Merge pull request 'metal3: Backport of Metal3 chart and components to 3.4' (#299) from nbelouin/Factory:backport-metal3-3.4 into 3.4

Reviewed-on: #299
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>

.obs/common.py

@@ -1,3 +1,3 @@
-PROJECT = "isv:SUSE:Edge:Factory"
+PROJECT = "isv:SUSE:Edge:3.4"
 REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
-BRANCH = "main"
+BRANCH = "3.4"

edge-image-builder-image/artifacts.yaml

@@ -1,7 +1,7 @@
 metallb:
   chart: metallb
   repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.1+up0.15.2"
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
   chart: endpoint-copier-operator
   repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"

frr-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: MIT
-#!BuildTag: %%IMG_PREFIX%%frr:10.2.1
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
-#!BuildTag: %%IMG_PREFIX%%frr:10.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -14,11 +14,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="FRR Container Image"
 LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="10.2.1"
+LABEL org.opencontainers.image.version="8.5.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:10.2.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

frr-k8s/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metallb/frr-k8s</param>
     <param name="scm">git</param>
-    <param name="revision">v0.0.20</param>
+    <param name="revision">v0.0.16</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
@@ -18,4 +18,4 @@
   <service name="go_modules">
   </service>
   <service mode="buildtime" name="set_version" />
-</services>
+</services>

frr-k8s/frr-k8s.spec

@@ -17,14 +17,14 @@
 
 
 Name:           frr-k8s
-Version:        0.0.20
+Version:        0.0.16
-Release:        0.0.20
+Release:        0.0.16
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s
 Source:         frr-k8s-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 
@@ -63,4 +63,4 @@ install -D -m0755 frr-k8s %{buildroot}/frr-k8s
 /frr-metrics
 /frr-k8s
 
-%changelog
+%changelog

ib-sriov-cni-image/Dockerfile

@@ -1,33 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%
-#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ib-sriov-cni gawk which; \
-    zypper -n clean; \
-    rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ib-sriov-cni
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE ib-sriov-cni Container Image"
-LABEL org.opencontainers.image.description="ib-sriov-cni based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%ib-sriov-cni_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:%%ib-sriov-cni_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-ENTRYPOINT ["/entrypoint.sh"]

ib-sriov-cni-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service name="kiwi_metainfo_helper" mode="buildtime"/>
-  <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%ib-sriov-cni_version%%</param>
-    <param name="package">ib-sriov-cni</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

ib-sriov-cni/_service

@@ -1,25 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/k8snetworkplumbingwg/ib-sriov-cni</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.3.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">antonio.alarcon@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">ib-sriov-cni.obsinfo</param>
-  </service>
-  <service name="go_modules" />
-  <service mode="buildtime" name="set_version" />
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">ib-sriov-cni.spec</param>
-    <param name="var">SOURCE_COMMIT</param>
-    <param name="eval">SOURCE_COMMIT=$(grep commit ib-sriov-cni.obsinfo | cut -d" " -f2)</param>
-  </service>
-</services>

ib-sriov-cni/ib-sriov-cni.spec

@@ -1,64 +0,0 @@
-#
-# spec file for package ib-sriov-cni
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           ib-sriov-cni
-Version:        0
-Release:        0
-Summary:        Implements a Kubernetes CNI plugin operator for Infiniband SRIOV VFs
-License:        Apache-2.0
-URL:            https://github.com/k8snetworkplumbingwg/ib-sriov-cni
-Source:         %{name}-%{version}.tar
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
-A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
-The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
-MAC, VLAN, IP and more.
-
-Infiniband SR-IOV CNI plugin works with Infiniband SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus
-gets the allocated VF's deviceID(PCI address) and is responsible for invoking the Infiniband SR-IOV CNI plugin with that deviceID.
-
-%prep
-%autosetup -a1 -n %{name}-%{version} -p1
-
-%build
-# CGO is disabled by default in upstream Makefile:
-%define cgoenabled "0"
-# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
-%define gotags "no_openssl"
-%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
-%define buildcommit %%SOURCE_COMMIT%%
-%define buildldflags "-X main.version=%{version} -X main.commit=%{buildcommit}% -X main.date=%{buildtime}%"
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -tags %{gotags} -ldflags %{buildldflags} -o ib-sriov cmd/ib-sriov-cni/main.go
-
-%install
-install -D -m0755 ib-sriov %{buildroot}%{_bindir}/ib-sriov
-install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
-
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/ib-sriov
-/entrypoint.sh
-
-%changelog

kiwi-builder-image/Dockerfile

@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.29.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
 
 # Base image version, should match the tag above
-ARG KIWIVERSION="10.2.29"
+ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
 

kiwi-builder-image/SL-Micro.kiwi

@@ -30,13 +30,16 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -57,15 +60,6 @@
         <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -96,15 +90,6 @@
         <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -169,10 +154,18 @@
             <requires profile="full"/>
             <requires profile="aarch64"/>
         </profile>
+        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64"/>
         </profile>
+        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
         <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
             <requires profile="container-host"/>
             <requires profile="x86-rt"/>
@@ -186,6 +179,10 @@
             <requires profile="container-host"/>
             <requires profile="aarch64-rt"/>
         </profile>
+        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-rpi"/>
+        </profile>
         <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64-rt-self_install"/>
@@ -280,42 +277,10 @@
             <requires profile="ppc64le-4096ss-self_install"/>
             <requires profile="self_install"/>
         </profile>
-	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb-self_install"/>
-        </profile>
-	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb-self_install"/>
-        </profile>
-	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb"/>
-        </profile>
-	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb"/>
-        </profile>
-	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb-encrypted"/>
-        </profile>
-	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb-encrypted"/>
-        </profile>
-	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi-self_install"/>
-        </profile>
-	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi"/>
-        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -326,8 +291,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -359,7 +323,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -370,8 +334,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -396,7 +359,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -411,8 +374,7 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -435,8 +397,9 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+
-        <version>6.2</version>
+    <preferences profiles="rpi,aarch64-rt-rpi">
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -451,96 +414,11 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="8192"
-        >
-            <bootloader name="grub2" console="gfxterm" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
-        <version>6.2</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
-            fsmountoptions="noatime"
-            firmware="uefi"
-            efipartsize="512"
-            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="8192"
-            luks_version="luks2"
-            luks="1234"
-	    luks_randomize="false"
-	    luks_pbkdf="pbkdf2"
-        >
-            <luksformat>
-                <option name="--cipher" value="aes-xts-plain64"/>
-            </luksformat>
-            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="rpi">
-        <version>6.2</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
-            fsmountoptions="noatime"
-            firmware="uefi"
-            efipartsize="512"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
+            efipartsize="128"
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -560,8 +438,9 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+
-        <version>6.2</version>
+    <preferences profiles="aarch64,aarch64-rt">
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -571,20 +450,19 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
-            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
+            fsmountoptions="noatime"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
-            bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
+            efipartsize="128"
             btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
+            btrfs_quota_groups="false"
-            disk_start_sector="8192"
+            disk_start_sector="4096"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -600,8 +478,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="rpi-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -616,14 +494,13 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
-            editbootinstall="editbootinstall_rpi.sh"
             btrfs_quota_groups="true"
             disk_start_sector="4096"
         >
@@ -643,7 +520,7 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -681,7 +558,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -719,7 +596,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -754,7 +631,7 @@
     </preferences>
 
     <preferences profiles="s390-fcp">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -793,7 +670,7 @@
     </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -804,7 +681,6 @@
             filesystem="btrfs"
             format="vmdk"
             firmware="uefi"
-            efipartsize="512"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -825,11 +701,11 @@
                 <volume name="var" copy_on_write="false"/>
             </systemdisk>
             <size unit="G">24</size>
-            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -840,8 +716,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -867,7 +742,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -878,8 +753,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -902,7 +777,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -913,7 +788,7 @@
             image="oem"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -935,7 +810,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -949,7 +824,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -972,7 +847,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -985,7 +860,7 @@
             installpxe="true"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -1012,7 +887,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -1028,7 +903,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -1061,17 +936,20 @@
     </repository>
 
     <packages type="image" profiles="full">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
         <namedCollection name="kvm_host"/>
-	<package name="patterns-micro-kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="cockpit"/>
-        <package name="patterns-cockpit"/>
+        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
+        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1081,7 +959,7 @@
 	<package name="libpwquality-tools"/>
     </packages>
 
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
         <!-- full disk encryption stuff -->
         <package name="device-mapper"/>
         <package name="cryptsetup"/>
@@ -1094,12 +972,13 @@
     </packages>
 
     <packages type="image" profiles="container-host">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
+        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1123,16 +1002,16 @@
 	<package name="jeos-firstboot"/>
     </packages>
 
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
         <package name="cloud-init"/>
         <package name="cloud-init-config-suse"/>
     </packages>
 
     <packages type="image">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
         <namedCollection name="hardware"/>
-        <package name="patterns-micro-hardware"/>
+        <package name="patterns-base-hardware"/>
         <package name="grub2"/>
         <package name="glibc-locale-base"/>
         <package name="ca-certificates"/>
@@ -1154,7 +1033,6 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
-	<package name="iptables"/> <!-- needed by RKE2 -->
     </packages>
 
     <packages type="image" profiles="bootloader">
@@ -1171,15 +1049,11 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
-        <package name="kernel-64kb"/>
-        <package name="kernel-firmware-all"/>
-    </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="kernel-rt"/>
         <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1194,18 +1068,17 @@
     <packages type="image" profiles="s390-fcp">
         <package name="multipath-tools"/>
     </packages>
-    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,rpi-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
     </packages>
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
         <package name="wireless-regdb"/>
@@ -1231,12 +1104,12 @@
     </packages>
 
     <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
         <package name="usbguard"/>
     </packages>
 
     <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="stalld"/>
     </packages>
 </image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -30,13 +30,16 @@
         <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-rt-encrypted" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+        <profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
         <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
@@ -57,15 +60,6 @@
         <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="rpi-self_install" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-encrypted" description="Raw disk for Raspberry Pi" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -96,15 +90,6 @@
         <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
             <requires profile="bootloader"/>
         </profile>
-        <profile name="aarch64-64kb" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-64kb-encrypted" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
-        <profile name="aarch64-64kb-self_install" description="Build 64K page size aarch64 images" arch="aarch64">
-            <requires profile="bootloader"/>
-        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -169,10 +154,18 @@
             <requires profile="full"/>
             <requires profile="aarch64"/>
         </profile>
+        <profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
         <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64"/>
         </profile>
+        <profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
         <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
             <requires profile="container-host"/>
             <requires profile="x86-rt"/>
@@ -186,6 +179,10 @@
             <requires profile="container-host"/>
             <requires profile="aarch64-rt"/>
         </profile>
+        <profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-rpi"/>
+        </profile>
         <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
             <requires profile="container-host"/>
             <requires profile="aarch64-rt-self_install"/>
@@ -280,42 +277,10 @@
             <requires profile="ppc64le-4096ss-self_install"/>
             <requires profile="self_install"/>
         </profile>
-	<profile name="Default-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb-self_install"/>
-        </profile>
-	<profile name="Base-64kb-SelfInstall" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb-self_install"/>
-        </profile>
-	<profile name="Default-64kb" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb"/>
-        </profile>
-	<profile name="Base-64kb" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb"/>
-        </profile>
-	<profile name="Default-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="aarch64-64kb-encrypted"/>
-        </profile>
-	<profile name="Base-64kb-encrypted" description="SL Micro with 64K page size images" arch="aarch64">
-            <requires profile="container-host"/>
-            <requires profile="aarch64-64kb-encrypted"/>
-        </profile>
-	<profile name="RaspberryPi-SelfInstall" description="SL Micro for Rapsberry Pi" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi-self_install"/>
-        </profile>
-	<profile name="RaspberryPi" description="SL Micro for Raspberry Pi" arch="aarch64">
-            <requires profile="full"/>
-            <requires profile="rpi"/>
-        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -326,8 +291,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -361,7 +325,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -372,8 +336,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -400,7 +363,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -415,8 +378,7 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -441,8 +403,9 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64,aarch64-rt,aarch64-64kb">
+
-        <version>6.2</version>
+    <preferences profiles="rpi,aarch64-rt-rpi">
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -457,98 +420,11 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="8192"
-            target_blocksize="4096"
-        >
-            <bootloader name="grub2" console="gfxterm" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
-        <version>6.2</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
-            fsmountoptions="noatime"
-            firmware="uefi"
-            efipartsize="512"
-            kernelcmdline="security=selinux selinux=1 rd.kiwi.oem.luks.reencrypt rd.kiwi.oem.luks.reencrypt_randompass quiet systemd.show_status=1"
-            bootpartition="false"
-            devicepersistency="by-uuid"
-            btrfs_root_is_snapshot="true"
-            btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="false"
-            disk_start_sector="8192"
-            luks_version="luks2"
-            luks="1234"
-	    luks_randomize="false"
-	    luks_pbkdf="pbkdf2"
-            target_blocksize="4096"
-        >
-            <luksformat>
-                <option name="--cipher" value="aes-xts-plain64"/>
-            </luksformat>
-            <bootloader name="grub2" console="gfxterm" use_disk_password="true" timeout="3" />
-            <systemdisk>
-                <volume name="home"/>
-                <volume name="root"/>
-                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
-                <volume name="opt"/>
-                <volume name="srv"/>
-                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
-                <volume name="boot/writable"/>
-                <volume name="usr/local"/>
-                <volume name="var" copy_on_write="false"/>
-            </systemdisk>
-        </type>
-    </preferences>
-    <preferences profiles="rpi">
-        <version>6.2</version>
-        <packagemanager>zypper</packagemanager>
-        <bootsplash-theme>SLE</bootsplash-theme>
-        <bootloader-theme>SLE</bootloader-theme>
-        <rpm-excludedocs>true</rpm-excludedocs>
-        <locale>en_US</locale>
-        <type
-            image="oem"
-            initrd_system="dracut"
-            installiso="true"
-            filesystem="btrfs"
-            installboot="install"
-            install_continue_on_timeout="false"
-            fsmountoptions="noatime"
-            firmware="uefi"
-            efipartsize="512"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
+            efipartsize="128"
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -568,8 +444,9 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install,aarch64-rt-self_install,aarch64-64kb-self_install">
+
-        <version>6.2</version>
+    <preferences profiles="aarch64,aarch64-rt">
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -579,21 +456,19 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
-            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
+            fsmountoptions="noatime"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1"
             bootpartition="false"
-            bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
+            efipartsize="128"
             btrfs_root_is_readonly_snapshot="true"
-            btrfs_quota_groups="true"
+            btrfs_quota_groups="false"
-            disk_start_sector="8192"
+            disk_start_sector="4096"
-            target_blocksize="4096"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -609,8 +484,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="rpi-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -625,14 +500,13 @@
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
-            editbootinstall="editbootinstall_rpi.sh"
             btrfs_quota_groups="true"
             disk_start_sector="4096"
         >
@@ -652,7 +526,7 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -690,7 +564,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -728,7 +602,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -763,7 +637,7 @@
     </preferences>
 
     <preferences profiles="s390-fcp">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -802,7 +676,7 @@
     </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -813,7 +687,6 @@
             filesystem="btrfs"
             format="vmdk"
             firmware="uefi"
-            efipartsize="512"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -834,11 +707,11 @@
                 <volume name="var" copy_on_write="false"/>
             </systemdisk>
             <size unit="G">24</size>
-            <machine memory="1024" HWversion="17" guestOS="suse-64"/>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -849,14 +722,15 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
         >
             <bootloader name="grub2" console="gfxterm" timeout="3" />
             <systemdisk>
@@ -876,7 +750,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -887,8 +761,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="512"
+            efipartsize="128"
-            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -911,7 +785,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -922,7 +796,7 @@
             image="oem"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -944,7 +818,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -958,7 +832,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -981,7 +855,7 @@
     </preferences>
 
     <preferences profiles="ppc64le-512ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -994,7 +868,7 @@
             installpxe="true"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -1021,7 +895,7 @@
         </type>
     </preferences>
     <preferences profiles="ppc64le-4096ss-self_install">
-        <version>6.2</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -1037,7 +911,7 @@
             target_blocksize="4096"
             filesystem="btrfs"
             firmware="ofw"
-            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -1070,17 +944,20 @@
     </repository>
 
     <packages type="image" profiles="full">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
         <namedCollection name="kvm_host"/>
-	<package name="patterns-micro-kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="cockpit"/>
-        <package name="patterns-cockpit"/>
+        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
+        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1090,7 +967,7 @@
 	<package name="libpwquality-tools"/>
     </packages>
 
-    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted,aarch64-encrypted,aarch64-rt-encrypted,aarch64-64kb-encrypted">
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
         <!-- full disk encryption stuff -->
         <package name="device-mapper"/>
         <package name="cryptsetup"/>
@@ -1103,12 +980,13 @@
     </packages>
 
     <packages type="image" profiles="container-host">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
+        <package name="policycoreutils-python-utils"/>
         <package name="suseconnect-ng"/>
         <package name="SL-Micro-release"/>
         <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -1132,16 +1010,16 @@
 	<package name="jeos-firstboot"/>
     </packages>
 
-    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow,ppc64le-512ss,ppc64le-4096ss,s390-dasd,s390-fcp">
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
         <package name="cloud-init"/>
         <package name="cloud-init-config-suse"/>
     </packages>
 
     <packages type="image">
-        <namedCollection name="transactional_base"/>
+        <namedCollection name="base_transactional"/>
-        <package name="patterns-base-transactional_base"/>
+        <package name="patterns-base-transactional"/>
         <namedCollection name="hardware"/>
-        <package name="patterns-micro-hardware"/>
+        <package name="patterns-base-hardware"/>
         <package name="grub2"/>
         <package name="glibc-locale-base"/>
         <package name="ca-certificates"/>
@@ -1163,7 +1041,6 @@
 	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
-	<package name="iptables"/> <!-- needed by RKE2 -->
     </packages>
 
     <packages type="image" profiles="bootloader">
@@ -1180,15 +1057,11 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,x86,x86-encrypted,aarch64-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="aarch64-64kb,aarch64-64kb-encrypted,aarch64-64kb-self_install">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
-        <package name="kernel-64kb"/>
-        <package name="kernel-firmware-all"/>
-    </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
         <package name="kernel-rt"/>
         <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
@@ -1203,18 +1076,17 @@
     <packages type="image" profiles="s390-fcp">
         <package name="multipath-tools"/>
     </packages>
-    <!-- "oem" images uses kiwi for partition/fs resize (-repart) and SelfInstall images in addition for deployment (-dump). -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,aarch64,aarch64-encrypted,aarch64-64kb-encrypted,rpi,rpi-self_install,aarch64-self_install,aarch64-64kb,aarch64-64kb-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,rpi-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
     </packages>
-    <packages type="image" profiles="aarch64,rpi,rpi-self_install,aarch64-self_install,aarch64-rt,aarch64-64kb,aarch64-rt-self_install,aarch64-encrypted,aarch64-rt-encrypted,aarchte-64kb-encrypted">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
         <package name="wireless-regdb"/>
@@ -1240,12 +1112,12 @@
     </packages>
 
     <!-- jsc#PED-8599 -->
-    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096,Base-64kb-encrypted,Default-64kb-encrypted">
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
         <package name="usbguard"/>
     </packages>
 
     <!-- jsc#PED-8788 -->
-    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-encrypted,aarch64-rt-self_install">
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="stalld"/>
     </packages>
 </image>

kiwi-builder-image/build-image.sh

@@ -28,7 +28,7 @@ LARGEBLOCK=false
 usage(){
   cat <<-EOF
   =====================================
-  SUSE Linux Micro 6.2 Kiwi SDK Builder
+  SUSE Linux Micro 6.1 Kiwi SDK Builder
   =====================================
 
   Usage: ${0} [-p <profile>] [-b]
@@ -36,12 +36,13 @@ usage(){
   Profile Options (-p):
   * Default: RAW Disk Image with default packages (incl. Podman & KVM)
   * Default-SelfInstall: SelfInstall ISO with default packages
+  * Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
   * Base: RAW Disk Image with reduced package set (no KVM)
   * Base-SelfInstall: SelfInstall ISO with reduced packages
   * Base-RT: RAW Disk Image with reduced packages and kernel-rt
   * Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
-  * RaspberryPi: RAW Disk Image for Raspberry Pi with default packages (aarch64 only with MBR)
+  * Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
-  * RaspberryPi-SelfInstall: SelfInstall ISO for Raspberry Pi with default packages (aarch64 only with MBR)
+  * Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
 
   4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
 
@@ -82,15 +83,9 @@ if $LARGEBLOCK; then
   mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
 fi
 
-# Create temporary directory that supports seclabel
-dir=$(mktemp -d)
-mkdir -p /tmp/output/tmp-dir
-mount -t tmpfs $dir /tmp/output/tmp-dir
-
 # Build the image
-kiwi-ng --temp-dir /tmp/output/tmp-dir --debug --profile $PROFILE \
+kiwi-ng --debug --profile $PROFILE system build \
-    system build --description /micro-sdk/defs --target-dir /tmp/output \
+    --description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
-    --ignore-repos-used-for-build $REPOS
 
 # Print output
 RESULT=$?

kiwi-builder-image/config.sh

@@ -188,6 +188,7 @@ cat >/etc/fstab.script <<"EOF"
 #!/bin/sh
 set -eux
 
+/usr/sbin/setup-fstab-for-overlayfs
 # If /var is on a different partition than /...
 if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
 	# ... set options for autoexpanding /var

kube-rbac-proxy/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/brancz/kube-rbac-proxy</param>
     <param name="scm">git</param>
-    <param name="revision">v0.19.1</param>
+    <param name="revision">v0.18.1</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

kube-rbac-proxy/kube-rbac-proxy.spec

@@ -17,14 +17,14 @@
 
 
 Name:           kube-rbac-proxy
-Version:        0.19.1
+Version:        0.18.1
-Release:        0.19.1
+Release:        0.18.1
 Summary:        The kube-rbac-proxy is a small HTTP proxy for a single upstream
 License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
 Source:         kube-rbac-proxy-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

metallb-chart/Chart.yaml

@@ -1,17 +1,17 @@
-#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.1_up0.15.2
+#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9
-#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.1_up0.15.2-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
 apiVersion: v2
-appVersion: v0.15.2
+appVersion: v0.14.9
 dependencies:
 - condition: crds.enabled
   name: crds
   repository: file://./charts/crds
-  version: 0.15.2
+  version: 0.14.9
 - alias: metallb-frr-k8s
   condition: frrk8s.enabled
   name: frr-k8s
   repository: file://./charts/frr-k8s
-  version: 0.0.20
+  version: 0.0.16
 description: A network load-balancer implementation for Kubernetes using standard
   routing protocols
 home: https://metallb.universe.tf
@@ -21,4 +21,4 @@ name: metallb
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.15.2"
+version: "%%CHART_MAJOR%%.0.0+up0.14.9"

metallb-chart/README.md

@@ -1,6 +1,6 @@
 # metallb
 
-![Version: 0.15.2](https://img.shields.io/badge/Version-0.15.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.15.2](https://img.shields.io/badge/AppVersion-v0.15.2-informational?style=flat-square)
+![Version: 0.14.9](https://img.shields.io/badge/Version-0.14.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.9](https://img.shields.io/badge/AppVersion-v0.14.9-informational?style=flat-square)
 
 A network load-balancer implementation for Kubernetes using standard routing protocols
 
@@ -16,8 +16,8 @@ Kubernetes: `>= 1.19.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 0.15.2 |
+|  | crds | 0.14.9 |
-| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.20 |
+| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 |
 
