dprodanov/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: dprodanov:main
Branches Tags
dprodanov:main dprodanov:3.3 dprodanov:3.2 dprodanov:kube-rbac-proxy-bump dprodanov:kubectl-1.32.4 dprodanov:devel suse-edge:c-v-0.2.3 suse-edge:3.2 suse-edge:main suse-edge:3.3 suse-edge:3.4 suse-edge:devel
...
pull from: suse-edge:c-v-0.2.3
Branches Tags
suse-edge:c-v-0.2.3 suse-edge:3.2 suse-edge:main suse-edge:3.3 suse-edge:3.4 suse-edge:devel dprodanov:main dprodanov:3.3 dprodanov:3.2 dprodanov:kube-rbac-proxy-bump dprodanov:kubectl-1.32.4 dprodanov:devel

10 Commits
main ... c-v-0.2.3

Author SHA256 Message Date
e-minguez
13db0686be fix: Bump c-v to 0.2.3 to include 3.2.2 manifest 2025-11-12 15:02:51 +01:00
Antonio Alonso Alarcon
f9bdebe175 Updates release_images.yaml and release_manifest.yaml files with new SRIOV images and charts versions 2025-11-03 23:51:53 +01:00
Antonio Alonso Alarcon
e8710ba4f7 Upgrades sriov-network-operator CHART (upstream v1.5.0 -> v1.6.0) including sriov-nfd subCHART (upstream v0.15.7 -> v0.18.2) 2025-11-03 23:51:40 +01:00
Antonio Alonso Alarcon
b7ce8e2ce9 Upgrades sriov-crd CHART (upstream v1.5.0 -> v1.6.0) 2025-11-03 23:12:03 +01:00
Antonio Alonso Alarcon
36c4408bdd Upgrades node-feature-discovery RPM (upstream v0.15.7 -> v0.18.2) 2025-11-03 23:11:52 +01:00
Antonio Alonso Alarcon
49fc45f784 Upgrades network-resources-injector RPM (upstream v1.7.1 -> v1.8.0) 2025-11-03 23:11:20 +01:00
Antonio Alonso Alarcon
9c7effe6dc Upgrades sriov-network-device-plugin RPM (upstream v3.9.0 -> v3.10.0) 2025-11-03 23:11:08 +01:00
Antonio Alonso Alarcon
c821d0c02f Upgrades ib-sriov-cni RPM (upstream v1.2.1 -> v1.3.0) 2025-11-03 23:10:56 +01:00
Antonio Alonso Alarcon
e3ddef8e08 Upgrades sriov-cni RPM (upstream v2.9.0 -> v2.10.0) 2025-11-03 23:10:05 +01:00
Antonio Alonso Alarcon
7b69b6caba Upgrades sriov-network-operator RPM (upstream v1.5.0 -> v1.6.0) 2025-11-03 23:09:19 +01:00
69 changed files with 3268 additions and 2737 deletions
Expand all files Collapse all files

2
ib-sriov-cni/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/ib-sriov-cni</param>
<param name="scm">git</param>
<param name="revision">v1.2.1</param>
<param name="revision">v1.3.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

2
ib-sriov-cni/ib-sriov-cni.spec
View File

@@ -24,7 +24,7 @@ License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/ib-sriov-cni
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
BuildRequires: golang(API) = 1.24
ExcludeArch: s390
ExcludeArch: %{ix86}

2
network-resources-injector/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/network-resources-injector</param>
<param name="scm">git</param>
<param name="revision">v1.7.1</param>
<param name="revision">v1.8.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

2
network-resources-injector/network-resources-injector.spec
View File

@@ -24,7 +24,7 @@ License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/network-resources-injector
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.21
BuildRequires: golang(API) = 1.24
ExcludeArch: s390
ExcludeArch: %{ix86}

2
node-feature-discovery/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/node-feature-discovery</param>
<param name="scm">git</param>
<param name="revision">v0.15.7</param>
<param name="revision">v0.18.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

