steven.hardy/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: steven.hardy:kiwi_fix2
Branches Tags
steven.hardy:main steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:c-v-0.2.3 suse-edge:3.2 suse-edge:main suse-edge:3.3 suse-edge:3.4 suse-edge:devel
..
compare: suse-edge:c-v-0.2.3
Branches Tags
suse-edge:c-v-0.2.3 suse-edge:3.2 suse-edge:main suse-edge:3.3 suse-edge:3.4 suse-edge:devel steven.hardy:main steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync

35 Commits
kiwi_fix2 ... c-v-0.2.3

Author SHA256 Message Date
e-minguez
13db0686be fix: Bump c-v to 0.2.3 to include 3.2.2 manifest 2025-11-12 15:02:51 +01:00
Antonio Alonso Alarcon
f9bdebe175 Updates release_images.yaml and release_manifest.yaml files with new SRIOV images and charts versions 2025-11-03 23:51:53 +01:00
Antonio Alonso Alarcon
e8710ba4f7 Upgrades sriov-network-operator CHART (upstream v1.5.0 -> v1.6.0) including sriov-nfd subCHART (upstream v0.15.7 -> v0.18.2) 2025-11-03 23:51:40 +01:00
Antonio Alonso Alarcon
b7ce8e2ce9 Upgrades sriov-crd CHART (upstream v1.5.0 -> v1.6.0) 2025-11-03 23:12:03 +01:00
Antonio Alonso Alarcon
36c4408bdd Upgrades node-feature-discovery RPM (upstream v0.15.7 -> v0.18.2) 2025-11-03 23:11:52 +01:00
Antonio Alonso Alarcon
49fc45f784 Upgrades network-resources-injector RPM (upstream v1.7.1 -> v1.8.0) 2025-11-03 23:11:20 +01:00
Antonio Alonso Alarcon
9c7effe6dc Upgrades sriov-network-device-plugin RPM (upstream v3.9.0 -> v3.10.0) 2025-11-03 23:11:08 +01:00
Antonio Alonso Alarcon
c821d0c02f Upgrades ib-sriov-cni RPM (upstream v1.2.1 -> v1.3.0) 2025-11-03 23:10:56 +01:00
Antonio Alonso Alarcon
e3ddef8e08 Upgrades sriov-cni RPM (upstream v2.9.0 -> v2.10.0) 2025-11-03 23:10:05 +01:00
Antonio Alonso Alarcon
7b69b6caba Upgrades sriov-network-operator RPM (upstream v1.5.0 -> v1.6.0) 2025-11-03 23:09:19 +01:00
Antonio Alonso Alarcon
ba703821b1 Merge pull request 'Adds SRIOV srpm/s and container image/s to suse-edge/Factory (EDGE-1535)' (#282) from antaloala/Factory:edge-1535 into main 
Reviewed-on: suse-edge/Factory#282
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-10-27 08:50:42 +01:00
Antonio Alonso Alarcon
c4aefbf455 Updates release_images.yaml to point to the new sriov-related images and release_manifest.yaml to point to the bumped (in the semver patch field) sriov-network-operator-chart 2025-10-26 20:45:07 +01:00
Antonio Alonso Alarcon
bf0dfff3d7 Updates Chart.yaml, _service, values.yaml and charts/sriov-nfd/values.yaml files in sriov-network-operator-chart package 2025-10-26 20:44:28 +01:00
Antonio Alonso Alarcon
ae771b55c0 Adds new node-feature-discovery-image package, used to build the node-feature-discovery container image 2025-10-26 20:24:01 +01:00
Antonio Alonso Alarcon
1ba01a6886 Adds new node-feature-discovery SRPM package, required to build the node-feature-discovery container image 2025-10-26 20:23:54 +01:00
Antonio Alonso Alarcon
91bc150524 Adds new network-resources-injector-image package, used to build the network-resources-injector container image 2025-10-26 20:17:10 +01:00
Antonio Alonso Alarcon
7dbbd28a84 Adds new network-resources-injector SRPM package, required to build the network-resources-injector container image 2025-10-26 20:17:04 +01:00
Antonio Alonso Alarcon
f918fb6284 Adds new sriov-network-device-plugin-image package, used to build the sriov-network-device-plugin container image 2025-10-26 20:11:12 +01:00
Antonio Alonso Alarcon
12677f19ce Adds new sriov-network-device-plugin SRPM package, required to build the sriov-network-device-plugin image 2025-10-26 20:11:06 +01:00
Antonio Alonso Alarcon
4e9483617f Adds new ib-sriov-cni-image package, used to build the ib-sriov-cni image 2025-10-26 20:06:49 +01:00
Antonio Alonso Alarcon
025cfb2428 Adds new ib-sriov-cni SRPM package, used to build the ib-sriov-cni image 2025-10-26 20:06:42 +01:00
Antonio Alonso Alarcon
5309bc3914 Adds new sriov-cni-image package, used to build the sriov-cni container image 2025-10-26 20:06:42 +01:00
Antonio Alonso Alarcon
5bcea067a6 Adds new sriov-cni SRPM package; used to build the sriov-cni container image 2025-10-26 20:06:24 +01:00
Antonio Alonso Alarcon
23b56760c9 Adds new sriov-network-operator-webhook-image package, used to build the sriov-network-webhook container image 2025-10-26 17:15:35 +01:00
Antonio Alonso Alarcon
ae8cfd984d Adds new sriov-network-operator-config-daemon-image package; used to build the sriov-network-config-daemon image 2025-10-26 17:15:35 +01:00
Antonio Alonso Alarcon
86ff679f50 Adds new sriov-network-operator-manager-image package to suse-edge/Factory, used to build the sriov-network-manager container image 2025-10-26 17:15:35 +01:00
Antonio Alonso Alarcon
987e7baacc Adds the new sriov-network-operator SRPM package to suse-edge/Factory. 2025-10-26 17:15:26 +01:00
Nicolas Belouin
609919d57e Merge pull request 'chore: Bump c-v to 0.2.2 in main' (#295) from eminguez/suse-edge-factory:c-v-0.2.2 into main 
Reviewed-on: suse-edge/Factory#295
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-10-24 13:56:17 +02:00
Nicolas Belouin
c4dea6361d Merge pull request 'metal3: Stop filtering kernel drivers embeded in IPA ramdisk' (#291) from nbelouin/Factory:enable-irdma into main 
Reviewed-on: suse-edge/Factory#291
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-10-23 16:07:09 +02:00
Nicolas Belouin
4a6119ca82 Merge pull request 'fix(metal3): Fix a typo in the media subchart' (#296) from nbelouin/Factory:fix-metal3-media-typo into main 
Reviewed-on: suse-edge/Factory#296
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-10-23 14:33:04 +02:00
Nicolas Belouin
b69a806fed fix(metal3): Fix a typo in the media subchart 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-10-23 11:54:18 +02:00
Nicolas Belouin
cd217a73f8 Bump versions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-10-23 11:09:57 +02:00
Nicolas Belouin
28f7c4b074 Remove kernel modules filter 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-10-23 11:05:25 +02:00
Rhys Oxenham
a9079e0bfc Adding support for SL Micro 6.2 builds 2025-10-22 10:35:34 +02:00
e-minguez
84c1cd9964 chore: Bump c-v to 0.2.2 in main 2025-10-22 10:27:28 +02:00
100 changed files with 4732 additions and 2975 deletions
Expand all files Collapse all files

33
ib-sriov-cni-image/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%
#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends ib-sriov-cni gawk which; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ib-sriov-cni
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE ib-sriov-cni Container Image"
LABEL org.opencontainers.image.description="ib-sriov-cni based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%ib-sriov-cni_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:%%ib-sriov-cni_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/entrypoint.sh"]

19
ib-sriov-cni-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%ib-sriov-cni_version%%</param>
<param name="package">ib-sriov-cni</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

25
ib-sriov-cni/_service Normal file
View File

@@ -0,0 +1,25 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/ib-sriov-cni</param>
<param name="scm">git</param>
<param name="revision">v1.3.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">ib-sriov-cni.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
<service name="replace_using_env" mode="buildtime">
<param name="file">ib-sriov-cni.spec</param>
<param name="var">SOURCE_COMMIT</param>
<param name="eval">SOURCE_COMMIT=$(grep commit ib-sriov-cni.obsinfo | cut -d" " -f2)</param>
</service>
</services>

64
ib-sriov-cni/ib-sriov-cni.spec Normal file
View File

@@ -0,0 +1,64 @@
#
# spec file for package ib-sriov-cni
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: ib-sriov-cni
Version: 0
Release: 0
Summary: Implements a Kubernetes CNI plugin operator for Infiniband SRIOV VFs
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/ib-sriov-cni
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.24
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
MAC, VLAN, IP and more.
Infiniband SR-IOV CNI plugin works with Infiniband SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus
gets the allocated VF's deviceID(PCI address) and is responsible for invoking the Infiniband SR-IOV CNI plugin with that deviceID.
%prep
%autosetup -a1 -n %{name}-%{version} -p1
%build
# CGO is disabled by default in upstream Makefile:
%define cgoenabled "0"
# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
%define gotags "no_openssl"
%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
%define buildcommit %%SOURCE_COMMIT%%
%define buildldflags "-X main.version=%{version} -X main.commit=%{buildcommit}% -X main.date=%{buildtime}%"
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -tags %{gotags} -ldflags %{buildldflags} -o ib-sriov cmd/ib-sriov-cni/main.go
%install
install -D -m0755 ib-sriov %{buildroot}%{_bindir}/ib-sriov
install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
%files
%license LICENSE
%doc README.md
%{_bindir}/ib-sriov
/entrypoint.sh
%changelog

