suse-edge/Factory
SHA256
13
0
Fork 14
Code Issues Pull Requests 9 Actions Packages Projects Releases Wiki Activity

Merge pull request '[3.3.0] - update sriov to 1.5.0' (#142) from dprodanov/Factory:sriov-1-5-0 into main

Browse Source 
Reviewed-on: #142
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
This commit is contained in:
Denislav Prodanov
2025-05-08 10:38:09 +02:00
parent 2c4991cb24 3c9ebbd7ef
commit 81a856e586
51 changed files with 2346 additions and 2266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.5.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0"
version: "%%CHART_MAJOR%%.0.0+up1.5.0"

178
sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml
View File

@@ -14,92 +14,92 @@ spec:
singular: ovsnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: OVSNetwork is the Schema for the ovsnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: OVSNetworkSpec defines the desired state of OVSNetwork
properties:
bridge:
description: |-
name of the OVS bridge, if not set OVS will automatically select bridge
based on VF PCI address
type: string
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
interfaceType:
description: The type of interface on ovs.
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
metaPlugins:
description: MetaPluginsConfig configuration to be used in order to
chain metaplugins
type: string
mtu:
description: Mtu for the OVS port
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: OVS Network device plugin endpoint resource name
type: string
trunk:
description: Trunk configuration for the OVS port
items:
description: TrunkConfig contains configuration for bridge trunk
properties:
id:
maximum: 4095
minimum: 0
type: integer
maxID:
maximum: 4095
minimum: 0
type: integer
minID:
maximum: 4095
minimum: 0
type: integer
type: object
type: array
vlan:
description: Vlan to assign for the OVS port
maximum: 4095
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: OVSNetworkStatus defines the observed state of OVSNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: OVSNetwork is the Schema for the ovsnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: OVSNetworkSpec defines the desired state of OVSNetwork
properties:
bridge:
description: |-
name of the OVS bridge, if not set OVS will automatically select bridge
based on VF PCI address
type: string
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
interfaceType:
description: The type of interface on ovs.
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
metaPlugins:
description: MetaPluginsConfig configuration to be used in order to
chain metaplugins
type: string
mtu:
description: Mtu for the OVS port
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: OVS Network device plugin endpoint resource name
type: string
trunk:
description: Trunk configuration for the OVS port
items:
description: TrunkConfig contains configuration for bridge trunk
properties:
id:
maximum: 4095
minimum: 0
type: integer
maxID:
maximum: 4095
minimum: 0
type: integer
minID:
maximum: 4095
minimum: 0
type: integer
type: object
type: array
vlan:
description: Vlan to assign for the OVS port
maximum: 4095
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: OVSNetworkStatus defines the observed state of OVSNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

124
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml
View File

@@ -14,65 +14,65 @@ spec:
singular: sriovibnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovIBNetwork is the Schema for the sriovibnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
required:
- resourceName
type: object
status:
description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: SriovIBNetwork is the Schema for the sriovibnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
required:
- resourceName
type: object
status:
description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

384
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml
View File

@@ -14,196 +14,200 @@ spec:
singular: sriovnetworknodepolicy
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
properties:
bridge:
description: |-
contains bridge configuration for matching PFs,
valid only for eSwitchMode==switchdev
properties:
ovs:
description: contains configuration for the OVS bridge,
properties:
bridge:
description: contains bridge level settings
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
properties:
bridge:
description: |-
contains bridge configuration for matching PFs,
valid only for eSwitchMode==switchdev
properties:
ovs:
description: contains configuration for the OVS bridge,
properties:
bridge:
description: contains bridge level settings
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
description: IDs to inject to external_ids field in the
Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
uplink:
description: contains settings for uplink (PF)
properties:
interface:
description: contains settings for PF interface in the
OVS bridge
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface table
in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface table
in OVSDB
type: object
type:
description: type field in the Interface table in
OVSDB
externalIDs:
additionalProperties:
type: string
type: object
type: object
type: object
type: object
deviceType:
default: netdevice
description: The driver type for configured VFs. Allowed value "netdevice",
"vfio-pci". Defaults to netdevice.
enum:
- netdevice
- vfio-pci
type: string
eSwitchMode:
description: NIC Device Mode. Allowed value "legacy","switchdev".
enum:
- legacy
- switchdev
type: string
excludeTopology:
description: Exclude device's NUMA node when advertising this resource
by SRIOV network device plugin. Default to false.
type: boolean
externallyManaged:
description: don't create the virtual function only allocated them
to the device plugin. Defaults to false.
type: boolean
isRdma:
description: RDMA mode. Defaults to false.
type: boolean
linkType:
description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
"IB".
enum:
- eth
- ETH
- ib
- IB
type: string
mtu:
description: MTU of VF
minimum: 1
type: integer
needVhostNet:
description: mount vhost-net device. Defaults to false.
type: boolean
nicSelector:
description: NicSelector selects the NICs to be configured
properties:
deviceID:
description: The device hex code of SR-IoV device. Allowed value
"0d58", "1572", "158b", "1013", "1015", "1017", "101b".
type: string
netFilter:
description: Infrastructure Networking selection filter. Allowed
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
description: IDs to inject to external_ids field in the
Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
uplink:
description: contains settings for uplink (PF)
properties:
interface:
description: contains settings for PF interface in the
OVS bridge
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface table
in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface table
in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface table
in OVSDB
type: object
type:
description: type field in the Interface table in
OVSDB
type: string
type: object
type: object
type: object
type: object
deviceType:
default: netdevice
description: The driver type for configured VFs. Allowed value "netdevice",
"vfio-pci". Defaults to netdevice.
enum:
- netdevice
- vfio-pci
type: string
description: NodeSelector selects the nodes to be configured
type: object
numVfs:
description: Number of VFs for each PF
minimum: 0
type: integer
priority:
description: Priority of the policy, higher priority policies can
override lower ones.
maximum: 99
minimum: 0
type: integer
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
vdpaType:
description: VDPA device type. Allowed value "virtio", "vhost"
enum:
- virtio
- vhost
type: string
required:
- nicSelector
- nodeSelector
- numVfs
- resourceName
type: object
status:
description: SriovNetworkNodePolicyStatus defines the observed state of
SriovNetworkNodePolicy
type: object
type: object
served: true
storage: true
subresources:
status: {}
eSwitchMode:
description: NIC Device Mode. Allowed value "legacy","switchdev".
enum:
- legacy
- switchdev
type: string
excludeTopology:
description: Exclude device's NUMA node when advertising this resource
by SRIOV network device plugin. Default to false.
type: boolean
externallyManaged:
description: don't create the virtual function only allocated them
to the device plugin. Defaults to false.
type: boolean
isRdma:
description: RDMA mode. Defaults to false.
type: boolean
linkType:
description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
"IB".
enum:
- eth
- ETH
- ib
- IB
type: string
mtu:
description: MTU of VF
minimum: 1
type: integer
needVhostNet:
description: mount vhost-net device. Defaults to false.
type: boolean
nicSelector:
description: NicSelector selects the NICs to be configured
properties:
deviceID:
description: The device hex code of SR-IoV device. Allowed value
"0d58", "1572", "158b", "1013", "1015", "1017", "101b".
type: string
netFilter:
description: Infrastructure Networking selection filter. Allowed
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
numVfs:
description: Number of VFs for each PF
minimum: 0
type: integer
priority:
description: Priority of the policy, higher priority policies can
override lower ones.
maximum: 99
minimum: 0
type: integer
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
vdpaType:
description: VDPA device type. Allowed value "virtio", "vhost"
enum:
- virtio
- vhost
type: string
required:
- nicSelector
- nodeSelector
- numVfs
- resourceName
type: object
status:
description: SriovNetworkNodePolicyStatus defines the observed state of
SriovNetworkNodePolicy
type: object
type: object
served: true
storage: true
subresources:
status: {}