 ## Values
 
@@ -99,7 +99,7 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.rbacPrometheus | bool | `true` |  |
 | prometheus.rbacProxy.pullPolicy | string | `nil` |  |
 | prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` |  |
-| prometheus.rbacProxy.tag | string | `"v0.19.1"` |  |
+| prometheus.rbacProxy.tag | string | `"v0.18.0"` |  |
 | prometheus.scrapeAnnotations | bool | `false` |  |
 | prometheus.serviceAccount | string | `""` |  |
 | prometheus.serviceMonitor.controller.additionalLabels | object | `{}` |  |
@@ -122,7 +122,7 @@ Kubernetes: `>= 1.19.0-0`
 | speaker.frr.enabled | bool | `true` |  |
 | speaker.frr.image.pullPolicy | string | `nil` |  |
 | speaker.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` |  |
-| speaker.frr.image.tag | string | `"10.2.1"` |  |
+| speaker.frr.image.tag | string | `"8.5.6"` |  |
 | speaker.frr.metricsPort | int | `7473` |  |
 | speaker.frr.resources | object | `{}` |  |
 | speaker.frrMetrics.resources | object | `{}` |  |

metallb-chart/charts/crds/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.15.2
+appVersion: v0.14.9
 description: MetalLB CRDs
 home: https://metallb.universe.tf
 icon: https://metallb.universe.tf/images/logo/metallb-white.png
@@ -7,4 +7,4 @@ name: crds
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: 0.15.2
+version: 0.14.9

metallb-chart/charts/crds/templates/crds.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bfdprofiles.metallb.io
 spec:
   group: metallb.io
@@ -123,7 +123,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bgpadvertisements.metallb.io
 spec:
   group: metallb.io
@@ -329,7 +329,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bgppeers.metallb.io
 spec:
   conversion:
@@ -526,15 +526,7 @@ spec:
                       rule: duration(self).getMilliseconds() % 1000 == 0
                 disableMP:
                   default: false
-                  description: |-
+                  description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions.
-                    To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions.
-                    Deprecated: DisableMP is deprecated in favor of dualStackAddressFamily.
-                  type: boolean
-                dualStackAddressFamily:
-                  default: false
-                  description: |-
-                    To set if we want to enable the neighbor not only for the ipfamily related to its session,
-                    but also the other one. This allows to advertise/receive IPv4 prefixes over IPv6 sessions and vice versa.
                   type: boolean
                 dynamicASN:
                   description: |-
@@ -563,14 +555,6 @@ spec:
                 holdTime:
                   description: Requested BGP hold time, per RFC4271.
                   type: string
-                interface:
-                  description: |-
-                    Interface is the node interface over which the unnumbered BGP peering will
-                    be established. No API validation takes place as that string value
-                    represents an interface name on the host and if user provides an invalid
-                    value, only the actual BGP session will not be established.
-                    Address and Interface are mutually exclusive and one of them must be specified.
-                  type: string
                 keepaliveTime:
                   description: Requested BGP keepalive time, per RFC4271.
                   type: string
@@ -665,7 +649,7 @@ spec:
                   default: 179
                   description: Port to dial when establishing the session.
                   maximum: 16384
-                  minimum: 1
+                  minimum: 0
                   type: integer
                 routerID:
                   description: BGP router ID to advertise to the peer
@@ -680,6 +664,7 @@ spec:
                   type: string
               required:
                 - myASN
+                - peerAddress
               type: object
             status:
               description: BGPPeerStatus defines the observed state of Peer.
@@ -694,7 +679,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: communities.metallb.io
 spec:
   group: metallb.io
@@ -759,7 +744,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: ipaddresspools.metallb.io
 spec:
   group: metallb.io
@@ -956,28 +941,6 @@ spec:
               type: object
             status:
               description: IPAddressPoolStatus defines the observed state of IPAddressPool.
-              properties:
-                assignedIPv4:
-                  description: AssignedIPv4 is the number of assigned IPv4 addresses.
-                  format: int64
-                  type: integer
-                assignedIPv6:
-                  description: AssignedIPv6 is the number of assigned IPv6 addresses.
-                  format: int64
-                  type: integer
-                availableIPv4:
-                  description: AvailableIPv4 is the number of available IPv4 addresses.
-                  format: int64
-                  type: integer
-                availableIPv6:
-                  description: AvailableIPv6 is the number of available IPv6 addresses.
-                  format: int64
-                  type: integer
-              required:
-                - assignedIPv4
-                - assignedIPv6
-                - availableIPv4
-                - availableIPv6
               type: object
           required:
             - spec
@@ -991,7 +954,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: l2advertisements.metallb.io
 spec:
   group: metallb.io
@@ -1171,92 +1134,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
+    controller-gen.kubebuilder.io/version: v0.16.3
-  name: servicebgpstatuses.metallb.io
-spec:
-  group: metallb.io
-  names:
-    kind: ServiceBGPStatus
-    listKind: ServiceBGPStatusList
-    plural: servicebgpstatuses
-    singular: servicebgpstatus
-  scope: Namespaced
-  versions:
-    - additionalPrinterColumns:
-        - jsonPath: .status.node
-          name: Node
-          type: string
-        - jsonPath: .status.serviceName
-          name: Service Name
-          type: string
-        - jsonPath: .status.serviceNamespace
-          name: Service Namespace
-          type: string
-      name: v1beta1
-      schema:
-        openAPIV3Schema:
-          description: ServiceBGPStatus exposes the BGP peers a service is configured to be advertised to, per relevant node.
-          properties:
-            apiVersion:
-              description: |-
-                APIVersion defines the versioned schema of this representation of an object.
-                Servers should convert recognized schemas to the latest internal value, and
-                may reject unrecognized values.
-                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-              type: string
-            kind:
-              description: |-
-                Kind is a string value representing the REST resource this object represents.
-                Servers may infer this from the endpoint the client submits requests to.
-                Cannot be updated.
-                In CamelCase.
-                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-              type: string
-            metadata:
-              type: object
-            spec:
-              description: ServiceBGPStatusSpec defines the desired state of ServiceBGPStatus.
-              type: object
-            status:
-              description: MetalLBServiceBGPStatus defines the observed state of ServiceBGPStatus.
-              properties:
-                node:
-                  description: Node indicates the node announcing the service.
-                  type: string
-                  x-kubernetes-validations:
-                    - message: Value is immutable
-                      rule: self == oldSelf
-                peers:
-                  description: |-
-                    Peers indicate the BGP peers for which the service is configured to be advertised to.
-                    The service being actually advertised to a given peer depends on the session state and is not indicated here.
-                  items:
-                    type: string
-                  type: array
-                serviceName:
-                  description: ServiceName indicates the service this status represents.
-                  type: string
-                  x-kubernetes-validations:
-                    - message: Value is immutable
-                      rule: self == oldSelf
-                serviceNamespace:
-                  description: ServiceNamespace indicates the namespace of the service.
-                  type: string
-                  x-kubernetes-validations:
-                    - message: Value is immutable
-                      rule: self == oldSelf
-              type: object
-          type: object
-      served: true
-      storage: true
-      subresources:
-        status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
   name: servicel2statuses.metallb.io
 spec:
   group: metallb.io

metallb-chart/charts/frr-k8s/Chart.yaml

@@ -1,10 +1,10 @@
 apiVersion: v2
-appVersion: v0.0.20
+appVersion: v0.0.16
 dependencies:
 - condition: crds.enabled
   name: crds
   repository: file://./charts/crds
-  version: 0.0.20
+  version: 0.0.16
 description: A cloud native wrapper of FRR
 home: https://metallb.universe.tf
 icon: https://metallb.universe.tf/images/logo/metallb-white.png
@@ -13,4 +13,4 @@ name: frr-k8s
 sources:
 - https://github.com/metallb/frr-k8s
 type: application
-version: 0.0.20
+version: 0.0.16

metallb-chart/charts/frr-k8s/README.md

@@ -1,6 +1,6 @@
 # frr-k8s
 
-![Version: 0.0.20](https://img.shields.io/badge/Version-0.0.20-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.20](https://img.shields.io/badge/AppVersion-v0.0.20-informational?style=flat-square)
+![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.16](https://img.shields.io/badge/AppVersion-v0.0.16-informational?style=flat-square)
 
 A cloud native wrapper of FRR
 
@@ -16,7 +16,7 @@ Kubernetes: `>= 1.19.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 0.0.20 |
+|  | crds | 0.0.16 |
 
 ## Values
 
@@ -30,7 +30,7 @@ Kubernetes: `>= 1.19.0-0`
 | frrk8s.frr.acceptIncomingBGPConnections | bool | `false` |  |
 | frrk8s.frr.image.pullPolicy | string | `nil` |  |
 | frrk8s.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` |  |
-| frrk8s.frr.image.tag | string | `"10.2.1"` |  |
+| frrk8s.frr.image.tag | string | `"8.5.6"` |  |
 | frrk8s.frr.metricsBindAddress | string | `"127.0.0.1"` |  |
 | frrk8s.frr.metricsPort | int | `7573` |  |
 | frrk8s.frr.resources | object | `{}` |  |
@@ -78,7 +78,7 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.rbacPrometheus | bool | `false` |  |
 | prometheus.rbacProxy.pullPolicy | string | `nil` |  |
 | prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` |  |
-| prometheus.rbacProxy.tag | string | `"v0.19.1"` |  |
+| prometheus.rbacProxy.tag | string | `"v0.18.0"` |  |
 | prometheus.scrapeAnnotations | bool | `false` |  |
 | prometheus.secureMetricsPort | int | `9140` |  |
 | prometheus.serviceAccount | string | `""` |  |

metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml

@@ -1,5 +1,5 @@
 apiVersion: v2
-appVersion: v0.0.20
+appVersion: v0.0.16
 description: FRR K8s CRDs
 home: https://metallb.universe.tf
 icon: https://metallb.universe.tf/images/logo/metallb-white.png
@@ -7,4 +7,4 @@ name: crds
 sources:
 - https://github.com/metallb/frr-k8s
 type: application
-version: 0.0.20
+version: 0.0.16

metallb-chart/charts/frr-k8s/values.yaml

@@ -98,7 +98,7 @@ frrk8s:
   tolerateMaster: true
   image:
     repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr-k8s"
-    tag: "v0.0.20"
+    tag: "v0.0.16"
     pullPolicy: IfNotPresent
   ## @param controller.updateStrategy.type FRR-K8s controller daemonset strategy type
   ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
@@ -161,7 +161,7 @@ frrk8s:
   frr:
     image:
       repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr"
-      tag: "10.2.1"
+      tag: "8.5.6"
       pullPolicy: IfNotPresent
     metricsBindAddress: 127.0.0.1
     metricsPort: 7573

metallb-chart/templates/rbac.yaml

@@ -110,9 +110,6 @@ rules:
 - apiGroups: ["metallb.io"]
   resources: ["communities"]
   verbs: ["get", "list", "watch"]
-- apiGroups: ["metallb.io"]
-  resources: ["servicebgpstatuses","servicebgpstatuses/status"]
-  verbs: ["*"]
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -141,9 +138,6 @@ rules:
 - apiGroups: ["metallb.io"]
   resources: ["ipaddresspools"]
   verbs: ["get", "list", "watch"]
-- apiGroups: ["metallb.io"]
-  resources: ["ipaddresspools/status"]
-  verbs: ["update"]
 - apiGroups: ["metallb.io"]
   resources: ["bgppeers"]
   verbs: ["get", "list"]

metallb-chart/values.yaml

@@ -59,7 +59,7 @@ prometheus:
   # the image to be used for the kuberbacproxy container
   rbacProxy:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-    tag: "0.19.1"
+    tag: "0.18.1"
     pullPolicy: IfNotPresent
 
   # Prometheus Operator PodMonitors
@@ -201,7 +201,7 @@ controller:
   # webhookMode: enabled
   image:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller"
-    tag: "v0.15.2"
+    tag: "v0.14.9"
     pullPolicy: IfNotPresent
   ## @param controller.updateStrategy.type Metallb controller deployment strategy type.
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
@@ -282,7 +282,7 @@ speaker:
 
   image:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker"
-    tag: "v0.15.2"
+    tag: "v0.14.9"
     pullPolicy: IfNotPresent
   ## @param speaker.updateStrategy.type Speaker daemonset strategy type
   ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
@@ -346,7 +346,7 @@ speaker:
     enabled: false
     image:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr"
-      tag: "10.2.1"
+      tag: "8.5.6"
       pullPolicy: IfNotPresent
     metricsPort: 7473
     resources: {}

metallb/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metallb/metallb</param>
     <param name="scm">git</param>
-    <param name="revision">v0.15.2</param>
+    <param name="revision">v0.14.9</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>
@@ -18,4 +18,4 @@
   <service name="go_modules">
   </service>
   <service mode="buildtime" name="set_version" />
-</services>
+</services>

metallb/metallb.spec

@@ -17,14 +17,14 @@
 
 
 Name:           metallb
-Version:        0.15.2
+Version:        0.14.9
-Release:        0.15.2
+Release:        0.14.9
 Summary:        Load Balancer for bare metal Kubernetes clusters
 License:        Apache-2.0
 URL:            https://github.com/metallb/metallb
 Source:         %{name}-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
+BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

network-resources-injector-image/Dockerfile

@@ -1,34 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%
-#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends network-resources-injector gawk which; \
-    zypper -n clean; \
-    rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.network-resources-injector
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE network-resources-injector Container Image"
-LABEL org.opencontainers.image.description="network-resources-injector based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%network-resources-injector_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:%%network-resources-injector_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-USER 1001
-COPY --from=base /installroot /
-CMD ["/usr/bin/webhook"]

network-resources-injector-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service name="kiwi_metainfo_helper" mode="buildtime"/>
-  <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%network-resources-injector_version%%</param>
-    <param name="package">network-resources-injector</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

network-resources-injector/_service

@@ -1,20 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/k8snetworkplumbingwg/network-resources-injector</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.8.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">antonio.alarcon@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">network-resources-injector.obsinfo</param>
-  </service>
-  <service name="go_modules" />
-  <service mode="buildtime" name="set_version" />
-</services>

network-resources-injector/network-resources-injector.spec

@@ -1,62 +0,0 @@
-#
-# spec file for package network-resources-injector
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           network-resources-injector
-Version:        0
-Release:        0
-Summary:        Kubernetes admission controller able to patch pod spec's requests and limits on custom network resources
-License:        Apache-2.0
-URL:            https://github.com/k8snetworkplumbingwg/network-resources-injector
-Source:         %{name}-%{version}.tar
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.24
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-Network Resources Injector is a Kubernetes Dynamic Admission Controller application that provides functionality of
-patching Kubernetes pod specifications with requests and limits of custom network resources (managed by device plugins
-such as k8snetworkplumbingwg/sriov-network-device-plugin). Requires Multus Network-Attach-Definition (NAD) custom
-objects to be created before creating the pod object referring/pointing to them; custom network resources' request and
-limits to add to the pod spec are inferred from the pointed NAD/s.
-
-%prep
-%autosetup -a1 -n %{name}-%{version} -p1
-
-%build
-# CGO is disabled by default in upstream Makefile
-%define cgoenabled "0"
-# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
-%define buildgotags "no_openssl"
-%define buildldflags "-w -s"
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o installer ./cmd/installer
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o webhook ./cmd/webhook
-
-
-%install
-install -D -m0755 installer %{buildroot}%{_bindir}/installer
-install -D -m0755 webhook %{buildroot}%{_bindir}/webhook
-
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/installer
-%{_bindir}/webhook
-
-%changelog

node-feature-discovery-image/Dockerfile

@@ -1,35 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%
-#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends node-feature-discovery; \
-    zypper -n clean; \
-    rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.node-feature-discovery
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE node-feature-discovery Container Image"
-LABEL org.opencontainers.image.description="node-feature-discovery based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%node-feature-discovery_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:%%node-feature-discovery_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-USER 65534:65534
-COPY --from=base /installroot /
-
-

node-feature-discovery-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service name="kiwi_metainfo_helper" mode="buildtime"/>
-  <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%node-feature-discovery_version%%</param>
-    <param name="package">node-feature-discovery</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

node-feature-discovery/_service

@@ -1,20 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/node-feature-discovery</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.18.2</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">antonio.alarcon@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">node-feature-discovery.obsinfo</param>
-  </service>
-  <service name="go_modules" />
-  <service mode="buildtime" name="set_version" />
-</services>

node-feature-discovery/node-feature-discovery.spec

@@ -1,97 +0,0 @@
-#
-# spec file for package node-feature-discovery
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           node-feature-discovery
-Version:        0
-Release:        0
-Summary:        Advertises hardware features available on each Kubernetes node using node labels
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/node-feature-discovery
-Source:         %{name}-%{version}.tar
-Source1:        vendor.tar.gz
-BuildRequires:  glibc-static
-BuildRequires:  golang(API) = 1.25
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-Node-Feature-Discovery (NFD) software enables node feature discovery for Kubernetes. It detects hardware features available on each node in a
-Kubernetes cluster, and advertises those features using node labels and optionally node extended resources, annotations and node taints.
-Node Feature Discovery is compatible with any recent version of Kubernetes (v1.21+).
-
-NFD consists of four software components:
-- nfd-master:
-    daemon responsible for communication towards the Kubernetes API. That is, it receives labeling requests from the worker and modifies node
-    objects accordingly.
-- nfd-worker:
-    daemon responsible for feature detection. It then communicates the information to nfd-master which does the actual node labeling. One instance
-    of nfd-worker is supposed to be running on each node of the cluster.
-- nfd-topology-updater:
-    daemon responsible for examining allocated resources on a worker node to account for resources available to be allocated to new pod on a per-zone
-    basis (where a zone can be a NUMA node). It then creates or updates a NodeResourceTopology custom resource object specific to this node. One instance
-    of nfd-topology-updater is supposed to be running on each node of the cluster.
-- nfd-gc:
-    daemon responsible for cleaning obsolete NodeFeature and NodeResourceTopology objects.
-    One instance of nfd-gc is supposed to be running in the cluster.
-- nfd:
-    client able to export features or labels in a generic context (e.g., compute nodes that warrant assessment, but may not have Kubernetes running,
-    or may not be able to or want to run a central daemon service for data).
-
-%prep
-%autosetup -a1 -n %{name}-%{version} -p1
-
-%build
-%define cgoenabled "1"
-# Most of the following go-build settings, toghether the build requirement on glibc-static package (see above) come from the aim
-# to get an statically linked binary (once CGO being enabled); they have been taken from upstream Makefile.
-#
-# Apart from that, the "host-" setting in "pathPrefix" variable in "sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath" package
-# (below) is required for alignment with the several mount paths set in the nfd chart's "worker" daemonset (yaml) template, for
-# all the hostPath volumes defined there.
-%define buildgotags "osusergo,netgo"
-%define buildldflags "-linkmode=external -extldflags '-static -Wl,--fatal-warnings' -X sigs.k8s.io/node-feature-discovery/pkg/version.version=v%{version} -X sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath.pathPrefix=/host- -s -w"
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o kubectl-nfd ./cmd/kubectl-nfd
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-gc      ./cmd/nfd-gc
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-master  ./cmd/nfd-master
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-worker  ./cmd/nfd-worker
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-topology-updater ./cmd/nfd-topology-updater
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd ./cmd/nfd
-
-%install
-install -D -m0755 kubectl-nfd %{buildroot}%{_bindir}/kubectl-nfd
-install -D -m0755 nfd-gc %{buildroot}%{_bindir}/nfd-gc
-install -D -m0755 nfd-master %{buildroot}%{_bindir}/nfd-master
-install -D -m0755 nfd-worker %{buildroot}%{_bindir}/nfd-worker
-install -D -m0755 nfd-topology-updater %{buildroot}%{_bindir}/nfd-topology-updater
-install -D -m0755 nfd %{buildroot}%{_bindir}/nfd
-install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{buildroot}%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/kubectl-nfd
-%{_bindir}/nfd-gc
-%{_bindir}/nfd-master
-%{_bindir}/nfd-worker
-%{_bindir}/nfd-topology-updater
-%{_bindir}/nfd
-%dir %{_sysconfdir}/kubernetes
-%dir %{_sysconfdir}/kubernetes/node-feature-discovery
-%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
-
-%changelog

python-suse-edge-components-versions/python-suse-edge-components-versions.spec

@@ -20,7 +20,7 @@
 %endif
 
 Name:           python-suse-edge-components-versions
-Version:        0.2.3
+Version:        0.2.2
 Release:        0%{?dist}
 Summary:        A tool to gather and display component versions for SUSE Edge products.
 License:        Apache-2.0

release-manifest-image/Dockerfile

@@ -1,4 +1,4 @@
-#!BuildTag: %%IMG_PREFIX%%release-manifest:3.5.0
+#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.1
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 
@@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SUSE Edge Release Manifest"
 LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release"
-LABEL org.opencontainers.image.version="3.5.0"
+LABEL org.opencontainers.image.version="3.4.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.5.0"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.1"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

release-manifest-image/release_images.yaml

@@ -1,37 +1,28 @@
 images:
-  - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.14.9
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.14.9
   - name: quay.io/jetstack/cert-manager-cainjector:v1.18.2
   - name: quay.io/jetstack/cert-manager-controller:v1.18.2
   - name: quay.io/jetstack/cert-manager-webhook:v1.18.2
   - name: registry.k8s.io/e2e-test-images/agnhost:2.39
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.10.2.1
+  - name: registry.rancher.com/rancher/fleet-agent:v0.13.2
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0
+  - name: registry.rancher.com/rancher/fleet:v0.13.2
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.9
+  - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250909
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.3
+  - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.8.0-build20250909
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2
+  - name: registry.rancher.com/rancher/hardened-coredns:v1.12.3-build20250909
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2
+  - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250910
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
+  - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250909
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0
+  - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.5-rke2r1-build20250910
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0
+  - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.2-build20250909
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.8.0
-  - name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.18.2
-  - name: registry.rancher.com/rancher/fleet-agent:v0.13.1
-  - name: registry.rancher.com/rancher/fleet:v0.13.1
-  - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611
-  - name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250611
-  - name: registry.rancher.com/rancher/hardened-coredns:v1.12.2-build20250611
-  - name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250612
-  - name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250704
-  - name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.3-rke2r1-build20250716
-  - name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.1-build20250627
   - name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425
   - name: registry.rancher.com/rancher/klipper-helm:v0.9.8-build20250709
-  - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.6
+  - name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.18.1
-  - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.6
+  - name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.18.1
   - name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.9.0-20250709
   - name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.14.0-20250709
   - name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20250709
@@ -44,15 +35,16 @@ images:
   - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.9.1
   - name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.9.1
   - name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0
-  - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.6
+  - name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.7
-  - name: registry.rancher.com/rancher/neuvector-controller:5.4.5
+  - name: registry.rancher.com/rancher/neuvector-controller:5.4.6
-  - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.5
+  - name: registry.rancher.com/rancher/neuvector-enforcer:5.4.6
-  - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.4-hardened2
+  - name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.6-hardened1
-  - name: registry.rancher.com/rancher/rancher-webhook:v0.8.1
+  - name: registry.rancher.com/rancher/rancher-webhook:v0.8.2
   - name: registry.rancher.com/rancher/rancher/turtles:v0.24.0
-  - name: registry.rancher.com/rancher/rancher:v2.12.1
+  - name: registry.rancher.com/rancher/rancher:v2.12.2
-  - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.1-0.20250516163953-99d91538b132-build20250612
+  - name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.4-rc1.0.20250814212538-148243c49519-build20250908
-  - name: registry.rancher.com/rancher/scc-operator:v0.1.1
+  - name: registry.rancher.com/rancher/scc-operator:v0.2.1
+  - name: registry.rancher.com/rancher/shell:v0.5.0
   - name: registry.rancher.com/rancher/system-upgrade-controller:v0.16.0
   - name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0
   - name: registry.suse.com/rancher/cluster-api-controller:v1.10.5
@@ -60,6 +52,7 @@ images:
   - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1
   - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1
   - name: registry.suse.com/rancher/elemental-operator:1.7.3
+  - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425
   - name: registry.suse.com/rancher/ip-address-manager:v1.10.2
   - name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1
   - name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1

