how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after which
RKE2ControlPlane will consider any failure to a machine unrelated\nfrom
the previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
@@ -2244,15 +2185,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
@@ -2606,42 +2541,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -2682,7 +2589,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -3245,23 +3152,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -3488,57 +3384,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy
that controls how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while
attempting to remediate an unhealthy machine.\nA retry
happens when a machine that was created as a replacement
for an unhealthy machine also fails.\nFor example, given
a control plane with three machines M1, M2, M3:\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered
a retry, remediation-retry #1.\n\tIf M1-2 (replacement
of M1-1) becomes unhealthy, remediation-retry #2 will
happen, etc.\n\nA retry could happen only after RetryPeriod
from the previous retry.\nIf a machine is marked as
unhealthy after MinHealthyPeriod from the previous remediation
expired,\nthis is not considered a retry anymore because
the new issue is assumed unrelated from the previous
one.\n\nIf not set, the remedation will be retried infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after
which RKE2ControlPlane will consider any failure to
a machine unrelated\nfrom the previous one. In this
case the remediation is not considered a retry anymore,
and thus the retry\ncounter restarts from 0. For example,
assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems within the 1hr after the creation, also\n\tthis
machine will be remediated and this operation is considered
a retry - a problem related\n\tto the original issue
happened to M1 -.\n\n\tIf instead the problem on M1-1
is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation
of M1, the problem on M1-1 is considered unrelated to\n\tthe
original issue happened to M1.\n\nIf not set, this value
is defaulted to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control
Plane.
@@ -3756,15 +3601,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration
of ETCD.
@@ -4135,42 +3974,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -4286,14 +4097,6 @@ data:
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
@@ -4445,7 +4248,6 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
env:
@@ -4461,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4691,22 +4493,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
- major: 0
minor: 16
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.16.1
name: v0.12.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.18.1
digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
generated: "2025-05-29T09:13:16.863770955Z"
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.3_up0.20.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.3_up0.20.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,12 +7,12 @@ annotations:
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.11.0-1'
catalog.cattle.io/rancher-version: '>= 2.10.0-1'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.20.0
appVersion: 0.17.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.3+up0.20.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

10
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,6 +1,4 @@
## Changes since v0.20.0-rc.0
---
## :chart_with_upwards_trend: Overview
_Thanks to all our contributors!_ 😊
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
env:
GH_TOKEN: ${{ github.token }}
: exit status 4

8
rancher-turtles-chart/questions.yml
View File

@@ -29,6 +29,12 @@ questions:
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: true
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
@@ -36,7 +42,7 @@ questions:
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.32.4"
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs."
type: string
label: Kubectl Image

21
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -1,3 +1,5 @@
{{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
@@ -8,6 +10,12 @@ metadata:
"helm.sh/hook-weight": "2"
spec:
type: addon
deployment:
containers:
- name: manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
- name: helm-manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -27,22 +35,10 @@ data:
metadata:
name: fleet-addon-config
spec:
config:
featureGates:
configMap:
ref:
kind: ConfigMap
apiVersion: v1
name: rancher-config
namespace: cattle-system
experimentalOciStorage: true
experimentalHelmOps: true
clusterClass:
patchResource: true
setOwnerReferences: true
cluster:
agentNamespace: cattle-fleet-system
applyClassGroup: true
patchResource: true
setOwnerReferences: true
hostNetwork: true
@@ -58,3 +54,4 @@ data:
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }}

2
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}

6
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

@@ -3103,9 +3103,9 @@ spec:
- message: Config secret namespace is always equal to the resource namespace
and should not be set.
rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
- message: One of fetchConfig oci, url or selector should be set.
rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url),
has(self.fetchConfig.selector)].exists_one(e, e)'
- message: One of fetchConfig url or selector should be set.
rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e,
e)'
status:
default: {}
description: CAPIProviderStatus defines the observed state of CAPIProvider.