8
node-feature-discovery/node-feature-discovery.spec
View File

@@ -25,7 +25,7 @@ URL: https://github.com/kubernetes-sigs/node-feature-discovery
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: glibc-static
BuildRequires: golang(API) = 1.21
BuildRequires: golang(API) = 1.25
ExcludeArch: s390
ExcludeArch: %{ix86}
@@ -48,6 +48,9 @@ NFD consists of four software components:
- nfd-gc:
daemon responsible for cleaning obsolete NodeFeature and NodeResourceTopology objects.
One instance of nfd-gc is supposed to be running in the cluster.
- nfd:
client able to export features or labels in a generic context (e.g., compute nodes that warrant assessment, but may not have Kubernetes running,
or may not be able to or want to run a central daemon service for data).
%prep
%autosetup -a1 -n %{name}-%{version} -p1
@@ -67,6 +70,7 @@ CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -l
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-master ./cmd/nfd-master
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-worker ./cmd/nfd-worker
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-topology-updater ./cmd/nfd-topology-updater
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd ./cmd/nfd
%install
install -D -m0755 kubectl-nfd %{buildroot}%{_bindir}/kubectl-nfd
@@ -74,6 +78,7 @@ install -D -m0755 nfd-gc %{buildroot}%{_bindir}/nfd-gc
install -D -m0755 nfd-master %{buildroot}%{_bindir}/nfd-master
install -D -m0755 nfd-worker %{buildroot}%{_bindir}/nfd-worker
install -D -m0755 nfd-topology-updater %{buildroot}%{_bindir}/nfd-topology-updater
install -D -m0755 nfd %{buildroot}%{_bindir}/nfd
install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{buildroot}%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
%files
@@ -84,6 +89,7 @@ install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example
%{_bindir}/nfd-master
%{_bindir}/nfd-worker
%{_bindir}/nfd-topology-updater
%{_bindir}/nfd
%dir %{_sysconfdir}/kubernetes
%dir %{_sysconfdir}/kubernetes/node-feature-discovery
%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf

2
python-suse-edge-components-versions/python-suse-edge-components-versions.spec
View File

@@ -20,7 +20,7 @@
%endif
Name: python-suse-edge-components-versions
Version: 0.2.2
Version: 0.2.3
Release: 0%{?dist}
Summary: A tool to gather and display component versions for SUSE Edge products.
License: Apache-2.0

16
release-manifest-image/release_images.yaml
View File

@@ -11,14 +11,14 @@ images:
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.5.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.5.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.5.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.9.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.2.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.9.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.7.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.15.7
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.8.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.18.2
- name: registry.rancher.com/rancher/fleet-agent:v0.13.1
- name: registry.rancher.com/rancher/fleet:v0.13.1
- name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611

4
release-manifest-image/release_manifest.yaml
View File

@@ -155,11 +155,11 @@ spec:
- prettyName: SRIOV
releaseName: sriov-network-operator
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
version: '%%CHART_MAJOR%%.0.3+up1.5.0'
version: '%%CHART_MAJOR%%.0.4+up1.6.0'
dependencyCharts:
- releaseName: sriov-crd
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'
version: '%%CHART_MAJOR%%.0.2+up1.5.0'
version: '%%CHART_MAJOR%%.0.4+up1.6.0'
- prettyName: Akri
releaseName: akri
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri'

2
sriov-cni/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-cni</param>
<param name="scm">git</param>
<param name="revision">v2.9.0</param>
<param name="revision">v2.10.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

2
sriov-cni/sriov-cni.spec
View File

@@ -24,7 +24,7 @@ License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-cni
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.4+up1.6.0"

2
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -83,11 +83,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

2
sriov-network-device-plugin/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin</param>
<param name="scm">git</param>
<param name="revision">v3.9.0</param>
<param name="revision">v3.10.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

35
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,28 +1,27 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
apiVersion: v2
name: sriov-network-operator
version: "%%CHART_MAJOR%%.0.4+up1.6.0"
kubeVersion: '>= 1.24.0-0'
appVersion: v1.6.0
description: SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster
type: application
keywords:
- sriov
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.5.0
apiVersion: v2
appVersion: v1.5.0
catalog.cattle.io/upstream-version: 1.6.0
dependencies:
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
description: SR-IOV network operator configures and manages SR-IOV networks in the
kubernetes cluster
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.24.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.3+up1.5.0"
version: 0.18.2

