suse-edge/Factory
SHA256
14
0
Fork 14
Code Issues Pull Requests 5 Actions Packages Projects Releases Wiki Activity

[3.3.0] - update sriov to 1.5.0 #142

Merged
dprodanov merged 1 commits from dprodanov/Factory:sriov-1-5-0 into main 2025-05-08 10:38:10 +02:00
Conversation 1 Commits 1 Files Changed 51 +2346 -2266
51 changed files with 2346 additions and 2266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% #!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0 #!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.5.0
annotations: annotations:
catalog.cattle.io/experimental: "true" catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true" catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator description: Installs the CRDs for the SR-IOV operator
name: sriov-crd name: sriov-crd
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0" version: "%%CHART_MAJOR%%.0.0+up1.5.0"

178
sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml
View File

@@ -14,92 +14,92 @@ spec:
singular: ovsnetwork singular: ovsnetwork
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: OVSNetwork is the Schema for the ovsnetworks API description: OVSNetwork is the Schema for the ovsnetworks API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: OVSNetworkSpec defines the desired state of OVSNetwork description: OVSNetworkSpec defines the desired state of OVSNetwork
properties: properties:
bridge: bridge:
description: |- description: |-
name of the OVS bridge, if not set OVS will automatically select bridge name of the OVS bridge, if not set OVS will automatically select bridge
based on VF PCI address based on VF PCI address
type: string type: string
capabilities: capabilities:
description: |- description: |-
Capabilities to be configured for this network. Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}' Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string type: string
interfaceType: interfaceType:
description: The type of interface on ovs. description: The type of interface on ovs.
type: string type: string
ipam: ipam:
description: IPAM configuration to be used for this network. description: IPAM configuration to be used for this network.
type: string type: string
metaPlugins: metaPlugins:
description: MetaPluginsConfig configuration to be used in order to description: MetaPluginsConfig configuration to be used in order to
chain metaplugins chain metaplugins
type: string type: string
mtu: mtu:
description: Mtu for the OVS port description: Mtu for the OVS port
type: integer type: integer
networkNamespace: networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource description: Namespace of the NetworkAttachmentDefinition custom resource
type: string type: string
resourceName: resourceName:
description: OVS Network device plugin endpoint resource name description: OVS Network device plugin endpoint resource name
type: string type: string
trunk: trunk:
description: Trunk configuration for the OVS port description: Trunk configuration for the OVS port
items: items:
description: TrunkConfig contains configuration for bridge trunk description: TrunkConfig contains configuration for bridge trunk
properties: properties:
id: id:
maximum: 4095 maximum: 4095
minimum: 0 minimum: 0
type: integer type: integer
maxID: maxID:
maximum: 4095 maximum: 4095
minimum: 0 minimum: 0
type: integer type: integer
minID: minID:
maximum: 4095 maximum: 4095
minimum: 0 minimum: 0
type: integer type: integer
type: object type: object
type: array type: array
vlan: vlan:
description: Vlan to assign for the OVS port description: Vlan to assign for the OVS port
maximum: 4095 maximum: 4095
minimum: 0 minimum: 0
type: integer type: integer
required: required:
- resourceName - resourceName
type: object type: object
status: status:
description: OVSNetworkStatus defines the observed state of OVSNetwork description: OVSNetworkStatus defines the observed state of OVSNetwork
type: object type: object
type: object type: object
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}

124
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml
View File

@@ -14,65 +14,65 @@ spec:
singular: sriovibnetwork singular: sriovibnetwork
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovIBNetwork is the Schema for the sriovibnetworks API description: SriovIBNetwork is the Schema for the sriovibnetworks API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
properties: properties:
capabilities: capabilities:
description: |- description: |-
Capabilities to be configured for this network. Capabilities to be configured for this network.
Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}' Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}'
type: string type: string
ipam: ipam:
description: IPAM configuration to be used for this network. description: IPAM configuration to be used for this network.
type: string type: string
linkState: linkState:
description: VF link state (enable|disable|auto) description: VF link state (enable|disable|auto)
enum: enum:
- auto - auto
- enable - enable
- disable - disable
type: string type: string
metaPlugins: metaPlugins:
description: |- description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator. by the operator.
type: string type: string
networkNamespace: networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource description: Namespace of the NetworkAttachmentDefinition custom resource
type: string type: string
resourceName: resourceName:
description: SRIOV Network device plugin endpoint resource name description: SRIOV Network device plugin endpoint resource name
type: string type: string
required: required:
- resourceName - resourceName
type: object type: object
status: status:
description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
type: object type: object
type: object type: object
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}