403
rancher-turtles-chart/values.schema.json
View File

@@ -1,403 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Helm Chart Values Schema",
"type": "object",
"properties": {
"turtlesUI": {
"type": "object",
"description": "Manages the UI component.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn UI on or off."
},
"version": {
"type": "string",
"default": "0.8.2",
"description": "UI version to use."
}
}
},
"rancherTurtles": {
"type": "object",
"description": "Sets up the cluster management controller.",
"properties": {
"image": {
"type": "string",
"default": "controller",
"description": "Controller container image."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"namespace": {
"type": "string",
"default": "rancher-turtles-system",
"description": "Namespace for Turtles to run."
},
"managerArguments": {
"type": "array",
"default": [],
"description": "Extra args for the controller.",
"items": { "type": "string" }
},
"imagePullSecrets": {
"type": "array",
"default": [],
"description": "Secrets for private registries.",
"items": { "type": "string" }
},
"rancherInstalled": {
"type": "boolean",
"default": true,
"description": "True if Rancher is already installed in the cluster."
},
"kubectlImage": {
"type": "string",
"default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
"description": "Image for kubectl tasks."
},
"features": {
"type": "object",
"description": "Optional and experimental features.",
"properties": {
"day2operations": {
"type": "object",
"description": "Alpha feature.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for day-2 ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"etcdBackupRestore": {
"type": "object",
"description": "Manages etcd backup/restore.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on (true) or off (false)."
}
}
}
}
},
"addon-provider-fleet": {
"type": "object",
"description": "Beta feature for fleet addons.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
}
}
},
"agent-tls-mode": {
"type": "object",
"description": "Alpha feature for agent TLS.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"clusterclass-operations": {
"type": "object",
"description": "Alpha feature. Not ready for testing yet.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for cluster class ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Pull policy."
}
}
}
}
}
}
},
"cluster-api-operator": {
"type": "object",
"description": "Manages Cluster API components.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"cert-manager": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"volumes": {
"type": "array",
"description": "Volumes for operator pods (certs, config).",
"items": {
"type": "object",
"oneOf": [
{
"required": ["name", "secret"],
"properties": {
"name": { "type": "string" },
"secret": {
"type": "object",
"properties": {
"defaultMode": {
"type": "integer",
"default": 420,
"description": "File permissions."
},
"secretName": {
"type": "string",
"default": "capi-operator-webhook-service-cert",
"description": "Secret for webhook certs."
}
}
}
}
},
{
"required": ["name", "configMap"],
"properties": {
"name": { "type": "string" },
"configMap": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "clusterctl-config",
"description": "ConfigMap for clusterctl."
}
}
}
}
}
]
}
},
"image": {
"type": "object",
"properties": {
"manager": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"default": "registry.rancher.com/rancher/cluster-api-operator",
"description": "Image repo."
}
}
}
}
},
"volumeMounts": {
"type": "object",
"properties": {
"manager": {
"type": "array",
"description": "Mount volumes to pods.",
"items": {
"type": "object",
"properties": {
"mountPath": { "type": "string" },
"name": { "type": "string" },
"readOnly": {
"type": "boolean",
"default": true,
"description": "Mount as read-only."
}
}
}
}
}
},
"resources": {
"type": "object",
"properties": {
"manager": {
"type": "object",
"properties": {
"limits": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "CPU limit."
},
"memory": {
"type": "string",
"description": "Memory limit."
}
}
},
"requests": {
"type": "object",
"properties": {
"cpu": {
"type": "string",
"description": "CPU request."
},
"memory": {
"type": "string",
"description": "Memory request."
}
}
}
}
}
}
},
"cleanup": {
"type": "boolean",
"default": true,
"description": "Enable cleanup tasks."
},
"cluster-api": {
"type": "object",
"description": "Cluster API component settings.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"configSecret": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "",
"description": "Custom secret name (if overriding)."
},
"defaultName": {
"type": "string",
"default": "capi-env-variables",
"description": "Default secret name."
}
}
},
"core": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "capi-system",
"description": "Core component namespace."
},
"imageUrl": {
"type": "string",
"default": "",
"description": "Custom image URL."
},
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"rke2": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"version": {
"type": "string",
"default": "",
"description": "RKE2 version."
},
"bootstrap": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-bootstrap-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"controlPlane": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-control-plane-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
}
}
}
}
}
}
}
}
}

