1
0
forked from suse-edge/Factory
Factory/sriov-network-operator-chart
2024-10-21 17:31:00 +03:00
..
_service moved charts/images 2024-10-21 17:31:00 +03:00
app-README.md moved charts/images 2024-10-21 17:31:00 +03:00
Chart.yaml moved charts/images 2024-10-21 17:31:00 +03:00
charts.obscpio moved charts/images 2024-10-21 17:31:00 +03:00
README.md moved charts/images 2024-10-21 17:31:00 +03:00
templates.obscpio moved charts/images 2024-10-21 17:31:00 +03:00
values.yaml moved charts/images 2024-10-21 17:31:00 +03:00

SR-IOV Network Operator Helm Chart

SR-IOV Network Operator Helm Chart provides an easy way to install, configure and manage the lifecycle of SR-IOV network operator.

SR-IOV Network Operator

SR-IOV Network Operator leverages Kubernetes CRDs and Operator SDK to configure and manage SR-IOV networks in a Kubernetes cluster.

SR-IOV Network Operator features:

  • Initialize the supported SR-IOV NIC types on selected nodes.
  • Provision/upgrade SR-IOV device plugin executable on selected node.
  • Provision/upgrade SR-IOV CNI plugin executable on selected nodes.
  • Manage configuration of SR-IOV device plugin on host.
  • Generate net-att-def CRs for SR-IOV CNI plugin
  • Supports operation in a virtualized Kubernetes deployment
    • Discovers VFs attached to the Virtual Machine (VM)
    • Does not require attached of associated PFs
    • VFs can be associated to SriovNetworks by selecting the appropriate PciAddress as the RootDevice in the SriovNetworkNodePolicy

QuickStart

Prerequisites

  • Kubernetes v1.17+
  • Helm v3

Install Helm

Helm provides an install script to copy helm binary to your system:

$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3
$ chmod 500 get_helm.sh
$ ./get_helm.sh

For additional information and methods for installing Helm, refer to the official helm website

Deploy SR-IOV Network Operator

# Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait sriov-network-operator ./

# View deployed resources
$ kubectl -n sriov-network-operator get pods

In the case that Pod Security Admission is enabled, the sriov network operator namespace will require a security level of 'privileged'

$ kubectl label ns sriov-network-operator pod-security.kubernetes.io/enforce=privileged

Chart parameters

In order to tailor the deployment of the network operator to your cluster needs We have introduced the following Chart parameters.

Name Type Default description
imagePullSecrets list [] An optional list of references to secrets to use for pulling any of the SR-IOV Network Operator image
supportedExtraNICs list [] An optional list of whitelisted NICs

Operator parameters

Name Type Default description
operator.tolerations list [{"key":"node-role.kubernetes.io/master","operator":"Exists","effect":"NoSchedule"},{"key":"node-role.kubernetes.io/control-plane","operator":"Exists","effect":"NoSchedule"}] Operator's tolerations
operator.nodeSelector object {} Operator's node selector
operator.affinity object {"nodeAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"weight":1,"preference":{"matchExpressions":[{"key":"node-role.kubernetes.io/master","operator":"In","values":[""]}]}},{"weight":1,"preference":{"matchExpressions":[{"key":"node-role.kubernetes.io/control-plane","operator":"In","values":[""]}]}}]}} Operator's afffinity configuration
operator.nameOverride string `` Operator's resource name override
operator.fullnameOverride string `` Operator's resource full name override
operator.resourcePrefix string openshift.io Device plugin resource prefix
operator.cniBinPath string /opt/cni/bin Path for CNI binary
operator.clustertype string kubernetes Cluster environment type

Admission Controllers parameters

The admission controllers can be enabled by switching on a single parameter operator.admissionControllers.enabled. By default, the user needs to pre-create Kubernetes Secrets that match the names provided in operator.admissionControllers.certificates.secretNames. The secrets should have 3 fields populated with the relevant content:

  • ca.crt (value needs to be base64 encoded twice)
  • tls.crt
  • tls.key

Aside from the aforementioned mode, the chart supports 3 more modes for certificate consumption by the admission controllers, which can be found in the table below. In a nutshell, the modes that are supported are:

  • Consume pre-created Certificates managed by cert-manager
  • Generate self signed Certificates managed by cert-manager
  • Specify the content of the certificates as Helm values
Name Type Default description
operator.admissionControllers.enabled bool false Flag that switches on the admission controllers
operator.admissionControllers.certificates.secretNames.operator string operator-webhook-cert Secret that stores the certificate for the Operator's admission controller
operator.admissionControllers.certificates.secretNames.injector string network-resources-injector-cert Secret that stores the certificate for the Network Resources Injector's admission controller
operator.admissionControllers.certificates.certManager.enabled bool false Flag that switches on consumption of certificates managed by cert-manager
operator.admissionControllers.certificates.certManager.generateSelfSigned bool false Flag that switches on generation of self signed certificates managed by cert-manager. The secrets in which the certificates are stored will have the names provided in operator.admissionControllers.certificates.secretNames
operator.admissionControllers.certificates.custom.enabled bool false Flag that switches on consumption of user provided certificates that are part of operator.admissionControllers.certificates.custom.operator and operator.admissionControllers.certificates.custom.injector objects
operator.admissionControllers.certificates.custom.operator.caCrt string `` The CA certificate to be used by the Operator's admission controller
operator.admissionControllers.certificates.custom.operator.tlsCrt string `` The public part of the certificate to be used by the Operator's admission controller
operator.admissionControllers.certificates.custom.operator.tlsKey string `` The private part of the certificate to be used by the Operator's admission controller
operator.admissionControllers.certificates.custom.injector.caCrt string `` The CA certificate to be used by the Network Resources Injector's admission controller
operator.admissionControllers.certificates.custom.injector.tlsCrt string `` The public part of the certificate to be used by the Network Resources Injector's admission controller
operator.admissionControllers.certificates.custom.injector.tlsKey string `` The private part of the certificate to be used by the Network Resources Injector's admission controller

SR-IOV Operator Configuration Parameters

This section contains general parameters that apply to both the operator and daemon componets of SR-IOV Network Operator.

Name Type Default description
sriovOperatorConfig.deploy bool false deploy SriovOperatorConfig custom resource
sriovOperatorConfig.configDaemonNodeSelector map[string]string {} node slectors for sriov-network-config-daemon
sriovOperatorConfig.logLevel int 2 log level for both operator and sriov-network-config-daemon
sriovOperatorConfig.disableDrain bool false disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason
sriovOperatorConfig.configurationMode string daemon sriov-network-config-daemon configuration mode. either daemon or systemd

Images parameters

Name description
images.operator Operator controller image
images.sriovConfigDaemon Daemon node agent image
images.sriovCni SR-IOV CNI image
images.ibSriovCni InfiniBand SR-IOV CNI image
images.sriovDevicePlugin SR-IOV device plugin image
images.resourcesInjector Resources Injector image
images.webhook Operator Webhook image