8
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +18,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.9"
LABEL org.opencontainers.image.version="3.0.10"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

8
ironic-ipa-downloader-image/Dockerfile.aarch64
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.9-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.10-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +18,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.9"
LABEL org.opencontainers.image.version="3.0.10"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

8
ironic-ipa-downloader-image/Dockerfile.x86_64
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.9-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.10-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +18,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.9"
LABEL org.opencontainers.image.version="3.0.10"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

2
ironic-ipa-ramdisk/config.sh
View File

@@ -16,7 +16,7 @@ baseSetupBuildDay
#==========================================
# remove unneded kernel files
#------------------------------------------
suseStripKernel
#suseStripKernel
baseStripLocales en_US.utf-8 C.utf8
#======================================

62
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -28,68 +28,6 @@
<source path="dir:///.build.binaries"/>
</repository>
<drivers>
<file name="crypto/*"/>
<file name="drivers/acpi/*"/>
<file name="drivers/acpi/dock.ko"/>
<file name="drivers/ata/*"/>
<file name="drivers/block/brd.ko"/>
<file name="drivers/block/cciss.ko"/>
<file name="drivers/block/loop.ko"/>
<file name="drivers/block/virtio_blk.ko"/>
<file name="drivers/cdrom/*"/>
<file name="drivers/char/hw_random/virtio-rng.ko"/>
<file name="drivers/char/lp.ko"/>
<file name="drivers/char/ipmi/*"/>
<file name="drivers/firmware/iscsi_ibft.ko"/>
<file name="drivers/firmware/edd.ko"/>
<file name="drivers/gpu/drm/*"/>
<file name="drivers/hid/*"/>
<file name="drivers/hv/*"/>
<file name="drivers/hwmon/*"/>
<file name="drivers/ide/*"/>
<file name="drivers/input/keyboard/*"/>
<file name="drivers/input/mouse/*"/>
<file name="drivers/md/*"/>
<file name="drivers/message/fusion/*"/>
<file name="drivers/misc/hpilo.ko"/>
<file name="drivers/net/*"/>
<file name="drivers/parport/*"/>
<file name="drivers/scsi/*"/>
<file name="drivers/staging/hv/*"/>
<file name="drivers/target/*"/>
<file name="drivers/thermal/*"/>
<file name="drivers/usb/*"/>
<file name="drivers/virtio/*"/>
<file name="fs/binfmt_aout.ko"/>
<file name="fs/binfmt_misc.ko"/>
<file name="fs/overlayfs/*"/>
<file name="fs/btrfs/*"/>
<file name="fs/exportfs/*"/>
<file name="fs/ext4/*"/>
<file name="fs/fat/*"/>
<file name="fs/fuse/*"/>
<file name="fs/hfs/*"/>
<file name="fs/jbd2/*"/>
<file name="fs/nfs/*"/>
<file name="fs/mbcache.ko"/>
<file name="fs/nls/nls_cp437.ko"/>
<file name="fs/nls/nls_iso8859-1.ko"/>
<file name="fs/nls/nls_utf8.ko"/>
<file name="fs/quota_v1.ko"/>
<file name="fs/quota_v2.ko"/>
<file name="fs/squashfs/*"/>
<file name="fs/udf/*"/>
<file name="fs/vfat/*"/>
<file name="fs/xfs/*"/>
<file name="fs/isofs/*"/>
<file name="lib/crc-t10dif.ko"/>
<file name="lib/crc16.ko"/>
<file name="lib/libcrc32c.ko"/>
<file name="lib/zlib_deflate/zlib_deflate.ko"/>
<file name="net/packet/*"/>
</drivers>
<packages type="delete">
<package name="gpg2"/>
<package name="libcairo2"/>

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.7
Version: 3.0.8
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA

287
kiwi-builder-image/SL-Micro.kiwi
View File

@@ -30,16 +30,13 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -90,6 +96,15 @@
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -154,18 +169,10 @@
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi-self_install"/>
</profile>
<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -323,7 +359,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -334,7 +370,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -359,7 +396,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -374,7 +411,8 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -397,9 +435,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -414,11 +451,96 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
@@ -438,9 +560,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -450,19 +571,20 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
btrfs_quota_groups="true"
disk_start_sector="8192"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -478,8 +600,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<preferences profiles="rpi-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -494,13 +616,14 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
editbootinstall="editbootinstall_rpi.sh"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
@@ -520,7 +643,7 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -558,7 +681,7 @@
<preferences profiles="s390-dasd">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -596,7 +719,7 @@
<preferences profiles="s390-fba">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -631,7 +754,7 @@
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -670,7 +793,7 @@
</preferences>
<preferences profiles="x86-vmware">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -681,6 +804,7 @@
filesystem="btrfs"
format="vmdk"
firmware="uefi"
efipartsize="512"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -701,11 +825,11 @@
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
<machine memory="1024" HWversion="17" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -716,7 +840,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -742,7 +867,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -753,8 +878,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -777,7 +902,7 @@
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -788,7 +913,7 @@
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -810,7 +935,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -824,7 +949,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -847,7 +972,7 @@
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -860,7 +985,7 @@
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -887,7 +1012,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -903,7 +1028,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -936,20 +1061,17 @@
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="patterns-micro-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<package name="patterns-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -959,7 +1081,7 @@
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
@@ -972,13 +1094,12 @@
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1002,16 +1123,16 @@
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="patterns-micro-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
@@ -1033,6 +1154,7 @@
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
<package name="iptables"/> <!-- needed by RKE2 -->
</packages>
<packages type="image" profiles="bootloader">
@@ -1049,11 +1171,15 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
<package name="kernel-64kb"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1068,17 +1194,18 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="rpi,rpi-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>
@@ -1104,12 +1231,12 @@
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

292
kiwi-builder-image/SL-Micro.kiwi.4096
View File

@@ -30,16 +30,13 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -60,6 +57,15 @@
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
@@ -90,6 +96,15 @@
<profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
@@ -154,18 +169,10 @@
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
@@ -179,10 +186,6 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -277,10 +280,42 @@
<requires profile="ppc64le-4096ss-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-self_install"/>
</profile>
<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb"/>
</profile>
<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-64kb-encrypted"/>
</profile>
<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi-self_install"/>
</profile>
<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -291,7 +326,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -325,7 +361,7 @@
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -336,7 +372,8 @@
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -363,7 +400,7 @@
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -378,7 +415,8 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -403,9 +441,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -420,11 +457,98 @@
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
target_blocksize="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="8192"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
target_blocksize="4096"
>
<luksformat>
<option name="--cipher" value="aes-xts-plain64"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
@@ -444,9 +568,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -456,19 +579,21 @@
image="oem"
initrd_system="dracut"
installiso="true"
installpxe="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
btrfs_quota_groups="true"
disk_start_sector="8192"
target_blocksize="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -484,8 +609,8 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<preferences profiles="rpi-self_install">
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -500,13 +625,14 @@
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
efipartsize="512"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
editbootinstall="editbootinstall_rpi.sh"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
@@ -526,7 +652,7 @@
</preferences>
<preferences profiles="s390-kvm">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -564,7 +690,7 @@
<preferences profiles="s390-dasd">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -602,7 +728,7 @@
<preferences profiles="s390-fba">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -637,7 +763,7 @@
</preferences>
<preferences profiles="s390-fcp">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -676,7 +802,7 @@
</preferences>
<preferences profiles="x86-vmware">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -687,6 +813,7 @@
filesystem="btrfs"
format="vmdk"
firmware="uefi"
efipartsize="512"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -707,11 +834,11 @@
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
<machine memory="1024" HWversion="17" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -722,15 +849,14 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
@@ -750,7 +876,7 @@
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -761,8 +887,8 @@
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
efipartsize="512"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -785,7 +911,7 @@
</preferences>
<preferences profiles="ppc64le-512ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -796,7 +922,7 @@
image="oem"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -818,7 +944,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -832,7 +958,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -855,7 +981,7 @@
</preferences>
<preferences profiles="ppc64le-512ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -868,7 +994,7 @@
installpxe="true"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -895,7 +1021,7 @@
</type>
</preferences>
<preferences profiles="ppc64le-4096ss-self_install">
<version>6.1</version>
<version>6.2</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
@@ -911,7 +1037,7 @@
target_blocksize="4096"
filesystem="btrfs"
firmware="ofw"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
@@ -944,20 +1070,17 @@
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="patterns-micro-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<package name="patterns-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -967,7 +1090,7 @@
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
@@ -980,13 +1103,12 @@
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1010,16 +1132,16 @@
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="transactional_base"/>
<package name="patterns-base-transactional_base"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="patterns-micro-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
@@ -1041,6 +1163,7 @@
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
<package name="iptables"/> <!-- needed by RKE2 -->
</packages>
<packages type="image" profiles="bootloader">
@@ -1057,11 +1180,15 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
<package name="kernel-64kb"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1076,17 +1203,18 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<packages type="image" profiles="rpi,rpi-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>
@@ -1112,12 +1240,12 @@
</packages>
<!-- jsc#PED-8599 -->
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
<packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
<package name="usbguard"/>
</packages>
<!-- jsc#PED-8788 -->
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
<package name="stalld"/>
</packages>
</image>