656
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml
View File

@@ -14,330 +14,356 @@ spec:
singular: sriovnetworknodestate
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
name: Desired Sync State
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
name: Current Sync State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
- additionalPrinterColumns:
- jsonPath: .status.syncStatus
name: Sync Status
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
name: Desired Sync State
type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
name: Current Sync State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkType:
type: string
mtu:
type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
deviceType:
type: string
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
type: string
type: object
type: array
required:
- pciAddress
type: object
type: array
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
bridge:
description: bridge-level configuration for the bridge
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name:
description: name of the bridge
type: string
pciAddress:
type: string
representorName:
type: string
vdpaType:
type: string
vendor:
type: string
vfID:
type: integer
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- pciAddress
- vfID
- name
type: object
type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object
type: array
lastSyncError:
type: string
syncStatus:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
interfaces:
items:
properties:
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkType:
type: string
mtu:
type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
items:
properties:
deviceType:
type: string
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
type: string
type: object
type: array
required:
- pciAddress
type: object
type: array
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
pciAddress:
type: string
representorName:
type: string
vdpaType:
type: string
vendor:
type: string
vfID:
type: integer
required:
- pciAddress
- vfID
type: object
type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object
type: array
lastSyncError:
type: string
syncStatus:
type: string
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}

210
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -14,110 +14,116 @@ spec:
singular: sriovnetworkpoolconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
maxUnavailable defines either an integer number or percentage
of nodes in the pool that can go Unavailable during an update.
- name: v1
schema:
openAPIV3Schema:
description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
properties:
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
maxUnavailable defines either an integer number or percentage
of nodes in the pool that can go Unavailable during an update.
A value larger than 1 will mean multiple nodes going unavailable during
the update, which may affect your workload stress on the remaining nodes.
Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
even if maxUnavailable is greater than one.
x-kubernetes-int-or-string: true
nodeSelector:
description: nodeSelector specifies a label selector for Nodes
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
A value larger than 1 will mean multiple nodes going unavailable during
the update, which may affect your workload stress on the remaining nodes.
Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
even if maxUnavailable is greater than one.
x-kubernetes-int-or-string: true
nodeSelector:
description: nodeSelector specifies a label selector for Nodes
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
type: array
required:
- key
- operator
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: array
matchLabels:
additionalProperties:
type: object
x-kubernetes-map-type: atomic
ovsHardwareOffloadConfig:
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
for selected Nodes
properties:
name:
description: |-
Name is mandatory and must be unique.
On Kubernetes:
Name is the name of OvsHardwareOffloadConfig
On OpenShift:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
ovsHardwareOffloadConfig:
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
for selected Nodes
properties:
name:
description: |-
Name is mandatory and must be unique.
On Kubernetes:
Name is the name of OvsHardwareOffloadConfig
On OpenShift:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
type: object
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of
SriovNetworkPoolConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}
type: object
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of
SriovNetworkPoolConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}

240
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml
View File

@@ -14,123 +14,123 @@ spec:
singular: sriovnetwork
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovNetwork is the Schema for the sriovnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkSpec defines the desired state of SriovNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
logFile:
description: |-
LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
to multus and container runtime logs.
type: string
logLevel:
default: info
description: |-
LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
to info if left blank.
enum:
- panic
- error
- warning
- info
- debug
- ""
type: string
maxTxRate:
description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting)
minimum: 0
type: integer
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
minTxRate:
description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting). min_tx_rate should be <= max_tx_rate.
minimum: 0
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
spoofChk:
description: VF spoof check, (on|off)
enum:
- "on"
- "off"
type: string
trust:
description: VF trust mode (on|off)
enum:
- "on"
- "off"
type: string
vlan:
description: VLAN ID to assign for the VF. Defaults to 0.
maximum: 4096
minimum: 0
type: integer
vlanProto:
description: VLAN proto to assign for the VF. Defaults to 802.1q.
enum:
- 802.1q
- 802.1Q
- 802.1ad
- 802.1AD
type: string
vlanQoS:
description: VLAN QoS ID to assign for the VF. Defaults to 0.
maximum: 7
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: SriovNetworkStatus defines the observed state of SriovNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1
schema:
openAPIV3Schema:
description: SriovNetwork is the Schema for the sriovnetworks API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovNetworkSpec defines the desired state of SriovNetwork
properties:
capabilities:
description: |-
Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string
ipam:
description: IPAM configuration to be used for this network.
type: string
linkState:
description: VF link state (enable|disable|auto)
enum:
- auto
- enable
- disable
type: string
logFile:
description: |-
LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
to multus and container runtime logs.
type: string
logLevel:
default: info
description: |-
LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
to info if left blank.
enum:
- panic
- error
- warning
- info
- debug
- ""
type: string
maxTxRate:
description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting)
minimum: 0
type: integer
metaPlugins:
description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator.
type: string
minTxRate:
description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting). min_tx_rate should be <= max_tx_rate.
minimum: 0
type: integer
networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource
type: string
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
spoofChk:
description: VF spoof check, (on|off)
enum:
- "on"
- "off"
type: string
trust:
description: VF trust mode (on|off)
enum:
- "on"
- "off"
type: string
vlan:
description: VLAN ID to assign for the VF. Defaults to 0.
maximum: 4096
minimum: 0
type: integer
vlanProto:
description: VLAN proto to assign for the VF. Defaults to 802.1q.
enum:
- 802.1q
- 802.1Q
- 802.1ad
- 802.1AD
type: string
vlanQoS:
description: VLAN QoS ID to assign for the VF. Defaults to 0.
maximum: 7
minimum: 0
type: integer
required:
- resourceName
type: object
status:
description: SriovNetworkStatus defines the observed state of SriovNetwork
type: object
type: object
served: true
storage: true
subresources:
status: {}