release-manifest-image/release_manifest.yaml

@@ -1,13 +1,13 @@
 apiVersion: lifecycle.suse.com/v1alpha1
 kind: ReleaseManifest
 metadata:
-  name: release-manifest-3-5-0
+  name: release-manifest-3-4-1
 spec:
-  releaseVersion: 3.5.0
+  releaseVersion: 3.4.1
   components:
     kubernetes:
       k3s:
-        version: v1.33.3+k3s1
+        version: v1.33.5+k3s1
         coreComponents:
           - name: traefik-crd
             version: 34.2.1+up34.2.0
@@ -23,42 +23,42 @@ spec:
           - name: coredns
             containers:
               - name: coredns
-                image: rancher/mirrored-coredns-coredns:1.12.1
+                image: rancher/mirrored-coredns-coredns:1.12.3
             type: Deployment
           - name: metrics-server
             containers:
               - name: metrics-server
-                image: rancher/mirrored-metrics-server:v0.7.2
+                image: rancher/mirrored-metrics-server:v0.8.0
             type: Deployment
       rke2:
-        version: v1.33.3+rke2r1
+        version: v1.33.5+rke2r1
         coreComponents:
           - name: rke2-cilium
-            version: 1.17.600
+            version: 1.18.103
             type: HelmChart
           - name: rke2-canal
-            version: v3.30.2-build2025071100
+            version: v3.30.3-build2025090900
             type: HelmChart
           - name: rke2-calico-crd
-            version: v3.30.100
+            version: v3.30.300
             type: HelmChart
           - name: rke2-calico
-            version: v3.30.100
+            version: v3.30.300
             type: HelmChart
           - name: rke2-coredns
-            version: 1.42.302
+            version: 1.43.302
             type: HelmChart
           - name: rke2-ingress-nginx
-            version: 4.12.401
+            version: 4.12.600
             type: HelmChart
           - name: rke2-metrics-server
-            version: 3.12.203
+            version: 3.13.001
             type: HelmChart
           - name: rancher-vsphere-csi
-            version: 3.3.1-rancher1000
+            version: 3.5.0-rancher100
             type: HelmChart
           - name: rancher-vsphere-cpi
-            version: 1.11.000
+            version: 1.12.100
             type: HelmChart
           - name: harvester-cloud-provider
             version: 0.2.1000
@@ -77,10 +77,10 @@ spec:
             version: 0.0.0
             type: HelmChart
     operatingSystem:
-      version: '6.2'
+      version: '6.1'
       zypperID: SL-Micro
-      cpeScheme: cpe:/o:suse:sles:16:16.0
+      cpeScheme: cpe:/o:suse:sl-micro:6.1
-      prettyName: SUSE Linux Enterprise Server 16.0
+      prettyName: SUSE Linux Micro 6.1
       supportedArchs:
         - x86_64
         - aarch64
@@ -89,7 +89,7 @@ spec:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.12.1
+          version: 2.12.2
           repository: https://charts.rancher.com/server-charts/prime
           values:
             postDelete:
@@ -97,17 +97,17 @@ spec:
         - prettyName: Longhorn
           releaseName: longhorn
           chart: longhorn
-          version: 107.0.0+up1.9.1
+          version: 107.1.0+up1.9.1
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: longhorn-crd
               chart: longhorn-crd
-              version: 107.0.0+up1.9.1
+              version: 107.1.0+up1.9.1
               repository: https://charts.rancher.io
         - prettyName: MetalLB
           releaseName: metallb
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metallb'
-          version: '%%CHART_MAJOR%%.0.1+up0.15.2'
+          version: '%%CHART_MAJOR%%.0.0+up0.14.9'
         - prettyName: CDI
           releaseName: cdi
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%cdi'
@@ -123,12 +123,12 @@ spec:
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 107.0.0+up2.8.7
+          version: 107.0.1+up2.8.8
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 107.0.0+up2.8.7
+              version: 107.0.1+up2.8.8
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
@@ -155,11 +155,11 @@ spec:
         - prettyName: SRIOV
           releaseName: sriov-network-operator
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
-          version: '%%CHART_MAJOR%%.0.4+up1.6.0'
+          version: '%%CHART_MAJOR%%.0.2+up1.5.0'
           dependencyCharts:
             - releaseName: sriov-crd
               chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'
-              version: '%%CHART_MAJOR%%.0.4+up1.6.0'
+              version: '%%CHART_MAJOR%%.0.2+up1.5.0'
         - prettyName: Akri
           releaseName: akri
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri'

sriov-cni-image/Dockerfile

@@ -1,33 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%
-#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-cni gawk which; \
-    zypper -n clean; \
-    rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.sriov-cni
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE sriov-cni Container Image"
-LABEL org.opencontainers.image.description="sriov-cni based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%sriov-cni_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:%%sriov-cni_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-ENTRYPOINT ["/entrypoint.sh"]

sriov-cni-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service name="kiwi_metainfo_helper" mode="buildtime"/>
-  <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%sriov-cni_version%%</param>
-    <param name="package">sriov-cni</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

sriov-cni/_service

@@ -1,20 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/k8snetworkplumbingwg/sriov-cni</param>
-    <param name="scm">git</param>
-    <param name="revision">v2.10.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">antonio.alarcon@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">sriov-cni.obsinfo</param>
-  </service>
-  <service name="go_modules" />
-  <service mode="buildtime" name="set_version" />
-</services>

sriov-cni/sriov-cni.spec

@@ -1,61 +0,0 @@
-#
-# spec file for package sriov-cni
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           sriov-cni
-Version:        0
-Release:        0
-Summary:        Implements a Kubernetes CNI plugin operator for SRIOV VFs
-License:        Apache-2.0
-URL:            https://github.com/k8snetworkplumbingwg/sriov-cni
-Source:         %{name}-%{version}.tar
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.23
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
-A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
-The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
-MAC, VLAN, IP and more.
-
-SR-IOV CNI plugin works with SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus gets the allocated
-VF's deviceID(PCI address) and is responsible for invoking the SR-IOV CNI plugin with that deviceID.
-
-%prep
-%autosetup -a1 -n %{name}-%{version} -p1
-
-%build
-# CGO is disabled by default in upstream Makefile:
-%define cgoenabled "0"
-# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile:
-%define buildgotags "no_openssl"
-%define buildldflags ""
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} -tags %{buildgotags} -o sriov cmd/sriov/main.go
-
-%install
-install -D -m0755 sriov %{buildroot}%{_bindir}/sriov
-install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/sriov
-/entrypoint.sh
-
-%changelog

sriov-crd-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
-#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0
+#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
 annotations:
   catalog.cattle.io/experimental: "true"
   catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
 description: Installs the CRDs for the SR-IOV operator
 name: sriov-crd
 type: application
-version: "%%CHART_MAJOR%%.0.4+up1.6.0"
+version: "%%CHART_MAJOR%%.0.2+up1.5.0"

sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml

@@ -14,92 +14,92 @@ spec:
     singular: ovsnetwork
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: OVSNetwork is the Schema for the ovsnetworks API
+          description: OVSNetwork is the Schema for the ovsnetworks API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: OVSNetworkSpec defines the desired state of OVSNetwork
+              description: OVSNetworkSpec defines the desired state of OVSNetwork
-            properties:
+              properties:
-              bridge:
+                bridge:
-                description: |-
+                  description: |-
-                  name of the OVS bridge, if not set OVS will automatically select bridge
+                    name of the OVS bridge, if not set OVS will automatically select bridge
-                  based on VF PCI address
+                    based on VF PCI address
-                type: string
+                  type: string
-              capabilities:
+                capabilities:
-                description: |-
+                  description: |-
-                  Capabilities to be configured for this network.
+                    Capabilities to be configured for this network.
-                  Capabilities supported: (mac|ips), e.g. '{"mac": true}'
+                    Capabilities supported: (mac|ips), e.g. '{"mac": true}'
-                type: string
+                  type: string
-              interfaceType:
+                interfaceType:
-                description: The type of interface on ovs.
+                  description: The type of interface on ovs.
-                type: string
+                  type: string
-              ipam:
+                ipam:
-                description: IPAM configuration to be used for this network.
+                  description: IPAM configuration to be used for this network.
-                type: string
+                  type: string
-              metaPlugins:
+                metaPlugins:
-                description: MetaPluginsConfig configuration to be used in order to
+                  description: MetaPluginsConfig configuration to be used in order to
-                  chain metaplugins
+                    chain metaplugins
-                type: string
+                  type: string
-              mtu:
+                mtu:
-                description: Mtu for the OVS port
+                  description: Mtu for the OVS port
-                type: integer
+                  type: integer
-              networkNamespace:
+                networkNamespace:
-                description: Namespace of the NetworkAttachmentDefinition custom resource
+                  description: Namespace of the NetworkAttachmentDefinition custom resource
-                type: string
+                  type: string
-              resourceName:
+                resourceName:
-                description: OVS Network device plugin endpoint resource name
+                  description: OVS Network device plugin endpoint resource name
-                type: string
+                  type: string
-              trunk:
+                trunk:
-                description: Trunk configuration for the OVS port
+                  description: Trunk configuration for the OVS port
-                items:
+                  items:
-                  description: TrunkConfig contains configuration for bridge trunk
+                    description: TrunkConfig contains configuration for bridge trunk
-                  properties:
+                    properties:
-                    id:
+                      id:
-                      maximum: 4095
+                        maximum: 4095
-                      minimum: 0
+                        minimum: 0
-                      type: integer
+                        type: integer
-                    maxID:
+                      maxID:
-                      maximum: 4095
+                        maximum: 4095
-                      minimum: 0
+                        minimum: 0
-                      type: integer
+                        type: integer
-                    minID:
+                      minID:
-                      maximum: 4095
+                        maximum: 4095
-                      minimum: 0
+                        minimum: 0
-                      type: integer
+                        type: integer
-                  type: object
+                    type: object
-                type: array
+                  type: array
-              vlan:
+                vlan:
-                description: Vlan to assign for the OVS port
+                  description: Vlan to assign for the OVS port
-                maximum: 4095
+                  maximum: 4095
-                minimum: 0
+                  minimum: 0
-                type: integer
+                  type: integer
-            required:
+              required:
-            - resourceName
+                - resourceName
-            type: object
+              type: object
-          status:
+            status:
-            description: OVSNetworkStatus defines the observed state of OVSNetwork
+              description: OVSNetworkStatus defines the observed state of OVSNetwork
-            type: object
+              type: object
-        type: object
+          type: object
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      subresources:
-      status: {}
+        status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml

@@ -14,65 +14,65 @@ spec:
     singular: sriovibnetwork
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovIBNetwork is the Schema for the sriovibnetworks API
+          description: SriovIBNetwork is the Schema for the sriovibnetworks API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
+              description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
-            properties:
+              properties:
-              capabilities:
+                capabilities:
-                description: |-
+                  description: |-
-                  Capabilities to be configured for this network.
+                    Capabilities to be configured for this network.
-                  Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
+                    Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
-                type: string
+                  type: string
-              ipam:
+                ipam:
-                description: IPAM configuration to be used for this network.
+                  description: IPAM configuration to be used for this network.
-                type: string
+                  type: string
-              linkState:
+                linkState:
-                description: VF link state (enable|disable|auto)
+                  description: VF link state (enable|disable|auto)
-                enum:
+                  enum:
-                - auto
+                    - auto
-                - enable
+                    - enable
-                - disable
+                    - disable
-                type: string
+                  type: string
-              metaPlugins:
+                metaPlugins:
-                description: |-
+                  description: |-
-                  MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
+                    MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
-                  by the operator.
+                    by the operator.
-                type: string
+                  type: string
-              networkNamespace:
+                networkNamespace:
-                description: Namespace of the NetworkAttachmentDefinition custom resource
+                  description: Namespace of the NetworkAttachmentDefinition custom resource
-                type: string
+                  type: string
-              resourceName:
+                resourceName:
-                description: SRIOV Network device plugin endpoint resource name
+                  description: SRIOV Network device plugin endpoint resource name
-                type: string
+                  type: string
-            required:
+              required:
-            - resourceName
+                - resourceName
-            type: object
+              type: object
-          status:
+            status:
-            description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
+              description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
-            type: object
+              type: object
-        type: object
+          type: object
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      subresources:
-      status: {}
+        status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml

@@ -14,200 +14,200 @@ spec:
     singular: sriovnetworknodepolicy
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
+          description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
-          API
+            API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
+              description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
-            properties:
+              properties:
-              bridge:
+                bridge:
-                description: |-
+                  description: |-
-                  contains bridge configuration for matching PFs,
+                    contains bridge configuration for matching PFs,
-                  valid only for eSwitchMode==switchdev
+                    valid only for eSwitchMode==switchdev
-                properties:
+                  properties:
-                  ovs:
+                    ovs:
-                    description: contains configuration for the OVS bridge,
+                      description: contains configuration for the OVS bridge,
-                    properties:
+                      properties:
-                      bridge:
+                        bridge:
-                        description: contains bridge level settings
+                          description: contains bridge level settings
-                        properties:
+                          properties:
-                          datapathType:
+                            datapathType:
-                            description: configure datapath_type field in the Bridge
+                              description: configure datapath_type field in the Bridge
-                              table in OVSDB
+                                table in OVSDB
-                            type: string
-                          externalIDs:
-                            additionalProperties:
                               type: string
-                            description: IDs to inject to external_ids field in the
+                            externalIDs:
-                              Bridge table in OVSDB
+                              additionalProperties:
-                            type: object
-                          otherConfig:
-                            additionalProperties:
-                              type: string
-                            description: additional options to inject to other_config
-                              field in the bridge table in OVSDB
-                            type: object
-                        type: object
-                      uplink:
-                        description: contains settings for uplink (PF)
-                        properties:
-                          interface:
-                            description: contains settings for PF interface in the
-                              OVS bridge
-                            properties:
-                              externalIDs:
-                                additionalProperties:
-                                  type: string
-                                description: external_ids field in the Interface table
-                                  in OVSDB
-                                type: object
-                              mtuRequest:
-                                description: mtu_request field in the Interface table
-                                  in OVSDB
-                                type: integer
-                              options:
-                                additionalProperties:
-                                  type: string
-                                description: options field in the Interface table
-                                  in OVSDB
-                                type: object
-                              otherConfig:
-                                additionalProperties:
-                                  type: string
-                                description: other_config field in the Interface table
-                                  in OVSDB
-                                type: object
-                              type:
-                                description: type field in the Interface table in
-                                  OVSDB
                                 type: string
-                            type: object
+                              description: IDs to inject to external_ids field in the
-                        type: object
+                                Bridge table in OVSDB
-                    type: object
+                              type: object
-                type: object
+                            otherConfig:
-              deviceType:
+                              additionalProperties:
-                default: netdevice
+                                type: string
-                description: The driver type for configured VFs. Allowed value "netdevice",
+                              description: additional options to inject to other_config
-                  "vfio-pci". Defaults to netdevice.
+                                field in the bridge table in OVSDB
-                enum:
+                              type: object
-                - netdevice
+                          type: object
-                - vfio-pci
+                        uplink:
-                type: string
+                          description: contains settings for uplink (PF)
-              eSwitchMode:
+                          properties:
-                description: NIC Device Mode. Allowed value "legacy","switchdev".
+                            interface:
-                enum:
+                              description: contains settings for PF interface in the
-                - legacy
+                                OVS bridge
-                - switchdev
+                              properties:
-                type: string
+                                externalIDs:
-              excludeTopology:
+                                  additionalProperties:
-                description: Exclude device's NUMA node when advertising this resource
+                                    type: string
-                  by SRIOV network device plugin. Default to false.
+                                  description: external_ids field in the Interface table
-                type: boolean
+                                    in OVSDB
-              externallyManaged:
+                                  type: object
-                description: don't create the virtual function only allocated them
+                                mtuRequest:
-                  to the device plugin. Defaults to false.
+                                  description: mtu_request field in the Interface table
-                type: boolean
+                                    in OVSDB
-              isRdma:
+                                  type: integer
-                description: RDMA mode. Defaults to false.
+                                options:
-                type: boolean
+                                  additionalProperties:
-              linkType:
+                                    type: string
-                description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
+                                  description: options field in the Interface table
-                  "IB".
+                                    in OVSDB
-                enum:
+                                  type: object
-                - eth
+                                otherConfig:
-                - ETH
+                                  additionalProperties:
-                - ib
+                                    type: string
-                - IB
+                                  description: other_config field in the Interface table
-                type: string
+                                    in OVSDB
-              mtu:
+                                  type: object
-                description: MTU of VF
+                                type:
-                minimum: 1
+                                  description: type field in the Interface table in
-                type: integer
+                                    OVSDB
-              needVhostNet:
+                                  type: string
-                description: mount vhost-net device. Defaults to false.
+                              type: object
-                type: boolean
+                          type: object
-              nicSelector:
+                      type: object
-                description: NicSelector selects the NICs to be configured
+                  type: object
-                properties:
+                deviceType:
-                  deviceID:
+                  default: netdevice
-                    description: The device hex code of SR-IoV device. Allowed value
+                  description: The driver type for configured VFs. Allowed value "netdevice",
-                      "0d58", "1572", "158b", "1013", "1015", "1017", "101b".
+                    "vfio-pci". Defaults to netdevice.
-                    type: string
+                  enum:
-                  netFilter:
+                    - netdevice
-                    description: Infrastructure Networking selection filter. Allowed
+                    - vfio-pci
-                      value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
-                    type: string
-                  pfNames:
-                    description: Name of SR-IoV PF.
-                    items:
-                      type: string
-                    type: array
-                  rootDevices:
-                    description: PCI address of SR-IoV PF.
-                    items:
-                      type: string
-                    type: array
-                  vendor:
-                    description: The vendor hex code of SR-IoV device. Allowed value
-                      "8086", "15b3".
-                    type: string
-                type: object
-              nodeSelector:
-                additionalProperties:
                   type: string
-                description: NodeSelector selects the nodes to be configured
+                eSwitchMode:
-                type: object
+                  description: NIC Device Mode. Allowed value "legacy","switchdev".
-              numVfs:
+                  enum:
-                description: Number of VFs for each PF
+                    - legacy
-                minimum: 0
+                    - switchdev
-                type: integer
+                  type: string
-              priority:
+                excludeTopology:
-                description: Priority of the policy, higher priority policies can
+                  description: Exclude device's NUMA node when advertising this resource
-                  override lower ones.
+                    by SRIOV network device plugin. Default to false.
-                maximum: 99
+                  type: boolean
-                minimum: 0
+                externallyManaged:
-                type: integer
+                  description: don't create the virtual function only allocated them
-              resourceName:
+                    to the device plugin. Defaults to false.
-                description: SRIOV Network device plugin endpoint resource name
+                  type: boolean
-                type: string
+                isRdma:
-              vdpaType:
+                  description: RDMA mode. Defaults to false.
-                description: VDPA device type. Allowed value "virtio", "vhost"
+                  type: boolean
-                enum:
+                linkType:
-                - virtio
+                  description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
-                - vhost
+                    "IB".
-                type: string
+                  enum:
-            required:
+                    - eth
-            - nicSelector
+                    - ETH
-            - nodeSelector
+                    - ib
-            - numVfs
+                    - IB
-            - resourceName
+                  type: string
-            type: object
+                mtu:
-          status:
+                  description: MTU of VF
-            description: SriovNetworkNodePolicyStatus defines the observed state of
+                  minimum: 1
-              SriovNetworkNodePolicy
+                  type: integer
-            type: object
+                needVhostNet:
-        type: object
+                  description: mount vhost-net device. Defaults to false.
-    served: true
+                  type: boolean
-    storage: true
+                nicSelector:
-    subresources:
+                  description: NicSelector selects the NICs to be configured
-      status: {}
+                  properties:
+                    deviceID:
+                      description: The device hex code of SR-IoV device. Allowed value
+                        "0d58", "1572", "158b", "1013", "1015", "1017", "101b".
+                      type: string
+                    netFilter:
+                      description: Infrastructure Networking selection filter. Allowed
+                        value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+                      type: string
+                    pfNames:
+                      description: Name of SR-IoV PF.
+                      items:
+                        type: string
+                      type: array
+                    rootDevices:
+                      description: PCI address of SR-IoV PF.
+                      items:
+                        type: string
+                      type: array
+                    vendor:
+                      description: The vendor hex code of SR-IoV device. Allowed value
+                        "8086", "15b3".
+                      type: string
+                  type: object
+                nodeSelector:
+                  additionalProperties:
+                    type: string
+                  description: NodeSelector selects the nodes to be configured
+                  type: object
+                numVfs:
+                  description: Number of VFs for each PF
+                  minimum: 0
+                  type: integer
+                priority:
+                  description: Priority of the policy, higher priority policies can
+                    override lower ones.
+                  maximum: 99
+                  minimum: 0
+                  type: integer
+                resourceName:
+                  description: SRIOV Network device plugin endpoint resource name
+                  type: string
+                vdpaType:
+                  description: VDPA device type. Allowed value "virtio", "vhost"
+                  enum:
+                    - virtio
+                    - vhost
+                  type: string
+              required:
+                - nicSelector
+                - nodeSelector
+                - numVfs
+                - resourceName
+              type: object
+            status:
+              description: SriovNetworkNodePolicyStatus defines the observed state of
+                SriovNetworkNodePolicy
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml

@@ -14,356 +14,356 @@ spec:
     singular: sriovnetworknodestate
   scope: Namespaced
   versions:
-  - additionalPrinterColumns:
+    - additionalPrinterColumns:
-    - jsonPath: .status.syncStatus
+        - jsonPath: .status.syncStatus
-      name: Sync Status
+          name: Sync Status
-      type: string
+          type: string
-    - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
+        - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
-      name: Desired Sync State
+          name: Desired Sync State
-      type: string
+          type: string
-    - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
+        - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
-      name: Current Sync State
+          name: Current Sync State
-      type: string
+          type: string
-    - jsonPath: .metadata.creationTimestamp
+        - jsonPath: .metadata.creationTimestamp
-      name: Age
+          name: Age
-      type: date
+          type: date
-    name: v1
+      name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
+          description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
-          API
+            API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
+              description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
-            properties:
+              properties:
-              bridges:
+                bridges:
-                description: Bridges contains list of bridges
+                  description: Bridges contains list of bridges
-                properties:
-                  ovs:
-                    items:
-                      description: OVSConfigExt contains configuration for the concrete
-                        OVS bridge
-                      properties:
-                        bridge:
-                          description: bridge-level configuration for the bridge
-                          properties:
-                            datapathType:
-                              description: configure datapath_type field in the Bridge
-                                table in OVSDB
-                              type: string
-                            externalIDs:
-                              additionalProperties:
-                                type: string
-                              description: IDs to inject to external_ids field in
-                                the Bridge table in OVSDB
-                              type: object
-                            otherConfig:
-                              additionalProperties:
-                                type: string
-                              description: additional options to inject to other_config
-                                field in the bridge table in OVSDB
-                              type: object
-                          type: object
-                        name:
-                          description: name of the bridge
-                          type: string
-                        uplinks:
-                          description: |-
-                            uplink-level bridge configuration for each uplink(PF).
-                            currently must contain only one element
-                          items:
-                            description: OVSUplinkConfigExt contains configuration
-                              for the concrete OVS uplink(PF)
-                            properties:
-                              interface:
-                                description: configuration from the Interface OVS
-                                  table for the PF
-                                properties:
-                                  externalIDs:
-                                    additionalProperties:
-                                      type: string
-                                    description: external_ids field in the Interface
-                                      table in OVSDB
-                                    type: object
-                                  mtuRequest:
-                                    description: mtu_request field in the Interface
-                                      table in OVSDB
-                                    type: integer
-                                  options:
-                                    additionalProperties:
-                                      type: string
-                                    description: options field in the Interface table
-                                      in OVSDB
-                                    type: object
-                                  otherConfig:
-                                    additionalProperties:
-                                      type: string
-                                    description: other_config field in the Interface
-                                      table in OVSDB
-                                    type: object
-                                  type:
-                                    description: type field in the Interface table
-                                      in OVSDB
-                                    type: string
-                                type: object
-                              name:
-                                description: name of the PF interface
-                                type: string
-                              pciAddress:
-                                description: pci address of the PF
-                                type: string
-                            required:
-                            - pciAddress
-                            type: object
-                          type: array
-                      required:
-                      - name
-                      type: object
-                    type: array
-                type: object
-              interfaces:
-                items:
                   properties:
-                    eSwitchMode:
+                    ovs:
-                      type: string
-                    externallyManaged:
-                      type: boolean
-                    linkType:
-                      type: string
-                    mtu:
-                      type: integer
-                    name:
-                      type: string
-                    numVfs:
-                      type: integer
-                    pciAddress:
-                      type: string
-                    vfGroups:
                       items:
+                        description: OVSConfigExt contains configuration for the concrete
+                          OVS bridge
                         properties:
-                          deviceType:
+                          bridge:
-                            type: string
+                            description: bridge-level configuration for the bridge
-                          isRdma:
-                            type: boolean
-                          mtu:
-                            type: integer
-                          policyName:
-                            type: string
-                          resourceName:
-                            type: string
-                          vdpaType:
-                            type: string
-                          vfRange:
-                            type: string
-                        type: object
-                      type: array
-                  required:
-                  - pciAddress
-                  type: object
-                type: array
-              system:
-                properties:
-                  rdmaMode:
-                    description: RDMA subsystem. Allowed value "shared", "exclusive".
-                    enum:
-                    - shared
-                    - exclusive
-                    type: string
-                type: object
-            type: object
-          status:
-            description: SriovNetworkNodeStateStatus defines the observed state of
-              SriovNetworkNodeState
-            properties:
-              bridges:
-                description: Bridges contains list of bridges
-                properties:
-                  ovs:
-                    items:
-                      description: OVSConfigExt contains configuration for the concrete
-                        OVS bridge
-                      properties:
-                        bridge:
-                          description: bridge-level configuration for the bridge
-                          properties:
-                            datapathType:
-                              description: configure datapath_type field in the Bridge
-                                table in OVSDB
-                              type: string
-                            externalIDs:
-                              additionalProperties:
-                                type: string
-                              description: IDs to inject to external_ids field in
-                                the Bridge table in OVSDB
-                              type: object
-                            otherConfig:
-                              additionalProperties:
-                                type: string
-                              description: additional options to inject to other_config
-                                field in the bridge table in OVSDB
-                              type: object
-                          type: object
-                        name:
-                          description: name of the bridge
-                          type: string
-                        uplinks:
-                          description: |-
-                            uplink-level bridge configuration for each uplink(PF).
-                            currently must contain only one element
-                          items:
-                            description: OVSUplinkConfigExt contains configuration
-                              for the concrete OVS uplink(PF)
                             properties:
-                              interface:
+                              datapathType:
-                                description: configuration from the Interface OVS
+                                description: configure datapath_type field in the Bridge
-                                  table for the PF
+                                  table in OVSDB
-                                properties:
+                                type: string
-                                  externalIDs:
+                              externalIDs:
-                                    additionalProperties:
+                                additionalProperties:
-                                      type: string
+                                  type: string
-                                    description: external_ids field in the Interface
+                                description: IDs to inject to external_ids field in
-                                      table in OVSDB
+                                  the Bridge table in OVSDB
-                                    type: object
+                                type: object
-                                  mtuRequest:
+                              otherConfig:
-                                    description: mtu_request field in the Interface
+                                additionalProperties:
-                                      table in OVSDB
+                                  type: string
-                                    type: integer
+                                description: additional options to inject to other_config
-                                  options:
+                                  field in the bridge table in OVSDB
-                                    additionalProperties:
-                                      type: string
-                                    description: options field in the Interface table
-                                      in OVSDB
-                                    type: object
-                                  otherConfig:
-                                    additionalProperties:
-                                      type: string
-                                    description: other_config field in the Interface
-                                      table in OVSDB
-                                    type: object
-                                  type:
-                                    description: type field in the Interface table
-                                      in OVSDB
-                                    type: string
                                 type: object
-                              name:
-                                description: name of the PF interface
-                                type: string
-                              pciAddress:
-                                description: pci address of the PF
-                                type: string
-                            required:
-                            - pciAddress
                             type: object
-                          type: array
-                      required:
-                      - name
-                      type: object
-                    type: array
-                type: object
-              interfaces:
-                items:
-                  properties:
-                    Vfs:
-                      items:
-                        properties:
-                          Vlan:
-                            type: integer
-                          assigned:
-                            type: string
-                          deviceID:
-                            type: string
-                          driver:
-                            type: string
-                          guid:
-                            type: string
-                          mac:
-                            type: string
-                          mtu:
-                            type: integer
                           name:
+                            description: name of the bridge
                             type: string
-                          pciAddress:
+                          uplinks:
-                            type: string
+                            description: |-
-                          representorName:
+                              uplink-level bridge configuration for each uplink(PF).
-                            type: string
+                              currently must contain only one element
-                          vdpaType:
+                            items:
-                            type: string
+                              description: OVSUplinkConfigExt contains configuration
-                          vendor:
+                                for the concrete OVS uplink(PF)
-                            type: string
+                              properties:
-                          vfID:
+                                interface:
-                            type: integer
+                                  description: configuration from the Interface OVS
+                                    table for the PF
+                                  properties:
+                                    externalIDs:
+                                      additionalProperties:
+                                        type: string
+                                      description: external_ids field in the Interface
+                                        table in OVSDB
+                                      type: object
+                                    mtuRequest:
+                                      description: mtu_request field in the Interface
+                                        table in OVSDB
+                                      type: integer
+                                    options:
+                                      additionalProperties:
+                                        type: string
+                                      description: options field in the Interface table
+                                        in OVSDB
+                                      type: object
+                                    otherConfig:
+                                      additionalProperties:
+                                        type: string
+                                      description: other_config field in the Interface
+                                        table in OVSDB
+                                      type: object
+                                    type:
+                                      description: type field in the Interface table
+                                        in OVSDB
+                                      type: string
+                                  type: object
+                                name:
+                                  description: name of the PF interface
+                                  type: string
+                                pciAddress:
+                                  description: pci address of the PF
+                                  type: string
+                              required:
+                                - pciAddress
+                              type: object
+                            type: array
                         required:
-                        - pciAddress
+                          - name
-                        - vfID
                         type: object
                       type: array
-                    deviceID:
-                      type: string
-                    driver:
-                      type: string
-                    eSwitchMode:
-                      type: string
-                    externallyManaged:
-                      type: boolean
-                    linkAdminState:
-                      type: string
-                    linkSpeed:
-                      type: string
-                    linkType:
-                      type: string
-                    mac:
-                      type: string
-                    mtu:
-                      type: integer
-                    name:
-                      type: string
-                    netFilter:
-                      type: string
-                    numVfs:
-                      type: integer
-                    pciAddress:
-                      type: string
-                    totalvfs:
-                      type: integer
-                    vendor:
-                      type: string
-                  required:
-                  - pciAddress
                   type: object
-                type: array
+                interfaces:
-              lastSyncError:
+                  items:
-                type: string
+                    properties:
-              syncStatus:
+                      eSwitchMode:
-                type: string
+                        type: string
-              system:
+                      externallyManaged:
-                properties:
+                        type: boolean
-                  rdmaMode:
+                      linkType:
-                    description: RDMA subsystem. Allowed value "shared", "exclusive".
+                        type: string
-                    enum:
+                      mtu:
-                    - shared
+                        type: integer
-                    - exclusive
+                      name:
-                    type: string
+                        type: string
-                type: object
+                      numVfs:
-            type: object
+                        type: integer
-        type: object
+                      pciAddress:
-    served: true
+                        type: string
-    storage: true
+                      vfGroups:
-    subresources:
+                        items:
-      status: {}
+                          properties:
+                            deviceType:
+                              type: string
+                            isRdma:
+                              type: boolean
+                            mtu:
+                              type: integer
+                            policyName:
+                              type: string
+                            resourceName:
+                              type: string
+                            vdpaType:
+                              type: string
+                            vfRange:
+                              type: string
+                          type: object
+                        type: array
+                    required:
+                      - pciAddress
+                    type: object
+                  type: array
+                system:
+                  properties:
+                    rdmaMode:
+                      description: RDMA subsystem. Allowed value "shared", "exclusive".
+                      enum:
+                        - shared
+                        - exclusive
+                      type: string
+                  type: object
+              type: object
+            status:
+              description: SriovNetworkNodeStateStatus defines the observed state of
+                SriovNetworkNodeState
+              properties:
+                bridges:
+                  description: Bridges contains list of bridges
+                  properties:
+                    ovs:
+                      items:
+                        description: OVSConfigExt contains configuration for the concrete
+                          OVS bridge
+                        properties:
+                          bridge:
+                            description: bridge-level configuration for the bridge
+                            properties:
+                              datapathType:
+                                description: configure datapath_type field in the Bridge
+                                  table in OVSDB
+                                type: string
+                              externalIDs:
+                                additionalProperties:
+                                  type: string
+                                description: IDs to inject to external_ids field in
+                                  the Bridge table in OVSDB
+                                type: object
+                              otherConfig:
+                                additionalProperties:
+                                  type: string
+                                description: additional options to inject to other_config
+                                  field in the bridge table in OVSDB
+                                type: object
+                            type: object
+                          name:
+                            description: name of the bridge
+                            type: string
+                          uplinks:
+                            description: |-
+                              uplink-level bridge configuration for each uplink(PF).
+                              currently must contain only one element
+                            items:
+                              description: OVSUplinkConfigExt contains configuration
+                                for the concrete OVS uplink(PF)
+                              properties:
+                                interface:
+                                  description: configuration from the Interface OVS
+                                    table for the PF
+                                  properties:
+                                    externalIDs:
+                                      additionalProperties:
+                                        type: string
+                                      description: external_ids field in the Interface
+                                        table in OVSDB
+                                      type: object
+                                    mtuRequest:
+                                      description: mtu_request field in the Interface
+                                        table in OVSDB
+                                      type: integer
+                                    options:
+                                      additionalProperties:
+                                        type: string
+                                      description: options field in the Interface table
+                                        in OVSDB
+                                      type: object
+                                    otherConfig:
+                                      additionalProperties:
+                                        type: string
+                                      description: other_config field in the Interface
+                                        table in OVSDB
+                                      type: object
+                                    type:
+                                      description: type field in the Interface table
+                                        in OVSDB
+                                      type: string
+                                  type: object
+                                name:
+                                  description: name of the PF interface
+                                  type: string
+                                pciAddress:
+                                  description: pci address of the PF
+                                  type: string
+                              required:
+                                - pciAddress
+                              type: object
+                            type: array
+                        required:
+                          - name
+                        type: object
+                      type: array
+                  type: object
+                interfaces:
+                  items:
+                    properties:
+                      Vfs:
+                        items:
+                          properties:
+                            Vlan:
+                              type: integer
+                            assigned:
+                              type: string
+                            deviceID:
+                              type: string
+                            driver:
+                              type: string
+                            guid:
+                              type: string
+                            mac:
+                              type: string
+                            mtu:
+                              type: integer
+                            name:
+                              type: string
+                            pciAddress:
+                              type: string
+                            representorName:
+                              type: string
+                            vdpaType:
+                              type: string
+                            vendor:
+                              type: string
+                            vfID:
+                              type: integer
+                          required:
+                            - pciAddress
+                            - vfID
+                          type: object
+                        type: array
+                      deviceID:
+                        type: string
+                      driver:
+                        type: string
+                      eSwitchMode:
+                        type: string
+                      externallyManaged:
+                        type: boolean
+                      linkAdminState:
+                        type: string
+                      linkSpeed:
+                        type: string
+                      linkType:
+                        type: string
+                      mac:
+                        type: string
+                      mtu:
+                        type: integer
+                      name:
+                        type: string
+                      netFilter:
+                        type: string
+                      numVfs:
+                        type: integer
+                      pciAddress:
+                        type: string
+                      totalvfs:
+                        type: integer
+                      vendor:
+                        type: string
+                    required:
+                      - pciAddress
+                    type: object
+                  type: array
+                lastSyncError:
+                  type: string
+                syncStatus:
+                  type: string
+                system:
+                  properties:
+                    rdmaMode:
+                      description: RDMA subsystem. Allowed value "shared", "exclusive".
+                      enum:
+                        - shared
+                        - exclusive
+                      type: string
+                  type: object
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml

@@ -14,118 +14,116 @@ spec:
     singular: sriovnetworkpoolconfig
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
+          description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
-          API
+            API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
+              description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
-            properties:
+              properties:
-              maxUnavailable:
+                maxUnavailable:
-                anyOf:
+                  anyOf:
-                - type: integer
+                    - type: integer
-                - type: string
+                    - type: string
-                description: |-
+                  description: |-
-                  maxUnavailable defines either an integer number or percentage
+                    maxUnavailable defines either an integer number or percentage
-                  of nodes in the pool that can go Unavailable during an update.
+                    of nodes in the pool that can go Unavailable during an update.
 
 
-                  A value larger than 1 will mean multiple nodes going unavailable during
+                    A value larger than 1 will mean multiple nodes going unavailable during
-                  the update, which may affect your workload stress on the remaining nodes.
+                    the update, which may affect your workload stress on the remaining nodes.
-                  Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
+                    Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
-                  even if maxUnavailable is greater than one.
+                    even if maxUnavailable is greater than one.
-                x-kubernetes-int-or-string: true
+                  x-kubernetes-int-or-string: true
-              nodeSelector:
+                nodeSelector:
-                description: nodeSelector specifies a label selector for Nodes
+                  description: nodeSelector specifies a label selector for Nodes
-                properties:
+                  properties:
-                  matchExpressions:
+                    matchExpressions:
-                    description: matchExpressions is a list of label selector requirements.
+                      description: matchExpressions is a list of label selector requirements.
-                      The requirements are ANDed.
+                        The requirements are ANDed.
-                    items:
+                      items:
-                      description: |-
+                        description: |-
-                        A label selector requirement is a selector that contains values, a key, and an operator that
+                          A label selector requirement is a selector that contains values, a key, and an operator that
-                        relates the key and values.
+                          relates the key and values.
-                      properties:
+                        properties:
-                        key:
+                          key:
-                          description: key is the label key that the selector applies
+                            description: key is the label key that the selector applies
-                            to.
+                              to.
-                          type: string
-                        operator:
-                          description: |-
-                            operator represents a key's relationship to a set of values.
-                            Valid operators are In, NotIn, Exists and DoesNotExist.
-                          type: string
-                        values:
-                          description: |-
-                            values is an array of string values. If the operator is In or NotIn,
-                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
-                            the values array must be empty. This array is replaced during a strategic
-                            merge patch.
-                          items:
                             type: string
-                          type: array
+                          operator:
-                          x-kubernetes-list-type: atomic
+                            description: |-
-                      required:
+                              operator represents a key's relationship to a set of values.
-                      - key
+                              Valid operators are In, NotIn, Exists and DoesNotExist.
-                      - operator
+                            type: string
+                          values:
+                            description: |-
+                              values is an array of string values. If the operator is In or NotIn,
+                              the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                              the values array must be empty. This array is replaced during a strategic
+                              merge patch.
+                            items:
+                              type: string
+                            type: array
+                        required:
+                          - key
+                          - operator
+                        type: object
+                      type: array
+                    matchLabels:
+                      additionalProperties:
+                        type: string
+                      description: |-
+                        matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                        map is equivalent to an element of matchExpressions, whose key field is "key", the
+                        operator is "In", and the values array contains only "value". The requirements are ANDed.
                       type: object
-                    type: array
+                  type: object
-                    x-kubernetes-list-type: atomic
+                  x-kubernetes-map-type: atomic
-                  matchLabels:
+                ovsHardwareOffloadConfig:
-                    additionalProperties:
+                  description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
+                    for selected Nodes
+                  properties:
+                    name:
+                      description: |-
+                        Name is mandatory and must be unique.
+                        On Kubernetes:
+                        Name is the name of OvsHardwareOffloadConfig
+                        On OpenShift:
+                        Name is the name of MachineConfigPool to be enabled with OVS hardware offload
                       type: string
-                    description: |-
+                  type: object
-                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                rdmaMode:
-                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                  description: RDMA subsystem. Allowed value "shared", "exclusive".
-                      operator is "In", and the values array contains only "value". The requirements are ANDed.
+                  enum:
-                    type: object
+                    - shared
-                type: object
+                    - exclusive
-                x-kubernetes-map-type: atomic
+                  type: string
-              ovsHardwareOffloadConfig:
+              type: object
-                description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
+            status:
-                  for selected Nodes
+              description: SriovNetworkPoolConfigStatus defines the observed state of
-                properties:
+                SriovNetworkPoolConfig
-                  name:
+              type: object
-                    description: |-
+          type: object
-                      Name is mandatory and must be unique.
+      served: true
-                      On Kubernetes:
+      storage: true
-                      Name is the name of OvsHardwareOffloadConfig
+      subresources:
-                      On OpenShift:
+        status: {}
-                      Name is the name of MachineConfigPool to be enabled with OVS hardware offload
-                    type: string
-                type: object
-              rdmaMode:
-                description: RDMA subsystem. Allowed value "shared", "exclusive".
-                enum:
-                - shared
-                - exclusive
-                type: string
-            type: object
-          status:
-            description: SriovNetworkPoolConfigStatus defines the observed state of
-              SriovNetworkPoolConfig
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml

@@ -14,123 +14,123 @@ spec:
     singular: sriovnetwork
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovNetwork is the Schema for the sriovnetworks API
+          description: SriovNetwork is the Schema for the sriovnetworks API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovNetworkSpec defines the desired state of SriovNetwork
+              description: SriovNetworkSpec defines the desired state of SriovNetwork
-            properties:
+              properties:
-              capabilities:
+                capabilities:
-                description: |-
+                  description: |-
-                  Capabilities to be configured for this network.
+                    Capabilities to be configured for this network.
-                  Capabilities supported: (mac|ips), e.g. '{"mac": true}'
+                    Capabilities supported: (mac|ips), e.g. '{"mac": true}'
-                type: string
+                  type: string
-              ipam:
+                ipam:
-                description: IPAM configuration to be used for this network.
+                  description: IPAM configuration to be used for this network.
-                type: string
+                  type: string
-              linkState:
+                linkState:
-                description: VF link state (enable|disable|auto)
+                  description: VF link state (enable|disable|auto)
-                enum:
+                  enum:
-                - auto
+                    - auto
-                - enable
+                    - enable
-                - disable
+                    - disable
-                type: string
+                  type: string
-              logFile:
+                logFile:
-                description: |-
+                  description: |-
-                  LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
+                    LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
-                  to multus and container runtime logs.
+                    to multus and container runtime logs.
-                type: string
+                  type: string
-              logLevel:
+                logLevel:
-                default: info
+                  default: info
-                description: |-
+                  description: |-
-                  LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
+                    LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
-                  to info if left blank.
+                    to info if left blank.
-                enum:
+                  enum:
-                - panic
+                    - panic
-                - error
+                    - error
-                - warning
+                    - warning
-                - info
+                    - info
-                - debug
+                    - debug
-                - ""
+                    - ""
-                type: string
+                  type: string
-              maxTxRate:
+                maxTxRate:
-                description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
+                  description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
-                  rate limiting)
+                    rate limiting)
-                minimum: 0
+                  minimum: 0
-                type: integer
+                  type: integer
-              metaPlugins:
+                metaPlugins:
-                description: |-
+                  description: |-
-                  MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
+                    MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
-                  by the operator.
+                    by the operator.
-                type: string
+                  type: string
-              minTxRate:
+                minTxRate:
-                description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
+                  description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
-                  rate limiting). min_tx_rate should be <= max_tx_rate.
+                    rate limiting). min_tx_rate should be <= max_tx_rate.
-                minimum: 0
+                  minimum: 0
-                type: integer
+                  type: integer
-              networkNamespace:
+                networkNamespace:
-                description: Namespace of the NetworkAttachmentDefinition custom resource
+                  description: Namespace of the NetworkAttachmentDefinition custom resource
-                type: string
+                  type: string
-              resourceName:
+                resourceName:
-                description: SRIOV Network device plugin endpoint resource name
+                  description: SRIOV Network device plugin endpoint resource name
-                type: string
+                  type: string
-              spoofChk:
+                spoofChk:
-                description: VF spoof check, (on|off)
+                  description: VF spoof check, (on|off)
-                enum:
+                  enum:
-                - "on"
+                    - "on"
-                - "off"
+                    - "off"
-                type: string
+                  type: string
-              trust:
+                trust:
-                description: VF trust mode (on|off)
+                  description: VF trust mode (on|off)
-                enum:
+                  enum:
-                - "on"
+                    - "on"
-                - "off"
+                    - "off"
-                type: string
+                  type: string
-              vlan:
+                vlan:
-                description: VLAN ID to assign for the VF. Defaults to 0.
+                  description: VLAN ID to assign for the VF. Defaults to 0.
-                maximum: 4096
+                  maximum: 4096
-                minimum: 0
+                  minimum: 0
-                type: integer
+                  type: integer
-              vlanProto:
+                vlanProto:
-                description: VLAN proto to assign for the VF. Defaults to 802.1q.
+                  description: VLAN proto to assign for the VF. Defaults to 802.1q.
-                enum:
+                  enum:
-                - 802.1q
+                    - 802.1q
-                - 802.1Q
+                    - 802.1Q
-                - 802.1ad
+                    - 802.1ad
-                - 802.1AD
+                    - 802.1AD
-                type: string
+                  type: string
-              vlanQoS:
+                vlanQoS:
-                description: VLAN QoS ID to assign for the VF. Defaults to 0.
+                  description: VLAN QoS ID to assign for the VF. Defaults to 0.
-                maximum: 7
+                  maximum: 7
-                minimum: 0
+                  minimum: 0
-                type: integer
+                  type: integer
-            required:
+              required:
-            - resourceName
+                - resourceName
-            type: object
+              type: object
-          status:
+            status:
-            description: SriovNetworkStatus defines the observed state of SriovNetwork
+              description: SriovNetworkStatus defines the observed state of SriovNetwork
-            type: object
+              type: object
-        type: object
+          type: object
-    served: true
+      served: true
-    storage: true
+      storage: true
-    subresources:
+      subresources:
-      status: {}
+        status: {}

sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml

@@ -14,101 +14,101 @@ spec:
     singular: sriovoperatorconfig
   scope: Namespaced
   versions:
-  - name: v1
+    - name: v1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
+          description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
-          API
+            API
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: |-
+              description: |-
-              APIVersion defines the versioned schema of this representation of an object.
+                APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
+                Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
+                may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
+              type: string
-          kind:
+            kind:
-            description: |-
+              description: |-
-              Kind is a string value representing the REST resource this object represents.
+                Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
+                Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
+                Cannot be updated.
-              In CamelCase.
+                In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          spec:
+            spec:
-            description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
+              description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
-            properties:
+              properties:
-              configDaemonNodeSelector:
+                configDaemonNodeSelector:
-                additionalProperties:
+                  additionalProperties:
-                  type: string
+                    type: string
-                description: NodeSelector selects the nodes to be configured
+                  description: NodeSelector selects the nodes to be configured
-                type: object
+                  type: object
-              configurationMode:
+                configurationMode:
-                description: |-
+                  description: |-
-                  Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
+                    Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
-                  Default mode: daemon
+                    Default mode: daemon
-                enum:
-                - daemon
-                - systemd
-                type: string
-              disableDrain:
-                description: Flag to disable nodes drain during debugging
-                type: boolean
-              disablePlugins:
-                description: DisablePlugins is a list of sriov-network-config-daemon
-                  plugins to disable
-                items:
-                  description: PluginNameValue defines the plugin name
                   enum:
-                  - mellanox
+                    - daemon
+                    - systemd
                   type: string
-                type: array
+                disableDrain:
-              enableInjector:
+                  description: Flag to disable nodes drain during debugging
-                description: Flag to control whether the network resource injector
-                  webhook shall be deployed
-                type: boolean
-              enableOperatorWebhook:
-                description: Flag to control whether the operator admission controller
-                  webhook shall be deployed
-                type: boolean
-              enableOvsOffload:
-                description: Flag to enable OVS hardware offload. Set to 'true' to
-                  provision switchdev-configuration.service and enable OpenvSwitch
-                  hw-offload on nodes.
-                type: boolean
-              featureGates:
-                additionalProperties:
                   type: boolean
-                description: FeatureGates to enable experimental features
+                disablePlugins:
-                type: object
+                  description: DisablePlugins is a list of sriov-network-config-daemon
-              logLevel:
+                    plugins to disable
-                description: Flag to control the log verbose level of the operator.
+                  items:
-                  Set to '0' to show only the basic logs. And set to '2' to show all
+                    description: PluginNameValue defines the plugin name
-                  the available logs.
+                    enum:
-                maximum: 2
+                      - mellanox
-                minimum: 0
+                    type: string
-                type: integer
+                  type: array
-              useCDI:
+                enableInjector:
-                description: Flag to enable Container Device Interface mode for SR-IOV
+                  description: Flag to control whether the network resource injector
-                  Network Device Plugin
+                    webhook shall be deployed
-                type: boolean
+                  type: boolean
-            type: object
+                enableOperatorWebhook:
-          status:
+                  description: Flag to control whether the operator admission controller
-            description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
+                    webhook shall be deployed
-            properties:
+                  type: boolean
-              injector:
+                enableOvsOffload:
-                description: Show the runtime status of the network resource injector
+                  description: Flag to enable OVS hardware offload. Set to 'true' to
-                  webhook
+                    provision switchdev-configuration.service and enable OpenvSwitch
-                type: string
+                    hw-offload on nodes.
-              operatorWebhook:
+                  type: boolean
-                description: Show the runtime status of the operator admission controller
+                featureGates:
-                  webhook
+                  additionalProperties:
-                type: string
+                    type: boolean
-            type: object
+                  description: FeatureGates to enable experimental features
-        type: object
+                  type: object
-    served: true
+                logLevel:
-    storage: true
+                  description: Flag to control the log verbose level of the operator.
-    subresources:
+                    Set to '0' to show only the basic logs. And set to '2' to show all
-      status: {}
+                    the available logs.
+                  maximum: 2
+                  minimum: 0
+                  type: integer
+                useCDI:
+                  description: Flag to enable Container Device Interface mode for SR-IOV
+                    Network Device Plugin
+                  type: boolean
+              type: object
+            status:
+              description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
+              properties:
+                injector:
+                  description: Show the runtime status of the network resource injector
+                    webhook
+                  type: string
+                operatorWebhook:
+                  description: Show the runtime status of the operator admission controller
+                    webhook
+                  type: string
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}