17
kiwi-builder-image/build-image.sh
View File

@@ -28,7 +28,7 @@ LARGEBLOCK=false
usage(){
cat <<-EOF
=====================================
SUSE Linux Micro 6.1 Kiwi SDK Builder
SUSE Linux Micro 6.2 Kiwi SDK Builder
=====================================
Usage: ${0} [-p <profile>] [-b]
@@ -36,13 +36,12 @@ usage(){
Profile Options (-p):
* Default: RAW Disk Image with default packages (incl. Podman & KVM)
* Default-SelfInstall: SelfInstall ISO with default packages
* Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
* Base: RAW Disk Image with reduced package set (no KVM)
* Base-SelfInstall: SelfInstall ISO with reduced packages
* Base-RT: RAW Disk Image with reduced packages and kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
* Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
* Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
* RaspberryPi: RAW Disk Image for Raspberry Pi with default packages (aarch64 only with MBR)
* RaspberryPi-SelfInstall: SelfInstall ISO for Raspberry Pi with default packages (aarch64 only with MBR)
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
@@ -83,9 +82,15 @@ if $LARGEBLOCK; then
mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
fi
# Create temporary directory that supports seclabel
dir=$(mktemp -d)
mkdir -p /tmp/output/tmp-dir
mount -t tmpfs $dir /tmp/output/tmp-dir
# Build the image
kiwi-ng --debug --profile $PROFILE system build \
--description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
kiwi-ng --temp-dir /tmp/output/tmp-dir --debug --profile $PROFILE \
system build --description /micro-sdk/defs --target-dir /tmp/output \
--ignore-repos-used-for-build $REPOS
# Print output
RESULT=$?

1
kiwi-builder-image/config.sh
View File

@@ -188,7 +188,6 @@ cat >/etc/fstab.script <<"EOF"
#!/bin/sh
set -eux
/usr/sbin/setup-fstab-for-overlayfs
# If /var is on a different partition than /...
if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
# ... set options for autoexpanding /var

10
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.18_up0.12.8-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.19_up0.12.9-%RELEASE%
apiVersion: v2
appVersion: 0.12.8
appVersion: 0.12.9
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.11.5
version: 0.11.6
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.18+up0.12.8"
version: "%%CHART_MAJOR%%.0.19+up0.12.9"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 29.0.4
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.11.5
version: 0.11.6

2
metal3-chart/charts/ironic/values.yaml
View File

@@ -68,7 +68,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.9
tag: 3.0.10
nameOverride: ""
fullnameOverride: ""

4
metal3-chart/charts/media/values.yaml
View File

@@ -42,8 +42,8 @@ serviceAccount:
podAnnotations: {}
podSecurityContext:
runAsUser: 486
fsGroup: 499
runAsUser: 499
fsGroup: 486
securityContext:
allowPrivilegeEscalation: false

34
network-resources-injector-image/Dockerfile Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%
#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends network-resources-injector gawk which; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.network-resources-injector
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE network-resources-injector Container Image"
LABEL org.opencontainers.image.description="network-resources-injector based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%network-resources-injector_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:%%network-resources-injector_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
USER 1001
COPY --from=base /installroot /
CMD ["/usr/bin/webhook"]

19
network-resources-injector-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%network-resources-injector_version%%</param>
<param name="package">network-resources-injector</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

20
network-resources-injector/_service Normal file
View File

@@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/network-resources-injector</param>
<param name="scm">git</param>
<param name="revision">v1.8.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">network-resources-injector.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
</services>

62
network-resources-injector/network-resources-injector.spec Normal file
View File

@@ -0,0 +1,62 @@
#
# spec file for package network-resources-injector
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: network-resources-injector
Version: 0
Release: 0
Summary: Kubernetes admission controller able to patch pod spec's requests and limits on custom network resources
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/network-resources-injector
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.24
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Network Resources Injector is a Kubernetes Dynamic Admission Controller application that provides functionality of
patching Kubernetes pod specifications with requests and limits of custom network resources (managed by device plugins
such as k8snetworkplumbingwg/sriov-network-device-plugin). Requires Multus Network-Attach-Definition (NAD) custom
objects to be created before creating the pod object referring/pointing to them; custom network resources' request and
limits to add to the pod spec are inferred from the pointed NAD/s.
%prep
%autosetup -a1 -n %{name}-%{version} -p1
%build
# CGO is disabled by default in upstream Makefile
%define cgoenabled "0"
# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
%define buildgotags "no_openssl"
%define buildldflags "-w -s"
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o installer ./cmd/installer
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o webhook ./cmd/webhook
%install
install -D -m0755 installer %{buildroot}%{_bindir}/installer
install -D -m0755 webhook %{buildroot}%{_bindir}/webhook
%files
%license LICENSE
%doc README.md
%{_bindir}/installer
%{_bindir}/webhook
%changelog

35
node-feature-discovery-image/Dockerfile Normal file
View File

@@ -0,0 +1,35 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%
#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends node-feature-discovery; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.node-feature-discovery
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE node-feature-discovery Container Image"
LABEL org.opencontainers.image.description="node-feature-discovery based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%node-feature-discovery_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:%%node-feature-discovery_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
USER 65534:65534
COPY --from=base /installroot /

19
node-feature-discovery-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%node-feature-discovery_version%%</param>
<param name="package">node-feature-discovery</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

20
node-feature-discovery/_service Normal file
View File

@@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/kubernetes-sigs/node-feature-discovery</param>
<param name="scm">git</param>
<param name="revision">v0.18.2</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">node-feature-discovery.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
</services>

97
node-feature-discovery/node-feature-discovery.spec Normal file
View File

@@ -0,0 +1,97 @@
#
# spec file for package node-feature-discovery
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: node-feature-discovery
Version: 0
Release: 0
Summary: Advertises hardware features available on each Kubernetes node using node labels
License: Apache-2.0
URL: https://github.com/kubernetes-sigs/node-feature-discovery
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: glibc-static
BuildRequires: golang(API) = 1.25
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Node-Feature-Discovery (NFD) software enables node feature discovery for Kubernetes. It detects hardware features available on each node in a
Kubernetes cluster, and advertises those features using node labels and optionally node extended resources, annotations and node taints.
Node Feature Discovery is compatible with any recent version of Kubernetes (v1.21+).
NFD consists of four software components:
- nfd-master:
daemon responsible for communication towards the Kubernetes API. That is, it receives labeling requests from the worker and modifies node
objects accordingly.
- nfd-worker:
daemon responsible for feature detection. It then communicates the information to nfd-master which does the actual node labeling. One instance
of nfd-worker is supposed to be running on each node of the cluster.
- nfd-topology-updater:
daemon responsible for examining allocated resources on a worker node to account for resources available to be allocated to new pod on a per-zone
basis (where a zone can be a NUMA node). It then creates or updates a NodeResourceTopology custom resource object specific to this node. One instance
of nfd-topology-updater is supposed to be running on each node of the cluster.
- nfd-gc:
daemon responsible for cleaning obsolete NodeFeature and NodeResourceTopology objects.
One instance of nfd-gc is supposed to be running in the cluster.
- nfd:
client able to export features or labels in a generic context (e.g., compute nodes that warrant assessment, but may not have Kubernetes running,
or may not be able to or want to run a central daemon service for data).
%prep
%autosetup -a1 -n %{name}-%{version} -p1
%build
%define cgoenabled "1"
# Most of the following go-build settings, toghether the build requirement on glibc-static package (see above) come from the aim
# to get an statically linked binary (once CGO being enabled); they have been taken from upstream Makefile.
#
# Apart from that, the "host-" setting in "pathPrefix" variable in "sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath" package
# (below) is required for alignment with the several mount paths set in the nfd chart's "worker" daemonset (yaml) template, for
# all the hostPath volumes defined there.
%define buildgotags "osusergo,netgo"
%define buildldflags "-linkmode=external -extldflags '-static -Wl,--fatal-warnings' -X sigs.k8s.io/node-feature-discovery/pkg/version.version=v%{version} -X sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath.pathPrefix=/host- -s -w"
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o kubectl-nfd ./cmd/kubectl-nfd
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-gc ./cmd/nfd-gc
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-master ./cmd/nfd-master
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-worker ./cmd/nfd-worker
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-topology-updater ./cmd/nfd-topology-updater
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd ./cmd/nfd
%install
install -D -m0755 kubectl-nfd %{buildroot}%{_bindir}/kubectl-nfd
install -D -m0755 nfd-gc %{buildroot}%{_bindir}/nfd-gc
install -D -m0755 nfd-master %{buildroot}%{_bindir}/nfd-master
install -D -m0755 nfd-worker %{buildroot}%{_bindir}/nfd-worker
install -D -m0755 nfd-topology-updater %{buildroot}%{_bindir}/nfd-topology-updater
install -D -m0755 nfd %{buildroot}%{_bindir}/nfd
install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{buildroot}%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
%files
%license LICENSE
%doc README.md
%{_bindir}/kubectl-nfd
%{_bindir}/nfd-gc
%{_bindir}/nfd-master
%{_bindir}/nfd-worker
%{_bindir}/nfd-topology-updater
%{_bindir}/nfd
%dir %{_sysconfdir}/kubernetes
%dir %{_sysconfdir}/kubernetes/node-feature-discovery
%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
%changelog