12
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --version 1.5.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
```
#### Deploy from project sources
@@ -84,6 +84,12 @@ We have introduced the following Chart parameters.
| `operator.resourcePrefix` | string | `openshift.io` | Device plugin resource prefix |
| `operator.cniBinPath` | string | `/opt/cni/bin` | Path for CNI binary |
| `operator.clustertype` | string | `kubernetes` | Cluster environment type |
| `operator.metricsExporter.port` | string | `9110` | Port where the Network Metrics Exporter listen |
| `operator.metricsExporter.certificates.secretName` | string | `metrics-exporter-cert` | Secret name to serve metrics via TLS. The secret must have the same fields as `operator.admissionControllers.certificates.secretNames` |
| `operator.metricsExporter.prometheusOperator.enabled` | bool | false | Wheter the operator shoud configure Prometheus resources or not (e.g. `ServiceMonitors`). |
| `operator.metricsExporter.prometheusOperator.serviceAccount` | string | `prometheus-k8s` | The service account used by the Prometheus Operator. This is used to give Prometheus the permission to list resource in the SR-IOV operator namespace |
| `operator.metricsExporter.prometheusOperator.namespace` | string | `monitoring` | The namespace where the Prometheus Operator is installed. Setting this variable makes the operator deploy `monitoring.coreos.com` resources. |
| `operator.metricsExporter.prometheusOperator.deployRules` | bool | false | Whether the operator should deploy `PrometheusRules` to scrape namespace version of metrics. |
#### Admission Controllers parameters
@@ -142,9 +148,13 @@ Upon chart deletion, those files are not cleaned up. For cases where this is not
| `images.sriovConfigDaemon` | Daemon node agent image |
| `images.sriovCni` | SR-IOV CNI image |
| `images.ibSriovCni` | InfiniBand SR-IOV CNI image |
| `images.ovsCni` | OVS CNI image |
| `images.rdmaCni` | RDMA CNI image |
| `images.sriovDevicePlugin` | SR-IOV device plugin image |
| `images.resourcesInjector` | Resources Injector image |
| `images.webhook` | Operator Webhook image |
| `images.metricsExporter` | Network Metrics Exporter image |
| `images.metricsExporterKubeRbacProxy` | Kube RBAC Proxy image used for metrics exporter |
### Extra objects parameters

6
sriov-network-operator-chart/_service
View File

@@ -9,12 +9,6 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">charts/sriov-nfd/values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

12
sriov-network-operator-chart/app-README.md
View File

@@ -1,12 +0,0 @@
# Rancher SR-IOV Network Operator
This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator](https://github.com/k8snetworkplumbingwg/sriov-network-operator) project. The chart deploys the SR-IOV Operator and its CRDs, which are designed to help the user provision and configure the SR-IOV CNI in a cluster that uses [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni), to provide high performing extra network interfaces to pods. This chart is expected to be deployed on an RKE2 cluster and only meant for advanced use cases where multiple CNI plugins and high performing network interfaces on pods are required. Users who do not need these features are not advised to install this chart.
The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

15
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -1,14 +1,15 @@
apiVersion: v2
appVersion: v0.15.7
description: Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels
appVersion: v0.18.2
description: |
Detects hardware features available on each node in a Kubernetes cluster, and advertises
those features using node labels.
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
- feature-discovery
- feature-detection
- node-labels
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.7
version: 0.18.2

2
sriov-network-operator-chart/charts/sriov-nfd/README.md
View File

@@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs.
See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.18/deployment/helm.html)
for deployment instructions.

562
sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeatures.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
@@ -17,23 +17,30 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
description: |-
NodeFeature resource holds the features discovered for one node in the
cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
description: Specification of the NodeFeature, containing features discovered
for a node.
properties:
features:
description: Features is the full "raw" features data that has been
@@ -47,6 +54,7 @@ spec:
elements:
additionalProperties:
type: string
description: Individual features of the feature set.
type: object
required:
- elements
@@ -61,9 +69,11 @@ spec:
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
description: |-
Nil is a dummy empty struct for protobuf compatibility.
NOTE: protobuf definitions have been removed but this is kept for API compatibility.
type: object
description: Individual features of the feature set.
type: object
required:
- elements
@@ -77,6 +87,7 @@ spec:
which is an instance having multiple attributes.
properties:
elements:
description: Individual features of the feature set.
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
@@ -84,6 +95,7 @@ spec:
attributes:
additionalProperties:
type: string
description: Attributes of the instance feature.
type: object
required:
- attributes
@@ -113,7 +125,323 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeaturegroups.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
names:
kind: NodeFeatureGroup
listKind: NodeFeatureGroupList
plural: nodefeaturegroups
shortNames:
- nfg
singular: nodefeaturegroup
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureGroup resource holds Node pools by featureGroup
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec defines the rules to be evaluated.
properties:
featureGroupRules:
description: List of rules to evaluate to determine nodes that belong
in this group.
items:
description: GroupRule defines a rule for nodegroup filtering.
properties:
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
vars:
additionalProperties:
type: string
description: |-
Vars is the variables to store if the rule matches. Variables can be
referenced from other rules enabling more complex rule hierarchies.
type: object
varsTemplate:
description: |-