190
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml
View File

@@ -14,101 +14,101 @@ spec:
singular: sriovoperatorconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
properties:
configDaemonNodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
configurationMode:
description: |-
Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
Default mode: daemon
enum:
- daemon
- systemd
type: string
disableDrain:
description: Flag to disable nodes drain during debugging
type: boolean
disablePlugins:
description: DisablePlugins is a list of sriov-network-config-daemon
plugins to disable
items:
description: PluginNameValue defines the plugin name
- name: v1
schema:
openAPIV3Schema:
description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
properties:
configDaemonNodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
configurationMode:
description: |-
Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
Default mode: daemon
enum:
- mellanox
- daemon
- systemd
type: string
type: array
enableInjector:
description: Flag to control whether the network resource injector
webhook shall be deployed
type: boolean
enableOperatorWebhook:
description: Flag to control whether the operator admission controller
webhook shall be deployed
type: boolean
enableOvsOffload:
description: Flag to enable OVS hardware offload. Set to 'true' to
provision switchdev-configuration.service and enable OpenvSwitch
hw-offload on nodes.
type: boolean
featureGates:
additionalProperties:
disableDrain:
description: Flag to disable nodes drain during debugging
type: boolean
description: FeatureGates to enable experimental features
type: object
logLevel:
description: Flag to control the log verbose level of the operator.
Set to '0' to show only the basic logs. And set to '2' to show all
the available logs.
maximum: 2
minimum: 0
type: integer
useCDI:
description: Flag to enable Container Device Interface mode for SR-IOV
Network Device Plugin
type: boolean
type: object
status:
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
properties:
injector:
description: Show the runtime status of the network resource injector
webhook
type: string
operatorWebhook:
description: Show the runtime status of the operator admission controller
webhook
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
disablePlugins:
description: DisablePlugins is a list of sriov-network-config-daemon
plugins to disable
items:
description: PluginNameValue defines the plugin name
enum:
- mellanox
type: string
type: array
enableInjector:
description: Flag to control whether the network resource injector
webhook shall be deployed
type: boolean
enableOperatorWebhook:
description: Flag to control whether the operator admission controller
webhook shall be deployed
type: boolean
enableOvsOffload:
description: Flag to enable OVS hardware offload. Set to 'true' to
provision switchdev-configuration.service and enable OpenvSwitch
hw-offload on nodes.
type: boolean
featureGates:
additionalProperties:
type: boolean
description: FeatureGates to enable experimental features
type: object
logLevel:
description: Flag to control the log verbose level of the operator.
Set to '0' to show only the basic logs. And set to '2' to show all
the available logs.
maximum: 2
minimum: 0
type: integer
useCDI:
description: Flag to enable Container Device Interface mode for SR-IOV
Network Device Plugin
type: boolean
type: object
status:
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
properties:
injector:
description: Show the runtime status of the network resource injector
webhook
type: string
operatorWebhook:
description: Show the runtime status of the operator admission controller
webhook
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

24
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,28 +1,28 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.5.0
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.4.0
catalog.cattle.io/upstream-version: 1.5.0
apiVersion: v2
appVersion: v1.4.0
appVersion: v1.5.0
dependencies:
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
description: SR-IOV network operator configures and manages SR-IOV networks in the
kubernetes cluster
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.16.0-0'
- sriov
kubeVersion: '>= 1.24.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0"
version: "%%CHART_MAJOR%%.0.0+up1.5.0"