97
rancher-turtles-chart/values.yaml
View File

@@ -1,156 +1,83 @@
# turtlesUI: Manages the UI component.
turtlesUI:
# enabled: Turn UI on or off.
enabled: false
# version: UI version to use.
version: 0.8.2
# rancherTurtles: Sets up the cluster management controller.
version: v0.8.2
rancherTurtles:
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.20.0
imageVersion: v0.20.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# namespace: Select namespace for Turtles to run.
namespace: rancher-turtles-system
# managerArguments: Extra args for the controller.
managerArguments: []
# imagePullSecrets: Secrets for private registries.
imagePullSecrets: []
# rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
rancherInstalled: false
# kubectlImage: Image for kubectl tasks.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
# features: Optional and experimental features.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
features:
# day2operations: Alpha feature.
day2operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.20.0
imageVersion: v0.20.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
etcdBackupRestore:
# enabled: Turn on (true) or off (false).
enabled: false
# agent-tls-mode: Beta feature for agent TLS.
agent-tls-mode:
# enabled: Turn on or off.
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: true
# clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
clusterclass-operations:
# enabled: Turn on or off.
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
clusterclass-operations:
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.20.0
imageVersion: v0.20.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# cluster-api-operator: Manages Cluster API components.
cluster-api-operator:
# enabled: Turn on or off.
enabled: true
# cert-manager: Cert-manager integration.
cert-manager:
# enabled: Turn on or off.
enabled: false
# volumes: Volumes for operator pods (certs, config).
volumes:
- name: cert
secret:
# defaultMode: File permissions.
defaultMode: 420
# secretName: Secret for webhook certs.
secretName: capi-operator-webhook-service-cert
- name: clusterctl-config
configMap:
# name: ConfigMap for clusterctl.
name: clusterctl-config
resources:
manager:
limits:
cpu: 100m
memory: 300Mi
requests:
cpu: 100m
memory: 100Mi
# image: registry.rancher.com/rancher/rancher/turtles
image:
manager:
# repository: Image repo.
repository: registry.rancher.com/rancher/cluster-api-operator
# volumeMounts: Mount volumes to pods.
volumeMounts:
manager:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
# readOnly: Mount as read-only.
readOnly: true
- mountPath: /config
name: clusterctl-config
# readOnly: Mount as read-only.
readOnly: true
# cleanup: Enable cleanup tasks.
cleanup: true
# cluster-api: Cluster API component settings.
cluster-api:
# enabled: Turn on or off.
enabled: true
# configSecret: Secret for Cluster API config.
configSecret:
# name: Custom secret name (if overriding).
name: ""
# defaultName: Default secret name.
defaultName: capi-env-variables
# core: Core Cluster API settings.
core:
# namespace: Core component namespace.
namespace: capi-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# rke2: RKE2 provider settings.
rke2:
# enabled: Turn on or off.
enabled: true
# version: RKE2 version.
version: "v0.16.1"
# bootstrap: RKE2 bootstrap provider.
version: ""
bootstrap:
# namespace: Bootstrap namespace.
namespace: rke2-bootstrap-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# controlPlane: RKE2 control plane provider.
controlPlane:
# namespace: Control plane namespace.
namespace: rke2-control-plane-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
metal3:
enabled: true

6
release-manifest-image/Dockerfile
View File

@@ -1,4 +1,4 @@
#!BuildTag: %%IMG_PREFIX%%release-manifest:3.3.1
#!BuildTag: %%IMG_PREFIX%%release-manifest:3.3.0
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
@@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SUSE Edge Release Manifest"
LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release"
LABEL org.opencontainers.image.version="3.3.1"
LABEL org.opencontainers.image.version="3.3.0"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.3.1"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.3.0"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