VarsTemplate specifies a template to expand for dynamically generating
multiple variables. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- featureGroupRules
type: object
status:
description: |-
Status of the NodeFeatureGroup after the most recent evaluation of the
specification.
properties:
nodes:
description: Nodes is a list of FeatureGroupNode in the cluster that
match the featureGroupRules
items:
properties:
name:
description: Name of the node.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeaturerules.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
@@ -129,23 +457,29 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
description: |-
NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
description: Spec defines the rules to be evaluated.
properties:
rules:
description: Rules is a list of node customization rules.
@@ -169,10 +503,10 @@ spec:
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
description: |-
LabelsTemplate specifies a template to expand for dynamically generating
multiple labels. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
matchAny:
description: MatchAny specifies a list of matchers one of which
@@ -184,10 +518,10 @@ spec:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature
@@ -195,11 +529,10 @@ spec:
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
@@ -210,35 +543,40 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
@@ -249,20 +587,26 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
@@ -281,9 +625,10 @@ spec:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
@@ -291,11 +636,10 @@ spec:
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
@@ -306,32 +650,40 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
@@ -342,19 +694,26 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
@@ -371,21 +730,24 @@ spec:
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
description: |-
The node this Taint is attached to has the "effect" on
any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
description: |-
Required. The effect of the taint on pods
that do not tolerate the taint.
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
description: |-
TimeAdded represents the time at which the taint was added.
It is only written for NoExecute taints.
format: date-time
type: string
value:
@@ -400,17 +762,17 @@ spec:
vars:
additionalProperties:
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
description: |-
Vars is the variables to store if the rule matches. Variables do not
directly inflict any changes in the node object. However, they can be
referenced from other rules enabling more complex rule hierarchies,
without exposing intermediary output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
description: |-
VarsTemplate specifies a template to expand for dynamically generating
multiple variables. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
required:
- name

31
sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl
View File

@@ -105,3 +105,34 @@ Create the name of the service account which nfd-gc will use
{{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
imagePullSecrets helper - uses local values or falls back to global values
*/}}
{{- define "node-feature-discovery.imagePullSecrets" -}}
{{- $imagePullSecrets := list -}}
{{- if .Values.imagePullSecrets -}}
{{- range .Values.imagePullSecrets -}}
{{- $imagePullSecrets = append $imagePullSecrets . -}}
{{- end -}}
{{- else if and .Values.global .Values.global.imagePullSecrets -}}
{{- range .Values.global.imagePullSecrets -}}
{{- $imagePullSecrets = append $imagePullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if $imagePullSecrets -}}
{{- $imagePullSecrets | toJson }}
{{- end -}}
{{- end -}}
{{/*
system_default_registry helper - prints global value "cattle.systemDefaultRegistry" (adding a "/" at the end)
or empty string (if this global Helm param. not defined)
*/}}
{{- define "node-feature-discovery.system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

68
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml
View File

@@ -1,68 +0,0 @@
{{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-master-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-master-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-master
dnsNames:
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-worker-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-worker-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-worker
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- if .Values.topologyUpdater.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-topology-updater-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-topology-updater-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-topology-updater
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}

42
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: nfd-ca-bootstrap
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-ca-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
isCA: true
secretName: nfd-ca-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-ca-cert
issuerRef:
name: nfd-ca-bootstrap
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: nfd-ca-issuer
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
ca:
secretName: nfd-ca-cert
{{- end }}

47
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,7 +6,14 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- watch
- list
- apiGroups:
- ""
resources:
- nodes
@@ -16,22 +23,30 @@ rules:
- patch
- update
- list
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
- nodefeaturerules
- nodefeaturegroups
verbs:
- get
- list
- watch
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeaturegroups/status
verbs:
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- apiGroups:
- coordination.k8s.io
resources:
- leases
@@ -51,26 +66,32 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
@@ -80,7 +101,7 @@ rules:
- update
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -89,27 +110,27 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures

8
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -10,7 +10,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
@@ -28,12 +28,12 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -46,7 +46,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

17
sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.master.enable }}
{{- if .Values.master.podDisruptionBudget.enable -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-master