14
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
```
#### Deploy from project sources
@@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se
$ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator
# Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart
# View deployed resources
$ kubectl -n sriov-network-operator get pods
@@ -123,10 +123,16 @@ This section contains general parameters that apply to both the operator and dae
| Name | Type | Default | description |
| ---- | ---- | ------- | ----------- |
| `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node slectors for sriov-network-config-daemon |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node selectors for sriov-network-config-daemon |
| `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon |
| `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason |
| `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
| `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
**Note**
When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
### Images parameters
@@ -148,4 +154,4 @@ Please note that any resources deployed using the `extraDeploy` in this Helm cha
| Name | description |
| ---- | ------------|
|`extraDeploy`| Array of extra objects to deploy with the release |
|`extraDeploy`| Array of extra objects to deploy with the release |

5
sriov-network-operator-chart/app-README.md
View File

@@ -4,10 +4,9 @@ This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator
The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

2
sriov-network-operator-chart/charts/sriov-nfd/.helmignore
View File

@@ -20,4 +20,4 @@
.project
.idea/
*.tmproj
.vscode/
.vscode/

10
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -4,11 +4,11 @@ description: Detects hardware features available on each node in a Kubernetes cl
and advertises those features using node labels
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
- feature-discovery
- feature-detection
- node-labels
- feature-discovery
- feature-detection
- node-labels
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.7
version: 0.15.7

2
sriov-network-operator-chart/charts/sriov-nfd/README.md
View File

@@ -7,4 +7,4 @@ range of vendor and application specific node labeling needs.
See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
for deployment instructions.
for deployment instructions.

676
sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml
View File

@@ -14,100 +14,100 @@ spec:
singular: nodefeature
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node
in the cluster.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
properties:
features:
description: Features is the full "raw" features data that has been
discovered.
properties:
attributes:
additionalProperties:
description: AttributeFeatureSet is a set of features having
string value.
properties:
elements:
additionalProperties:
type: string
type: object
required:
- elements
type: object
description: Attributes contains all the attribute-type features
of the node.
type: object
flags:
additionalProperties:
description: FlagFeatureSet is a set of simple features only
containing names without values.
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
type: string
metadata:
type: object
spec:
description: NodeFeatureSpec describes a NodeFeature object.
properties:
features:
description: Features is the full "raw" features data that has been
discovered.
properties:
attributes:
additionalProperties:
description: AttributeFeatureSet is a set of features having
string value.
properties:
elements:
additionalProperties:
type: string
type: object
type: object
required:
- elements
required:
- elements
type: object
description: Attributes contains all the attribute-type features
of the node.
type: object
description: Flags contains all the flag-type features of the
node.
type: object
instances:
additionalProperties:
description: InstanceFeatureSet is a set of features each of
which is an instance having multiple attributes.
properties:
elements:
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
properties:
attributes:
additionalProperties:
type: string
type: object
required:
- attributes
flags:
additionalProperties:
description: FlagFeatureSet is a set of simple features only
containing names without values.
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
type: object
type: object
type: array
required:
- elements
required:
- elements
type: object
description: Flags contains all the flag-type features of the
node.
type: object
description: Instances contains all the instance-type features
of the node.
type: object
type: object
labels:
additionalProperties:
type: string
description: Labels is the set of node labels that are requested to
be created.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
instances:
additionalProperties:
description: InstanceFeatureSet is a set of features each of
which is an instance having multiple attributes.
properties:
elements:
items:
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
properties:
attributes:
additionalProperties:
type: string
type: object
required:
- attributes
type: object
type: array
required:
- elements
type: object
description: Instances contains all the instance-type features
of the node.
type: object
type: object
labels:
additionalProperties:
type: string
description: Labels is the set of node labels that are requested to
be created.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
@@ -122,127 +122,184 @@ spec:
listKind: NodeFeatureRuleList
plural: nodefeaturerules
shortNames:
- nfr
- nfr
singular: nodefeaturerule
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
properties:
rules:
description: Rules is a list of node customization rules.
items:
description: Rule defines a rule for node customization such as
labeling.
properties:
annotations:
additionalProperties:
type: string
metadata:
type: object
spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule.
properties:
rules:
description: Rules is a list of node customization rules.
items:
description: Rule defines a rule for node customization such as
labeling.
properties:
annotations:
additionalProperties:
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
description: ExtendedResources to create if the rule matches.
type: object
labels:
additionalProperties:
type: string
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
description: ExtendedResources to create if the rule matches.
type: object
labels:
additionalProperties:
type: string
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
matchAny:
description: MatchAny specifies a list of matchers one of which
must match.
items:
description: MatchAnyElem specifies one sub-matcher of MatchAny.
properties:
matchFeatures:
description: MatchFeatures specifies a set of matcher
terms all of which must match.
items:
description: FeatureMatcherTerm defines requirements
against one feature set. All requirements (specified
as MatchExpressions) are evaluated against each element
in the feature set.
properties:
feature:
description: Feature is the name of the feature
set to match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It
contains an operator that is applied when matching
the input and an array of values that the operator
evaluates the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that
the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
- op
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
required:
- feature
type: object
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
@@ -253,63 +310,42 @@ spec:
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
items:
type: string
value:
description: Value is the list of values that
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
type: array
required:
- op
type: object
required:
- feature
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
type: object
type: array
required:
- matchFeatures
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
@@ -317,110 +353,74 @@ spec:
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the value
of the specified elements.
type: object
matchName:
description: MatchName in an expression that is matched
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
type: object
served: true
storage: true
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
type: object
served: true
storage: true

2
sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl
View File

@@ -104,4 +104,4 @@ Create the name of the service account which nfd-gc will use
{{- else -}}
{{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{- end -}}

22
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml
View File

@@ -10,14 +10,14 @@ spec:
secretName: nfd-master-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-master