sriov-network-device-plugin-image/Dockerfile

@@ -1,33 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%
-#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%-%RELEASE%
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-device-plugin hwdata gawk which; \
-    zypper -n clean; \
-    rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.sriov-network-device-plugin
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE sriov-network-device-plugin Container Image"
-LABEL org.opencontainers.image.description="sriov-network-device-plugin based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%sriov-network-device-plugin_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:%%sriov-network-device-plugin_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-ENTRYPOINT ["/entrypoint.sh"]

sriov-network-device-plugin-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service name="kiwi_metainfo_helper" mode="buildtime"/>
-  <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%sriov-network-device-plugin_version%%</param>
-    <param name="package">sriov-network-device-plugin</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

sriov-network-device-plugin/_service

@@ -1,20 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin</param>
-    <param name="scm">git</param>
-    <param name="revision">v3.10.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">antonio.alarcon@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">sriov-network-device-plugin.obsinfo</param>
-  </service>
-  <service name="go_modules" />
-  <service mode="buildtime" name="set_version" />
-</services>

sriov-network-device-plugin/sriov-network-device-plugin.spec

@@ -1,69 +0,0 @@
-#
-# spec file for package sriov-network-device-plugin
-#
-# Copyright (c) 2025 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           sriov-network-device-plugin
-Version:        0
-Release:        0
-Summary:        Kubernetes device plugin for discovering and advertising SR-IOV available resources in the host
-License:        Apache-2.0
-URL:            https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin
-Source:         %{name}-%{version}.tar
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.23
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-The SR-IOV Network Device Plugin is a Kubernetes device plugin for discovering and advertising networking resources in the form of
-(i) SR-IOV virtual functions [VFs], (ii) PCI physical functions [PFs] and (iii) Auxiliary network devices (in particular Subfunctions [SFs])
-which are available on a Kubernetes host.
-To deploy workloads with SR-IOV resources this plugin needs to work together a CNI meta plugin supporting Device Plugin based network
-provisioning (e.g., Multus CNI) and a CNI capable of consuming the SR-IOV network device allocated to the Pod (e.g., sriov-cni).
-
-List of supported SR-IOV devices (not limited to NICs): https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin/blob/main/README.md
-(select the right version/tag)
-
-%prep
-%autosetup -a1 -n %{name}-%{version} -p1
-
-%build
-# Following go-build settings have been taken from upstream Makefile (for the STATIC option, the one set by rancher/ecm hardened
-# image used as baseline: https://github.com/rancher/image-build-sriov-network-device-plugin/blob/v3.9.0-build20250425/Dockerfile#L18 ):
-#
-# - CGO being disabled:
-%define cgoenabled "0"
-# - go-build constrain (aka tag) "no_openssl" being set:
-%define buildgotags "no_openssl"
-# - go-build to invoke external linker (i.e., gcc's ld) to which "static" option is being passed
-%define buildldflags "-extldflags '-static'"
-# - force rebuilding of packages that are already up-to-date
-#define buildgoflags "-a"
-CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} ${buildgoflags} -tags %{buildgotags} -o sriovdp ./cmd/sriovdp
-
-%install
-install -D -m0755 sriovdp %{buildroot}%{_bindir}/sriovdp
-install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
-
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/sriovdp
-/entrypoint.sh
-
-%changelog

sriov-network-operator-chart/Chart.yaml

@@ -1,27 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0
+#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
-#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
-apiVersion: v2
-name: sriov-network-operator
-version: "%%CHART_MAJOR%%.0.4+up1.6.0"
-kubeVersion: '>= 1.24.0-0'
-appVersion: v1.6.0
-description: SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster
-type: application
-keywords:
-  - sriov
-home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
-sources:
-  - https://github.com/k8snetworkplumbingwg/sriov-network-operator
-icon: https://charts.rancher.io/assets/logos/sr-iov.svg
 annotations:
   catalog.cattle.io/auto-install: sriov-crd=match
   catalog.cattle.io/experimental: "true"
   catalog.cattle.io/namespace: cattle-sriov-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux
-  catalog.cattle.io/upstream-version: 1.6.0
+  catalog.cattle.io/upstream-version: 1.5.0
+apiVersion: v2
+appVersion: v1.5.0
 dependencies:
   - condition: sriov-nfd.enabled
     name: sriov-nfd
     repository: file://./charts/sriov-nfd
-    version: 0.18.2
+    version: 0.15.7
+description: SR-IOV network operator configures and manages SR-IOV networks in the
+  kubernetes cluster
+home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
+icon: https://charts.rancher.io/assets/logos/sr-iov.svg
+keywords:
+  - sriov
+kubeVersion: '>= 1.24.0-0'
+name: sriov-network-operator
+sources:
+  - https://github.com/k8snetworkplumbingwg/sriov-network-operator
+type: application
+version: "%%CHART_MAJOR%%.0.2+up1.5.0"

sriov-network-operator-chart/README.md

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
 #### Deploy from OCI repo
 
 ```
-$ helm install -n sriov-network-operator --create-namespace --version 1.5.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
+$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
 ```
 
 #### Deploy from project sources
@@ -84,12 +84,6 @@ We have introduced the following Chart parameters.
 | `operator.resourcePrefix` | string | `openshift.io` | Device plugin resource prefix |
 | `operator.cniBinPath` | string | `/opt/cni/bin` | Path for CNI binary |
 | `operator.clustertype` | string | `kubernetes` | Cluster environment type |
-| `operator.metricsExporter.port` | string | `9110` | Port where the Network Metrics Exporter listen |
-| `operator.metricsExporter.certificates.secretName` | string | `metrics-exporter-cert` | Secret name to serve metrics via TLS. The secret must have the same fields as `operator.admissionControllers.certificates.secretNames` |
-| `operator.metricsExporter.prometheusOperator.enabled` | bool | false | Wheter the operator shoud configure Prometheus resources or not (e.g. `ServiceMonitors`). |
-| `operator.metricsExporter.prometheusOperator.serviceAccount` | string | `prometheus-k8s` | The service account used by the Prometheus Operator. This is used to give Prometheus the permission to list resource in the SR-IOV operator namespace |
-| `operator.metricsExporter.prometheusOperator.namespace` | string | `monitoring` | The namespace where the Prometheus Operator is installed. Setting this variable makes the operator deploy `monitoring.coreos.com` resources. |
-| `operator.metricsExporter.prometheusOperator.deployRules` | bool | false | Whether the operator should deploy `PrometheusRules` to scrape namespace version of metrics. |
 
 #### Admission Controllers parameters
 
@@ -135,7 +129,7 @@ This section contains general parameters that apply to both the operator and dae
 | `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
 | `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
 
-**Note** 
+**Note**
 
 When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
 Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
@@ -148,13 +142,9 @@ Upon chart deletion, those files are not cleaned up. For cases where this is not
 | `images.sriovConfigDaemon` | Daemon node agent image |
 | `images.sriovCni` | SR-IOV CNI image |
 | `images.ibSriovCni` | InfiniBand SR-IOV CNI image |
-| `images.ovsCni` | OVS CNI image |
-| `images.rdmaCni` | RDMA CNI image              |
 | `images.sriovDevicePlugin` | SR-IOV device plugin image |
 | `images.resourcesInjector` | Resources Injector image |
 | `images.webhook` | Operator Webhook image |
-| `images.metricsExporter` | Network Metrics Exporter image |
-| `images.metricsExporterKubeRbacProxy` | Kube RBAC Proxy image used for metrics exporter |
 
 ### Extra objects parameters
 
@@ -164,4 +154,4 @@ Please note that any resources deployed using the `extraDeploy` in this Helm cha
 
 | Name | description |
 | ---- | ------------|
-|`extraDeploy`| Array of extra objects to deploy with the release |
+|`extraDeploy`| Array of extra objects to deploy with the release |

sriov-network-operator-chart/_service

@@ -7,12 +7,4 @@
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">values.yaml</param>
-    <param name="file">charts/sriov-nfd/values.yaml</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-  </service>
 </services>

sriov-network-operator-chart/app-README.md

@@ -0,0 +1,12 @@
+# Rancher SR-IOV Network Operator
+
+This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator](https://github.com/k8snetworkplumbingwg/sriov-network-operator) project. The chart deploys the SR-IOV Operator and its CRDs, which are designed to help the user provision and configure the SR-IOV CNI in a cluster that uses [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni), to provide high performing extra network interfaces to pods. This chart is expected to be deployed on an RKE2 cluster and only meant for advanced use cases where multiple CNI plugins and high performing network interfaces on pods are required. Users who do not need these features are not advised to install this chart.
+
+The chart installs the following components:
+
+- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
+- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
+
+Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
+
+The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

sriov-network-operator-chart/charts/sriov-nfd/.helmignore

@@ -20,4 +20,4 @@
 .project
 .idea/
 *.tmproj
-.vscode/
+.vscode/

sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml

@@ -1,15 +1,14 @@
 apiVersion: v2
-appVersion: v0.18.2
+appVersion: v0.15.7
-description: |
+description: Detects hardware features available on each node in a Kubernetes cluster,
-  Detects hardware features available on each node in a Kubernetes cluster, and advertises
+  and advertises those features using node labels
-  those features using node labels.
-name: sriov-nfd
-sources:
-- https://github.com/kubernetes-sigs/node-feature-discovery
 home: https://github.com/kubernetes-sigs/node-feature-discovery
 keywords:
   - feature-discovery
   - feature-detection
   - node-labels
+name: sriov-nfd
+sources:
+  - https://github.com/kubernetes-sigs/node-feature-discovery
 type: application
-version: 0.18.2
+version: 0.15.7

sriov-network-operator-chart/charts/sriov-nfd/README.md

@@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide
 range of vendor and application specific node labeling needs.
 
 See
-[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.18/deployment/helm.html)
+[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
-for deployment instructions.
+for deployment instructions.

sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl

@@ -104,35 +104,4 @@ Create the name of the service account which nfd-gc will use
 {{- else -}}
     {{ default "default" .Values.gc.serviceAccount.name }}
 {{- end -}}
-{{- end -}}
+{{- end -}}
-
-{{/*
-imagePullSecrets helper - uses local values or falls back to global values
-*/}}
-{{- define "node-feature-discovery.imagePullSecrets" -}}
-{{- $imagePullSecrets := list -}}
-{{- if .Values.imagePullSecrets -}}
-  {{- range .Values.imagePullSecrets -}}
-    {{- $imagePullSecrets = append $imagePullSecrets . -}}
-  {{- end -}}
-{{- else if and .Values.global .Values.global.imagePullSecrets -}}
-  {{- range .Values.global.imagePullSecrets -}}
-    {{- $imagePullSecrets = append $imagePullSecrets . -}}
-  {{- end -}}
-{{- end -}}
-{{- if $imagePullSecrets -}}
-{{- $imagePullSecrets | toJson }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-system_default_registry helper - prints global value "cattle.systemDefaultRegistry" (adding a "/" at the end) 
-or empty string (if this global Helm param. not defined)
-*/}}
-{{- define "node-feature-discovery.system_default_registry" -}}
-{{- if .Values.global.cattle.systemDefaultRegistry -}}
-  {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
-{{- else -}}
-  {{- "" -}}
-{{- end -}}
-{{- end -}}

sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml

@@ -0,0 +1,68 @@
+{{- if .Values.tls.certManager }}
+{{- if .Values.master.enable }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nfd-master-cert
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  secretName: nfd-master-cert
+  subject:
+    organizations:
+      - node-feature-discovery
+  commonName: nfd-master
+  dnsNames:
+    # must match the service name
+    - {{ include "node-feature-discovery.fullname" . }}-master
+    # first one is configured for use by the worker; below are for completeness
+    - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc
+    - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
+  issuerRef:
+    name: nfd-ca-issuer
+    kind: Issuer
+    group: cert-manager.io
+{{- end }}
+---
+{{- if .Values.worker.enable }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nfd-worker-cert
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  secretName: nfd-worker-cert
+  subject:
+    organizations:
+      - node-feature-discovery
+  commonName: nfd-worker
+  dnsNames:
+    - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
+  issuerRef:
+    name: nfd-ca-issuer
+    kind: Issuer
+    group: cert-manager.io
+{{- end }}
+
+{{- if .Values.topologyUpdater.enable }}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nfd-topology-updater-cert
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  secretName: nfd-topology-updater-cert
+  subject:
+    organizations:
+      - node-feature-discovery
+  commonName: nfd-topology-updater
+  dnsNames:
+    - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" .  }}.svc.cluster.local
+  issuerRef:
+    name: nfd-ca-issuer
+    kind: Issuer
+    group: cert-manager.io
+{{- end }}
+
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml

@@ -0,0 +1,42 @@
+{{- if .Values.tls.certManager }}
+  # See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
+  # - Create a self signed issuer
+  # - Use this to create a CA cert
+  # - Use this to now create a CA issuer
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: nfd-ca-bootstrap
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  selfSigned: {}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nfd-ca-cert
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  isCA: true
+  secretName: nfd-ca-cert
+  subject:
+    organizations:
+      - node-feature-discovery
+  commonName: nfd-ca-cert
+  issuerRef:
+    name: nfd-ca-bootstrap
+    kind: Issuer
+    group: cert-manager.io
+
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: nfd-ca-issuer
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+spec:
+  ca:
+    secretName: nfd-ca-cert
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml

@@ -6,55 +6,40 @@ metadata:
   labels:
     {{- include "node-feature-discovery.labels" . | nindent 4 }}
 rules:
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - namespaces
+      - nodes
-  verbs:
+      - nodes/status
-  - watch
+    verbs:
-  - list
+      - get
-- apiGroups:
+      - patch
-  - ""
+      - update
-  resources:
+      - list
-  - nodes
+  - apiGroups:
-  - nodes/status
+      - nfd.k8s-sigs.io
-  verbs:
+    resources:
-  - get
+      - nodefeatures
-  - patch
+      - nodefeaturerules
-  - update
+    verbs:
-  - list
+      - get
-- apiGroups:
+      - list
-  - nfd.k8s-sigs.io
+      - watch
-  resources:
+  - apiGroups:
-  - nodefeatures
+      - coordination.k8s.io
-  - nodefeaturerules
+    resources:
-  - nodefeaturegroups
+      - leases
-  verbs:
+    verbs:
-  - get
+      - create
-  - list
+  - apiGroups:
-  - watch
+      - coordination.k8s.io
-- apiGroups:
+    resources:
-  - nfd.k8s-sigs.io
+      - leases
-  resources:
+    resourceNames:
-  - nodefeaturegroups/status
+      - "nfd-master.nfd.kubernetes.io"
-  verbs:
+    verbs:
-  - patch
+      - get
-  - update
+      - update
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - create
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  resourceNames:
-  - "nfd-master.nfd.kubernetes.io"
-  verbs:
-  - get
-  - update
 {{- end }}
 
 {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -66,42 +51,36 @@ metadata:
   labels:
     {{- include "node-feature-discovery.labels" . | nindent 4 }}
 rules:
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - nodes
+      - nodes
-  verbs:
+    verbs:
-  - get
+      - get
-  - list
+      - list
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - namespaces
+      - nodes/proxy
-  verbs:
+    verbs:
-  - get
+      - get
-- apiGroups:
+  - apiGroups:
-    - ""
+      - ""
-  resources:
+    resources:
-    - nodes/proxy
+      - pods
-  verbs:
+    verbs:
-    - get
+      - get
-- apiGroups:
+  - apiGroups:
-  - ""
+      - topology.node.k8s.io
-  resources:
+    resources:
-  - pods
+      - noderesourcetopologies
-  verbs:
+    verbs:
-  - get
+      - create
-- apiGroups:
+      - get
-  - topology.node.k8s.io
+      - update
-  resources:
-  - noderesourcetopologies
-  verbs:
-  - create
-  - get
-  - update
 {{- end }}
 
-{{- if and .Values.gc.enable .Values.gc.rbac.create }}
+{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -110,31 +89,31 @@ metadata:
   labels:
     {{- include "node-feature-discovery.labels" . | nindent 4 }}
 rules:
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - nodes
+      - nodes
-  verbs:
+    verbs:
-  - list
+      - list
-  - watch
+      - watch
-- apiGroups:
+  - apiGroups:
-  - ""
+      - ""
-  resources:
+    resources:
-  - nodes/proxy
+      - nodes/proxy
-  verbs:
+    verbs:
-  - get
+      - get
-- apiGroups:
+  - apiGroups:
-  - topology.node.k8s.io
+      - topology.node.k8s.io
-  resources:
+    resources:
-  - noderesourcetopologies
+      - noderesourcetopologies
-  verbs:
+    verbs:
-  - delete
+      - delete
-  - list
+      - list
-- apiGroups:
+  - apiGroups:
-  - nfd.k8s-sigs.io
+      - nfd.k8s-sigs.io
-  resources:
+    resources:
-  - nodefeatures
+      - nodefeatures
-  verbs:
+    verbs:
-  - delete
+      - delete
-  - list
+      - list
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml

@@ -10,9 +10,9 @@ roleRef:
   kind: ClusterRole
   name: {{ include "node-feature-discovery.fullname" . }}
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
+    name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
-  namespace: {{ include "node-feature-discovery.namespace" .  }}
+    namespace: {{ include "node-feature-discovery.namespace" .  }}
 {{- end }}
 
 {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -28,12 +28,12 @@ roleRef:
   kind: ClusterRole
   name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
+    name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
-  namespace: {{ include "node-feature-discovery.namespace" .  }}
+    namespace: {{ include "node-feature-discovery.namespace" .  }}
 {{- end }}
 
-{{- if and .Values.gc.enable .Values.gc.rbac.create }}
+{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -46,7 +46,7 @@ roleRef:
   kind: ClusterRole
   name: {{ include "node-feature-discovery.fullname" . }}-gc
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
+    name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
-  namespace: {{ include "node-feature-discovery.namespace" .  }}
+    namespace: {{ include "node-feature-discovery.namespace" .  }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.master.enable }}
-{{- if .Values.master.podDisruptionBudget.enable -}}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name:  {{ include "node-feature-discovery.fullname" . }}-master
-  namespace: {{ include "node-feature-discovery.namespace" . }}
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
-      role: master
-{{- toYaml (omit .Values.master.podDisruptionBudget "enable") | nindent 2 }}
-{{- end }}
-{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml

@@ -13,7 +13,6 @@ metadata:
   {{- end }}
 spec:
   replicas: {{ .Values.master.replicaCount }}
-  revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }}
   selector:
     matchLabels:
       {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -23,90 +22,46 @@ spec:
       labels:
         {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
         role: master
+      {{- with .Values.master.annotations }}
       annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/nfd-master-conf.yaml") . | sha256sum }}
-        {{- with .Values.master.annotations }}
         {{- toYaml . | nindent 8 }}
-        {{- end }}
+      {{- end }}
     spec:
-      dnsPolicy: {{ .Values.master.dnsPolicy }}
+    {{- with .Values.imagePullSecrets }}
-    {{- with .Values.priorityClassName }}
+      imagePullSecrets:
-      priorityClassName: {{ . }}
+        {{- toYaml . | nindent 8 }}
     {{- end }}
-      imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
       serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }}
       enableServiceLinks: false
       securityContext:
         {{- toYaml .Values.master.podSecurityContext | nindent 8 }}
-      hostNetwork: {{ .Values.master.hostNetwork }}
       containers:
         - name: master
           securityContext:
             {{- toYaml .Values.master.securityContext | nindent 12 }}
-          image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          startupProbe:
-            httpGet:
-              path: /healthz
-              port: http
-          {{- with .Values.master.startupProbe.initialDelaySeconds }}
-            initialDelaySeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.startupProbe.failureThreshold }}
-            failureThreshold: {{ . }}
-          {{- end }}
-          {{- with .Values.master.startupProbe.periodSeconds }}
-            periodSeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.startupProbe.timeoutSeconds }}
-            timeoutSeconds: {{ . }}
-          {{- end }}
           livenessProbe:
-            httpGet:
+            grpc:
-              path: /healthz
+              port: 8080
-              port: http
+            initialDelaySeconds: 10
-          {{- with .Values.master.livenessProbe.initialDelaySeconds }}
+            periodSeconds: 10
-            initialDelaySeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.livenessProbe.failureThreshold }}
-            failureThreshold: {{ . }}
-          {{- end }}
-          {{- with .Values.master.livenessProbe.periodSeconds }}
-            periodSeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.livenessProbe.timeoutSeconds }}
-            timeoutSeconds: {{ . }}
-          {{- end }}
           readinessProbe:
-            httpGet:
+            grpc:
-              path: /healthz
+              port: 8080
-              port: http
+            initialDelaySeconds: 5
-          {{- with .Values.master.readinessProbe.initialDelaySeconds }}
+            periodSeconds: 10
-            initialDelaySeconds: {{ . }}
+            failureThreshold: 10
-          {{- end }}
-          {{- with .Values.master.readinessProbe.failureThreshold }}
-            failureThreshold: {{ . }}
-          {{- end }}
-          {{- with .Values.master.readinessProbe.periodSeconds }}
-            periodSeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.readinessProbe.timeoutSeconds }}
-            timeoutSeconds: {{ . }}
-          {{- end }}
-          {{- with .Values.master.readinessProbe.successThreshold }}
-            successThreshold: {{ . }}
-          {{- end }}
           ports:
-          - containerPort: {{ .Values.master.port | default "8080" }}
+            - containerPort: {{ .Values.master.port | default "8080" }}
-            name: http
+              name: grpc
+            - containerPort: {{ .Values.master.metricsPort | default "8081" }}
+              name: metrics
           env:
-          - name: NODE_NAME
+            - name: NODE_NAME
-            valueFrom:
+              valueFrom:
-              fieldRef:
+                fieldRef:
-                fieldPath: spec.nodeName
+                  fieldPath: spec.nodeName
-        {{- with .Values.master.extraEnvs }}
-          {{- toYaml . | nindent 10 }}
-        {{- end}}
           command:
             - "nfd-master"
           resources:
@@ -115,35 +70,60 @@ spec:
             {{- if .Values.master.instance | empty | not }}
             - "-instance={{ .Values.master.instance }}"
             {{- end }}
+            {{- if not .Values.enableNodeFeatureApi }}
+            - "-port={{ .Values.master.port | default "8080" }}"
+            - "-enable-nodefeature-api=false"
+            {{- else if gt (int .Values.master.replicaCount) 1 }}
             - "-enable-leader-election"
+            {{- end }}
             {{- if .Values.master.extraLabelNs | empty | not }}
             - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}"
             {{- end }}
             {{- if .Values.master.denyLabelNs | empty | not }}
             - "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}"
             {{- end }}
+            {{- if .Values.master.resourceLabels | empty | not }}
+            - "-resource-labels={{- join "," .Values.master.resourceLabels }}"
+            {{- end }}
             {{- if .Values.master.enableTaints }}
             - "-enable-taints"
             {{- end }}
+            {{- if .Values.master.crdController | kindIs "invalid" | not }}
+            - "-crd-controller={{ .Values.master.crdController }}"
+            {{- else }}
+            ## By default, disable crd controller for other than the default instances
+            - "-crd-controller={{ .Values.master.instance | empty }}"
+            {{- end }}
+            {{- if .Values.master.featureRulesController | kindIs "invalid" | not }}
+            - "-featurerules-controller={{ .Values.master.featureRulesController }}"
+            {{- end }}
             {{- if .Values.master.resyncPeriod }}
             - "-resync-period={{ .Values.master.resyncPeriod }}"
             {{- end }}
             {{- if .Values.master.nfdApiParallelism | empty | not }}
             - "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}"
             {{- end }}
-            # Go over featureGates and add the feature-gate flag
+            {{- if .Values.tls.enable }}
-            {{- range $key, $value := .Values.featureGates }}
+            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
-            - "-feature-gates={{ $key }}={{ $value }}"
+            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
-            {{- end }}
+            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
-            - "-port={{ .Values.master.port | default "8080" }}"
-            {{- with .Values.master.extraArgs }}
-            {{- toYaml . | nindent 12 }}
             {{- end }}
+            - "-metrics={{ .Values.master.metricsPort  | default "8081" }}"
           volumeMounts:
+            {{- if .Values.tls.enable }}
+            - name: nfd-master-cert
+              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+              readOnly: true
+            {{- end }}
             - name: nfd-master-conf
               mountPath: "/etc/kubernetes/node-feature-discovery"
               readOnly: true
       volumes:
+        {{- if .Values.tls.enable }}
+        - name: nfd-master-cert
+          secret:
+            secretName: nfd-master-cert
+        {{- end }}
         - name: nfd-master-conf
           configMap:
             name: {{ include "node-feature-discovery.fullname" . }}-master-conf
@@ -162,4 +142,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml

@@ -1,17 +0,0 @@
-{{- if .Values.gc.enable }}
-{{- if .Values.gc.podDisruptionBudget.enable -}}
-apiVersion: policy/v1
-kind: PodDisruptionBudget
-metadata:
-  name:  {{ include "node-feature-discovery.fullname" . }}-gc
-  namespace: {{ include "node-feature-discovery.namespace" . }}
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
-      role: gc
-{{- toYaml (omit .Values.gc.podDisruptionBudget "enable") | nindent 2 }}
-{{- end }}
-{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.gc.enable -}}
+{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -13,7 +13,6 @@ metadata:
   {{- end }}
 spec:
   replicas: {{ .Values.gc.replicaCount | default 1 }}
-  revisionHistoryLimit: {{ .Values.gc.revisionHistoryLimit }}
   selector:
     matchLabels:
       {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -29,81 +28,39 @@ spec:
       {{- end }}
     spec:
       serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
-      dnsPolicy: {{ .Values.gc.dnsPolicy }}
+      dnsPolicy: ClusterFirstWithHostNet
-    {{- with .Values.priorityClassName }}
+    {{- with .Values.imagePullSecrets }}
-      priorityClassName: {{ . }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
     {{- end }}
-      imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
       securityContext:
         {{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
-      hostNetwork: {{ .Values.gc.hostNetwork }}
       containers:
-      - name: gc
+        - name: gc
-        image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-        livenessProbe:
+          env:
-          httpGet:
+            - name: NODE_NAME
-            path: /healthz
+              valueFrom:
-            port: http
+                fieldRef:
-        {{- with .Values.gc.livenessProbe.initialDelaySeconds }}
+                  fieldPath: spec.nodeName
-          initialDelaySeconds: {{ . }}
+          command:
-        {{- end }}
+            - "nfd-gc"
-        {{- with .Values.gc.livenessProbe.failureThreshold }}
+          args:
-          failureThreshold: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.livenessProbe.periodSeconds }}
-          periodSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.livenessProbe.timeoutSeconds }}
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: http
-        {{- with .Values.gc.readinessProbe.initialDelaySeconds }}
-          initialDelaySeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.readinessProbe.failureThreshold }}
-          failureThreshold: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.readinessProbe.periodSeconds }}
-          periodSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.readinessProbe.timeoutSeconds }}
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.gc.readinessProbe.successThreshold }}
-          successThreshold: {{ . }}
-        {{- end }}
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-      {{- with .Values.gc.extraEnvs }}
-        {{- toYaml . | nindent 8 }}
-      {{- end}}
-        command:
-          - "nfd-gc"
-        args:
           {{- if .Values.gc.interval | empty | not }}
-          - "-gc-interval={{ .Values.gc.interval }}"
+            - "-gc-interval={{ .Values.gc.interval }}"
           {{- end }}
-          {{- with .Values.gc.extraArgs }}
+          resources:
-          {{- toYaml . | nindent 10 }}
-          {{- end }}
-        resources:
       {{- toYaml .Values.gc.resources | nindent 12 }}
-        securityContext:
+          securityContext:
-          allowPrivilegeEscalation: false
+            allowPrivilegeEscalation: false
-          capabilities:
+            capabilities:
-            drop: [ "ALL" ]
+              drop: [ "ALL" ]
-          readOnlyRootFilesystem: true
+            readOnlyRootFilesystem: true
-          runAsNonRoot: true
+            runAsNonRoot: true
-        ports:
+          ports:
-          - name: http
+            - name: metrics
-            containerPort: {{ .Values.gc.port | default "8080"}}
+              containerPort: {{ .Values.gc.metricsPort | default "8081"}}
 
     {{- with .Values.gc.nodeSelector }}
       nodeSelector:
@@ -117,4 +74,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml

@@ -9,4 +9,4 @@ metadata:
 data:
   nfd-master.conf: |-
     {{- .Values.master.config | toYaml | nindent 4 }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml

@@ -1,4 +1,3 @@
-{{- if .Values.topologyUpdater.enable -}}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -8,5 +7,4 @@ metadata:
   {{- include "node-feature-discovery.labels" . | nindent 4 }}
 data:
   nfd-topology-updater.conf: |-
-    {{- .Values.topologyUpdater.config | toYaml | nindent 4 }}
+    {{- .Values.topologyUpdater.config | toYaml | nindent 4 }}
-{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml

@@ -9,4 +9,4 @@ metadata:
 data:
   nfd-worker.conf: |-
     {{- .Values.worker.config | toYaml | nindent 4 }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml

@@ -1,101 +0,0 @@
-{{- if .Values.postDeleteCleanup }}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "node-feature-discovery.fullname" . }}-prune
-  namespace: {{ include "node-feature-discovery.namespace" . }}
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: {{ include "node-feature-discovery.fullname" . }}-prune
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - nodes
-  - nodes/status
-  verbs:
-  - get
-  - patch
-  - update
-  - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ include "node-feature-discovery.fullname" . }}-prune
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ include "node-feature-discovery.fullname" . }}-prune
-subjects:
-- kind: ServiceAccount
-  name: {{ include "node-feature-discovery.fullname" . }}-prune
-  namespace: {{ include "node-feature-discovery.namespace" .  }}
----
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name:  {{ include "node-feature-discovery.fullname" . }}-prune
-  namespace: {{ include "node-feature-discovery.namespace" . }}
-  labels:
-    {{- include "node-feature-discovery.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-delete
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-spec:
-  template:
-    metadata:
-      labels:
-        {{- include "node-feature-discovery.labels" . | nindent 8 }}
-        role: prune
-    spec:
-      serviceAccountName: {{ include "node-feature-discovery.fullname" . }}-prune
-      imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
-      containers:
-        - name: nfd-master
-          securityContext:
-            {{- toYaml .Values.master.securityContext | nindent 12 }}
-          image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command:
-            - "nfd-master"
-          args:
-            - "-prune"
-            {{- if .Values.master.instance | empty | not }}
-            - "-instance={{ .Values.master.instance }}"
-            {{- end }}
-      restartPolicy: Never
-      {{- with .Values.master.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.master.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.master.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.master.resources }}
-      resources:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml

@@ -12,15 +12,15 @@ metadata:
 spec:
   podMetricsEndpoints:
     - honorLabels: true
-      interval: {{ .Values.prometheus.scrapeInterval }}
+      interval: 10s
       path: /metrics
-      port: http
+      port: metrics
       scheme: http
   namespaceSelector:
     matchNames:
-    - {{ include "node-feature-discovery.namespace" . }}
+      - {{ include "node-feature-discovery.namespace" . }}
   selector:
     matchExpressions:
-    - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
+      - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
-    - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
+      - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml

@@ -7,19 +7,18 @@ metadata:
   labels:
     {{- include "node-feature-discovery.labels" . | nindent 4 }}
 rules:
-- apiGroups:
+  - apiGroups:
-  - nfd.k8s-sigs.io
+      - nfd.k8s-sigs.io
-  resources:
+    resources:
-  - nodefeatures
+      - nodefeatures
-  verbs:
+    verbs:
-  - create
+      - create
-  - get
+      - get
-  - update
+      - update
-  - delete
+  - apiGroups:
-- apiGroups:
+      - ""
-  - ""
+    resources:
-  resources:
+      - pods
-  - pods
+    verbs:
-  verbs:
+      - get
-  - get
+{{- end }}
-{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml

@@ -11,8 +11,7 @@ roleRef:
   kind: Role
   name: {{ include "node-feature-discovery.fullname" . }}-worker
 subjects:
-- kind: ServiceAccount
+  - kind: ServiceAccount
-  name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
+    name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
-  namespace: {{ include "node-feature-discovery.namespace" .  }}
+    namespace: {{ include "node-feature-discovery.namespace" .  }}
 {{- end }}
-

sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml

@@ -0,0 +1,20 @@
+{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "node-feature-discovery.fullname" . }}-master
+  namespace: {{ include "node-feature-discovery.namespace" . }}
+  labels:
+    {{- include "node-feature-discovery.labels" . | nindent 4 }}
+    role: master
+spec:
+  type: {{ .Values.master.service.type }}
+  ports:
+    - port: {{ .Values.master.service.port | default "8080" }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+  selector:
+    {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
+    role: master
+{{- end}}

sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml

@@ -27,7 +27,7 @@ metadata:
   {{- end }}
 {{- end }}
 
-{{- if and .Values.gc.enable .Values.gc.serviceAccount.create }}
+{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -55,4 +55,4 @@ metadata:
   annotations:
     {{- toYaml . | nindent 4 }}
   {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml

@@ -14,265 +14,265 @@ spec:
     listKind: NodeResourceTopologyList
     plural: noderesourcetopologies
     shortNames:
-    - node-res-topo
+      - node-res-topo
     singular: noderesourcetopology
   scope: Cluster
   versions:
-  - name: v1alpha1
+    - name: v1alpha1
-    schema:
+      schema:
-      openAPIV3Schema:
+        openAPIV3Schema:
-        description: NodeResourceTopology describes node resources and their topology.
+          description: NodeResourceTopology describes node resources and their topology.
-        properties:
+          properties:
-          apiVersion:
+            apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+              description: 'APIVersion defines the versioned schema of this representation
               of an object. Servers should convert recognized schemas to the latest
               internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
-          metadata:
-            type: object
-          topologyPolicies:
-            items:
               type: string
-            type: array
+            kind:
-          zones:
+              description: 'Kind is a string value representing the REST resource this
-            description: ZoneList contains an array of Zone objects.
-            items:
-              description: Zone represents a resource topology zone, e.g. socket,
-                node, die or core.
-              properties:
-                attributes:
-                  description: AttributeList contains an array of AttributeInfo objects.
-                  items:
-                    description: AttributeInfo contains one attribute of a Zone.
-                    properties:
-                      name:
-                        type: string
-                      value:
-                        type: string
-                    required:
-                    - name
-                    - value
-                    type: object
-                  type: array
-                costs:
-                  description: CostList contains an array of CostInfo objects.
-                  items:
-                    description: CostInfo describes the cost (or distance) between
-                      two Zones.
-                    properties:
-                      name:
-                        type: string
-                      value:
-                        format: int64
-                        type: integer
-                    required:
-                    - name
-                    - value
-                    type: object
-                  type: array
-                name:
-                  type: string
-                parent:
-                  type: string
-                resources:
-                  description: ResourceInfoList contains an array of ResourceInfo
-                    objects.
-                  items:
-                    description: ResourceInfo contains information about one resource
-                      type.
-                    properties:
-                      allocatable:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: Allocatable quantity of the resource, corresponding
-                          to allocatable in node status, i.e. total amount of this
-                          resource available to be used by pods.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
-                      available:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: Available is the amount of this resource currently
-                          available for new (to be scheduled) pods, i.e. Allocatable
-                          minus the resources reserved by currently running pods.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
-                      capacity:
-                        anyOf:
-                        - type: integer
-                        - type: string
-                        description: Capacity of the resource, corresponding to capacity
-                          in node status, i.e. total amount of this resource that
-                          the node has.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
-                      name:
-                        description: Name of the resource.
-                        type: string
-                    required:
-                    - allocatable
-                    - available
-                    - capacity
-                    - name
-                    type: object
-                  type: array
-                type:
-                  type: string
-              required:
-              - name
-              - type
-              type: object
-            type: array
-        required:
-        - topologyPolicies
-        - zones
-        type: object
-    served: true
-    storage: false
-  - name: v1alpha2
-    schema:
-      openAPIV3Schema:
-        description: NodeResourceTopology describes node resources and their topology.
-        properties:
-          apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-            type: string
-          attributes:
-            description: AttributeList contains an array of AttributeInfo objects.
-            items:
-              description: AttributeInfo contains one attribute of a Zone.
-              properties:
-                name:
-                  type: string
-                value:
-                  type: string
-              required:
-              - name
-              - value
-              type: object
-            type: array
-          kind:
-            description: 'Kind is a string value representing the REST resource this
               object represents. Servers may infer this from the endpoint the client
               submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-            type: string
+              type: string
-          metadata:
+            metadata:
-            type: object
+              type: object
-          topologyPolicies:
+            topologyPolicies:
-            description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
+              items:
+                type: string
+              type: array
+            zones:
+              description: ZoneList contains an array of Zone objects.
+              items:
+                description: Zone represents a resource topology zone, e.g. socket,
+                  node, die or core.
+                properties:
+                  attributes:
+                    description: AttributeList contains an array of AttributeInfo objects.
+                    items:
+                      description: AttributeInfo contains one attribute of a Zone.
+                      properties:
+                        name:
+                          type: string
+                        value:
+                          type: string
+                      required:
+                        - name
+                        - value
+                      type: object
+                    type: array
+                  costs:
+                    description: CostList contains an array of CostInfo objects.
+                    items:
+                      description: CostInfo describes the cost (or distance) between
+                        two Zones.
+                      properties:
+                        name:
+                          type: string
+                        value:
+                          format: int64
+                          type: integer
+                      required:
+                        - name
+                        - value
+                      type: object
+                    type: array
+                  name:
+                    type: string
+                  parent:
+                    type: string
+                  resources:
+                    description: ResourceInfoList contains an array of ResourceInfo
+                      objects.
+                    items:
+                      description: ResourceInfo contains information about one resource
+                        type.
+                      properties:
+                        allocatable:
+                          anyOf:
+                            - type: integer
+                            - type: string
+                          description: Allocatable quantity of the resource, corresponding
+                            to allocatable in node status, i.e. total amount of this
+                            resource available to be used by pods.
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        available:
+                          anyOf:
+                            - type: integer
+                            - type: string
+                          description: Available is the amount of this resource currently
+                            available for new (to be scheduled) pods, i.e. Allocatable
+                            minus the resources reserved by currently running pods.
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        capacity:
+                          anyOf:
+                            - type: integer
+                            - type: string
+                          description: Capacity of the resource, corresponding to capacity
+                            in node status, i.e. total amount of this resource that
+                            the node has.
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        name:
+                          description: Name of the resource.
+                          type: string
+                      required:
+                        - allocatable
+                        - available
+                        - capacity
+                        - name
+                      type: object
+                    type: array
+                  type:
+                    type: string
+                required:
+                  - name
+                  - type
+                type: object
+              type: array
+          required:
+            - topologyPolicies
+            - zones
+          type: object
+      served: true
+      storage: false
+    - name: v1alpha2
+      schema:
+        openAPIV3Schema:
+          description: NodeResourceTopology describes node resources and their topology.
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            attributes:
+              description: AttributeList contains an array of AttributeInfo objects.
+              items:
+                description: AttributeInfo contains one attribute of a Zone.
+                properties:
+                  name:
+                    type: string
+                  value:
+                    type: string
+                required:
+                  - name
+                  - value
+                type: object
+              type: array
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            topologyPolicies:
+              description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
               if needed'
-            items:
+              items:
-              type: string
+                type: string
-            type: array
+              type: array
-          zones:
+            zones:
-            description: ZoneList contains an array of Zone objects.
+              description: ZoneList contains an array of Zone objects.
-            items:
+              items:
-              description: Zone represents a resource topology zone, e.g. socket,
+                description: Zone represents a resource topology zone, e.g. socket,
-                node, die or core.
+                  node, die or core.
-              properties:
+                properties:
-                attributes:
+                  attributes:
-                  description: AttributeList contains an array of AttributeInfo objects.
+                    description: AttributeList contains an array of AttributeInfo objects.
-                  items:
+                    items:
-                    description: AttributeInfo contains one attribute of a Zone.
+                      description: AttributeInfo contains one attribute of a Zone.
-                    properties:
+                      properties:
-                      name:
+                        name:
-                        type: string
+                          type: string
-                      value:
+                        value:
-                        type: string
+                          type: string
-                    required:
+                      required:
-                    - name
+                        - name
-                    - value
+                        - value
-                    type: object
+                      type: object
-                  type: array
+                    type: array
-                costs:
+                  costs:
-                  description: CostList contains an array of CostInfo objects.
+                    description: CostList contains an array of CostInfo objects.
-                  items:
+                    items:
-                    description: CostInfo describes the cost (or distance) between
+                      description: CostInfo describes the cost (or distance) between
-                      two Zones.
+                        two Zones.
-                    properties:
+                      properties:
-                      name:
+                        name:
-                        type: string
+                          type: string
-                      value:
+                        value:
-                        format: int64
+                          format: int64
-                        type: integer
+                          type: integer
-                    required:
+                      required:
-                    - name
+                        - name
-                    - value
+                        - value
-                    type: object
+                      type: object
-                  type: array
+                    type: array
-                name:
+                  name:
-                  type: string
+                    type: string
-                parent:
+                  parent:
-                  type: string
+                    type: string
-                resources:
+                  resources:
-                  description: ResourceInfoList contains an array of ResourceInfo
+                    description: ResourceInfoList contains an array of ResourceInfo
-                    objects.
+                      objects.
-                  items:
+                    items:
-                    description: ResourceInfo contains information about one resource
+                      description: ResourceInfo contains information about one resource
-                      type.
+                        type.
-                    properties:
+                      properties:
-                      allocatable:
+                        allocatable:
-                        anyOf:
+                          anyOf:
-                        - type: integer
+                            - type: integer
-                        - type: string
+                            - type: string
-                        description: Allocatable quantity of the resource, corresponding
+                          description: Allocatable quantity of the resource, corresponding
-                          to allocatable in node status, i.e. total amount of this
+                            to allocatable in node status, i.e. total amount of this
-                          resource available to be used by pods.
+                            resource available to be used by pods.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
+                          x-kubernetes-int-or-string: true
-                      available:
+                        available:
-                        anyOf:
+                          anyOf:
-                        - type: integer
+                            - type: integer
-                        - type: string
+                            - type: string
-                        description: Available is the amount of this resource currently
+                          description: Available is the amount of this resource currently
-                          available for new (to be scheduled) pods, i.e. Allocatable
+                            available for new (to be scheduled) pods, i.e. Allocatable
-                          minus the resources reserved by currently running pods.
+                            minus the resources reserved by currently running pods.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
+                          x-kubernetes-int-or-string: true
-                      capacity:
+                        capacity:
-                        anyOf:
+                          anyOf:
-                        - type: integer
+                            - type: integer
-                        - type: string
+                            - type: string
-                        description: Capacity of the resource, corresponding to capacity
+                          description: Capacity of the resource, corresponding to capacity
-                          in node status, i.e. total amount of this resource that
+                            in node status, i.e. total amount of this resource that
-                          the node has.
+                            the node has.
-                        pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
-                        x-kubernetes-int-or-string: true
+                          x-kubernetes-int-or-string: true
-                      name:
+                        name:
-                        description: Name of the resource.
+                          description: Name of the resource.
-                        type: string
+                          type: string
-                    required:
+                      required:
-                    - allocatable
+                        - allocatable
-                    - available
+                        - available
-                    - capacity
+                        - capacity
-                    - name
+                        - name
-                    type: object
+                      type: object
-                  type: array
+                    type: array
-                type:
+                  type:
-                  type: string
+                    type: string
-              required:
+                required:
-              - name
+                  - name
-              - type
+                  - type
-              type: object
+                type: object
-            type: array
+              type: array
-        required:
+          required:
-        - zones
+            - zones
-        type: object
+          type: object
-    served: true
+      served: true
-    storage: true
+      storage: true
 status:
   acceptedNames:
     kind: ""
     plural: ""
   conditions: []
   storedVersions: []
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml

@@ -12,7 +12,6 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  revisionHistoryLimit: {{ .Values.topologyUpdater.revisionHistoryLimit }}
   selector:
     matchLabels:
       {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -22,152 +21,125 @@ spec:
       labels:
         {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
         role: topology-updater
+      {{- with .Values.topologyUpdater.annotations }}
       annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/nfd-topologyupdater-conf.yaml") . | sha256sum }}
-        {{- with .Values.topologyUpdater.annotations }}
         {{- toYaml . | nindent 8 }}
-        {{- end }}
+      {{- end }}
     spec:
       serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
-      dnsPolicy: {{ .Values.topologyUpdater.dnsPolicy }}
+      dnsPolicy: ClusterFirstWithHostNet
-    {{- with .Values.priorityClassName }}
+    {{- with .Values.imagePullSecrets }}
-      priorityClassName: {{ . }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
     {{- end }}
-      imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
       securityContext:
         {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
-      hostNetwork: {{ .Values.topologyUpdater.hostNetwork }}
       containers:
-      - name: topology-updater
+        - name: topology-updater
-        image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+          imagePullPolicy: "{{ .Values.image.pullPolicy }}"
-        livenessProbe:
+          env:
-          httpGet:
+            - name: NODE_NAME
-            path: /healthz
+              valueFrom:
-            port: http
+                fieldRef:
-        {{- with .Values.topologyUpdater.livenessProbe.initialDelaySeconds }}
+                  fieldPath: spec.nodeName
-          initialDelaySeconds: {{ . }}
+            - name: NODE_ADDRESS
-        {{- end }}
+              valueFrom:
-        {{- with .Values.topologyUpdater.livenessProbe.failureThreshold }}
+                fieldRef:
-          failureThreshold: {{ . }}
+                  fieldPath: status.hostIP
-        {{- end }}
+          command:
-        {{- with .Values.topologyUpdater.livenessProbe.periodSeconds }}
+            - "nfd-topology-updater"
-          periodSeconds: {{ . }}
+          args:
-        {{- end }}
+            - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
-        {{- with .Values.topologyUpdater.livenessProbe.timeoutSeconds }}
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: http
-        {{- with .Values.topologyUpdater.readinessProbe.initialDelaySeconds }}
-          initialDelaySeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.topologyUpdater.readinessProbe.failureThreshold }}
-          failureThreshold: {{ . }}
-        {{- end }}
-        {{- with .Values.topologyUpdater.readinessProbe.periodSeconds }}
-          periodSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.topologyUpdater.readinessProbe.timeoutSeconds }}
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.topologyUpdater.readinessProbe.successThreshold }}
-          successThreshold: {{ . }}
-        {{- end }}
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: NODE_ADDRESS
-          valueFrom:
-            fieldRef:
-              fieldPath: status.hostIP
-      {{- with .Values.topologyUpdater.extraEnvs }}
-        {{- toYaml . | nindent 8 }}
-      {{- end}}
-        command:
-          - "nfd-topology-updater"
-        args:
-          - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
           {{- if .Values.topologyUpdater.updateInterval | empty | not }}
-          - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
+            - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
           {{- else }}
-          - "-sleep-interval=3s"
+            - "-sleep-interval=3s"
           {{- end }}
           {{- if .Values.topologyUpdater.watchNamespace | empty | not }}
-          - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
+            - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
           {{- else }}
-          - "-watch-namespace=*"
+            - "-watch-namespace=*"
           {{- end }}
-          {{- if not .Values.topologyUpdater.podSetFingerprint }}
+          {{- if .Values.tls.enable }}
-          - "-pods-fingerprint=false"
+            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
+            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+          {{- end }}
+          {{- if .Values.topologyUpdater.podSetFingerprint }}
+            - "-pods-fingerprint"
           {{- end }}
           {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
-          - "-kubelet-config-uri=file:///host-var/kubelet-config"
+            - "-kubelet-config-uri=file:///host-var/kubelet-config"
           {{- end }}
           {{- if .Values.topologyUpdater.kubeletStateDir | empty }}
-          # Disable kubelet state tracking by giving an empty path
+            # Disable kubelet state tracking by giving an empty path
-          - "-kubelet-state-dir="
+            - "-kubelet-state-dir="
           {{- end }}
-          - "-port={{ .Values.topologyUpdater.port | default "8080"}}"
+            - -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
-          {{- with .Values.topologyUpdater.extraArgs }}
+          ports:
-          {{- toYaml . | nindent 10 }}
+            - name: metrics
-          {{- end }}
+              containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
-        ports:
+          volumeMounts:
-          - containerPort: {{ .Values.topologyUpdater.port | default "8080"}}
-            name: http
-        volumeMounts:
         {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
-        - name: kubelet-config
+            - name: kubelet-config
-          mountPath: /host-var/kubelet-config
+              mountPath: /host-var/kubelet-config
         {{- end }}
-        - name: kubelet-podresources-sock
+            - name: kubelet-podresources-sock
-          mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
+              mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
-        - name: host-sys
+            - name: host-sys
-          mountPath: /host-sys
+              mountPath: /host-sys
         {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
-        - name: kubelet-state-files
+            - name: kubelet-state-files
-          mountPath: /host-var/lib/kubelet
+              mountPath: /host-var/lib/kubelet
-          readOnly: true
+              readOnly: true
         {{- end }}
-        - name: nfd-topology-updater-conf
+        {{- if .Values.tls.enable }}
-          mountPath: "/etc/kubernetes/node-feature-discovery"
+            - name: nfd-topology-updater-cert
-          readOnly: true
+              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+              readOnly: true
+        {{- end }}
+            - name: nfd-topology-updater-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
 