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: master
{{- toYaml (omit .Values.master.podDisruptionBudget "enable") | nindent 2 }}
{{- end }}
{{- end }}

118
sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml
View File

@@ -13,6 +13,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.master.replicaCount }}
revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -22,46 +23,90 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: master
{{- with .Values.master.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-master-conf.yaml") . | sha256sum }}
{{- with .Values.master.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.master.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
enableServiceLinks: false
securityContext:
{{- toYaml .Values.master.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.master.hostNetwork }}
containers:
- name: master
securityContext:
{{- toYaml .Values.master.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
startupProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.master.startupProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
livenessProbe:
grpc:
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
httpGet:
path: /healthz
port: http
{{- with .Values.master.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
grpc:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 10
httpGet:
path: /healthz
port: http
{{- with .Values.master.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
ports:
- containerPort: {{ .Values.master.port | default "8080" }}
name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
name: http
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- with .Values.master.extraEnvs }}
{{- toYaml . | nindent 10 }}
{{- end}}
command:
- "nfd-master"
resources:
@@ -70,60 +115,35 @@ spec:
{{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}"
{{- end }}
{{- if not .Values.enableNodeFeatureApi }}
- "-port={{ .Values.master.port | default "8080" }}"
- "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
{{- end }}
{{- if .Values.master.extraLabelNs | empty | not }}
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
{{- end }}
{{- if .Values.master.denyLabelNs | empty | not }}
- "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}"
{{- end }}
{{- if .Values.master.resourceLabels | empty | not }}
- "-resource-labels={{- join "," .Values.master.resourceLabels }}"
{{- end }}
{{- if .Values.master.enableTaints }}
- "-enable-taints"
{{- end }}
{{- if .Values.master.crdController | kindIs "invalid" | not }}
- "-crd-controller={{ .Values.master.crdController }}"
{{- else }}
## By default, disable crd controller for other than the default instances
- "-crd-controller={{ .Values.master.instance | empty }}"
{{- end }}
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
- "-featurerules-controller={{ .Values.master.featureRulesController }}"
{{- end }}
{{- if .Values.master.resyncPeriod }}
- "-resync-period={{ .Values.master.resyncPeriod }}"
{{- end }}
{{- if .Values.master.nfdApiParallelism | empty | not }}
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
# Go over featureGates and add the feature-gate flag
{{- range $key, $value := .Values.featureGates }}
- "-feature-gates={{ $key }}={{ $value }}"
{{- end }}
- "-port={{ .Values.master.port | default "8080" }}"
{{- with .Values.master.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
volumeMounts:
{{- if .Values.tls.enable }}
- name: nfd-master-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
- name: nfd-master-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
volumes:
{{- if .Values.tls.enable }}
- name: nfd-master-cert
secret:
secretName: nfd-master-cert
{{- end }}
- name: nfd-master-conf
configMap:
name: {{ include "node-feature-discovery.fullname" . }}-master-conf

17
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.gc.enable }}
{{- if .Values.gc.podDisruptionBudget.enable -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-gc
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: gc
{{- toYaml (omit .Values.gc.podDisruptionBudget "enable") | nindent 2 }}
{{- end }}
{{- end }}

59
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
{{- if and .Values.gc.enable -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -13,6 +13,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.gc.replicaCount | default 1 }}
revisionHistoryLimit: {{ .Values.gc.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -28,28 +29,70 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.gc.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
securityContext:
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.gc.hostNetwork }}
containers:
- name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.gc.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.gc.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- with .Values.gc.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
command:
- "nfd-gc"
args:
{{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.gc.interval }}"
{{- end }}
{{- with .Values.gc.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.gc.resources | nindent 12 }}
securityContext:
@@ -59,8 +102,8 @@ spec:
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
- name: http
containerPort: {{ .Values.gc.port | default "8080"}}
{{- with .Values.gc.nodeSelector }}
nodeSelector:

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml
View File

@@ -1,3 +1,4 @@
{{- if .Values.topologyUpdater.enable -}}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -8,3 +9,4 @@ metadata:
data:
nfd-topology-updater.conf: |-
{{- .Values.topologyUpdater.config | toYaml | nindent 4 }}
{{- end }}

101
sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml Normal file
View File

@@ -0,0 +1,101 @@
{{- if .Values.postDeleteCleanup }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-prune
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 8 }}
role: prune
spec:
serviceAccountName: {{ include "node-feature-discovery.fullname" . }}-prune
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
containers:
- name: nfd-master
securityContext:
{{- toYaml .Values.master.securityContext | nindent 12 }}
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "nfd-master"
args:
- "-prune"
{{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}"
{{- end }}
restartPolicy: Never
{{- with .Values.master.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

4
sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml
View File

@@ -12,9 +12,9 @@ metadata:
spec:
podMetricsEndpoints:
- honorLabels: true
interval: 10s
interval: {{ .Values.prometheus.scrapeInterval }}
path: /metrics
port: metrics
port: http
scheme: http
namespaceSelector:
matchNames:

5
sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml
View File

@@ -7,7 +7,7 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
@@ -15,7 +15,8 @@ rules:
- create
- get
- update
- apiGroups:
- delete
- apiGroups:
- ""
resources:
- pods

3
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -11,7 +11,8 @@ roleRef:
kind: Role
name: {{ include "node-feature-discovery.fullname" . }}-worker
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

20
sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml
View File

@@ -1,20 +0,0 @@
{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-master
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: master
spec:
type: {{ .Values.master.service.type }}
ports:
- port: {{ .Values.master.service.port | default "8080" }}
targetPort: grpc
protocol: TCP
name: grpc
selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master
{{- end}}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml
View File

@@ -27,7 +27,7 @@ metadata:
{{- end }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount

82
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml
View File

@@ -12,6 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: {{ .Values.topologyUpdater.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -21,23 +22,60 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-updater
{{- with .Values.topologyUpdater.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-topologyupdater-conf.yaml") . | sha256sum }}
{{- with .Values.topologyUpdater.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.topologyUpdater.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
securityContext:
{{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.topologyUpdater.hostNetwork }}
containers:
- name: topology-updater
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.topologyUpdater.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.topologyUpdater.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
@@ -47,6 +85,9 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- with .Values.topologyUpdater.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
command:
- "nfd-topology-updater"
args:
@@ -61,13 +102,8 @@ spec:
{{- else }}
- "-watch-namespace=*"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
{{- if .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint"
{{- if not .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint=false"
{{- end }}
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- "-kubelet-config-uri=file:///host-var/kubelet-config"
@@ -76,10 +112,13 @@ spec:
# Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir="
{{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
- "-port={{ .Values.topologyUpdater.port | default "8080"}}"
{{- with .Values.topologyUpdater.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
- containerPort: {{ .Values.topologyUpdater.port | default "8080"}}
name: http
volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config
@@ -93,11 +132,6 @@ spec:
- name: kubelet-state-files
mountPath: /host-var/lib/kubelet
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
- name: nfd-topology-updater-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
@@ -134,12 +168,6 @@ spec:
items:
- key: nfd-topology-updater.conf
path: nfd-topology-updater.conf
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
secret:
secretName: nfd-topology-updater-cert
{{- end }}
{{- with .Values.topologyUpdater.nodeSelector }}
nodeSelector:

99
sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml
View File

@@ -12,6 +12,11 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: {{ .Values.worker.revisionHistoryLimit }}
{{- with .Values.worker.updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end}}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -21,25 +26,62 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: worker
{{- with .Values.worker.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-worker-conf.yaml") . | sha256sum }}
{{- with .Values.worker.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.worker.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.worker.hostNetwork }}
containers:
- name: worker
securityContext:
{{- toYaml .Values.worker.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.worker.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.worker.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
@@ -53,24 +95,25 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- with .Values.worker.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
command:
- "nfd-worker"
args:
{{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false"
# Go over featureGate and add the feature-gate flag
{{- range $key, $value := .Values.featureGates }}
- "-feature-gates={{ $key }}={{ $value }}"
{{- end }}
- "-port={{ .Values.worker.port | default "8080"}}"
{{- with .Values.worker.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
- containerPort: {{ .Values.worker.port | default "8080"}}
name: http
volumeMounts:
- name: host-boot
mountPath: "/host-boot"
@@ -87,25 +130,20 @@ spec:
- name: host-lib
mountPath: "/host-lib"
readOnly: true
- name: host-proc-swaps
mountPath: "/host-proc/swaps"
readOnly: true
{{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src
mountPath: "/host-usr/src"
readOnly: true
{{- end }}
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
- name: nfd-worker-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
{{- if .Values.tls.enable }}
- name: nfd-worker-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
volumes:
- name: host-boot
hostPath:
@@ -122,14 +160,14 @@ spec:
- name: host-lib
hostPath:
path: "/lib"
- name: host-proc-swaps
hostPath:
path: "/proc/swaps"
{{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src
hostPath:
path: "/usr/src"
{{- end }}
- name: source-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/source.d/"
- name: features-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -139,11 +177,6 @@ spec:
items:
- key: nfd-worker.conf
path: nfd-worker.conf
{{- if .Values.tls.enable }}
- name: nfd-worker-cert
secret:
secretName: nfd-worker-cert
{{- end }}
{{- with .Values.worker.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