dnsNames:
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
# must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
@@ -34,10 +34,10 @@ spec:
secretName: nfd-worker-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-worker
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
@@ -55,14 +55,14 @@ spec:
secretName: nfd-topology-updater-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-topology-updater
dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef:
name: nfd-ca-issuer
kind: Issuer
group: cert-manager.io
{{- end }}
{{- end }}
{{- end }}

12
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,8 +1,8 @@
{{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer
@@ -23,7 +23,7 @@ spec:
secretName: nfd-ca-cert
subject:
organizations:
- node-feature-discovery
- node-feature-discovery
commonName: nfd-ca-cert
issuerRef:
name: nfd-ca-bootstrap
@@ -39,4 +39,4 @@ metadata:
spec:
ca:
secretName: nfd-ca-cert
{{- end }}
{{- end }}

178
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,40 +6,40 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
- nodefeaturerules
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- nodes
- nodes/status
verbs:
- get
- patch
- update
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
- nodefeaturerules
verbs:
- get
- list
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
resourceNames:
- "nfd-master.nfd.kubernetes.io"
verbs:
- get
- update
{{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -51,33 +51,33 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- create
- get
- update
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -89,31 +89,31 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }}
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- delete
- list
{{- end }}

20
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -10,9 +10,9 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -28,9 +28,9 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -46,7 +46,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

18
sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml
View File

@@ -53,15 +53,15 @@ spec:
periodSeconds: 10
failureThreshold: 10
ports:
- containerPort: {{ .Values.master.port | default "8080" }}
name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
- containerPort: {{ .Values.master.port | default "8080" }}
name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- "nfd-master"
resources:
@@ -142,4 +142,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

46
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml
View File

@@ -36,31 +36,31 @@ spec:
securityContext:
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
containers:
- name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- "nfd-gc"
args:
- name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
command:
- "nfd-gc"
args:
{{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.gc.interval }}"
- "-gc-interval={{ .Values.gc.interval }}"
{{- end }}
resources:
resources:
{{- toYaml .Values.gc.resources | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ "ALL" ]
readOnlyRootFilesystem: true
runAsNonRoot: true
ports:
- name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}}
{{- with .Values.gc.nodeSelector }}
nodeSelector:
@@ -74,4 +74,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml
View File

@@ -9,4 +9,4 @@ metadata:
data:
nfd-master.conf: |-
{{- .Values.master.config | toYaml | nindent 4 }}
{{- end }}
{{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml
View File

@@ -7,4 +7,4 @@ metadata:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
data:
nfd-topology-updater.conf: |-
{{- .Values.topologyUpdater.config | toYaml | nindent 4 }}
{{- .Values.topologyUpdater.config | toYaml | nindent 4 }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml
View File

@@ -9,4 +9,4 @@ metadata:
data:
nfd-worker.conf: |-
{{- .Values.worker.config | toYaml | nindent 4 }}
{{- end }}
{{- end }}

8
sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml
View File

@@ -18,9 +18,9 @@ spec:
scheme: http
namespaceSelector:
matchNames:
- {{ include "node-feature-discovery.namespace" . }}
- {{ include "node-feature-discovery.namespace" . }}
selector:
matchExpressions:
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }}

30
sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml
View File

@@ -7,18 +7,18 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
{{- end }}
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
verbs:
- create
- get
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
{{- end }}

7
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -11,8 +11,7 @@ roleRef:
kind: Role
name: {{ include "node-feature-discovery.fullname" . }}-worker
subjects:
- kind: ServiceAccount
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
- kind: ServiceAccount
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml
View File

@@ -17,4 +17,4 @@ spec:
selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master
{{- end}}
{{- end}}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml
View File

@@ -55,4 +55,4 @@ metadata:
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

494
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml
View File

@@ -14,265 +14,265 @@ spec:
listKind: NodeResourceTopologyList
plural: noderesourcetopologies
shortNames:
- node-res-topo
- node-res-topo
singular: noderesourcetopology
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
- name: v1alpha1
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
topologyPolicies:
items:
type: string
type: array
zones:
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- topologyPolicies
- zones
type: object
served: true
storage: false
- name: v1alpha2
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource this
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
topologyPolicies:
description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
type: string
metadata:
type: object
topologyPolicies:
items:
type: string
type: array
zones:
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- topologyPolicies
- zones
type: object
served: true
storage: false
- name: v1alpha2
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
topologyPolicies:
description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
if needed'
items:
type: string
type: array
zones:
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- zones
type: object
served: true
storage: true
items:
type: string
type: array
zones:
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- zones
type: object
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []
{{- end }}
{{- end }}

144
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml
View File

@@ -35,109 +35,109 @@ spec:
securityContext:
{{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
containers:
- name: topology-updater
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
command:
- "nfd-topology-updater"
args:
- "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
- name: topology-updater
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NODE_ADDRESS
valueFrom:
fieldRef:
fieldPath: status.hostIP
command:
- "nfd-topology-updater"
args:
- "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
{{- if .Values.topologyUpdater.updateInterval | empty | not }}
- "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
- "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
{{- else }}
- "-sleep-interval=3s"
- "-sleep-interval=3s"
{{- end }}
{{- if .Values.topologyUpdater.watchNamespace | empty | not }}
- "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
- "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
{{- else }}
- "-watch-namespace=*"
- "-watch-namespace=*"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
{{- if .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint"
- "-pods-fingerprint"
{{- end }}
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- "-kubelet-config-uri=file:///host-var/kubelet-config"
- "-kubelet-config-uri=file:///host-var/kubelet-config"
{{- end }}
{{- if .Values.topologyUpdater.kubeletStateDir | empty }}
# Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir="
# Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir="
{{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts:
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports:
- name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config
mountPath: /host-var/kubelet-config
- name: kubelet-config
mountPath: /host-var/kubelet-config
{{- end }}
- name: kubelet-podresources-sock
mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
- name: host-sys
mountPath: /host-sys
- name: kubelet-podresources-sock
mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