2
python-suse-edge-components-versions/python-suse-edge-components-versions.spec
View File

@@ -20,7 +20,7 @@
%endif
Name: python-suse-edge-components-versions
Version: 0.2.1
Version: 0.2.3
Release: 0%{?dist}
Summary: A tool to gather and display component versions for SUSE Edge products.
License: Apache-2.0

9
release-manifest-image/release_images.yaml
View File

@@ -11,6 +11,14 @@ images:
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.8.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.18.2
- name: registry.rancher.com/rancher/fleet-agent:v0.13.1
- name: registry.rancher.com/rancher/fleet:v0.13.1
- name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611
@@ -52,7 +60,6 @@ images:
- name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1
- name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1
- name: registry.suse.com/rancher/elemental-operator:1.7.3
- name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425
- name: registry.suse.com/rancher/ip-address-manager:v1.10.2
- name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1
- name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1

6
release-manifest-image/release_manifest.yaml
View File

@@ -155,11 +155,11 @@ spec:
- prettyName: SRIOV
releaseName: sriov-network-operator
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
version: '%%CHART_MAJOR%%.0.2+up1.5.0'
version: '%%CHART_MAJOR%%.0.4+up1.6.0'
dependencyCharts:
- releaseName: sriov-crd
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'
version: '%%CHART_MAJOR%%.0.2+up1.5.0'
version: '%%CHART_MAJOR%%.0.4+up1.6.0'
- prettyName: Akri
releaseName: akri
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri'
@@ -171,7 +171,7 @@ spec:
- prettyName: Metal3
releaseName: metal3
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
version: '%%CHART_MAJOR%%.0.18+up0.12.8'
version: '%%CHART_MAJOR%%.0.19+up0.12.9'
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'

33
sriov-cni-image/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%
#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-cni gawk which; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.sriov-cni
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE sriov-cni Container Image"
LABEL org.opencontainers.image.description="sriov-cni based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%sriov-cni_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:%%sriov-cni_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/entrypoint.sh"]

19
sriov-cni-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%sriov-cni_version%%</param>
<param name="package">sriov-cni</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

20
sriov-cni/_service Normal file
View File

@@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-cni</param>
<param name="scm">git</param>
<param name="revision">v2.10.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">sriov-cni.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
</services>

61
sriov-cni/sriov-cni.spec Normal file
View File

@@ -0,0 +1,61 @@
#
# spec file for package sriov-cni
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sriov-cni
Version: 0
Release: 0
Summary: Implements a Kubernetes CNI plugin operator for SRIOV VFs
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-cni
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
MAC, VLAN, IP and more.
SR-IOV CNI plugin works with SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus gets the allocated
VF's deviceID(PCI address) and is responsible for invoking the SR-IOV CNI plugin with that deviceID.
%prep
%autosetup -a1 -n %{name}-%{version} -p1
%build
# CGO is disabled by default in upstream Makefile:
%define cgoenabled "0"
# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile:
%define buildgotags "no_openssl"
%define buildldflags ""
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} -tags %{buildgotags} -o sriov cmd/sriov/main.go
%install
install -D -m0755 sriov %{buildroot}%{_bindir}/sriov
install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
%files
%license LICENSE
%doc README.md
%{_bindir}/sriov
/entrypoint.sh
%changelog

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.4+up1.6.0"

2
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -83,11 +83,13 @@ spec:
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string

33
sriov-network-device-plugin-image/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%
#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-device-plugin hwdata gawk which; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.sriov-network-device-plugin
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE sriov-network-device-plugin Container Image"
LABEL org.opencontainers.image.description="sriov-network-device-plugin based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%sriov-network-device-plugin_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:%%sriov-network-device-plugin_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/entrypoint.sh"]

19
sriov-network-device-plugin-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%sriov-network-device-plugin_version%%</param>
<param name="package">sriov-network-device-plugin</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

20
sriov-network-device-plugin/_service Normal file
View File

@@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin</param>
<param name="scm">git</param>
<param name="revision">v3.10.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">sriov-network-device-plugin.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
</services>

69
sriov-network-device-plugin/sriov-network-device-plugin.spec Normal file
View File

@@ -0,0 +1,69 @@
#
# spec file for package sriov-network-device-plugin
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sriov-network-device-plugin
Version: 0
Release: 0
Summary: Kubernetes device plugin for discovering and advertising SR-IOV available resources in the host
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
The SR-IOV Network Device Plugin is a Kubernetes device plugin for discovering and advertising networking resources in the form of
(i) SR-IOV virtual functions [VFs], (ii) PCI physical functions [PFs] and (iii) Auxiliary network devices (in particular Subfunctions [SFs])
which are available on a Kubernetes host.
To deploy workloads with SR-IOV resources this plugin needs to work together a CNI meta plugin supporting Device Plugin based network
provisioning (e.g., Multus CNI) and a CNI capable of consuming the SR-IOV network device allocated to the Pod (e.g., sriov-cni).
List of supported SR-IOV devices (not limited to NICs): https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin/blob/main/README.md
(select the right version/tag)
%prep
%autosetup -a1 -n %{name}-%{version} -p1
%build
# Following go-build settings have been taken from upstream Makefile (for the STATIC option, the one set by rancher/ecm hardened
# image used as baseline: https://github.com/rancher/image-build-sriov-network-device-plugin/blob/v3.9.0-build20250425/Dockerfile#L18 ):
#
# - CGO being disabled:
%define cgoenabled "0"
# - go-build constrain (aka tag) "no_openssl" being set:
%define buildgotags "no_openssl"
# - go-build to invoke external linker (i.e., gcc's ld) to which "static" option is being passed
%define buildldflags "-extldflags '-static'"
# - force rebuilding of packages that are already up-to-date
#define buildgoflags "-a"
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} ${buildgoflags} -tags %{buildgotags} -o sriovdp ./cmd/sriovdp
%install
install -D -m0755 sriovdp %{buildroot}%{_bindir}/sriovdp
install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
%files
%license LICENSE
%doc README.md
%{_bindir}/sriovdp
/entrypoint.sh
%changelog

35
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,28 +1,27 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
apiVersion: v2
name: sriov-network-operator
version: "%%CHART_MAJOR%%.0.4+up1.6.0"
kubeVersion: '>= 1.24.0-0'
appVersion: v1.6.0
description: SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster
type: application
keywords:
- sriov
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.5.0
apiVersion: v2
appVersion: v1.5.0
catalog.cattle.io/upstream-version: 1.6.0
dependencies:
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
description: SR-IOV network operator configures and manages SR-IOV networks in the
kubernetes cluster
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.24.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: 0.18.2