220
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -3,26 +3,49 @@ image:
# This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7
# tag
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
enableNodeFeatureApi: true
featureGates:
NodeFeatureGroupAPI: false
priorityClassName: ""
postDeleteCleanup: true
master:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# informerPageSize: 200
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# restrictions:
# disableLabels: true
# disableTaints: true
# disableExtendedResources: true
# disableAnnotations: true
# allowOverwrite: false
# denyNodeFeatureLabels: true
# nodeFeatureNamespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: "node-feature-discovery"
# matchExpressions:
# - key: "kubernetes.io/metadata.name"
# operator: "In"
# values:
# - "node-feature-discovery"
# klog:
# addDirHeader: false
# alsologtostderr: false
@@ -46,20 +69,12 @@ master:
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release
port: 8080
metricsPort: 8081
instance:
featureApi:
resyncPeriod:
denyLabelNs: []
extraLabelNs: []
resourceLabels: []
enableTaints: false
crdController: null
featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {}
replicaCount: 1
@@ -84,23 +99,22 @@ master:
# If not set and create is true, a name is generated using the fullname template
name:
# specify how many old ReplicaSets for the Deployment to retain.
revisionHistoryLimit:
rbac:
create: true
service:
type: ClusterIP
port: 8080
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
#limits:
# memory: 4Gi
#requests:
# cpu: 100m
# You may want to use the same value for `requests.memory` and `limits.memory`. The “requests” value affects scheduling to accommodate pods on nodes.
# If there is a large difference between “requests” and “limits” and nodes experience memory pressure, the kernel may invoke
# the OOM Killer, even if the memory does not exceed the “limits” threshold. This can cause unexpected pod evictions. Memory
# cannot be compressed and once allocated to a pod, it can only be reclaimed by killing the pod.
# Natan Yellin 22/09/2022 https://home.robusta.dev/blog/kubernetes-memory-limit
# memory: 128Mi
nodeSelector: {}
@@ -115,17 +129,16 @@ master:
value: ""
effect: "NoSchedule"
podDisruptionBudget:
enable: false
minAvailable: 1
unhealthyPodEvictionPolicy: AlwaysAllow
annotations: {}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: In
values: [""]
- weight: 1
preference:
matchExpressions:
@@ -133,12 +146,32 @@ master:
operator: In
values: [""]
startupProbe:
failureThreshold: 30
# periodSeconds: 10
livenessProbe: {}
# failureThreshold: 3
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
failureThreshold: 10
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
worker:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# noOwnerRefs: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
@@ -162,6 +195,7 @@ worker:
# cpuid:
## NOTE: whitelist has priority over blacklist
# attributeBlacklist:
# - "AVX10"
# - "BMI1"
# - "BMI2"
# - "CLMUL"
@@ -214,8 +248,6 @@ worker:
# - "class"
# - "vendor"
# - "device"
# local:
# hooksEnabled: false
# custom:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
@@ -376,9 +408,9 @@ worker:
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
port: 8080
daemonsetAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
@@ -391,6 +423,18 @@ worker:
runAsNonRoot: true
# runAsUser: 1000
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
failureThreshold: 10
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
serviceAccount:
# Specifies whether a service account should be created.
# We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
@@ -401,6 +445,9 @@ worker:
# If not set and create is true, a name is generated using the fullname template
name:
# specify how many old ControllerRevisions for the DaemonSet to retain.
revisionHistoryLimit:
rbac:
create: true
@@ -409,16 +456,11 @@ worker:
mountUsrSrc: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
#limits:
# memory: 512Mi
#requests:
# cpu: 5m
# memory: 64Mi
nodeSelector: {}
@@ -430,6 +472,12 @@ worker:
priorityClassName: ""
updateStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: "10%"
topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
@@ -439,19 +487,27 @@ topologyUpdater:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: false
createCRDs: false
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
serviceAccount:
create: true
annotations: {}
name:
# specify how many old ControllerRevisions for the DaemonSet to retain.
revisionHistoryLimit:
rbac:
create: true
metricsPort: 8081
port: 8080
kubeletConfigPath:
kubeletPodResourcesSockPath:
updateInterval: 60s
@@ -466,17 +522,24 @@ topologyUpdater:
readOnlyRootFilesystem: true
runAsUser: 0
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
failureThreshold: 10
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
#limits:
# memory: 60Mi
#requests:
# cpu: 50m
# memory: 40Mi
nodeSelector: {}
tolerations: []
@@ -487,7 +550,11 @@ topologyUpdater:
gc:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
replicaCount: 1
dnsPolicy: ClusterFirstWithHostNet
serviceAccount:
create: true
@@ -500,19 +567,26 @@ gc:
podSecurityContext: {}
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
#limits:
# memory: 1Gi
#requests:
# cpu: 10m
# memory: 128Mi
metricsPort: 8081
port: 8080
nodeSelector: {}
tolerations: []
@@ -520,15 +594,15 @@ gc:
deploymentAnnotations: {}
affinity: {}
# Optionally use encryption for worker <--> master comms
# TODO: verify hostname is not yet supported
#
# If you do not enable certManager (and have it installed) you will
# need to manually, or otherwise, provision the TLS certs as secrets
tls:
podDisruptionBudget:
enable: false
certManager: false
minAvailable: 1
unhealthyPodEvictionPolicy: AlwaysAllow
# specify how many old ReplicaSets for the Deployment to retain.
revisionHistoryLimit:
prometheus:
enable: false
scrapeInterval: 10s
labels: {}

14
sriov-network-operator-chart/templates/NOTES.txt
View File

@@ -5,13 +5,15 @@ $ kubectl -n {{ .Release.Namespace }} get pods
For additional instructions on how to use SR-IOV network operator,
refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator
{{- if .Values.operator.enableAdmissionController }}
{{- if not .Values.cert_manager }}
{{- if .Values.operator.admissionControllers.enabled }}
{{- if not .Values.operator.admissionControllers.certificates.certManager.enabled }}