- name: host-sys
mountPath: /host-sys
{{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
- name: kubelet-state-files
mountPath: /host-var/lib/kubelet
readOnly: true
- name: kubelet-state-files
mountPath: /host-var/lib/kubelet
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
- name: nfd-topology-updater-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
- name: nfd-topology-updater-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
- name: nfd-topology-updater-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
resources:
resources:
{{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
securityContext:
securityContext:
{{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
volumes:
- name: host-sys
hostPath:
path: "/sys"
- name: host-sys
hostPath:
path: "/sys"
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config
hostPath:
path: {{ .Values.topologyUpdater.kubeletConfigPath }}
- name: kubelet-config
hostPath:
path: {{ .Values.topologyUpdater.kubeletConfigPath }}
{{- end }}
- name: kubelet-podresources-sock
hostPath:
- name: kubelet-podresources-sock
hostPath:
{{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
{{- else }}
path: /var/lib/kubelet/pod-resources/kubelet.sock
path: /var/lib/kubelet/pod-resources/kubelet.sock
{{- end }}
{{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
- name: kubelet-state-files
hostPath:
path: {{ .Values.topologyUpdater.kubeletStateDir }}
- name: kubelet-state-files
hostPath:
path: {{ .Values.topologyUpdater.kubeletStateDir }}
{{- end }}
- name: nfd-topology-updater-conf
configMap:
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
items:
- key: nfd-topology-updater.conf
path: nfd-topology-updater.conf
- name: nfd-topology-updater-conf
configMap:
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
items:
- key: nfd-topology-updater.conf
path: nfd-topology-updater.conf
{{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert
secret:
secretName: nfd-topology-updater-cert
- name: nfd-topology-updater-cert
secret:
secretName: nfd-topology-updater-cert
{{- end }}
@@ -153,4 +153,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}

124
sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml
View File

@@ -35,76 +35,76 @@ spec:
securityContext:
{{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
containers:
- name: worker
securityContext:
- name: worker
securityContext:
{{- toYaml .Values.worker.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
resources:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
resources:
{{- toYaml .Values.worker.resources | nindent 12 }}
command:
- "nfd-worker"
args:
command:
- "nfd-worker"
args:
{{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false"
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false"
{{- end }}
{{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts:
- name: host-boot
mountPath: "/host-boot"
readOnly: true
- name: host-os-release
mountPath: "/host-etc/os-release"
readOnly: true
- name: host-sys
mountPath: "/host-sys"
readOnly: true
- name: host-usr-lib
mountPath: "/host-usr/lib"
readOnly: true
- name: host-lib
mountPath: "/host-lib"
readOnly: true
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports:
- name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts:
- name: host-boot
mountPath: "/host-boot"
readOnly: true
- name: host-os-release
mountPath: "/host-etc/os-release"
readOnly: true
- name: host-sys
mountPath: "/host-sys"
readOnly: true
- name: host-usr-lib
mountPath: "/host-usr/lib"
readOnly: true
- name: host-lib
mountPath: "/host-lib"
readOnly: true
{{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src
mountPath: "/host-usr/src"
readOnly: true
- name: host-usr-src
mountPath: "/host-usr/src"
readOnly: true
{{- end }}
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
- name: nfd-worker-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
- name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true
- name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true
- name: nfd-worker-conf
mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true
{{- if .Values.tls.enable }}
- name: nfd-worker-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
- name: nfd-worker-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true
{{- end }}
volumes:
- name: host-boot
@@ -159,4 +159,4 @@ spec:
{{- with .Values.worker.priorityClassName }}
priorityClassName: {{ . | quote }}
{{- end }}
{{- end }}
{{- end }}

592
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -3,7 +3,7 @@ image:
# This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7-build20241113
tag: v0.15.7-build20250402
imagePullSecrets: []
nameOverride: ""
@@ -15,40 +15,40 @@ enableNodeFeatureApi: true
master:
enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
# noPublish: false
# autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false
# labelWhiteList: "foo"
# resyncPeriod: "2h"
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
# leaderElection:
# leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s
# # this value has to be greater than 0
# retryPeriod: 2s
# nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release
# be removed with it in a future release
port: 8080
metricsPort: 8081
instance:
@@ -65,7 +65,7 @@ master:
replicaCount: 1
podSecurityContext: {}
# fsGroup: 2000
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
@@ -101,19 +101,19 @@ master:
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi
nodeSelector: {}
tolerations:
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: ""
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
- key: "node-role.kubernetes.io/master"
operator: "Equal"
value: ""
effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane"
operator: "Equal"
value: ""
effect: "NoSchedule"
annotations: {}
@@ -136,252 +136,252 @@ master:
worker:
enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-worker restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
#sources:
# cpu:
# cpuid:
## NOTE: whitelist has priority over blacklist
# attributeBlacklist:
# - "BMI1"
# - "BMI2"
# - "CLMUL"
# - "CMOV"
# - "CX16"
# - "ERMS"
# - "F16C"
# - "HTT"
# - "LZCNT"
# - "MMX"
# - "MMXEXT"
# - "NX"
# - "POPCNT"
# - "RDRAND"
# - "RDSEED"
# - "RDTSCP"
# - "SGX"
# - "SSE"
# - "SSE2"
# - "SSE3"
# - "SSE4"
# - "SSE42"
# - "SSSE3"
# - "TDX_GUEST"
# attributeWhitelist:
# kernel:
# kconfigFile: "/path/to/kconfig"
# configOpts:
# - "NO_HZ"
# - "X86"
# - "DMI"
# pci:
# deviceClassWhitelist:
# - "0200"
# - "03"
# - "12"
# deviceLabelFields:
# - "class"
# - "vendor"
# - "device"
# - "subsystem_vendor"
# - "subsystem_device"
# usb:
# deviceClassWhitelist:
# - "0e"
# - "ef"
# - "fe"
# - "ff"
# deviceLabelFields:
# - "class"
# - "vendor"
# - "device"
# local:
# hooksEnabled: false
# custom:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
# labels:
# "vendor.io/my-ng-feature": "true"
# # matchFeatures implements a logical AND over all matcher terms in the
# # list (i.e. all of the terms, or per-feature matchers, must match)
# matchFeatures:
# - feature: cpu.cpuid
# matchExpressions:
# AVX512F: {op: Exists}
# - feature: cpu.cstate
# matchExpressions:
# enabled: {op: IsTrue}
# - feature: cpu.pstate
# matchExpressions:
# no_turbo: {op: IsFalse}
# scaling_governor: {op: In, value: ["performance"]}
# - feature: cpu.rdt
# matchExpressions:
# RDTL3CA: {op: Exists}
# - feature: cpu.sst
# matchExpressions:
# bf.enabled: {op: IsTrue}
# - feature: cpu.topology
# matchExpressions:
# hardware_multithreading: {op: IsFalse}
#
# - feature: kernel.config
# matchExpressions:
# X86: {op: Exists}
# LSM: {op: InRegexp, value: ["apparmor"]}
# - feature: kernel.loadedmodule
# matchExpressions:
# e1000e: {op: Exists}
# - feature: kernel.selinux
# matchExpressions:
# enabled: {op: IsFalse}
# - feature: kernel.version
# matchExpressions:
# major: {op: In, value: ["5"]}
# minor: {op: Gt, value: ["10"]}
#
# - feature: storage.block
# matchExpressions:
# rotational: {op: In, value: ["0"]}
# dax: {op: In, value: ["0"]}
#
# - feature: network.device
# matchExpressions:
# operstate: {op: In, value: ["up"]}
# speed: {op: Gt, value: ["100"]}
#
# - feature: memory.numa
# matchExpressions:
# node_count: {op: Gt, value: ["2"]}
# - feature: memory.nv
# matchExpressions:
# devtype: {op: In, value: ["nd_dax"]}
# mode: {op: In, value: ["memory"]}
#
# - feature: system.osrelease
# matchExpressions:
# ID: {op: In, value: ["fedora", "centos"]}
# - feature: system.name
# matchExpressions:
# nodename: {op: InRegexp, value: ["^worker-X"]}
#
# - feature: local.label
# matchExpressions:
# custom-feature-knob: {op: Gt, value: ["100"]}
#
# # The following feature demonstrates the capabilities of the matchAny
# - name: "my matchAny rule"
# labels:
# "vendor.io/my-ng-feature-2": "my-value"
# # matchAny implements a logical IF over all elements (sub-matchers) in
# # the list (i.e. at least one feature matcher must match)
# matchAny:
# - matchFeatures:
# - feature: kernel.loadedmodule
# matchExpressions:
# driver-module-X: {op: Exists}
# - feature: pci.device
# matchExpressions:
# vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["0200"]}
# - matchFeatures:
# - feature: kernel.loadedmodule
# matchExpressions:
# driver-module-Y: {op: Exists}
# - feature: usb.device
# matchExpressions:
# vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["02"]}
#
# - name: "avx wildcard rule"
# labels:
# "my-avx-feature": "true"
# matchFeatures:
# - feature: cpu.cpuid
# matchName: {op: InRegexp, value: ["^AVX512"]}
#
# # The following features demonstreate label templating capabilities
# - name: "my template rule"
# labelsTemplate: |
# {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: system.osrelease
# matchExpressions:
# ID: {op: InRegexp, value: ["^open.