82
release-manifest-image/release_manifest.yaml
View File

@@ -1,13 +1,13 @@
apiVersion: lifecycle.suse.com/v1alpha1
kind: ReleaseManifest
metadata:
name: release-manifest-3-3-1
name: release-manifest-3-3-0
spec:
releaseVersion: 3.3.1
releaseVersion: 3.3.0
components:
kubernetes:
k3s:
version: v1.32.4+k3s1
version: v1.32.2+k3s1
coreComponents:
- name: traefik-crd
version: 34.2.1+up34.2.0
@@ -23,7 +23,7 @@ spec:
- name: coredns
containers:
- name: coredns
image: rancher/mirrored-coredns-coredns:1.12.1
image: rancher/mirrored-coredns-coredns:1.12.0
type: Deployment
- name: metrics-server
containers:
@@ -31,25 +31,25 @@ spec:
image: rancher/mirrored-metrics-server:v0.7.2
type: Deployment
rke2:
version: v1.32.4+rke2r1
version: v1.32.2+rke2r1
coreComponents:
- name: rke2-cilium
version: 1.17.300
version: 1.17.000
type: HelmChart
- name: rke2-canal
version: v3.29.3-build2025040801
version: v3.29.2-build2025021800
type: HelmChart
- name: rke2-calico-crd
version: v3.29.101
type: HelmChart
- name: rke2-calico
version: v3.29.300
version: v3.29.200
type: HelmChart
- name: rke2-coredns
version: 1.39.201
version: 1.36.102
type: HelmChart
- name: rke2-ingress-nginx
version: 4.12.101
version: 4.12.005
type: HelmChart
- name: rke2-metrics-server
version: 3.12.200
@@ -89,64 +89,64 @@ spec:
- prettyName: Rancher
releaseName: rancher
chart: rancher
version: 2.11.2
repository: https://charts.rancher.com/server-charts/prime
version: 2.11.0-alpha11
repository: https://releases.rancher.com/server-charts/alpha
values:
postDelete:
enabled: false
- prettyName: Longhorn
releaseName: longhorn
chart: longhorn
version: 106.2.0+up1.8.1
version: 105.1.1+up1.7.3
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: longhorn-crd
chart: longhorn-crd
version: 106.2.0+up1.8.1
version: 105.1.1+up1.7.3
repository: https://charts.rancher.io
- prettyName: MetalLB
releaseName: metallb
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metallb"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%metallb
version: %%CHART_MAJOR%%.0.0+up0.14.9
- prettyName: CDI
releaseName: cdi
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%cdi"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%cdi
version: %%CHART_MAJOR%%.0.0+up0.4.0
- prettyName: KubeVirt
releaseName: kubevirt
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt
version: %%CHART_MAJOR%%.0.0+up0.4.0
addonCharts:
- releaseName: kubevirt-dashboard-extension
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension"
version: "%%CHART_MAJOR%%.0.2+up1.3.2"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension
version: %%CHART_MAJOR%%.0.1+up1.3.1
- prettyName: NeuVector
releaseName: neuvector
chart: neuvector
version: 106.0.1+up2.8.6
version: 105.0.1+up2.8.4
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: neuvector-crd
chart: neuvector-crd
version: 106.0.1+up2.8.6
version: 105.0.1+up2.8.4
repository: https://charts.rancher.io
addonCharts:
- releaseName: neuvector-ui-ext
chart: neuvector-ui-ext
repository: https://github.com/rancher/ui-plugin-charts/raw/main
version: 2.1.3
version: 2.0.1
- prettyName: EndpointCopierOperator
releaseName: endpoint-copier-operator
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator
version: %%CHART_MAJOR%%.0.0+up0.2.1
- prettyName: Elemental
releaseName: elemental-operator
chart: oci://registry.suse.com/rancher/elemental-operator-chart
version: 1.6.8
version: 1.6.5
dependencyCharts:
- releaseName: elemental-operator-crds
chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
version: 1.6.8
version: 1.6.5
addonCharts:
- releaseName: elemental
chart: elemental
@@ -154,25 +154,25 @@ spec:
version: 3.0.0
- prettyName: SRIOV
releaseName: sriov-network-operator
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator
version: %%CHART_MAJOR%%.0.0+up1.4.0
dependencyCharts:
- releaseName: sriov-crd
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd
version: %%CHART_MAJOR%%.0.0+up1.4.0
- prettyName: Akri
releaseName: akri
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri"
version: "%%CHART_MAJOR%%.0.0+up0.12.20"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri
version: %%CHART_MAJOR%%.0.0+up0.12.20
addonCharts:
- releaseName: akri-dashboard-extension
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension"
version: "%%CHART_MAJOR%%.0.2+up1.3.1"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension
version: %%CHART_MAJOR%%.0.1+up1.3.0
- prettyName: Metal3
releaseName: metal3
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
version: "%%CHART_MAJOR%%.0.7+up0.11.5"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%metal3
version: %%CHART_MAJOR%%.0.0+up0.10.0
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
version: "%%CHART_MAJOR%%.0.3+up0.20.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles
version: %%CHART_MAJOR%%.0.0+up0.17.0

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.0+up1.4.0"

178
sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml
View File

@@ -14,92 +14,92 @@ spec:
singular: ovsnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: OVSNetwork is the Schema for the ovsnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: OVSNetworkSpec defines the desired state of OVSNetwork
properties:
bridge:
description: |-
name of the OVS bridge, if not set OVS will automatically select bridge
based on VF PCI address
type: string
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
interfaceType:
description: The type of interface on ovs.
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
metaPlugins:
description: MetaPluginsConfig configuration to be used in order to
chain metaplugins
type: string
mtu:
description: Mtu for the OVS port
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: OVS Network device plugin endpoint resource name
type: string
trunk:
description: Trunk configuration for the OVS port
items:
description: TrunkConfig contains configuration for bridge trunk
properties:
id:
maximum: 4095
minimum: 0
type: integer
maxID:
maximum: 4095
minimum: 0
type: integer
minID:
maximum: 4095
minimum: 0
type: integer
type: object
type: array
vlan:
description: Vlan to assign for the OVS port
maximum: 4095
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: OVSNetworkStatus defines the observed state of OVSNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: OVSNetwork is the Schema for the ovsnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: OVSNetworkSpec defines the desired state of OVSNetwork
properties:
bridge:
description: |-
name of the OVS bridge, if not set OVS will automatically select bridge
based on VF PCI address
type: string
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
interfaceType:
description: The type of interface on ovs.
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
metaPlugins:
description: MetaPluginsConfig configuration to be used in order to
chain metaplugins
type: string
mtu:
description: Mtu for the OVS port
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: OVS Network device plugin endpoint resource name
type: string
trunk:
description: Trunk configuration for the OVS port
items:
description: TrunkConfig contains configuration for bridge trunk
properties:
id:
maximum: 4095
minimum: 0
type: integer
maxID:
maximum: 4095
minimum: 0
type: integer
minID:
maximum: 4095
minimum: 0
type: integer
type: object
type: array
vlan:
description: Vlan to assign for the OVS port
maximum: 4095
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: OVSNetworkStatus defines the observed state of OVSNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