-        resources:
+          resources:
       {{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
-        securityContext:
+          securityContext:
       {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
       volumes:
-      - name: host-sys
+        - name: host-sys
-        hostPath:
+          hostPath:
-          path: "/sys"
+            path: "/sys"
       {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
-      - name: kubelet-config
+        - name: kubelet-config
-        hostPath:
+          hostPath:
-          path: {{ .Values.topologyUpdater.kubeletConfigPath }}
+            path: {{ .Values.topologyUpdater.kubeletConfigPath }}
       {{- end }}
-      - name: kubelet-podresources-sock
+        - name: kubelet-podresources-sock
-        hostPath:
+          hostPath:
           {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
-          path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
+            path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
           {{- else }}
-          path: /var/lib/kubelet/pod-resources/kubelet.sock
+            path: /var/lib/kubelet/pod-resources/kubelet.sock
           {{- end }}
       {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
-      - name: kubelet-state-files
+        - name: kubelet-state-files
-        hostPath:
+          hostPath:
-          path: {{ .Values.topologyUpdater.kubeletStateDir }}
+            path: {{ .Values.topologyUpdater.kubeletStateDir }}
       {{- end }}
-      - name: nfd-topology-updater-conf
+        - name: nfd-topology-updater-conf
-        configMap:
+          configMap:
-          name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
+            name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
-          items:
+            items:
-            - key: nfd-topology-updater.conf
+              - key: nfd-topology-updater.conf
-              path: nfd-topology-updater.conf
+                path: nfd-topology-updater.conf
+      {{- if .Values.tls.enable }}
+        - name: nfd-topology-updater-cert
+          secret:
+            secretName: nfd-topology-updater-cert
+      {{- end }}
+
 
     {{- with .Values.topologyUpdater.nodeSelector }}
       nodeSelector:
@@ -181,4 +153,4 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml

@@ -12,11 +12,6 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 spec:
-  revisionHistoryLimit: {{ .Values.worker.revisionHistoryLimit }}
-  {{- with .Values.worker.updateStrategy }}
-  updateStrategy:
-    {{- toYaml . | nindent 4 }}
-  {{- end}}
   selector:
     matchLabels:
       {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
@@ -26,124 +21,91 @@ spec:
       labels:
         {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
         role: worker
+      {{- with .Values.worker.annotations }}
       annotations:
-        checksum/config: {{ include (print $.Template.BasePath "/nfd-worker-conf.yaml") . | sha256sum }}
-        {{- with .Values.worker.annotations }}
         {{- toYaml . | nindent 8 }}
-        {{- end }}
+      {{- end }}
     spec:
-      dnsPolicy: {{ .Values.worker.dnsPolicy }}
+      dnsPolicy: ClusterFirstWithHostNet
-    {{- with .Values.priorityClassName }}
+    {{- with .Values.imagePullSecrets }}
-      priorityClassName: {{ . }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
     {{- end }}
-      imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }}
       serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
-      hostNetwork: {{ .Values.worker.hostNetwork }}
       containers:
-      - name: worker
+        - name: worker
-        securityContext:
+          securityContext:
           {{- toYaml .Values.worker.securityContext | nindent 12 }}
-        image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
-        livenessProbe:
+          env:
-          httpGet:
+            - name: NODE_NAME
-            path: /healthz
+              valueFrom:
-            port: http
+                fieldRef:
-        {{- with .Values.worker.livenessProbe.initialDelaySeconds }}
+                  fieldPath: spec.nodeName
-          initialDelaySeconds: {{ . }}
+            - name: POD_NAME
-        {{- end }}
+              valueFrom:
-        {{- with .Values.worker.livenessProbe.failureThreshold }}
+                fieldRef:
-          failureThreshold: {{ . }}
+                  fieldPath: metadata.name
-        {{- end }}
+            - name: POD_UID
-        {{- with .Values.worker.livenessProbe.periodSeconds }}
+              valueFrom:
-          periodSeconds: {{ . }}
+                fieldRef:
-        {{- end }}
+                  fieldPath: metadata.uid
-        {{- with .Values.worker.livenessProbe.timeoutSeconds }}
+          resources:
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        readinessProbe:
-          httpGet:
-            path: /healthz
-            port: http
-        {{- with .Values.worker.readinessProbe.initialDelaySeconds }}
-          initialDelaySeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.worker.readinessProbe.failureThreshold }}
-          failureThreshold: {{ . }}
-        {{- end }}
-        {{- with .Values.worker.readinessProbe.periodSeconds }}
-          periodSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.worker.readinessProbe.timeoutSeconds }}
-          timeoutSeconds: {{ . }}
-        {{- end }}
-        {{- with .Values.worker.readinessProbe.successThreshold }}
-          successThreshold: {{ . }}
-        {{- end }}
-        env:
-        - name: NODE_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: spec.nodeName
-        - name: POD_NAME
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.name
-        - name: POD_UID
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.uid
-      {{- with .Values.worker.extraEnvs }}
-        {{- toYaml . | nindent 8 }}
-      {{- end}}
-        resources:
         {{- toYaml .Values.worker.resources | nindent 12 }}
-        command:
+          command:
-        - "nfd-worker"
+            - "nfd-worker"
-        args:
+          args:
-        # Go over featureGate and add the feature-gate flag
+        {{- if not .Values.enableNodeFeatureApi }}
-        {{- range $key, $value := .Values.featureGates }}
+            - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
-        - "-feature-gates={{ $key }}={{ $value }}"
+            - "-enable-nodefeature-api=false"
         {{- end }}
-        - "-port={{ .Values.worker.port | default "8080"}}"
+{{- if .Values.tls.enable }}
-        {{- with .Values.worker.extraArgs }}
+            - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
-        {{- toYaml . | nindent 8 }}
+            - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
-        {{- end }}
+            - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
-        ports:
+{{- end }}
-          - containerPort: {{ .Values.worker.port | default "8080"}}
+            - "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
-            name: http
+          ports:
-        volumeMounts:
+            - name: metrics
-        - name: host-boot
+              containerPort: {{ .Values.worker.metricsPort | default "8081"}}
-          mountPath: "/host-boot"
+          volumeMounts:
-          readOnly: true
+            - name: host-boot
-        - name: host-os-release
+              mountPath: "/host-boot"
-          mountPath: "/host-etc/os-release"
+              readOnly: true
-          readOnly: true
+            - name: host-os-release
-        - name: host-sys
+              mountPath: "/host-etc/os-release"
-          mountPath: "/host-sys"
+              readOnly: true
-          readOnly: true
+            - name: host-sys
-        - name: host-usr-lib
+              mountPath: "/host-sys"
-          mountPath: "/host-usr/lib"
+              readOnly: true
-          readOnly: true
+            - name: host-usr-lib
-        - name: host-lib
+              mountPath: "/host-usr/lib"
-          mountPath: "/host-lib"
+              readOnly: true
-          readOnly: true
+            - name: host-lib
-        - name: host-proc-swaps
+              mountPath: "/host-lib"
-          mountPath: "/host-proc/swaps"
+              readOnly: true
-          readOnly: true
         {{- if .Values.worker.mountUsrSrc }}
-        - name: host-usr-src
+            - name: host-usr-src
-          mountPath: "/host-usr/src"
+              mountPath: "/host-usr/src"
-          readOnly: true
+              readOnly: true
         {{- end }}
-        - name: features-d
+            - name: source-d
-          mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
+              mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
-          readOnly: true
+              readOnly: true
-        - name: nfd-worker-conf
+            - name: features-d
-          mountPath: "/etc/kubernetes/node-feature-discovery"
+              mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
-          readOnly: true
+              readOnly: true
+            - name: nfd-worker-conf
+              mountPath: "/etc/kubernetes/node-feature-discovery"
+              readOnly: true
+{{- if .Values.tls.enable }}
+            - name: nfd-worker-cert
+              mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+              readOnly: true
+{{- end }}
       volumes:
         - name: host-boot
           hostPath:
@@ -160,14 +122,14 @@ spec:
         - name: host-lib
           hostPath:
             path: "/lib"
-        - name: host-proc-swaps
-          hostPath:
-            path: "/proc/swaps"
         {{- if .Values.worker.mountUsrSrc }}
         - name: host-usr-src
           hostPath:
             path: "/usr/src"
         {{- end }}
+        - name: source-d
+          hostPath:
+            path: "/etc/kubernetes/node-feature-discovery/source.d/"
         - name: features-d
           hostPath:
             path: "/etc/kubernetes/node-feature-discovery/features.d/"
@@ -177,7 +139,12 @@ spec:
             items:
               - key: nfd-worker.conf
                 path: nfd-worker.conf
-      {{- with .Values.worker.nodeSelector }}
+{{- if .Values.tls.enable }}
+        - name: nfd-worker-cert
+          secret:
+            secretName: nfd-worker-cert
+{{- end }}
+    {{- with .Values.worker.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
@@ -192,4 +159,4 @@ spec:
     {{- with .Values.worker.priorityClassName }}
       priorityClassName: {{ . | quote }}
     {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/charts/sriov-nfd/values.yaml

@@ -1,86 +1,71 @@
 image:
-  repository: "%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery"
+  repository: registry.rancher.com/rancher/hardened-node-feature-discovery
   # This should be set to 'IfNotPresent' for released version
   pullPolicy: IfNotPresent
   # tag, if defined will use the given image tag, else Chart.AppVersion will be used
-  # tag
+  tag: v0.15.7-build20250425
 imagePullSecrets: []
 
 nameOverride: ""
 fullnameOverride: ""
 namespaceOverride: ""
 
-featureGates:
+enableNodeFeatureApi: true
-  NodeFeatureGroupAPI: false
-
-priorityClassName: ""
-
-postDeleteCleanup: true
 
 master:
   enable: true
-  extraArgs: []
-  extraEnvs: []
-  hostNetwork: false
-  dnsPolicy: ClusterFirstWithHostNet
   config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
-    # noPublish: false
+  # noPublish: false
-    # extraLabelNs: ["added.ns.io","added.kubernets.io"]
+  # autoDefaultNs: true
-    # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
+  # extraLabelNs: ["added.ns.io","added.kubernets.io"]
-    # enableTaints: false
+  # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
-    # informerPageSize: 200
+  # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
-    # labelWhiteList: "foo"
+  # enableTaints: false
-    # resyncPeriod: "2h"
+  # labelWhiteList: "foo"
-    # restrictions:
+  # resyncPeriod: "2h"
-    #   disableLabels: true
+  # klog:
-    #   disableTaints: true
+  #    addDirHeader: false
-    #   disableExtendedResources: true
+  #    alsologtostderr: false
-    #   disableAnnotations: true
+  #    logBacktraceAt:
-    #   allowOverwrite: false
+  #    logtostderr: true
-    #   denyNodeFeatureLabels: true
+  #    skipHeaders: false
-    #   nodeFeatureNamespaceSelector:
+  #    stderrthreshold: 2
-    #    matchLabels:
+  #    v: 0
-    #      kubernetes.io/metadata.name: "node-feature-discovery"
+  #    vmodule:
-    #    matchExpressions:
+  ##   NOTE: the following options are not dynamically run-time configurable
-    #      - key: "kubernetes.io/metadata.name"
+  ##         and require a nfd-master restart to take effect after being changed
-    #        operator: "In"
+  #    logDir:
-    #        values:
+  #    logFile:
-    #           - "node-feature-discovery"
+  #    logFileMaxSize: 1800
-    # klog:
+  #    skipLogHeaders: false
-    #    addDirHeader: false
+  # leaderElection:
-    #    alsologtostderr: false
+  #   leaseDuration: 15s
-    #    logBacktraceAt:
+  #   # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
-    #    logtostderr: true
+  #   renewDeadline: 10s
-    #    skipHeaders: false
+  #   # this value has to be greater than 0
-    #    stderrthreshold: 2
+  #   retryPeriod: 2s
-    #    v: 0
+  # nfdApiParallelism: 10
-    #    vmodule:
-    ##   NOTE: the following options are not dynamically run-time configurable
-    ##         and require a nfd-master restart to take effect after being changed
-    #    logDir:
-    #    logFile:
-    #    logFileMaxSize: 1800
-    #    skipLogHeaders: false
-    # leaderElection:
-    #   leaseDuration: 15s
-    #   # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
-    #   renewDeadline: 10s
-    #   # this value has to be greater than 0
-    #   retryPeriod: 2s
-    # nfdApiParallelism: 10
   ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
+  # The TCP port that nfd-master listens for incoming requests. Default: 8080
+  # Deprecated this parameter is related to the deprecated gRPC API and will
+  # be removed with it in a future release
   port: 8080
+  metricsPort: 8081
   instance:
+  featureApi:
   resyncPeriod:
   denyLabelNs: []
   extraLabelNs: []
+  resourceLabels: []
   enableTaints: false
+  crdController: null
+  featureRulesController: null
   nfdApiParallelism: null
   deploymentAnnotations: {}
   replicaCount: 1
 
   podSecurityContext: {}
-    # fsGroup: 2000
+  # fsGroup: 2000
 
   securityContext:
     allowPrivilegeEscalation: false
@@ -99,321 +84,304 @@ master:
     # If not set and create is true, a name is generated using the fullname template
     name:
 
-  # specify how many old ReplicaSets for the Deployment to retain.
-  revisionHistoryLimit:
-
   rbac:
     create: true
 
+  service:
+    type: ClusterIP
+    port: 8080
+
   resources: {}
-    #limits:
+    # We usually recommend not to specify default resources and to leave this as a conscious
-    #  memory: 4Gi
+    # choice for the user. This also increases chances charts run on environments with little
-    #requests:
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    #  cpu: 100m
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-      # You may want to use the same value for `requests.memory` and `limits.memory`. The “requests” value affects scheduling to accommodate pods on nodes.
+    # limits:
-      # If there is a large difference between “requests” and “limits” and nodes experience memory pressure, the kernel may invoke
+    #   cpu: 100m
-      # the OOM Killer, even if the memory does not exceed the “limits” threshold. This can cause unexpected pod evictions. Memory
+    #   memory: 128Mi
-      # cannot be compressed and once allocated to a pod, it can only be reclaimed by killing the pod.
+    # requests:
-      # Natan Yellin 22/09/2022 https://home.robusta.dev/blog/kubernetes-memory-limit
+    #   cpu: 100m
-    #  memory: 128Mi
+  #   memory: 128Mi
 
   nodeSelector: {}
 
   tolerations:
-  - key: "node-role.kubernetes.io/master"
+    - key: "node-role.kubernetes.io/master"
-    operator: "Equal"
+      operator: "Equal"
-    value: ""
+      value: ""
-    effect: "NoSchedule"
+      effect: "NoSchedule"
-  - key: "node-role.kubernetes.io/control-plane"
+    - key: "node-role.kubernetes.io/control-plane"
-    operator: "Equal"
+      operator: "Equal"
-    value: ""
+      value: ""
-    effect: "NoSchedule"
+      effect: "NoSchedule"
-
-  podDisruptionBudget:
-    enable: false
-    minAvailable: 1
-    unhealthyPodEvictionPolicy: AlwaysAllow
 
   annotations: {}
 
   affinity:
     nodeAffinity:
       preferredDuringSchedulingIgnoredDuringExecution:
+        - weight: 1
+          preference:
+            matchExpressions:
+              - key: "node-role.kubernetes.io/master"
+                operator: In
+                values: [""]
         - weight: 1
           preference:
             matchExpressions:
               - key: "node-role.kubernetes.io/control-plane"
                 operator: In
                 values: [""]
-                
-  startupProbe:
-    failureThreshold: 30
-    # periodSeconds: 10
-  livenessProbe: {}
-    # failureThreshold: 3
-    # initialDelaySeconds: 0
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-  readinessProbe:
-    failureThreshold: 10
-    # initialDelaySeconds: 0
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-    # successThreshold: 1
 