*"]}
# VERSION_ID.major: {op: In, value: ["13", "15"]}
#
# - name: "my template rule 2"
# labelsTemplate: |
# {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ end }}
# matchFeatures:
# - feature: pci.device
# matchExpressions:
# class: {op: InRegexp, value: ["^06"]}
# vendor: ["8086"]
# - feature: cpu.cpuid
# matchExpressions:
# AVX: {op: Exists}
#
# # The following examples demonstrate vars field and back-referencing
# # previous labels and vars
# - name: "my dummy kernel rule"
# labels:
# "vendor.io/my.kernel.feature": "true"
# matchFeatures:
# - feature: kernel.version
# matchExpressions:
# major: {op: Gt, value: ["2"]}
#
# - name: "my dummy rule with no labels"
# vars:
# "my.dummy.var": "1"
# matchFeatures:
# - feature: cpu.cpuid
# matchExpressions: {}
#
# - name: "my rule using backrefs"
# labels:
# "vendor.io/my.backref.feature": "true"
# matchFeatures:
# - feature: rule.matched
# matchExpressions:
# vendor.io/my.kernel.feature: {op: IsTrue}
# my.dummy.var: {op: Gt, value: ["0"]}
#
# - name: "kconfig template rule"
# labelsTemplate: |
# {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
#core:
# labelWhiteList:
# noPublish: false
# sleepInterval: 60s
# featureSources: [all]
# labelSources: [all]
# klog:
# addDirHeader: false
# alsologtostderr: false
# logBacktraceAt:
# logtostderr: true
# skipHeaders: false
# stderrthreshold: 2
# v: 0
# vmodule:
## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-worker restart to take effect after being changed
# logDir:
# logFile:
# logFileMaxSize: 1800
# skipLogHeaders: false
#sources:
# cpu:
# cpuid:
## NOTE: whitelist has priority over blacklist
# attributeBlacklist:
# - "BMI1"
# - "BMI2"
# - "CLMUL"
# - "CMOV"
# - "CX16"
# - "ERMS"
# - "F16C"
# - "HTT"
# - "LZCNT"
# - "MMX"
# - "MMXEXT"
# - "NX"
# - "POPCNT"
# - "RDRAND"
# - "RDSEED"
# - "RDTSCP"
# - "SGX"
# - "SSE"
# - "SSE2"
# - "SSE3"
# - "SSE4"
# - "SSE42"
# - "SSSE3"
# - "TDX_GUEST"
# attributeWhitelist:
# kernel:
# kconfigFile: "/path/to/kconfig"
# configOpts:
# - "NO_HZ"
# - "X86"
# - "DMI"
# pci:
# deviceClassWhitelist:
# - "0200"
# - "03"
# - "12"
# deviceLabelFields:
# - "class"
# - "vendor"
# - "device"
# - "subsystem_vendor"
# - "subsystem_device"
# usb:
# deviceClassWhitelist:
# - "0e"
# - "ef"
# - "fe"
# - "ff"
# deviceLabelFields:
# - "class"
# - "vendor"
# - "device"
# local:
# hooksEnabled: false
# custom:
# # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule"
# labels:
# "vendor.io/my-ng-feature": "true"
# # matchFeatures implements a logical AND over all matcher terms in the
# # list (i.e. all of the terms, or per-feature matchers, must match)
# matchFeatures:
# - feature: cpu.cpuid
# matchExpressions:
# AVX512F: {op: Exists}
# - feature: cpu.cstate
# matchExpressions:
# enabled: {op: IsTrue}
# - feature: cpu.pstate
# matchExpressions:
# no_turbo: {op: IsFalse}
# scaling_governor: {op: In, value: ["performance"]}
# - feature: cpu.rdt
# matchExpressions:
# RDTL3CA: {op: Exists}
# - feature: cpu.sst
# matchExpressions:
# bf.enabled: {op: IsTrue}
# - feature: cpu.topology
# matchExpressions:
# hardware_multithreading: {op: IsFalse}
#
# - feature: kernel.config
# matchExpressions:
# X86: {op: Exists}
# LSM: {op: InRegexp, value: ["apparmor"]}
# - feature: kernel.loadedmodule
# matchExpressions:
# e1000e: {op: Exists}
# - feature: kernel.selinux
# matchExpressions:
# enabled: {op: IsFalse}
# - feature: kernel.version
# matchExpressions:
# major: {op: In, value: ["5"]}
# minor: {op: Gt, value: ["10"]}
#
# - feature: storage.block
# matchExpressions:
# rotational: {op: In, value: ["0"]}
# dax: {op: In, value: ["0"]}
#
# - feature: network.device
# matchExpressions:
# operstate: {op: In, value: ["up"]}
# speed: {op: Gt, value: ["100"]}
#
# - feature: memory.numa
# matchExpressions:
# node_count: {op: Gt, value: ["2"]}
# - feature: memory.nv
# matchExpressions:
# devtype: {op: In, value: ["nd_dax"]}
# mode: {op: In, value: ["memory"]}
#
# - feature: system.osrelease
# matchExpressions:
# ID: {op: In, value: ["fedora", "centos"]}
# - feature: system.name
# matchExpressions:
# nodename: {op: InRegexp, value: ["^worker-X"]}
#
# - feature: local.label
# matchExpressions:
# custom-feature-knob: {op: Gt, value: ["100"]}
#
# # The following feature demonstrates the capabilities of the matchAny
# - name: "my matchAny rule"
# labels:
# "vendor.io/my-ng-feature-2": "my-value"
# # matchAny implements a logical IF over all elements (sub-matchers) in
# # the list (i.e. at least one feature matcher must match)
# matchAny:
# - matchFeatures:
# - feature: kernel.loadedmodule
# matchExpressions:
# driver-module-X: {op: Exists}
# - feature: pci.device
# matchExpressions:
# vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["0200"]}
# - matchFeatures:
# - feature: kernel.loadedmodule
# matchExpressions:
# driver-module-Y: {op: Exists}
# - feature: usb.device
# matchExpressions:
# vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["02"]}
#
# - name: "avx wildcard rule"
# labels:
# "my-avx-feature": "true"
# matchFeatures:
# - feature: cpu.cpuid
# matchName: {op: InRegexp, value: ["^AVX512"]}
#
# # The following features demonstreate label templating capabilities
# - name: "my template rule"
# labelsTemplate: |
# {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: system.osrelease
# matchExpressions:
# ID: {op: InRegexp, value: ["^open.*"]}
# VERSION_ID.major: {op: In, value: ["13", "15"]}
#
# - name: "my template rule 2"
# labelsTemplate: |
# {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ end }}
# matchFeatures:
# - feature: pci.device
# matchExpressions:
# class: {op: InRegexp, value: ["^06"]}
# vendor: ["8086"]
# - feature: cpu.cpuid
# matchExpressions:
# AVX: {op: Exists}
#
# # The following examples demonstrate vars field and back-referencing
# # previous labels and vars
# - name: "my dummy kernel rule"
# labels:
# "vendor.io/my.kernel.feature": "true"
# matchFeatures:
# - feature: kernel.version
# matchExpressions:
# major: {op: Gt, value: ["2"]}
#
# - name: "my dummy rule with no labels"
# vars:
# "my.dummy.var": "1"
# matchFeatures:
# - feature: cpu.cpuid
# matchExpressions: {}
#
# - name: "my rule using backrefs"
# labels:
# "vendor.io/my.backref.feature": "true"
# matchFeatures:
# - feature: rule.matched
# matchExpressions:
# vendor.io/my.kernel.feature: {op: IsTrue}
# my.dummy.var: {op: Gt, value: ["0"]}
#
# - name: "kconfig template rule"
# labelsTemplate: |
# {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
# {{ end }}
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
daemonsetAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
# fsGroup: 2000
securityContext:
allowPrivilegeEscalation: false
@@ -418,7 +418,7 @@ worker:
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi
nodeSelector: {}
@@ -432,14 +432,14 @@ worker:
topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
## use * to exclude from all nodes.
## an example for how the exclude list should looks like
#excludeList:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded.
## use * to exclude from all nodes.
## an example for how the exclude list should looks like
#excludeList:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: false
createCRDs: false
@@ -476,7 +476,7 @@ topologyUpdater:
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi
nodeSelector: {}
tolerations: []
@@ -510,7 +510,7 @@ gc:
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
# memory: 128Mi
metricsPort: 8081
@@ -531,4 +531,4 @@ tls:
prometheus:
enable: false
labels: {}
labels: {}

2
sriov-network-operator-chart/templates/NOTES.txt
View File

@@ -14,4 +14,4 @@ These certificates have a one-year validity and will not be rotated