124
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml
View File

@@ -14,65 +14,65 @@ spec:
singular: sriovibnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovIBNetwork is the Schema for the sriovibnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
required:
- resourceName
type: object
status:
description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: SriovIBNetwork is the Schema for the sriovibnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
required:
- resourceName
type: object
status:
description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

382
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml
View File

@@ -14,200 +14,196 @@ spec:
singular: sriovnetworknodepolicy
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
properties:
bridge:
description: |-
contains bridge configuration for matching PFs,
valid only for eSwitchMode==switchdev
properties:
ovs:
description: contains configuration for the OVS bridge,
properties:
bridge:
description: contains bridge level settings
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
properties:
bridge:
description: |-
contains bridge configuration for matching PFs,
valid only for eSwitchMode==switchdev
properties:
ovs:
description: contains configuration for the OVS bridge,
properties:
bridge:
description: contains bridge level settings
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in the
Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
uplink:
description: contains settings for uplink (PF)
properties:
interface:
description: contains settings for PF interface in the
OVS bridge
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface table
in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface table
in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface table
in OVSDB
type: object
type:
description: type field in the Interface table in
OVSDB
description: IDs to inject to external_ids field in the
Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
uplink:
description: contains settings for uplink (PF)
properties:
interface:
description: contains settings for PF interface in the
OVS bridge
properties:
externalIDs:
additionalProperties:
type: string
type: object
type: object
type: object
type: object
deviceType:
default: netdevice
description: The driver type for configured VFs. Allowed value "netdevice",
"vfio-pci". Defaults to netdevice.
enum:
- netdevice
- vfio-pci
type: string
eSwitchMode:
description: NIC Device Mode. Allowed value "legacy","switchdev".
enum:
- legacy
- switchdev
type: string
excludeTopology:
description: Exclude device's NUMA node when advertising this resource
by SRIOV network device plugin. Default to false.
type: boolean
externallyManaged:
description: don't create the virtual function only allocated them
to the device plugin. Defaults to false.
type: boolean
isRdma:
description: RDMA mode. Defaults to false.
type: boolean
linkType:
description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
"IB".
enum:
- eth
- ETH
- ib
- IB
type: string
mtu:
description: MTU of VF
minimum: 1
type: integer
needVhostNet:
description: mount vhost-net device. Defaults to false.
type: boolean
nicSelector:
description: NicSelector selects the NICs to be configured
properties:
deviceID:
description: The device hex code of SR-IoV device. Allowed value
"0d58", "1572", "158b", "1013", "1015", "1017", "101b".
type: string
netFilter:
description: Infrastructure Networking selection filter. Allowed
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
description: external_ids field in the Interface table
in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface table
in OVSDB
type: object
type:
description: type field in the Interface table in
OVSDB
type: string
type: object
type: object
type: object
type: object
deviceType:
default: netdevice
description: The driver type for configured VFs. Allowed value "netdevice",
"vfio-pci". Defaults to netdevice.
enum:
- netdevice
- vfio-pci
type: string
eSwitchMode:
description: NIC Device Mode. Allowed value "legacy","switchdev".
enum:
- legacy
- switchdev
type: string
excludeTopology:
description: Exclude device's NUMA node when advertising this resource
by SRIOV network device plugin. Default to false.
type: boolean
externallyManaged:
description: don't create the virtual function only allocated them
to the device plugin. Defaults to false.
type: boolean
isRdma:
description: RDMA mode. Defaults to false.
type: boolean
linkType:
description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
"IB".
enum:
- eth
- ETH
- ib
- IB
type: string
mtu:
description: MTU of VF
minimum: 1
type: integer
needVhostNet:
description: mount vhost-net device. Defaults to false.
type: boolean
nicSelector:
description: NicSelector selects the NICs to be configured
properties:
deviceID:
description: The device hex code of SR-IoV device. Allowed value
"0d58", "1572", "158b", "1013", "1015", "1017", "101b".
type: string
description: NodeSelector selects the nodes to be configured
type: object
numVfs:
description: Number of VFs for each PF
minimum: 0
type: integer
priority:
description: Priority of the policy, higher priority policies can
override lower ones.
maximum: 99
minimum: 0
type: integer
resourceName:
description: SRIOV Network device plugin endpoint resource name
netFilter:
description: Infrastructure Networking selection filter. Allowed
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
type: string
vdpaType:
description: VDPA device type. Allowed value "virtio", "vhost"
enum:
- virtio
- vhost
type: string
required:
- nicSelector
- nodeSelector
- numVfs
- resourceName
type: object
status:
description: SriovNetworkNodePolicyStatus defines the observed state of
SriovNetworkNodePolicy
type: object
type: object
served: true
storage: true
subresources:
status: {}
description: NodeSelector selects the nodes to be configured
type: object
numVfs:
description: Number of VFs for each PF
minimum: 0
type: integer
priority:
description: Priority of the policy, higher priority policies can
override lower ones.
maximum: 99
minimum: 0
type: integer
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
vdpaType:
description: VDPA device type. Allowed value "virtio", "vhost"
enum:
- virtio
- vhost
type: string
required:
- nicSelector
- nodeSelector
- numVfs
- resourceName
type: object
status:
description: SriovNetworkNodePolicyStatus defines the observed state of
SriovNetworkNodePolicy
type: object
type: object
served: true
storage: true
subresources:
status: {}