Thank you for installing {{ .Chart.Name }}.
WARNING! Self signed certificates have been generated for webhooks.
These certificates have a one-year validity and will not be rotated
automatically. This should not be a production cluster. Please deploy
and use cert-manager for production clusters.
WARNING! Self signed certificates have been generated for the two
deployed SRIOV dynamic admission controllers: sriov-network-webhook
and network-resources-injector. These certificates have a one-year
validity and will not be rotated automatically.
This should NOT be a production cluster. Please deploy and use
cert-manager for production clusters.
{{- end }}
{{- end }}

15
sriov-network-operator-chart/templates/_helpers.tpl
View File

@@ -68,18 +68,3 @@ Create the name of the service account to use
{{- "" -}}
{{- end -}}
{{- end -}}
{{/*
Windows cluster will add default taint for linux nodes,
add below linux tolerations to workloads could be scheduled to those linux nodes
*/}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}

30
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -1,30 +0,0 @@
{{/*
Generate TLS certificates for webhooks.
Note: these 2 lines, that are repeated several times below, are a trick to
ensure the CA certs are generated only once:
$ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365)
$_ := set . "ca" $ca
Please, don't try to "simplify" them as without this trick, every generated
certificate would be signed by a different CA.
*/}}
{{- define "sriov_operator_ca_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- printf "%s" $ca.Cert | b64enc -}}
{{- end }}
{{- define "sriov_operator_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "operator-webhook-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- define "sriov_resource_injector_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "network-resources-injector-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}

40
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -1,40 +0,0 @@
{{- if and (.Values.operator.enableAdmissionController) (.Values.cert_manager) -}}
{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}}
{{- required "cert-manager is required but not found" "" -}}
{{- end -}}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: sriov-network-operator-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
spec:
secretName: operator-webhook-service
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: network-resources-injector-service
namespace: {{ .Release.Namespace }}
spec:
secretName: network-resources-injector-secret
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
{{- end -}}

5
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -25,6 +25,11 @@ data:
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Intel_ice_Columbiapark_E825C_BACKPLANE: "8086 579c 1889"
Intel_ice_Columbiapark_E825C_QSFP: "8086 579d 1889"
Intel_ice_Columbiapark_E825C_SFP: "8086 579e 1889"
Intel_ice_Connorsville_E830_QSFP: "8086 12d2 1889"
Intel_ice_Connorsville_E830_SFP: "8086 12d3 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"

5
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -6,7 +6,6 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
spec:
@@ -15,9 +14,7 @@ spec:
matchLabels:
name: sriov-network-operator
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 33%
type: Recreate
template:
metadata:
annotations:

9
sriov-network-operator-chart/templates/role.yaml
View File

@@ -28,6 +28,15 @@ rules:
- statefulsets
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- create
- update
- delete
- apiGroups:
- monitoring.coreos.com
resources:

19
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -1,19 +0,0 @@
{{- if not .Values.cert_manager -}}
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_operator_cert" . | nindent 2 }}
{{- end }}
---
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: network-resources-injector-secret
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}

6
sriov-network-operator-chart/templates/validate-install-crd.yaml
View File

@@ -14,7 +14,7 @@
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRDs chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}
# {{- end -}}
#{{- end -}}

15
sriov-network-operator-chart/values.yaml
View File

@@ -82,6 +82,7 @@ operator:
# MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
# ...
# -----END EC PRIVATE KEY-----
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
@@ -102,25 +103,25 @@ supportedExtraNICs: []
images:
operator:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager"
tag: v1.5.0
tag: v1.6.0
sriovConfigDaemon:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon"
tag: v1.5.0
tag: v1.6.0
sriovCni:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni"
tag: v2.9.0
tag: v2.10.0
ibSriovCni:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni"
tag: v1.2.1
tag: v1.3.0
sriovDevicePlugin:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin"
tag: v3.9.0
tag: v3.10.0
resourcesInjector:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector"
tag: v1.7.1
tag: v1.8.0
webhook:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook"
tag: v1.5.0
tag: v1.6.0
imagePullSecrets: []
extraDeploy: []
global:

2
sriov-network-operator/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-operator</param>
<param name="scm">git</param>
<param name="revision">v1.5.0</param>
<param name="revision">v1.6.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

4
sriov-network-operator/sriov-network-operator.spec
View File

@@ -17,14 +17,14 @@
Name: sriov-network-operator
Version: 1.5.0
Version: 0
Release: 0
Summary: Implements a Kubernetes operator for handling SRIOV VF resources
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-network-operator
Source: sriov-network-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.22
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}

8
suse-edge-components-versions-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.3
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.3-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -29,8 +29,8 @@ LABEL org.opencontainers.image.description="Gather and display component version
LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/components-versions"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="0.2.2"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.2-%RELEASE%"
LABEL org.opencontainers.image.version="0.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"