 worker:
   enable: true
-  extraArgs: []
-  extraEnvs: []
-  hostNetwork: false
-  dnsPolicy: ClusterFirstWithHostNet
   config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
-    #core:
+  #core:
-    #  labelWhiteList:
+  #  labelWhiteList:
-    #  noPublish: false
+  #  noPublish: false
-    #  noOwnerRefs: false
+  #  sleepInterval: 60s
-    #  sleepInterval: 60s
+  #  featureSources: [all]
-    #  featureSources: [all]
+  #  labelSources: [all]
-    #  labelSources: [all]
+  #  klog:
-    #  klog:
+  #    addDirHeader: false
-    #    addDirHeader: false
+  #    alsologtostderr: false
-    #    alsologtostderr: false
+  #    logBacktraceAt:
-    #    logBacktraceAt:
+  #    logtostderr: true
-    #    logtostderr: true
+  #    skipHeaders: false
-    #    skipHeaders: false
+  #    stderrthreshold: 2
-    #    stderrthreshold: 2
+  #    v: 0
-    #    v: 0
+  #    vmodule:
-    #    vmodule:
+  ##   NOTE: the following options are not dynamically run-time configurable
-    ##   NOTE: the following options are not dynamically run-time configurable
+  ##         and require a nfd-worker restart to take effect after being changed
-    ##         and require a nfd-worker restart to take effect after being changed
+  #    logDir:
-    #    logDir:
+  #    logFile:
-    #    logFile:
+  #    logFileMaxSize: 1800
-    #    logFileMaxSize: 1800
+  #    skipLogHeaders: false
-    #    skipLogHeaders: false
+  #sources:
-    #sources:
+  #  cpu:
-    #  cpu:
+  #    cpuid:
-    #    cpuid:
+  ##     NOTE: whitelist has priority over blacklist
-    ##     NOTE: whitelist has priority over blacklist
+  #      attributeBlacklist:
-    #      attributeBlacklist:
+  #        - "BMI1"
-    #        - "AVX10"
+  #        - "BMI2"
-    #        - "BMI1"
+  #        - "CLMUL"
-    #        - "BMI2"
+  #        - "CMOV"
-    #        - "CLMUL"
+  #        - "CX16"
-    #        - "CMOV"
+  #        - "ERMS"
-    #        - "CX16"
+  #        - "F16C"
-    #        - "ERMS"
+  #        - "HTT"
-    #        - "F16C"
+  #        - "LZCNT"
-    #        - "HTT"
+  #        - "MMX"
-    #        - "LZCNT"
+  #        - "MMXEXT"
-    #        - "MMX"
+  #        - "NX"
-    #        - "MMXEXT"
+  #        - "POPCNT"
-    #        - "NX"
+  #        - "RDRAND"
-    #        - "POPCNT"
+  #        - "RDSEED"
-    #        - "RDRAND"
+  #        - "RDTSCP"
-    #        - "RDSEED"
+  #        - "SGX"
-    #        - "RDTSCP"
+  #        - "SSE"
-    #        - "SGX"
+  #        - "SSE2"
-    #        - "SSE"
+  #        - "SSE3"
-    #        - "SSE2"
+  #        - "SSE4"
-    #        - "SSE3"
+  #        - "SSE42"
-    #        - "SSE4"
+  #        - "SSSE3"
-    #        - "SSE42"
+  #        - "TDX_GUEST"
-    #        - "SSSE3"
+  #      attributeWhitelist:
-    #        - "TDX_GUEST"
+  #  kernel:
-    #      attributeWhitelist:
+  #    kconfigFile: "/path/to/kconfig"
-    #  kernel:
+  #    configOpts:
-    #    kconfigFile: "/path/to/kconfig"
+  #      - "NO_HZ"
-    #    configOpts:
+  #      - "X86"
-    #      - "NO_HZ"
+  #      - "DMI"
-    #      - "X86"
+  #  pci:
-    #      - "DMI"
+  #    deviceClassWhitelist:
-    #  pci:
+  #      - "0200"
-    #    deviceClassWhitelist:
+  #      - "03"
-    #      - "0200"
+  #      - "12"
-    #      - "03"
+  #    deviceLabelFields:
-    #      - "12"
+  #      - "class"
-    #    deviceLabelFields:
+  #      - "vendor"
-    #      - "class"
+  #      - "device"
-    #      - "vendor"
+  #      - "subsystem_vendor"
-    #      - "device"
+  #      - "subsystem_device"
-    #      - "subsystem_vendor"
+  #  usb:
-    #      - "subsystem_device"
+  #    deviceClassWhitelist:
-    #  usb:
+  #      - "0e"
-    #    deviceClassWhitelist:
+  #      - "ef"
-    #      - "0e"
+  #      - "fe"
-    #      - "ef"
+  #      - "ff"
-    #      - "fe"
+  #    deviceLabelFields:
-    #      - "ff"
+  #      - "class"
-    #    deviceLabelFields:
+  #      - "vendor"
-    #      - "class"
+  #      - "device"
-    #      - "vendor"
+  #  local:
-    #      - "device"
+  #    hooksEnabled: false
-    #  custom:
+  #  custom:
-    #    # The following feature demonstrates the capabilities of the matchFeatures
+  #    # The following feature demonstrates the capabilities of the matchFeatures
-    #    - name: "my custom rule"
+  #    - name: "my custom rule"
-    #      labels:
+  #      labels:
-    #        "vendor.io/my-ng-feature": "true"
+  #        "vendor.io/my-ng-feature": "true"
-    #      # matchFeatures implements a logical AND over all matcher terms in the
+  #      # matchFeatures implements a logical AND over all matcher terms in the
-    #      # list (i.e. all of the terms, or per-feature matchers, must match)
+  #      # list (i.e. all of the terms, or per-feature matchers, must match)
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: cpu.cpuid
+  #        - feature: cpu.cpuid
-    #          matchExpressions:
+  #          matchExpressions:
-    #            AVX512F: {op: Exists}
+  #            AVX512F: {op: Exists}
-    #        - feature: cpu.cstate
+  #        - feature: cpu.cstate
-    #          matchExpressions:
+  #          matchExpressions:
-    #            enabled: {op: IsTrue}
+  #            enabled: {op: IsTrue}
-    #        - feature: cpu.pstate
+  #        - feature: cpu.pstate
-    #          matchExpressions:
+  #          matchExpressions:
-    #            no_turbo: {op: IsFalse}
+  #            no_turbo: {op: IsFalse}
-    #            scaling_governor: {op: In, value: ["performance"]}
+  #            scaling_governor: {op: In, value: ["performance"]}
-    #        - feature: cpu.rdt
+  #        - feature: cpu.rdt
-    #          matchExpressions:
+  #          matchExpressions:
-    #            RDTL3CA: {op: Exists}
+  #            RDTL3CA: {op: Exists}
-    #        - feature: cpu.sst
+  #        - feature: cpu.sst
-    #          matchExpressions:
+  #          matchExpressions:
-    #            bf.enabled: {op: IsTrue}
+  #            bf.enabled: {op: IsTrue}
-    #        - feature: cpu.topology
+  #        - feature: cpu.topology
-    #          matchExpressions:
+  #          matchExpressions:
-    #            hardware_multithreading: {op: IsFalse}
+  #            hardware_multithreading: {op: IsFalse}
-    #
+  #
-    #        - feature: kernel.config
+  #        - feature: kernel.config
-    #          matchExpressions:
+  #          matchExpressions:
-    #            X86: {op: Exists}
+  #            X86: {op: Exists}
-    #            LSM: {op: InRegexp, value: ["apparmor"]}
+  #            LSM: {op: InRegexp, value: ["apparmor"]}
-    #        - feature: kernel.loadedmodule
+  #        - feature: kernel.loadedmodule
-    #          matchExpressions:
+  #          matchExpressions:
-    #            e1000e: {op: Exists}
+  #            e1000e: {op: Exists}
-    #        - feature: kernel.selinux
+  #        - feature: kernel.selinux
-    #          matchExpressions:
+  #          matchExpressions:
-    #            enabled: {op: IsFalse}
+  #            enabled: {op: IsFalse}
-    #        - feature: kernel.version
+  #        - feature: kernel.version
-    #          matchExpressions:
+  #          matchExpressions:
-    #            major: {op: In, value: ["5"]}
+  #            major: {op: In, value: ["5"]}
-    #            minor: {op: Gt, value: ["10"]}
+  #            minor: {op: Gt, value: ["10"]}
-    #
+  #
-    #        - feature: storage.block
+  #        - feature: storage.block
-    #          matchExpressions:
+  #          matchExpressions:
-    #            rotational: {op: In, value: ["0"]}
+  #            rotational: {op: In, value: ["0"]}
-    #            dax: {op: In, value: ["0"]}
+  #            dax: {op: In, value: ["0"]}
-    #
+  #
-    #        - feature: network.device
+  #        - feature: network.device
-    #          matchExpressions:
+  #          matchExpressions:
-    #            operstate: {op: In, value: ["up"]}
+  #            operstate: {op: In, value: ["up"]}
-    #            speed: {op: Gt, value: ["100"]}
+  #            speed: {op: Gt, value: ["100"]}
-    #
+  #
-    #        - feature: memory.numa
+  #        - feature: memory.numa
-    #          matchExpressions:
+  #          matchExpressions:
-    #            node_count: {op: Gt, value: ["2"]}
+  #            node_count: {op: Gt, value: ["2"]}
-    #        - feature: memory.nv
+  #        - feature: memory.nv
-    #          matchExpressions:
+  #          matchExpressions:
-    #            devtype: {op: In, value: ["nd_dax"]}
+  #            devtype: {op: In, value: ["nd_dax"]}
-    #            mode: {op: In, value: ["memory"]}
+  #            mode: {op: In, value: ["memory"]}
-    #
+  #
-    #        - feature: system.osrelease
+  #        - feature: system.osrelease
-    #          matchExpressions:
+  #          matchExpressions:
-    #            ID: {op: In, value: ["fedora", "centos"]}
+  #            ID: {op: In, value: ["fedora", "centos"]}
-    #        - feature: system.name
+  #        - feature: system.name
-    #          matchExpressions:
+  #          matchExpressions:
-    #            nodename: {op: InRegexp, value: ["^worker-X"]}
+  #            nodename: {op: InRegexp, value: ["^worker-X"]}
-    #
+  #
-    #        - feature: local.label
+  #        - feature: local.label
-    #          matchExpressions:
+  #          matchExpressions:
-    #            custom-feature-knob: {op: Gt, value: ["100"]}
+  #            custom-feature-knob: {op: Gt, value: ["100"]}
-    #
+  #
-    #    # The following feature demonstrates the capabilities of the matchAny
+  #    # The following feature demonstrates the capabilities of the matchAny
-    #    - name: "my matchAny rule"
+  #    - name: "my matchAny rule"
-    #      labels:
+  #      labels:
-    #        "vendor.io/my-ng-feature-2": "my-value"
+  #        "vendor.io/my-ng-feature-2": "my-value"
-    #      # matchAny implements a logical IF over all elements (sub-matchers) in
+  #      # matchAny implements a logical IF over all elements (sub-matchers) in
-    #      # the list (i.e. at least one feature matcher must match)
+  #      # the list (i.e. at least one feature matcher must match)
-    #      matchAny:
+  #      matchAny:
-    #        - matchFeatures:
+  #        - matchFeatures:
-    #            - feature: kernel.loadedmodule
+  #            - feature: kernel.loadedmodule
-    #              matchExpressions:
+  #              matchExpressions:
-    #                driver-module-X: {op: Exists}
+  #                driver-module-X: {op: Exists}
-    #            - feature: pci.device
+  #            - feature: pci.device
-    #              matchExpressions:
+  #              matchExpressions:
-    #                vendor: {op: In, value: ["8086"]}
+  #                vendor: {op: In, value: ["8086"]}
-    #                class: {op: In, value: ["0200"]}
+  #                class: {op: In, value: ["0200"]}
-    #        - matchFeatures:
+  #        - matchFeatures:
-    #            - feature: kernel.loadedmodule
+  #            - feature: kernel.loadedmodule
-    #              matchExpressions:
+  #              matchExpressions:
-    #                driver-module-Y: {op: Exists}
+  #                driver-module-Y: {op: Exists}
-    #            - feature: usb.device
+  #            - feature: usb.device
-    #              matchExpressions:
+  #              matchExpressions:
-    #                vendor: {op: In, value: ["8086"]}
+  #                vendor: {op: In, value: ["8086"]}
-    #                class: {op: In, value: ["02"]}
+  #                class: {op: In, value: ["02"]}
-    #
+  #
-    #    - name: "avx wildcard rule"
+  #    - name: "avx wildcard rule"
-    #      labels:
+  #      labels:
-    #        "my-avx-feature": "true"
+  #        "my-avx-feature": "true"
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: cpu.cpuid
+  #        - feature: cpu.cpuid
-    #          matchName: {op: InRegexp, value: ["^AVX512"]}
+  #          matchName: {op: InRegexp, value: ["^AVX512"]}
-    #
+  #
-    #    # The following features demonstreate label templating capabilities
+  #    # The following features demonstreate label templating capabilities
-    #    - name: "my template rule"
+  #    - name: "my template rule"
-    #      labelsTemplate: |
+  #      labelsTemplate: |
-    #        {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
+  #        {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
-    #        {{ end }}
+  #        {{ end }}
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: system.osrelease
+  #        - feature: system.osrelease
-    #          matchExpressions:
+  #          matchExpressions:
-    #            ID: {op: InRegexp, value: ["^open.*"]}
+  #            ID: {op: InRegexp, value: ["^open.*"]}
-    #            VERSION_ID.major: {op: In, value: ["13", "15"]}
+  #            VERSION_ID.major: {op: In, value: ["13", "15"]}
-    #
+  #
-    #    - name: "my template rule 2"
+  #    - name: "my template rule 2"
-    #      labelsTemplate: |
+  #      labelsTemplate: |
-    #        {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
+  #        {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
-    #        {{ end }}
+  #        {{ end }}
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: pci.device
+  #        - feature: pci.device
-    #          matchExpressions:
+  #          matchExpressions:
-    #            class: {op: InRegexp, value: ["^06"]}
+  #            class: {op: InRegexp, value: ["^06"]}
-    #            vendor: ["8086"]
+  #            vendor: ["8086"]
-    #        - feature: cpu.cpuid
+  #        - feature: cpu.cpuid
-    #          matchExpressions:
+  #          matchExpressions:
-    #            AVX: {op: Exists}
+  #            AVX: {op: Exists}
-    #
+  #
-    #    # The following examples demonstrate vars field and back-referencing
+  #    # The following examples demonstrate vars field and back-referencing
-    #    # previous labels and vars
+  #    # previous labels and vars
-    #    - name: "my dummy kernel rule"
+  #    - name: "my dummy kernel rule"
-    #      labels:
+  #      labels:
-    #        "vendor.io/my.kernel.feature": "true"
+  #        "vendor.io/my.kernel.feature": "true"
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: kernel.version
+  #        - feature: kernel.version
-    #          matchExpressions:
+  #          matchExpressions:
-    #            major: {op: Gt, value: ["2"]}
+  #            major: {op: Gt, value: ["2"]}
-    #
+  #
-    #    - name: "my dummy rule with no labels"
+  #    - name: "my dummy rule with no labels"
-    #      vars:
+  #      vars:
-    #        "my.dummy.var": "1"
+  #        "my.dummy.var": "1"
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: cpu.cpuid
+  #        - feature: cpu.cpuid
-    #          matchExpressions: {}
+  #          matchExpressions: {}
-    #
+  #
-    #    - name: "my rule using backrefs"
+  #    - name: "my rule using backrefs"
-    #      labels:
+  #      labels:
-    #        "vendor.io/my.backref.feature": "true"
+  #        "vendor.io/my.backref.feature": "true"
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: rule.matched
+  #        - feature: rule.matched
-    #          matchExpressions:
+  #          matchExpressions:
-    #            vendor.io/my.kernel.feature: {op: IsTrue}
+  #            vendor.io/my.kernel.feature: {op: IsTrue}
-    #            my.dummy.var: {op: Gt, value: ["0"]}
+  #            my.dummy.var: {op: Gt, value: ["0"]}
-    #
+  #
-    #    - name: "kconfig template rule"
+  #    - name: "kconfig template rule"
-    #      labelsTemplate: |
+  #      labelsTemplate: |
-    #        {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
+  #        {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
-    #        {{ end }}
+  #        {{ end }}
-    #      matchFeatures:
+  #      matchFeatures:
-    #        - feature: kernel.config
+  #        - feature: kernel.config
-    #          matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
+  #          matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
-### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
+  ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
 
-  port: 8080
+  metricsPort: 8081
   daemonsetAnnotations: {}
   podSecurityContext: {}
-    # fsGroup: 2000
+  # fsGroup: 2000
 
   securityContext:
     allowPrivilegeEscalation: false
@@ -423,18 +391,6 @@ worker:
     runAsNonRoot: true
     # runAsUser: 1000
 
-  livenessProbe:
-    initialDelaySeconds: 10
-    # failureThreshold: 3
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-  readinessProbe:
-    initialDelaySeconds: 5
-    failureThreshold: 10
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-    # successThreshold: 1
-
   serviceAccount:
     # Specifies whether a service account should be created.
     # We create this by default to make it easier for downstream users to apply PodSecurityPolicies.
@@ -445,9 +401,6 @@ worker:
     # If not set and create is true, a name is generated using the fullname template
     name:
 
-  # specify how many old ControllerRevisions for the DaemonSet to retain.
-  revisionHistoryLimit:
-
   rbac:
     create: true
 
@@ -456,11 +409,16 @@ worker:
   mountUsrSrc: false
 
   resources: {}
-    #limits:
+    # We usually recommend not to specify default resources and to leave this as a conscious
-    #  memory: 512Mi
+    # choice for the user. This also increases chances charts run on environments with little
-    #requests:
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    #  cpu: 5m
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    #  memory: 64Mi
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+  #   memory: 128Mi
 
   nodeSelector: {}
 
@@ -472,42 +430,28 @@ worker:
 
   priorityClassName: ""
 
-  updateStrategy: {}
-    # type: RollingUpdate
-    # rollingUpdate:
-    #   maxSurge: 0
-    #   maxUnavailable: "10%"
-
 topologyUpdater:
   config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
-    ## key = node name, value = list of resources to be excluded.
+  ## key = node name, value = list of resources to be excluded.
-    ## use * to exclude from all nodes.
+  ## use * to exclude from all nodes.
-    ## an example for how the exclude list should looks like
+  ## an example for how the exclude list should looks like
-    #excludeList:
+  #excludeList:
-    #  node1: [cpu]
+  #  node1: [cpu]
-    #  node2: [memory, example/deviceA]
+  #  node2: [memory, example/deviceA]
-    #  *: [hugepages-2Mi]
+  #  *: [hugepages-2Mi]
-### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
+  ### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
 
   enable: false
   createCRDs: false
-  extraArgs: []
-  extraEnvs: []
-  hostNetwork: false
-  dnsPolicy: ClusterFirstWithHostNet
 
   serviceAccount:
     create: true
     annotations: {}
     name:
-
-  # specify how many old ControllerRevisions for the DaemonSet to retain.
-  revisionHistoryLimit:
-
   rbac:
     create: true
 
-  port: 8080
+  metricsPort: 8081
   kubeletConfigPath:
   kubeletPodResourcesSockPath:
   updateInterval: 60s
@@ -522,24 +466,17 @@ topologyUpdater:
     readOnlyRootFilesystem: true
     runAsUser: 0
 
-  livenessProbe:
-    initialDelaySeconds: 10
-    # failureThreshold: 3
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-  readinessProbe:
-    initialDelaySeconds: 5
-    failureThreshold: 10
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-    # successThreshold: 1
-
   resources: {}
-    #limits:
+    # We usually recommend not to specify default resources and to leave this as a conscious
-    #  memory: 60Mi
+    # choice for the user. This also increases chances charts run on environments with little
-    #requests:
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    #  cpu: 50m
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    #  memory: 40Mi
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+  #   memory: 128Mi
 
   nodeSelector: {}
   tolerations: []
@@ -550,11 +487,7 @@ topologyUpdater:
 
 gc:
   enable: true
-  extraArgs: []
-  extraEnvs: []
-  hostNetwork: false
   replicaCount: 1
-  dnsPolicy: ClusterFirstWithHostNet
 
   serviceAccount:
     create: true
@@ -567,26 +500,19 @@ gc:
 
   podSecurityContext: {}
 
-  livenessProbe:
-    initialDelaySeconds: 10
-    # failureThreshold: 3
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-  readinessProbe:
-    initialDelaySeconds: 5
-    # failureThreshold: 3
-    # periodSeconds: 10
-    # timeoutSeconds: 1
-    # successThreshold: 1
-
   resources: {}
-    #limits:
+    # We usually recommend not to specify default resources and to leave this as a conscious
-    #  memory: 1Gi
+    # choice for the user. This also increases chances charts run on environments with little
-    #requests:
+    # resources, such as Minikube. If you do want to specify resources, uncomment the following
-    #  cpu: 10m
+    # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-    #  memory: 128Mi
+    # limits:
+    #   cpu: 100m
+    #   memory: 128Mi
+    # requests:
+    #   cpu: 100m
+  #   memory: 128Mi
 
-  port: 8080
+  metricsPort: 8081
 
   nodeSelector: {}
   tolerations: []
@@ -594,15 +520,15 @@ gc:
   deploymentAnnotations: {}
   affinity: {}
 
-  podDisruptionBudget:
+# Optionally use encryption for worker <--> master comms
-    enable: false
+# TODO: verify hostname is not yet supported
-    minAvailable: 1
+#
-    unhealthyPodEvictionPolicy: AlwaysAllow
+# If you do not enable certManager (and have it installed) you will
-
+# need to manually, or otherwise, provision the TLS certs as secrets
-  # specify how many old ReplicaSets for the Deployment to retain.
+tls:
-  revisionHistoryLimit:
+  enable: false
+  certManager: false
 
 prometheus:
   enable: false
-  scrapeInterval: 10s
+  labels: {}
-  labels: {}

sriov-network-operator-chart/templates/NOTES.txt

@@ -5,15 +5,13 @@ $ kubectl -n {{ .Release.Namespace }} get pods
 For additional instructions on how to use SR-IOV network operator,
 refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator
 
-{{- if .Values.operator.admissionControllers.enabled }}
+{{- if .Values.operator.enableAdmissionController }}
-{{- if not .Values.operator.admissionControllers.certificates.certManager.enabled }}
+{{- if not .Values.cert_manager }}
 Thank you for installing {{ .Chart.Name }}.
 
-WARNING! Self signed certificates have been generated for the two
+WARNING! Self signed certificates have been generated for webhooks.
-deployed SRIOV dynamic admission controllers: sriov-network-webhook
+These certificates have a one-year validity and will not be rotated
-and network-resources-injector.  These certificates have a one-year
+automatically. This should not be a production cluster. Please deploy
-validity and will not be rotated automatically.
+and use cert-manager for production clusters.
-This should NOT be a production cluster. Please deploy and use
-cert-manager for production clusters.
 {{- end }}
 {{- end }}

sriov-network-operator-chart/templates/_helpers.tpl

@@ -68,3 +68,18 @@ Create the name of the service account to use
 {{- "" -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}

sriov-network-operator-chart/templates/_webhook-certs.tpl

@@ -0,0 +1,30 @@
+{{/*
+Generate TLS certificates for webhooks.
+Note: these 2 lines, that are repeated several times below, are a trick to
+ensure the CA certs are generated only once:
+    $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365)
+    $_ := set . "ca" $ca
+Please, don't try to "simplify" them as without this trick, every generated
+certificate would be signed by a different CA.
+*/}}
+{{- define "sriov_operator_ca_cert" }}
+{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
+{{- $_ := set . "ca" $ca -}}
+{{- printf "%s" $ca.Cert | b64enc -}}
+{{- end }}
+{{- define "sriov_operator_cert" }}
+{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
+{{- $_ := set . "ca" $ca -}}
+{{- $cn := printf "operator-webhook-service.%s.svc" .Release.Namespace -}}
+{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}
+{{- define "sriov_resource_injector_cert" }}
+{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
+{{- $_ := set . "ca" $ca -}}
+{{- $cn := printf "network-resources-injector-service.%s.svc" .Release.Namespace -}}
+{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
+tls.crt: {{ $cert.Cert | b64enc }}
+tls.key: {{ $cert.Key | b64enc }}
+{{- end }}

sriov-network-operator-chart/templates/certificate.yaml

@@ -8,8 +8,8 @@ metadata:
   namespace: {{ .Release.Namespace }}
 spec:
   dnsNames:
-  - operator-webhook-service.{{ .Release.Namespace }}.svc
+    - operator-webhook-service.{{ .Release.Namespace }}.svc
-  - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
+    - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: operator-webhook-selfsigned-issuer
@@ -30,8 +30,8 @@ metadata:
   namespace: {{ .Release.Namespace }}
 spec:
   dnsNames:
-  - network-resources-injector-service.{{ .Release.Namespace }}.svc
+    - network-resources-injector-service.{{ .Release.Namespace }}.svc
-  - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
+    - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: network-resources-injector-selfsigned-issuer
@@ -68,4 +68,4 @@ data:
   tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
   tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
 {{- end }}
-{{- end }}
+{{- end }}

sriov-network-operator-chart/templates/certmanagercerts.yaml

@@ -0,0 +1,40 @@
+{{- if and (.Values.operator.enableAdmissionController) (.Values.cert_manager) -}}
+{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}}
+{{- required "cert-manager is required but not found" "" -}}
+{{- end -}}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: sriov-network-operator-selfsigned-issuer
+  namespace: {{ .Release.Namespace }}
+spec:
+  selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: operator-webhook-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: operator-webhook-service
+  dnsNames:
+    - operator-webhook-service.{{ .Release.Namespace }}.svc
+  issuerRef:
+    name: sriov-network-operator-selfsigned-issuer
+  privateKey:
+    rotationPolicy: Always
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: network-resources-injector-service
+  namespace: {{ .Release.Namespace }}
+spec:
+  secretName: network-resources-injector-secret
+  dnsNames:
+    - network-resources-injector-service.{{ .Release.Namespace }}.svc
+  issuerRef:
+    name: sriov-network-operator-selfsigned-issuer
+  privateKey:
+    rotationPolicy: Always
+{{- end -}}

sriov-network-operator-chart/templates/clusterrole.yaml

@@ -102,4 +102,4 @@ rules:
     verbs:
       - "get"
       - "watch"
-      - "list"
+      - "list"

sriov-network-operator-chart/templates/clusterrolebinding.yaml

@@ -26,4 +26,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     namespace: {{ .Release.Namespace }}
-    name: sriov-network-config-daemon
+    name: sriov-network-config-daemon

sriov-network-operator-chart/templates/configmap.yaml

@@ -25,11 +25,6 @@ data:
   Intel_ice_Columbiapark_E823C: "8086 188a 1889"
   Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
   Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
-  Intel_ice_Columbiapark_E825C_BACKPLANE: "8086 579c 1889"
-  Intel_ice_Columbiapark_E825C_QSFP: "8086 579d 1889"
-  Intel_ice_Columbiapark_E825C_SFP: "8086 579e 1889"
-  Intel_ice_Connorsville_E830_QSFP: "8086 12d2 1889"
-  Intel_ice_Connorsville_E830_SFP: "8086 12d3 1889"
   Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
   Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
   Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
@@ -53,4 +48,4 @@ data:
   Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03"
   {{- range .Values.supportedExtraNICs }}
   {{ . }}
-  {{- end }}
+  {{- end }}

sriov-network-operator-chart/templates/operator.yaml

@@ -6,6 +6,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ include "sriov-network-operator.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
   {{- include "sriov-network-operator.labels" . | nindent 4 }}
 spec:
@@ -14,7 +15,9 @@ spec:
     matchLabels:
       name: sriov-network-operator
   strategy:
-    type: Recreate
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 33%
   template:
     metadata:
       annotations:
@@ -39,7 +42,7 @@ spec:
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
       {{- range .Values.imagePullSecrets }}
-      - name: {{ . }}
+        - name: {{ . }}
       {{- end }}
       {{- end }}
       containers:
@@ -114,4 +117,4 @@ spec:
                   name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
                   key: ca.crt
         {{- end }}
-        {{- end }}
+        {{- end }}

sriov-network-operator-chart/templates/pre-delete-webooks.yaml

@@ -1,6 +1,6 @@
 # The following job will be used as Helm pre-delete hook. It executes a small go-client binary
 # which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
-# e.g. mutating/validating webhooks, within operator's recoinciling loop and 
+# e.g. mutating/validating webhooks, within operator's recoinciling loop and
 # preventing operator cluster object remainings while using helm uninstall
 apiVersion: batch/v1
 kind: Job
@@ -17,9 +17,9 @@ spec:
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets:
       {{- range .Values.imagePullSecrets }}
-      - name: {{ . }}
+        - name: {{ . }}
+      {{- end }}
       {{- end }}
-      {{- end }}      
       containers:
         - name: cleanup
           image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
@@ -30,4 +30,4 @@ spec:
             - {{ .Release.Namespace }}
       restartPolicy: Never
   backoffLimit: 2
-      
+      

sriov-network-operator-chart/templates/role.yaml

@@ -28,15 +28,6 @@ rules:
       - statefulsets
     verbs:
       - '*'
-  - apiGroups:
-      - networking.k8s.io
-    resources:
-      - networkpolicies
-    verbs:
-      - get
-      - create
-      - update
-      - delete
   - apiGroups:
       - monitoring.coreos.com
     resources:
@@ -144,4 +135,4 @@ rules:
     resources:
       - configmaps
     verbs:
-      - get
+      - get

sriov-network-operator-chart/templates/rolebinding.yaml

@@ -41,4 +41,4 @@ subjects:
 roleRef:
   kind: Role
   name: operator-webhook-sa
-  apiGroup: rbac.authorization.k8s.io
+  apiGroup: rbac.authorization.k8s.io

sriov-network-operator-chart/templates/secrets.yaml

@@ -0,0 +1,19 @@
+{{- if not .Values.cert_manager -}}
+{{- if .Values.operator.enableAdmissionController }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: operator-webhook-service
+  namespace: {{ .Release.Namespace }}
+data: {{ include "sriov_operator_cert" . | nindent 2 }}
+{{- end }}
+---
+{{- if .Values.operator.enableAdmissionController }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: network-resources-injector-secret
+  namespace: {{ .Release.Namespace }}
+data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
+{{- end }}
+{{- end }}

sriov-network-operator-chart/templates/serviceaccount.yaml

@@ -12,4 +12,4 @@ metadata:
   name: sriov-network-config-daemon
   namespace: {{ .Release.Namespace }}
   labels:
-  {{- include "sriov-network-operator.labels" . | nindent 4 }}
+  {{- include "sriov-network-operator.labels" . | nindent 4 }}