12
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --version 1.5.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
```
#### Deploy from project sources
@@ -84,6 +84,12 @@ We have introduced the following Chart parameters.
| `operator.resourcePrefix` | string | `openshift.io` | Device plugin resource prefix |
| `operator.cniBinPath` | string | `/opt/cni/bin` | Path for CNI binary |
| `operator.clustertype` | string | `kubernetes` | Cluster environment type |
| `operator.metricsExporter.port` | string | `9110` | Port where the Network Metrics Exporter listen |
| `operator.metricsExporter.certificates.secretName` | string | `metrics-exporter-cert` | Secret name to serve metrics via TLS. The secret must have the same fields as `operator.admissionControllers.certificates.secretNames` |
| `operator.metricsExporter.prometheusOperator.enabled` | bool | false | Wheter the operator shoud configure Prometheus resources or not (e.g. `ServiceMonitors`). |
| `operator.metricsExporter.prometheusOperator.serviceAccount` | string | `prometheus-k8s` | The service account used by the Prometheus Operator. This is used to give Prometheus the permission to list resource in the SR-IOV operator namespace |
| `operator.metricsExporter.prometheusOperator.namespace` | string | `monitoring` | The namespace where the Prometheus Operator is installed. Setting this variable makes the operator deploy `monitoring.coreos.com` resources. |
| `operator.metricsExporter.prometheusOperator.deployRules` | bool | false | Whether the operator should deploy `PrometheusRules` to scrape namespace version of metrics. |
#### Admission Controllers parameters
@@ -142,9 +148,13 @@ Upon chart deletion, those files are not cleaned up. For cases where this is not
| `images.sriovConfigDaemon` | Daemon node agent image |
| `images.sriovCni` | SR-IOV CNI image |
| `images.ibSriovCni` | InfiniBand SR-IOV CNI image |
| `images.ovsCni` | OVS CNI image |
| `images.rdmaCni` | RDMA CNI image |
| `images.sriovDevicePlugin` | SR-IOV device plugin image |
| `images.resourcesInjector` | Resources Injector image |
| `images.webhook` | Operator Webhook image |
| `images.metricsExporter` | Network Metrics Exporter image |
| `images.metricsExporterKubeRbacProxy` | Kube RBAC Proxy image used for metrics exporter |
### Extra objects parameters

8
sriov-network-operator-chart/_service
View File

@@ -7,4 +7,12 @@
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">values.yaml</param>
<param name="file">charts/sriov-nfd/values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
</services>

12
sriov-network-operator-chart/app-README.md
View File

@@ -1,12 +0,0 @@
# Rancher SR-IOV Network Operator
This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator](https://github.com/k8snetworkplumbingwg/sriov-network-operator) project. The chart deploys the SR-IOV Operator and its CRDs, which are designed to help the user provision and configure the SR-IOV CNI in a cluster that uses [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni), to provide high performing extra network interfaces to pods. This chart is expected to be deployed on an RKE2 cluster and only meant for advanced use cases where multiple CNI plugins and high performing network interfaces on pods are required. Users who do not need these features are not advised to install this chart.
The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

15
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -1,14 +1,15 @@
apiVersion: v2
appVersion: v0.15.7
description: Detects hardware features available on each node in a Kubernetes cluster,
and advertises those features using node labels
appVersion: v0.18.2
description: |
Detects hardware features available on each node in a Kubernetes cluster, and advertises
those features using node labels.
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
- feature-discovery
- feature-detection
- node-labels
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.7
version: 0.18.2

2
sriov-network-operator-chart/charts/sriov-nfd/README.md
View File

@@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
range of vendor and application specific node labeling needs.
See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.18/deployment/helm.html)
for deployment instructions.

562
sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml
View File

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeatures.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
@@ -17,23 +17,30 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
description: |-
NodeFeature resource holds the features discovered for one node in the
cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
description: Specification of the NodeFeature, containing features discovered
for a node.
properties:
features:
description: Features is the full "raw" features data that has been
@@ -47,6 +54,7 @@ spec:
elements:
additionalProperties:
type: string
description: Individual features of the feature set.
type: object
required:
- elements
@@ -61,9 +69,11 @@ spec:
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
description: |-
Nil is a dummy empty struct for protobuf compatibility.
NOTE: protobuf definitions have been removed but this is kept for API compatibility.
type: object
description: Individual features of the feature set.
type: object
required:
- elements
@@ -77,6 +87,7 @@ spec:
which is an instance having multiple attributes.
properties:
elements:
description: Individual features of the feature set.
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
@@ -84,6 +95,7 @@ spec:
attributes:
additionalProperties:
type: string
description: Attributes of the instance feature.
type: object
required:
- attributes
@@ -113,7 +125,323 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.12.1
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeaturegroups.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
names:
kind: NodeFeatureGroup
listKind: NodeFeatureGroupList
plural: nodefeaturegroups
shortNames:
- nfg
singular: nodefeaturegroup
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureGroup resource holds Node pools by featureGroup
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec defines the rules to be evaluated.
properties:
featureGroupRules:
description: List of rules to evaluate to determine nodes that belong
in this group.
items:
description: GroupRule defines a rule for nodegroup filtering.
properties:
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
vars:
additionalProperties:
type: string
description: |-
Vars is the variables to store if the rule matches. Variables can be
referenced from other rules enabling more complex rule hierarchies.
type: object
varsTemplate:
description: |-
VarsTemplate specifies a template to expand for dynamically generating
multiple variables. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- featureGroupRules
type: object
status:
description: |-
Status of the NodeFeatureGroup after the most recent evaluation of the
specification.
properties:
nodes:
description: Nodes is a list of FeatureGroupNode in the cluster that
match the featureGroupRules
items:
properties:
name:
description: Name of the node.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: nodefeaturerules.nfd.k8s-sigs.io
spec:
group: nfd.k8s-sigs.io
@@ -129,23 +457,29 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
description: |-
NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
description: Spec defines the rules to be evaluated.
properties:
rules:
description: Rules is a list of node customization rules.
@@ -169,10 +503,10 @@ spec:
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
description: |-
LabelsTemplate specifies a template to expand for dynamically generating
multiple labels. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
matchAny:
description: MatchAny specifies a list of matchers one of which
@@ -184,10 +518,10 @@ spec:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature
@@ -195,11 +529,10 @@ spec:
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
@@ -210,35 +543,40 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
@@ -249,20 +587,26 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
@@ -281,9 +625,10 @@ spec:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
description: |-
FeatureMatcherTerm defines requirements against one feature set. All
requirements (specified as MatchExpressions) are evaluated against each
element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
@@ -291,11 +636,10 @@ spec:
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
description: |-
MatchExpression specifies an expression to evaluate against a set of input
values. It contains an operator that is applied when matching the input and
an array of values that the operator evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
@@ -306,32 +650,40 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
description: |-
MatchExpressions is the set of per-element expressions evaluated. These
match against the value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
description: |-
MatchName in an expression that is matched against the name of each
element in the feature set.
properties:
op:
description: Op is the operator to be applied.
@@ -342,19 +694,26 @@ spec:
- Exists
- DoesNotExist
- Gt
- Ge
- Lt
- Le
- GtLt
- GeLe
- IsTrue
- IsFalse
type: string
type:
description: |-
Type defines the value type for specific operators.
The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators.
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
description: |-
Value is the list of values that the operand evaluates the input
against. Value should be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly one element if the
operator is Gt or Lt and exactly two elements if the operator is GtLt.
In other cases Value should contain at least one element.
items:
type: string
type: array
@@ -371,21 +730,24 @@ spec:
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
description: |-
The node this Taint is attached to has the "effect" on
any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
description: |-
Required. The effect of the taint on pods
that do not tolerate the taint.
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
description: |-
TimeAdded represents the time at which the taint was added.
It is only written for NoExecute taints.
format: date-time
type: string
value:
@@ -400,17 +762,17 @@ spec:
vars:
additionalProperties:
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
description: |-
Vars is the variables to store if the rule matches. Variables do not
directly inflict any changes in the node object. However, they can be
referenced from other rules enabling more complex rule hierarchies,
without exposing intermediary output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
description: |-
VarsTemplate specifies a template to expand for dynamically generating
multiple variables. Data (after template expansion) must be keys with an
optional value (<key>[=<value>]) separated by newlines.
type: string
required:
- name

31
sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl
View File

@@ -105,3 +105,34 @@ Create the name of the service account which nfd-gc will use
{{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
imagePullSecrets helper - uses local values or falls back to global values
*/}}
{{- define "node-feature-discovery.imagePullSecrets" -}}
{{- $imagePullSecrets := list -}}
{{- if .Values.imagePullSecrets -}}
{{- range .Values.imagePullSecrets -}}
{{- $imagePullSecrets = append $imagePullSecrets . -}}
{{- end -}}
{{- else if and .Values.global .Values.global.imagePullSecrets -}}
{{- range .Values.global.imagePullSecrets -}}
{{- $imagePullSecrets = append $imagePullSecrets . -}}
{{- end -}}
{{- end -}}
{{- if $imagePullSecrets -}}
{{- $imagePullSecrets | toJson }}
{{- end -}}
{{- end -}}
{{/*
system_default_registry helper - prints global value "cattle.systemDefaultRegistry" (adding a "/" at the end)
or empty string (if this global Helm param. not defined)
*/}}
{{- define "node-feature-discovery.system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

68
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml
View File

@@ -1,68 +0,0 @@
{{- if .Values.tls.certManager }}
{{- if .Values.master.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-master-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-master-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-master
dnsNames:
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
---
{{- if .Values.worker.enable }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-worker-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-worker-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-worker