662
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml
View File

@@ -14,356 +14,330 @@ spec:
singular: sriovnetworknodestate
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
name: Desired Sync State
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
name: Current Sync State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkType:
type: string
mtu:
type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
items:
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
name: Desired Sync State
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
name: Current Sync State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
deviceType:
type: string
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
type: array
required:
- pciAddress
type: object
type: array
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
pciAddress:
type: string
representorName:
type: string
vdpaType:
type: string
vendor:
type: string
vfID:
type: integer
required:
description: external_ids field in the Interface
table in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
- vfID
type: object
type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object
type: array
lastSyncError:
type: string
syncStatus:
type: string
system:
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkType:
type: string
mtu:
type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
items:
properties:
deviceType:
type: string
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
type: string
type: object
type: array
required:
- pciAddress
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
type: array
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
pciAddress:
type: string
representorName:
type: string
vdpaType:
type: string
vendor:
type: string
vfID:
type: integer
required:
- pciAddress
- vfID
type: object
type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object
type: array
lastSyncError:
type: string
syncStatus:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

210
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -14,116 +14,110 @@ spec:
singular: sriovnetworkpoolconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
maxUnavailable defines either an integer number or percentage
of nodes in the pool that can go Unavailable during an update.
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
maxUnavailable defines either an integer number or percentage
of nodes in the pool that can go Unavailable during an update.
A value larger than 1 will mean multiple nodes going unavailable during
the update, which may affect your workload stress on the remaining nodes.
Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
even if maxUnavailable is greater than one.
x-kubernetes-int-or-string: true
nodeSelector:
description: nodeSelector specifies a label selector for Nodes
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
A value larger than 1 will mean multiple nodes going unavailable during
the update, which may affect your workload stress on the remaining nodes.
Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
even if maxUnavailable is greater than one.
x-kubernetes-int-or-string: true
nodeSelector:
description: nodeSelector specifies a label selector for Nodes
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: object
x-kubernetes-map-type: atomic
ovsHardwareOffloadConfig:
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
for selected Nodes
properties:
name:
description: |-
Name is mandatory and must be unique.
On Kubernetes:
Name is the name of OvsHardwareOffloadConfig
On OpenShift:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: array
matchLabels:
additionalProperties:
type: string
type: object
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of
SriovNetworkPoolConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
ovsHardwareOffloadConfig:
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
for selected Nodes
properties:
name:
description: |-
Name is mandatory and must be unique.
On Kubernetes:
Name is the name of OvsHardwareOffloadConfig
On OpenShift:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
type: object
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of
SriovNetworkPoolConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}

240
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml
View File

@@ -14,123 +14,123 @@ spec:
singular: sriovnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetwork is the Schema for the sriovnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkSpec defines the desired state of SriovNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
logFile:
description: |-
LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
to multus and container runtime logs.
type: string
logLevel:
default: info
description: |-
LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
to info if left blank.
enum:
- panic
- error
- warning
- info
- debug
- ""
type: string
maxTxRate:
description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting)
minimum: 0
type: integer
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
minTxRate:
description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting). min_tx_rate should be <= max_tx_rate.
minimum: 0
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
spoofChk:
description: VF spoof check, (on|off)
enum:
- "on"
- "off"
type: string
trust:
description: VF trust mode (on|off)
enum:
- "on"
- "off"
type: string
vlan:
description: VLAN ID to assign for the VF. Defaults to 0.
maximum: 4096
minimum: 0
type: integer
vlanProto:
description: VLAN proto to assign for the VF. Defaults to 802.1q.
enum:
- 802.1q
- 802.1Q
- 802.1ad
- 802.1AD
type: string
vlanQoS:
description: VLAN QoS ID to assign for the VF. Defaults to 0.
maximum: 7
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: SriovNetworkStatus defines the observed state of SriovNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: SriovNetwork is the Schema for the sriovnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkSpec defines the desired state of SriovNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
logFile:
description: |-
LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
to multus and container runtime logs.
type: string
logLevel:
default: info
description: |-
LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
to info if left blank.
enum:
- panic
- error
- warning
- info
- debug
- ""
type: string
maxTxRate:
description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting)
minimum: 0
type: integer
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
minTxRate:
description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting). min_tx_rate should be <= max_tx_rate.
minimum: 0
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
spoofChk:
description: VF spoof check, (on|off)
enum:
- "on"
- "off"
type: string
trust:
description: VF trust mode (on|off)
enum:
- "on"
- "off"
type: string
vlan:
description: VLAN ID to assign for the VF. Defaults to 0.
maximum: 4096
minimum: 0
type: integer
vlanProto:
description: VLAN proto to assign for the VF. Defaults to 802.1q.
enum:
- 802.1q
- 802.1Q
- 802.1ad
- 802.1AD
type: string
vlanQoS:
description: VLAN QoS ID to assign for the VF. Defaults to 0.
maximum: 7
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: SriovNetworkStatus defines the observed state of SriovNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