automatically. This should not be a production cluster. Please deploy
and use cert-manager for production clusters.
{{- end }}
{{- end }}
{{- end }}

2
sriov-network-operator-chart/templates/_helpers.tpl
View File

@@ -82,4 +82,4 @@ add below linux tolerations to workloads could be scheduled to those linux nodes
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}
{{- end -}}

1
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -28,4 +28,3 @@ tls.key: {{ $cert.Key | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}

10
sriov-network-operator-chart/templates/certificate.yaml
View File

@@ -8,8 +8,8 @@ metadata:
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
- operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
- operator-webhook-service.{{ .Release.Namespace }}.svc
- operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: operator-webhook-selfsigned-issuer
@@ -30,8 +30,8 @@ metadata:
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
- network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
- network-resources-injector-service.{{ .Release.Namespace }}.svc
- network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: network-resources-injector-selfsigned-issuer
@@ -68,4 +68,4 @@ data:
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
{{- end }}
{{- end }}
{{- end }}

5
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -18,7 +18,7 @@ metadata:
spec:
secretName: operator-webhook-service
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
- operator-webhook-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
@@ -32,10 +32,9 @@ metadata:
spec:
secretName: network-resources-injector-secret
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
- network-resources-injector-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
{{- end -}}

54
sriov-network-operator-chart/templates/clusterrole.yaml
View File

@@ -49,12 +49,6 @@ rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [ "config.openshift.io" ]
resources: [ "infrastructures" ]
verbs: [ "get", "list", "watch" ]
@@ -67,14 +61,14 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -84,14 +78,14 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
@@ -101,11 +95,11 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"

2
sriov-network-operator-chart/templates/clusterrolebinding.yaml
View File

@@ -26,4 +26,4 @@ roleRef:
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: sriov-network-config-daemon
name: sriov-network-config-daemon

6
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -20,8 +20,11 @@ data:
Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889"
Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889"
Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889"
Intel_ice_Columbiaville_E810-XXV_BACKPLANE: "8086 1599 1889"
Intel_ice_Columbiaville_E810: "8086 1591 1889"
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
@@ -30,6 +33,7 @@ data:
Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e"
Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e"
Nvidia_mlx5_ConnectX-7: "15b3 1021 101e"
Nvidia_mlx5_ConnectX-8: "15b3 1023 101e"
Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e"
Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e"
Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc"
@@ -44,4 +48,4 @@ data:
Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03"
{{- range .Values.supportedExtraNICs }}
{{ . }}
{{- end }}
{{- end }}

6
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -42,7 +42,7 @@ spec:
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
@@ -95,6 +95,8 @@ spec:
value: {{ .Values.operator.cniBinPath }}
- name: CLUSTER_TYPE
value: {{ .Values.operator.clusterType }}
- name: STALE_NODE_STATE_CLEANUP_DELAY_MINUTES
value: "{{ .Values.operator.staleNodeStateCleanupDelayMinutes }}"
{{- if .Values.operator.admissionControllers.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
@@ -115,4 +117,4 @@ spec:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
key: ca.crt
{{- end }}
{{- end }}
{{- end }}

33
sriov-network-operator-chart/templates/pre-delete-webooks.yaml Normal file
View File

@@ -0,0 +1,33 @@
# The following job will be used as Helm pre-delete hook. It executes a small go-client binary
# which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
# e.g. mutating/validating webhooks, within operator's recoinciling loop and
# preventing operator cluster object remainings while using helm uninstall
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "sriov-network-operator.fullname" . }}-pre-delete-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
spec:
template:
spec:
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: cleanup
image: {{ .Values.images.operator }}
command:
- sriov-network-operator-config-cleanup
args:
- --namespace
- {{ .Release.Namespace }}
restartPolicy: Never
backoffLimit: 2

16
sriov-network-operator-chart/templates/role.yaml
View File

@@ -32,9 +32,12 @@ rules:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- create
- update
- delete
- apiGroups:
- apps
resourceNames:
@@ -79,13 +82,10 @@ rules:
resources:
- pods
verbs:
- '*'
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- '*'
- "get"
- "list"
- "watch"
- "delete"
- apiGroups:
- sriovnetwork.openshift.io
resources:
@@ -135,4 +135,4 @@ rules:
resources:
- configmaps
verbs:
- get
- get

6
sriov-network-operator-chart/templates/rolebinding.yaml
View File

@@ -36,9 +36,9 @@ metadata:
name: operator-webhook-sa
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: operator-webhook-sa
- kind: ServiceAccount
name: operator-webhook-sa
roleRef:
kind: Role
name: operator-webhook-sa
apiGroup: rbac.authorization.k8s.io
apiGroup: rbac.authorization.k8s.io

1
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -17,4 +17,3 @@ metadata:
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}

2
sriov-network-operator-chart/templates/serviceaccount.yaml
View File

@@ -12,4 +12,4 @@ metadata:
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
{{- include "sriov-network-operator.labels" . | nindent 4 }}

4
sriov-network-operator-chart/templates/sriovoperatorconfig.yaml
View File

@@ -14,4 +14,8 @@ spec:
logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
{{- with .Values.sriovOperatorConfig.featureGates }}
featureGates:
{{- range $k, $v := .}}{{printf "%s: %t" $k $v | nindent 4 }}{{ end }}
{{- end }}
{{ end }}

4
sriov-network-operator-chart/templates/validate-install-crd.yaml
View File

@@ -16,5 +16,5 @@
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}
# {{- end -}}
#{{- end -}}

30
sriov-network-operator-chart/values.yaml
View File

@@ -30,6 +30,10 @@ operator:
resourcePrefix: "rancher.io"
cniBinPath: "/opt/cni/bin"
clusterType: "kubernetes"
# minimal amount of time (in minutes) the operator will wait before removing
# stale SriovNetworkNodeState objects (objects that doesn't match node with the daemon)
# "0" means no extra delay, in this case the CR will be removed by the next reconcilation cycle (may take up to 5 minutes)
staleNodeStateCleanupDelayMinutes: "30"
admissionControllers:
enabled: false
certificates:
@@ -81,7 +85,7 @@ operator:
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
# node slectors for sriov-network-config-daemon
# node selectors for sriov-network-config-daemon
configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
# log level for both operator and sriov-network-config-daemon
logLevel: 2
@@ -90,31 +94,33 @@ sriovOperatorConfig:
disableDrain: false
# sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
configurationMode: daemon
# feature gates to enable/disable
featureGates: {}
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
operator:
repository: rancher/hardened-sriov-network-operator
tag: v1.4.0-build20241113
tag: v1.5.0-build20250402
sriovConfigDaemon:
repository: rancher/hardened-sriov-network-config-daemon
tag: v1.4.0-build20241113
tag: v1.5.0-build20250402
sriovCni:
repository: rancher/hardened-sriov-cni
tag: v2.8.1-build20241113
ibSriovCni:
tag: v2.9.0-build20250402
ibSriovCni:
repository: rancher/hardened-ib-sriov-cni
tag: v1.1.1-build20241113
sriovDevicePlugin:
tag: v1.2.0-build20250402
sriovDevicePlugin:
repository: rancher/hardened-sriov-network-device-plugin
tag: v3.8.0-build20241114
resourcesInjector:
tag: v3.9.0-build20250402
resourcesInjector:
repository: rancher/hardened-sriov-network-resources-injector
tag: v1.6.0-build20241113
tag: v1.7.1-build20250402
webhook:
repository: rancher/hardened-sriov-network-webhook
tag: v1.4.0-build20241113
tag: v1.5.0-build20250402
imagePullSecrets: []
extraDeploy: []
global:
@@ -122,4 +128,4 @@ global:
systemDefaultRegistry: ""
rbac:
userRoles:
aggregateToDefaultRoles: false
aggregateToDefaultRoles: false