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- if .Values.topologyUpdater.enable }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-topology-updater-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
secretName: nfd-topology-updater-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-topology-updater
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}

42
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,42 +0,0 @@
{{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: nfd-ca-bootstrap
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: nfd-ca-cert
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
isCA: true
secretName: nfd-ca-cert
subject:
organizations:
- node-feature-discovery
commonName: nfd-ca-cert
issuerRef:
name: nfd-ca-bootstrap
kind: Issuer
group: cert-manager.io
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: nfd-ca-issuer
namespace: {{ include "node-feature-discovery.namespace" . }}
spec:
ca:
secretName: nfd-ca-cert
{{- end }}

23
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,6 +6,13 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- watch
- list
- apiGroups:
- ""
resources:
@@ -21,10 +28,18 @@ rules:
resources:
- nodefeatures
- nodefeaturerules
- nodefeaturegroups
verbs:
- get
- list
- watch
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeaturegroups/status
verbs:
- patch
- update
- apiGroups:
- coordination.k8s.io
resources:
@@ -58,6 +73,12 @@ rules:
verbs:
- get
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
@@ -80,7 +101,7 @@ rules:
- update
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole

2
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -33,7 +33,7 @@ subjects:
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.rbac.create }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding

17
sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.master.enable }}
{{- if .Values.master.podDisruptionBudget.enable -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-master
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: master
{{- toYaml (omit .Values.master.podDisruptionBudget "enable") | nindent 2 }}
{{- end }}
{{- end }}

118
sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml
View File

@@ -13,6 +13,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.master.replicaCount }}
revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -22,46 +23,90 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: master
{{- with .Values.master.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-master-conf.yaml") . | sha256sum }}
{{- with .Values.master.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.master.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
enableServiceLinks: false
securityContext:
{{- toYaml .Values.master.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.master.hostNetwork }}
containers:
- name: master
securityContext:
{{- toYaml .Values.master.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
startupProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.master.startupProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.startupProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
livenessProbe:
grpc:
port: 8080
initialDelaySeconds: 10
periodSeconds: 10
httpGet:
path: /healthz
port: http
{{- with .Values.master.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
grpc:
port: 8080
initialDelaySeconds: 5
periodSeconds: 10
failureThreshold: 10
httpGet:
path: /healthz
port: http
{{- with .Values.master.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.master.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
ports:
- containerPort: {{ .Values.master.port | default "8080" }}
name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
name: http
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- with .Values.master.extraEnvs }}
{{- toYaml . | nindent 10 }}
{{- end}}
command:
- "nfd-master"
resources:
@@ -70,60 +115,35 @@ spec:
{{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}"
{{- end }}
{{- if not .Values.enableNodeFeatureApi }}
- "-port={{ .Values.master.port | default "8080" }}"
- "-enable-nodefeature-api=false"
{{- else if gt (int .Values.master.replicaCount) 1 }}
- "-enable-leader-election"
{{- end }}
{{- if .Values.master.extraLabelNs | empty | not }}
- "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
{{- end }}
{{- if .Values.master.denyLabelNs | empty | not }}
- "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}"
{{- end }}
{{- if .Values.master.resourceLabels | empty | not }}
- "-resource-labels={{- join "," .Values.master.resourceLabels }}"
{{- end }}
{{- if .Values.master.enableTaints }}
- "-enable-taints"
{{- end }}
{{- if .Values.master.crdController | kindIs "invalid" | not }}
- "-crd-controller={{ .Values.master.crdController }}"
{{- else }}
## By default, disable crd controller for other than the default instances
- "-crd-controller={{ .Values.master.instance | empty }}"
{{- end }}
{{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
- "-featurerules-controller={{ .Values.master.featureRulesController }}"
{{- end }}
{{- if .Values.master.resyncPeriod }}
- "-resync-period={{ .Values.master.resyncPeriod }}"
{{- end }}
{{- if .Values.master.nfdApiParallelism | empty | not }}
- "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
# Go over featureGates and add the feature-gate flag
{{- range $key, $value := .Values.featureGates }}
- "-feature-gates={{ $key }}={{ $value }}"
{{- end }}
- "-port={{ .Values.master.port | default "8080" }}"
{{- with .Values.master.extraArgs }}
{{- toYaml . | nindent 12 }}
{{- end }}
- "-metrics={{ .Values.master.metricsPort | default "8081" }}"
volumeMounts:
{{- if .Values.tls.enable }}
- name: nfd-master-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
- name: nfd-master-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
volumes:
{{- if .Values.tls.enable }}
- name: nfd-master-cert
secret:
secretName: nfd-master-cert
{{- end }}
- name: nfd-master-conf
configMap:
name: {{ include "node-feature-discovery.fullname" . }}-master-conf

17
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.gc.enable }}
{{- if .Values.gc.podDisruptionBudget.enable -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-gc
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
role: gc
{{- toYaml (omit .Values.gc.podDisruptionBudget "enable") | nindent 2 }}
{{- end }}
{{- end }}

59
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml
View File

@@ -1,4 +1,4 @@
{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
{{- if and .Values.gc.enable -}}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -13,6 +13,7 @@ metadata:
{{- end }}
spec:
replicas: {{ .Values.gc.replicaCount | default 1 }}
revisionHistoryLimit: {{ .Values.gc.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -28,28 +29,70 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.gc.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
securityContext:
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.gc.hostNetwork }}
containers:
- name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.gc.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.gc.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.gc.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- with .Values.gc.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
command:
- "nfd-gc"
args:
{{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.gc.interval }}"
{{- end }}
{{- with .Values.gc.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.gc.resources | nindent 12 }}
securityContext:
@@ -59,8 +102,8 @@ spec:
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
- name: http
containerPort: {{ .Values.gc.port | default "8080"}}
{{- with .Values.gc.nodeSelector }}
nodeSelector:

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml
View File

@@ -1,3 +1,4 @@
{{- if .Values.topologyUpdater.enable -}}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -8,3 +9,4 @@ metadata:
data:
nfd-topology-updater.conf: |-
{{- .Values.topologyUpdater.config | toYaml | nindent 4 }}
{{- end }}

101
sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml Normal file
View File

@@ -0,0 +1,101 @@
{{- if .Values.postDeleteCleanup }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-prune
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-prune
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
template:
metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 8 }}
role: prune
spec:
serviceAccountName: {{ include "node-feature-discovery.fullname" . }}-prune
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
containers:
- name: nfd-master
securityContext:
{{- toYaml .Values.master.securityContext | nindent 12 }}
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
command:
- "nfd-master"
args:
- "-prune"
{{- if .Values.master.instance | empty | not }}
- "-instance={{ .Values.master.instance }}"
{{- end }}
restartPolicy: Never
{{- with .Values.master.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.master.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

4
sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml
View File

@@ -12,9 +12,9 @@ metadata:
spec:
podMetricsEndpoints:
- honorLabels: true
interval: 10s
interval: {{ .Values.prometheus.scrapeInterval }}
path: /metrics
port: metrics
port: http
scheme: http
namespaceSelector:
matchNames:

1
sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml
View File

@@ -15,6 +15,7 @@ rules:
- create
- get
- update
- delete
- apiGroups:
- ""
resources:

1
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -15,3 +15,4 @@ subjects:
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

20
sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml
View File

@@ -1,20 +0,0 @@
{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "node-feature-discovery.fullname" . }}-master
namespace: {{ include "node-feature-discovery.namespace" . }}
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
role: master
spec:
type: {{ .Values.master.service.type }}
ports:
- port: {{ .Values.master.service.port | default "8080" }}
targetPort: grpc
protocol: TCP
name: grpc
selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master
{{- end}}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml
View File

@@ -27,7 +27,7 @@ metadata:
{{- end }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
{{- if and .Values.gc.enable .Values.gc.serviceAccount.create }}
---
apiVersion: v1
kind: ServiceAccount

82
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml
View File

@@ -12,6 +12,7 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: {{ .Values.topologyUpdater.revisionHistoryLimit }}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -21,23 +22,60 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: topology-updater
{{- with .Values.topologyUpdater.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-topologyupdater-conf.yaml") . | sha256sum }}
{{- with .Values.topologyUpdater.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.topologyUpdater.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
securityContext:
{{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.topologyUpdater.hostNetwork }}
containers:
- name: topology-updater
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.topologyUpdater.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.topologyUpdater.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.topologyUpdater.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
@@ -47,6 +85,9 @@ spec:
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- with .Values.topologyUpdater.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
command:
- "nfd-topology-updater"
args:
@@ -61,13 +102,8 @@ spec:
{{- else }}
- "-watch-namespace=*"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
{{- if .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint"
{{- if not .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint=false"
{{- end }}
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- "-kubelet-config-uri=file:///host-var/kubelet-config"
@@ -76,10 +112,13 @@ spec:
# Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir="
{{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
- "-port={{ .Values.topologyUpdater.port | default "8080"}}"
{{- with .Values.topologyUpdater.extraArgs }}
{{- toYaml . | nindent 10 }}
{{- end }}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
- containerPort: {{ .Values.topologyUpdater.port | default "8080"}}
name: http
volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config
@@ -93,11 +132,6 @@ spec:
- name: kubelet-state-files
mountPath: /host-var/lib/kubelet
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
- name: nfd-topology-updater-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
@@ -134,12 +168,6 @@ spec:
items:
- key: nfd-topology-updater.conf
path: nfd-topology-updater.conf
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
secret:
secretName: nfd-topology-updater-cert
{{- end }}
{{- with .Values.topologyUpdater.nodeSelector }}
nodeSelector:

97
sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml
View File

@@ -12,6 +12,11 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
revisionHistoryLimit: {{ .Values.worker.revisionHistoryLimit }}
{{- with .Values.worker.updateStrategy }}
updateStrategy:
{{- toYaml . | nindent 4 }}
{{- end}}
selector:
matchLabels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -21,25 +26,62 @@ spec:
labels:
{{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
role: worker
{{- with .Values.worker.annotations }}
annotations:
checksum/config: {{ include (print $.Template.BasePath "/nfd-worker-conf.yaml") . | sha256sum }}
{{- with .Values.worker.annotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
dnsPolicy: ClusterFirstWithHostNet
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
dnsPolicy: {{ .Values.worker.dnsPolicy }}
{{- with .Values.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
hostNetwork: {{ .Values.worker.hostNetwork }}
containers:
- name: worker
securityContext:
{{- toYaml .Values.worker.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
livenessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.worker.livenessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.livenessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
readinessProbe:
httpGet:
path: /healthz
port: http
{{- with .Values.worker.readinessProbe.initialDelaySeconds }}
initialDelaySeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.failureThreshold }}
failureThreshold: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.periodSeconds }}
periodSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.timeoutSeconds }}
timeoutSeconds: {{ . }}
{{- end }}
{{- with .Values.worker.readinessProbe.successThreshold }}
successThreshold: {{ . }}
{{- end }}
env:
- name: NODE_NAME
valueFrom:
@@ -53,24 +95,25 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- with .Values.worker.extraEnvs }}
{{- toYaml . | nindent 8 }}
{{- end}}
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
command:
- "nfd-worker"
args:
{{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false"
# Go over featureGate and add the feature-gate flag
{{- range $key, $value := .Values.featureGates }}
- "-feature-gates={{ $key }}={{ $value }}"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
- "-port={{ .Values.worker.port | default "8080"}}"
{{- with .Values.worker.extraArgs }}
{{- toYaml . | nindent 8 }}
{{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
- containerPort: {{ .Values.worker.port | default "8080"}}
name: http
volumeMounts:
- name: host-boot
mountPath: "/host-boot"
@@ -87,25 +130,20 @@ spec:
- name: host-lib
mountPath: "/host-lib"
readOnly: true
- name: host-proc-swaps
mountPath: "/host-proc/swaps"
readOnly: true
{{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src
mountPath: "/host-usr/src"
readOnly: true
{{- end }}
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
- name: nfd-worker-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
{{- if .Values.tls.enable }}
- name: nfd-worker-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
volumes:
- name: host-boot
hostPath:
@@ -122,14 +160,14 @@ spec:
- name: host-lib
hostPath:
path: "/lib"
- name: host-proc-swaps
hostPath:
path: "/proc/swaps"
{{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src
hostPath:
path: "/usr/src"
{{- end }}
- name: source-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/source.d/"
- name: features-d
hostPath:
path: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -139,11 +177,6 @@ spec:
items:
- key: nfd-worker.conf
path: nfd-worker.conf
{{- if .Values.tls.enable }}
- name: nfd-worker-cert
secret:
secretName: nfd-worker-cert
{{- end }}
{{- with .Values.worker.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

202
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -1,28 +1,51 @@
image:
repository: registry.rancher.com/rancher/hardened-node-feature-discovery
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery"
# This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7-build20250425
# tag
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
namespaceOverride: ""
enableNodeFeatureApi: true
featureGates:
NodeFeatureGroupAPI: false
priorityClassName: ""
postDeleteCleanup: true
master:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# informerPageSize: 200
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# restrictions:
# disableLabels: true
# disableTaints: true
# disableExtendedResources: true
# disableAnnotations: true
# allowOverwrite: false
# denyNodeFeatureLabels: true
# nodeFeatureNamespaceSelector:
# matchLabels:
# kubernetes.io/metadata.name: "node-feature-discovery"
# matchExpressions:
# - key: "kubernetes.io/metadata.name"
# operator: "In"
# values:
# - "node-feature-discovery"
# klog:
# addDirHeader: false
# alsologtostderr: false
@@ -46,20 +69,12 @@ master:
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release
port: 8080
metricsPort: 8081
instance:
featureApi:
resyncPeriod:
denyLabelNs: []
extraLabelNs: []
resourceLabels: []
enableTaints: false
crdController: null
featureRulesController: null
nfdApiParallelism: null
deploymentAnnotations: {}
replicaCount: 1
@@ -84,23 +99,22 @@ master:
# If not set and create is true, a name is generated using the fullname template
name:
# specify how many old ReplicaSets for the Deployment to retain.
revisionHistoryLimit:
rbac:
create: true
service:
type: ClusterIP
port: 8080
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#limits:
# cpu: 100m
# memory: 128Mi
# memory: 4Gi
#requests:
# cpu: 100m
# You may want to use the same value for `requests.memory` and `limits.memory`. The “requests” value affects scheduling to accommodate pods on nodes.
# If there is a large difference between “requests” and “limits” and nodes experience memory pressure, the kernel may invoke
# the OOM Killer, even if the memory does not exceed the “limits” threshold. This can cause unexpected pod evictions. Memory
# cannot be compressed and once allocated to a pod, it can only be reclaimed by killing the pod.
# Natan Yellin 22/09/2022 https://home.robusta.dev/blog/kubernetes-memory-limit
# memory: 128Mi
nodeSelector: {}
@@ -115,17 +129,16 @@ master:
value: ""
effect: "NoSchedule"
podDisruptionBudget:
enable: false
minAvailable: 1
unhealthyPodEvictionPolicy: AlwaysAllow
annotations: {}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: "node-role.kubernetes.io/master"
operator: In
values: [""]
- weight: 1
preference:
matchExpressions:
@@ -133,12 +146,32 @@ master:
operator: In
values: [""]
startupProbe:
failureThreshold: 30
# periodSeconds: 10
livenessProbe: {}
# failureThreshold: 3
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
failureThreshold: 10
# initialDelaySeconds: 0
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
worker:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# noOwnerRefs: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
@@ -162,6 +195,7 @@ worker:
# cpuid:
## NOTE: whitelist has priority over blacklist
# attributeBlacklist:
# - "AVX10"
# - "BMI1"
# - "BMI2"
# - "CLMUL"
@@ -214,8 +248,6 @@ worker:
# - "class"
# - "vendor"
# - "device"
# local:
# hooksEnabled: false
# custom:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
@@ -378,7 +410,7 @@ worker:
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
port: 8080
daemonsetAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
@@ -391,6 +423,18 @@ worker:
runAsNonRoot: true
# runAsUser: 1000
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
failureThreshold: 10
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
serviceAccount:
# Specifies whether a service account should be created.
# We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
@@ -401,6 +445,9 @@ worker:
# If not set and create is true, a name is generated using the fullname template
name:
# specify how many old ControllerRevisions for the DaemonSet to retain.
revisionHistoryLimit:
rbac:
create: true
@@ -409,16 +456,11 @@ worker:
mountUsrSrc: false
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#limits:
# cpu: 100m
# memory: 128Mi
# memory: 512Mi
#requests:
# cpu: 100m
# memory: 128Mi
# cpu: 5m
# memory: 64Mi
nodeSelector: {}
@@ -430,6 +472,12 @@ worker:
priorityClassName: ""
updateStrategy: {}
# type: RollingUpdate
# rollingUpdate:
# maxSurge: 0
# maxUnavailable: "10%"
topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
@@ -443,15 +491,23 @@ topologyUpdater:
enable: false
createCRDs: false
extraArgs: []
extraEnvs: []
hostNetwork: false
dnsPolicy: ClusterFirstWithHostNet
serviceAccount:
create: true
annotations: {}
name:
# specify how many old ControllerRevisions for the DaemonSet to retain.
revisionHistoryLimit:
rbac:
create: true
metricsPort: 8081
port: 8080
kubeletConfigPath:
kubeletPodResourcesSockPath:
updateInterval: 60s
@@ -466,17 +522,24 @@ topologyUpdater:
readOnlyRootFilesystem: true
runAsUser: 0
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
failureThreshold: 10
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#limits:
# cpu: 100m
# memory: 128Mi
# memory: 60Mi
#requests:
# cpu: 100m
# memory: 128Mi
# cpu: 50m
# memory: 40Mi
nodeSelector: {}
tolerations: []
@@ -487,7 +550,11 @@ topologyUpdater:
gc:
enable: true
extraArgs: []
extraEnvs: []
hostNetwork: false
replicaCount: 1
dnsPolicy: ClusterFirstWithHostNet
serviceAccount:
create: true
@@ -500,19 +567,26 @@ gc:
podSecurityContext: {}
livenessProbe:
initialDelaySeconds: 10
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
readinessProbe:
initialDelaySeconds: 5
# failureThreshold: 3
# periodSeconds: 10
# timeoutSeconds: 1
# successThreshold: 1
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
#limits:
# cpu: 100m
# memory: 128Mi
# memory: 1Gi
#requests:
# cpu: 100m
# cpu: 10m
# memory: 128Mi
metricsPort: 8081
port: 8080
nodeSelector: {}
tolerations: []
@@ -520,15 +594,15 @@ gc:
deploymentAnnotations: {}
affinity: {}
# Optionally use encryption for worker <--> master comms
# TODO: verify hostname is not yet supported
#
# If you do not enable certManager (and have it installed) you will
# need to manually, or otherwise, provision the TLS certs as secrets
tls:
podDisruptionBudget:
enable: false
certManager: false
minAvailable: 1
unhealthyPodEvictionPolicy: AlwaysAllow
# specify how many old ReplicaSets for the Deployment to retain.
revisionHistoryLimit:
prometheus:
enable: false
scrapeInterval: 10s
labels: {}

14
sriov-network-operator-chart/templates/NOTES.txt
View File

@@ -5,13 +5,15 @@ $ kubectl -n {{ .Release.Namespace }} get pods
For additional instructions on how to use SR-IOV network operator,
refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator
{{- if .Values.operator.enableAdmissionController }}
{{- if not .Values.cert_manager }}
{{- if .Values.operator.admissionControllers.enabled }}
{{- if not .Values.operator.admissionControllers.certificates.certManager.enabled }}
Thank you for installing {{ .Chart.Name }}.
WARNING! Self signed certificates have been generated for webhooks.
These certificates have a one-year validity and will not be rotated
automatically. This should not be a production cluster. Please deploy
and use cert-manager for production clusters.
WARNING! Self signed certificates have been generated for the two
deployed SRIOV dynamic admission controllers: sriov-network-webhook
and network-resources-injector. These certificates have a one-year
validity and will not be rotated automatically.
This should NOT be a production cluster. Please deploy and use
cert-manager for production clusters.
{{- end }}
{{- end }}

15
sriov-network-operator-chart/templates/_helpers.tpl
View File

@@ -68,18 +68,3 @@ Create the name of the service account to use
{{- "" -}}
{{- end -}}
{{- end -}}
{{/*
Windows cluster will add default taint for linux nodes,
add below linux tolerations to workloads could be scheduled to those linux nodes
*/}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}

30
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -1,30 +0,0 @@
{{/*
Generate TLS certificates for webhooks.
Note: these 2 lines, that are repeated several times below, are a trick to
ensure the CA certs are generated only once:
$ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365)