190
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml
View File

@@ -14,101 +14,101 @@ spec:
singular: sriovoperatorconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
properties:
configDaemonNodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
configurationMode:
description: |-
Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
Default mode: daemon
- name: v1
schema:
openAPIV3Schema:
description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
properties:
configDaemonNodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
configurationMode:
description: |-
Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
Default mode: daemon
enum:
- daemon
- systemd
type: string
disableDrain:
description: Flag to disable nodes drain during debugging
type: boolean
disablePlugins:
description: DisablePlugins is a list of sriov-network-config-daemon
plugins to disable
items:
description: PluginNameValue defines the plugin name
enum:
- daemon
- systemd
- mellanox
type: string
disableDrain:
description: Flag to disable nodes drain during debugging
type: array
enableInjector:
description: Flag to control whether the network resource injector
webhook shall be deployed
type: boolean
enableOperatorWebhook:
description: Flag to control whether the operator admission controller
webhook shall be deployed
type: boolean
enableOvsOffload:
description: Flag to enable OVS hardware offload. Set to 'true' to
provision switchdev-configuration.service and enable OpenvSwitch
hw-offload on nodes.
type: boolean
featureGates:
additionalProperties:
type: boolean
disablePlugins:
description: DisablePlugins is a list of sriov-network-config-daemon
plugins to disable
items:
description: PluginNameValue defines the plugin name
enum:
- mellanox
type: string
type: array
enableInjector:
description: Flag to control whether the network resource injector
webhook shall be deployed
type: boolean
enableOperatorWebhook:
description: Flag to control whether the operator admission controller
webhook shall be deployed
type: boolean
enableOvsOffload:
description: Flag to enable OVS hardware offload. Set to 'true' to
provision switchdev-configuration.service and enable OpenvSwitch
hw-offload on nodes.
type: boolean
featureGates:
additionalProperties:
type: boolean
description: FeatureGates to enable experimental features
type: object
logLevel:
description: Flag to control the log verbose level of the operator.
Set to '0' to show only the basic logs. And set to '2' to show all
the available logs.
maximum: 2
minimum: 0
type: integer
useCDI:
description: Flag to enable Container Device Interface mode for SR-IOV
Network Device Plugin
type: boolean
type: object
status:
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
properties:
injector:
description: Show the runtime status of the network resource injector
webhook
type: string
operatorWebhook:
description: Show the runtime status of the operator admission controller
webhook
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
description: FeatureGates to enable experimental features
type: object
logLevel:
description: Flag to control the log verbose level of the operator.
Set to '0' to show only the basic logs. And set to '2' to show all
the available logs.
maximum: 2
minimum: 0
type: integer
useCDI:
description: Flag to enable Container Device Interface mode for SR-IOV
Network Device Plugin
type: boolean
type: object
status:
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
properties:
injector:
description: Show the runtime status of the network resource injector
webhook
type: string
operatorWebhook:
description: Show the runtime status of the operator admission controller
webhook
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

8
sriov-network-operator-chart/.checks_helm.yaml
View File

@@ -1,2 +1,10 @@
extra_apis:
- k8s.cni.cncf.io/v1/NetworkAttachmentDefinition
image_exceptions:
- rancher/hardened-sriov-network-operator
- rancher/hardened-sriov-network-config-daemon
- rancher/hardened-sriov-cni
- rancher/hardened-ib-sriov-cni
- rancher/hardened-sriov-network-device-plugin
- rancher/hardened-sriov-network-resources-injector
- rancher/hardened-sriov-network-webhook

24
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,28 +1,28 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.5.0
catalog.cattle.io/upstream-version: 1.4.0
apiVersion: v2
appVersion: v1.5.0
appVersion: v1.4.0
dependencies:
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
description: SR-IOV network operator configures and manages SR-IOV networks in the
kubernetes cluster
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.24.0-0'
- sriov
kubeVersion: '>= 1.16.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.0+up1.4.0"