$_ := set . "ca" $ca
Please, don't try to "simplify" them as without this trick, every generated
certificate would be signed by a different CA.
*/}}
{{- define "sriov_operator_ca_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- printf "%s" $ca.Cert | b64enc -}}
{{- end }}
{{- define "sriov_operator_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "operator-webhook-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- define "sriov_resource_injector_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "network-resources-injector-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}

40
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -1,40 +0,0 @@
{{- if and (.Values.operator.enableAdmissionController) (.Values.cert_manager) -}}
{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}}
{{- required "cert-manager is required but not found" "" -}}
{{- end -}}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: sriov-network-operator-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
spec:
secretName: operator-webhook-service
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: network-resources-injector-service
namespace: {{ .Release.Namespace }}
spec:
secretName: network-resources-injector-secret
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
{{- end -}}

5
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -25,6 +25,11 @@ data:
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Intel_ice_Columbiapark_E825C_BACKPLANE: "8086 579c 1889"
Intel_ice_Columbiapark_E825C_QSFP: "8086 579d 1889"
Intel_ice_Columbiapark_E825C_SFP: "8086 579e 1889"
Intel_ice_Connorsville_E830_QSFP: "8086 12d2 1889"
Intel_ice_Connorsville_E830_SFP: "8086 12d3 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"

5
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -6,7 +6,6 @@ apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
spec:
@@ -15,9 +14,7 @@ spec:
matchLabels:
name: sriov-network-operator
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 33%
type: Recreate
template:
metadata:
annotations:

9
sriov-network-operator-chart/templates/role.yaml
View File

@@ -28,6 +28,15 @@ rules:
- statefulsets
verbs:
- '*'
- apiGroups:
- networking.k8s.io
resources:
- networkpolicies
verbs:
- get
- create
- update
- delete
- apiGroups:
- monitoring.coreos.com
resources:

19
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -1,19 +0,0 @@
{{- if not .Values.cert_manager -}}
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_operator_cert" . | nindent 2 }}
{{- end }}
---
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: network-resources-injector-secret
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}

2
sriov-network-operator-chart/templates/validate-install-crd.yaml
View File

@@ -14,7 +14,7 @@
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRDs chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}

29
sriov-network-operator-chart/values.yaml
View File

@@ -82,6 +82,7 @@ operator:
# MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo=
# ...
# -----END EC PRIVATE KEY-----
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
@@ -101,26 +102,26 @@ supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
operator:
repository: registry.suse.com/rancher/hardened-sriov-network-operator
tag: v1.5.0-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager"
tag: v1.6.0
sriovConfigDaemon:
repository: registry.suse.com/rancher/hardened-sriov-network-config-daemon
tag: v1.5.0-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon"
tag: v1.6.0
sriovCni:
repository: registry.suse.com/rancher/hardened-sriov-cni
tag: v2.9.0-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni"
tag: v2.10.0
ibSriovCni:
repository: registry.suse.com/rancher/hardened-ib-sriov-cni
tag: v1.2.1-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni"
tag: v1.3.0
sriovDevicePlugin:
repository: registry.suse.com/rancher/hardened-sriov-network-device-plugin
tag: v3.9.0-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin"
tag: v3.10.0
resourcesInjector:
repository: registry.suse.com/rancher/hardened-sriov-network-resources-injector
tag: v1.7.1-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector"
tag: v1.8.0
webhook:
repository: registry.suse.com/rancher/hardened-sriov-network-webhook
tag: v1.5.0-build20250425
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook"
tag: v1.6.0
imagePullSecrets: []
extraDeploy: []
global:

33
sriov-network-operator-config-daemon-image/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%sriov-network-config-daemon:v%%sriov-network-config-daemon_version%%
#!BuildTag: %%IMG_PREFIX%%sriov-network-config-daemon:v%%sriov-network-config-daemon_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-config-dm hwdata mstflint; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.sriov-network-config-daemon
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE sriov-network-config-daemon Container Image"
LABEL org.opencontainers.image.description="sriov-network-config-daemon based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%sriov-network-config-daemon_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:%%sriov-network-config-daemon_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/usr/bin/sriov-network-config-daemon"]

19
sriov-network-operator-config-daemon-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%sriov-network-config-daemon_version%%</param>
<param name="package">sriov-network-operator-config-dm</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

33
sriov-network-operator-manager-image/Dockerfile Normal file
View File

@@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%sriov-network-manager:v%%sriov-network-manager_version%%
#!BuildTag: %%IMG_PREFIX%%sriov-network-manager:v%%sriov-network-manager_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-manager; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.sriov-network-manager
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE sriov-network-manager Container Image"
LABEL org.opencontainers.image.description="sriov-network-manager based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%sriov-network-manager_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:%%sriov-network-manager_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
ENTRYPOINT ["/usr/bin/sriov-network-operator"]

19
sriov-network-operator-manager-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%sriov-network-manager_version%%</param>
<param name="package">sriov-network-operator-manager</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

34
sriov-network-operator-webhook-image/Dockerfile Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%sriov-network-webhook:v%%sriov-network-webhook_version%%
#!BuildTag: %%IMG_PREFIX%%sriov-network-webhook:v%%sriov-network-webhook_version%%-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-webhook; \
zypper -n clean; \
rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.sriov-network-webhook
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE sriov-network-webhook Container Image"
LABEL org.opencontainers.image.description="sriov-network-webhook based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%%sriov-network-webhook_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:%%sriov-network-webhook_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
USER 1001
COPY --from=base /installroot /
CMD ["/usr/bin/webhook"]

19
sriov-network-operator-webhook-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service name="kiwi_metainfo_helper" mode="buildtime"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%sriov-network-webhook_version%%</param>
<param name="package">sriov-network-operator-webhook</param>
<param name="parse-version">patch</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

20
sriov-network-operator/_service Normal file
View File

@@ -0,0 +1,20 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-operator</param>
<param name="scm">git</param>
<param name="revision">v1.6.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="changesauthor">antonio.alarcon@suse.com</param>
<param name="match-tag">v*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="without-version">yes</param>
<param name="versionrewrite-replacement">\1</param>
</service>
<service mode="buildtime" name="tar">
<param name="obsinfo">sriov-network-operator.obsinfo</param>
</service>
<service name="go_modules" />
<service mode="buildtime" name="set_version" />
</services>

116
sriov-network-operator/sriov-network-operator.spec Normal file
View File

@@ -0,0 +1,116 @@
#
# spec file for package sriov-network-operator
#
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sriov-network-operator
Version: 0
Release: 0
Summary: Implements a Kubernetes operator for handling SRIOV VF resources
License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-network-operator
Source: sriov-network-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}
%description
The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources. It helps users to
provision and configure SR-IOV CNI plugins and SR-IOV Device plugin in a kubernetes cluster.
Handling (i.e., assigning, removing) SRIOV Virtual Functions (VF) across workloads orchestrated by a kubernetes
cluster requires different components to be provisioned and configured accordingly; the SRIOV Network
Operator takes care of deploying and coordinating all those required components, providing an elegant API to
simplify the process.
%package common
Summary: SRIOV Network Operator Common
Group: System/Management
%description common
The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
This subpackage is required to take ownership of the bindata files shared across subpackages.
%package manager
Summary: SRIOV Network Operator Manager
Group: System/Management
Requires: %{name}-common = %{version}
%description manager
The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
This subpackage provides the controllers' manager and the config-cleanup binaries.
%package config-dm
Summary: SRIOV Network Operator Config Daemon
Group: System/Management
Requires: %{name}-common = %{version}
%description config-dm
The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
This subpackage provides the config-daemon binary.
%package webhook
Summary: SRIOV Network Operator Webhook
Group: System/Management
%description webhook
The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
This subpackage provides the webhook binary.
%prep
%autosetup -a1 -n sriov-network-operator-%{version} -p1
%build
# CGO is disable by default in upstream Makefile
%define cgoenabled "0"
%define buildldflags "-X github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/version.Raw=%{version} -s -w"
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o manager main.go
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o sriov-network-operator-config-cleanup ./cmd/sriov-network-operator-config-cleanup
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o sriov-network-config-daemon ./cmd/sriov-network-config-daemon
CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o webhook ./cmd/webhook
%install
install -D -m0755 manager %{buildroot}%{_bindir}/sriov-network-operator
install -D -m0755 sriov-network-operator-config-cleanup %{buildroot}%{_bindir}/sriov-network-operator-config-cleanup
install -D -m0755 sriov-network-config-daemon %{buildroot}%{_bindir}/sriov-network-config-daemon
install -D -m0755 webhook %{buildroot}%{_bindir}/webhook
mkdir -p %{buildroot}/bindata
cp -aR bindata/* %{buildroot}/bindata/
chmod 755 %{buildroot}/bindata/scripts/*
%files common
%license LICENSE
%doc README.md
/bindata
%files manager
%license LICENSE
%doc README.md
%{_bindir}/sriov-network-operator
%{_bindir}/sriov-network-operator-config-cleanup
%files config-dm
%license LICENSE
%doc README.md
%{_bindir}/sriov-network-config-daemon
%files webhook
%license LICENSE
%doc README.md
%{_bindir}/webhook
%changelog

8
suse-edge-components-versions-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.3
#!BuildTag: %%IMG_PREFIX%%suse-edge-components-versions:0.2.3-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -29,8 +29,8 @@ LABEL org.opencontainers.image.description="Gather and display component version
LABEL org.opencontainers.image.url="https://github.com/suse-edge/support-tools/tree/main/components-versions"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="0.2.1"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.1-%RELEASE%"
LABEL org.opencontainers.image.version="0.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%suse-edge-components-versions:0.2.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"