12
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator
```
#### Deploy from project sources
@@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se
$ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator
# Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator
# View deployed resources
$ kubectl -n sriov-network-operator get pods
@@ -123,16 +123,10 @@ This section contains general parameters that apply to both the operator and dae
| Name | Type | Default | description |
| ---- | ---- | ------- | ----------- |
| `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node selectors for sriov-network-config-daemon |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node slectors for sriov-network-config-daemon |
| `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon |
| `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason |
| `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
| `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
**Note**
When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
### Images parameters

2
sriov-network-operator-chart/_service
View File

@@ -2,7 +2,7 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="eval">CHAT_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>

5
sriov-network-operator-chart/app-README.md
View File

@@ -4,9 +4,10 @@ This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator
The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

8
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -4,11 +4,11 @@ description: Detects hardware features available on each node in a Kubernetes cl
and advertises those features using node labels
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
- feature-discovery
- feature-detection
- node-labels
- feature-discovery
- feature-detection
- node-labels
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.7

674
sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml
View File

@@ -14,100 +14,100 @@ spec:
singular: nodefeature
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
properties:
features:
description: Features is the full "raw" features data that has been
discovered.
properties:
attributes:
additionalProperties:
description: AttributeFeatureSet is a set of features having
string value.
properties:
elements:
additionalProperties:
type: string
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
properties:
features:
description: Features is the full "raw" features data that has been
discovered.
properties:
attributes:
additionalProperties:
description: AttributeFeatureSet is a set of features having
string value.
properties:
elements:
additionalProperties:
type: string
type: object
required:
- elements
type: object
description: Attributes contains all the attribute-type features
of the node.
type: object
flags:
additionalProperties:
description: FlagFeatureSet is a set of simple features only
containing names without values.
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
type: object
required:
- elements
type: object
description: Attributes contains all the attribute-type features
of the node.
type: object
required:
- elements
type: object
flags:
additionalProperties:
description: FlagFeatureSet is a set of simple features only
containing names without values.
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
type: object
description: Flags contains all the flag-type features of the
node.
type: object
instances:
additionalProperties:
description: InstanceFeatureSet is a set of features each of
which is an instance having multiple attributes.
properties:
elements:
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
properties:
attributes:
additionalProperties:
type: string
type: object
required:
- attributes
type: object
required:
- elements
type: object
description: Flags contains all the flag-type features of the
node.
type: array
required:
- elements
type: object
instances:
additionalProperties:
description: InstanceFeatureSet is a set of features each of
which is an instance having multiple attributes.
properties:
elements:
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
properties:
attributes:
additionalProperties:
type: string
type: object
required:
- attributes
type: object
type: array
required:
- elements
type: object
description: Instances contains all the instance-type features
of the node.
type: object
type: object
labels:
additionalProperties:
type: string
description: Labels is the set of node labels that are requested to
be created.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
description: Instances contains all the instance-type features
of the node.
type: object
type: object
labels:
additionalProperties:
type: string
description: Labels is the set of node labels that are requested to
be created.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -122,184 +122,127 @@ spec:
listKind: NodeFeatureRuleList
plural: nodefeaturerules
shortNames:
- nfr
- nfr
singular: nodefeaturerule
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
properties:
rules:
description: Rules is a list of node customization rules.
items:
description: Rule defines a rule for node customization such as
labeling.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
description: ExtendedResources to create if the rule matches.
type: object
labels:
additionalProperties:
type: string
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
properties:
rules:
description: Rules is a list of node customization rules.
items:
description: Rule defines a rule for node customization such as
labeling.
properties:
annotations:
additionalProperties:
type: string
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
description: ExtendedResources to create if the rule matches.
type: object
labels:
additionalProperties:
type: string
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
items:
type: string
type: array
required:
- op
- op
type: object
required:
- feature
type: object
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
@@ -310,42 +253,63 @@ spec:
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
items:
type: string
type: array
required:
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
type: object
required:
- feature
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
@@ -353,74 +317,110 @@ spec:
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
- op
type: object
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: array
name:
description: Name of the rule.
type: string
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
type: string
required:
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
type: object
served: true
storage: true
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
type: object
served: true
storage: true

20
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml
View File

@@ -10,14 +10,14 @@ spec:
secretName: nfd-master-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-master
dnsNames:
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
@@ -34,10 +34,10 @@ spec:
secretName: nfd-worker-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-worker
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
@@ -55,10 +55,10 @@ spec:
secretName: nfd-topology-updater-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-topology-updater
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer

10
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,8 +1,8 @@
{{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
@@ -23,7 +23,7 @@ spec:
secretName: nfd-ca-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-ca-cert
issuerRef:
name: nfd-ca-bootstrap

176
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,40 +6,40 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
- nodefeaturerules
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
- nodefeaturerules
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
{{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -51,33 +51,33 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- create
- get
- update
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -89,31 +89,31 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }}

18
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -10,9 +10,9 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -28,9 +28,9 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -46,7 +46,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

Some files were not shown because too many files have changed in this diff Show More