384
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml
View File

@@ -14,196 +14,200 @@ spec:
singular: sriovnetworknodepolicy singular: sriovnetworknodepolicy
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
API API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
properties: properties:
bridge: bridge:
description: |- description: |-
contains bridge configuration for matching PFs, contains bridge configuration for matching PFs,
valid only for eSwitchMode==switchdev valid only for eSwitchMode==switchdev
properties: properties:
ovs: ovs:
description: contains configuration for the OVS bridge, description: contains configuration for the OVS bridge,
properties: properties:
bridge: bridge:
description: contains bridge level settings description: contains bridge level settings
properties: properties:
datapathType: datapathType:
description: configure datapath_type field in the Bridge description: configure datapath_type field in the Bridge
table in OVSDB table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string type: string
description: IDs to inject to external_ids field in the externalIDs:
Bridge table in OVSDB additionalProperties:
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
uplink:
description: contains settings for uplink (PF)
properties:
interface:
description: contains settings for PF interface in the
OVS bridge
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface table
in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface table
in OVSDB
type: object
type:
description: type field in the Interface table in
OVSDB
type: string type: string
type: object description: IDs to inject to external_ids field in the
type: object Bridge table in OVSDB
type: object type: object
type: object otherConfig:
deviceType: additionalProperties:
default: netdevice type: string
description: The driver type for configured VFs. Allowed value "netdevice", description: additional options to inject to other_config
"vfio-pci". Defaults to netdevice. field in the bridge table in OVSDB
enum: type: object
- netdevice type: object
- vfio-pci uplink:
type: string description: contains settings for uplink (PF)
eSwitchMode: properties:
description: NIC Device Mode. Allowed value "legacy","switchdev". interface:
enum: description: contains settings for PF interface in the
- legacy OVS bridge
- switchdev properties:
type: string externalIDs:
excludeTopology: additionalProperties:
description: Exclude device's NUMA node when advertising this resource type: string
by SRIOV network device plugin. Default to false. description: external_ids field in the Interface table
type: boolean in OVSDB
externallyManaged: type: object
description: don't create the virtual function only allocated them mtuRequest:
to the device plugin. Defaults to false. description: mtu_request field in the Interface table
type: boolean in OVSDB
isRdma: type: integer
description: RDMA mode. Defaults to false. options:
type: boolean additionalProperties:
linkType: type: string
description: NIC Link Type. Allowed value "eth", "ETH", "ib", and description: options field in the Interface table
"IB". in OVSDB
enum: type: object
- eth otherConfig:
- ETH additionalProperties:
- ib type: string
- IB description: other_config field in the Interface table
type: string in OVSDB
mtu: type: object
description: MTU of VF type:
minimum: 1 description: type field in the Interface table in
type: integer OVSDB
needVhostNet: type: string
description: mount vhost-net device. Defaults to false. type: object
type: boolean type: object
nicSelector: type: object
description: NicSelector selects the NICs to be configured type: object
properties: deviceType:
deviceID: default: netdevice
description: The device hex code of SR-IoV device. Allowed value description: The driver type for configured VFs. Allowed value "netdevice",
"0d58", "1572", "158b", "1013", "1015", "1017", "101b". "vfio-pci". Defaults to netdevice.
type: string enum:
netFilter: - netdevice
description: Infrastructure Networking selection filter. Allowed - vfio-pci
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
type: string type: string
description: NodeSelector selects the nodes to be configured eSwitchMode:
type: object description: NIC Device Mode. Allowed value "legacy","switchdev".
numVfs: enum:
description: Number of VFs for each PF - legacy
minimum: 0 - switchdev
type: integer type: string
priority: excludeTopology:
description: Priority of the policy, higher priority policies can description: Exclude device's NUMA node when advertising this resource
override lower ones. by SRIOV network device plugin. Default to false.
maximum: 99 type: boolean
minimum: 0 externallyManaged:
type: integer description: don't create the virtual function only allocated them
resourceName: to the device plugin. Defaults to false.
description: SRIOV Network device plugin endpoint resource name type: boolean
type: string isRdma:
vdpaType: description: RDMA mode. Defaults to false.
description: VDPA device type. Allowed value "virtio", "vhost" type: boolean
enum: linkType:
- virtio description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
- vhost "IB".
type: string enum:
required: - eth
- nicSelector - ETH
- nodeSelector - ib
- numVfs - IB
- resourceName type: string
type: object mtu:
status: description: MTU of VF
description: SriovNetworkNodePolicyStatus defines the observed state of minimum: 1
SriovNetworkNodePolicy type: integer
type: object needVhostNet:
type: object description: mount vhost-net device. Defaults to false.
served: true type: boolean
storage: true nicSelector:
subresources: description: NicSelector selects the NICs to be configured
status: {} properties:
deviceID:
description: The device hex code of SR-IoV device. Allowed value
"0d58", "1572", "158b", "1013", "1015", "1017", "101b".
type: string
netFilter:
description: Infrastructure Networking selection filter. Allowed
value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type: string
pfNames:
description: Name of SR-IoV PF.
items:
type: string
type: array
rootDevices:
description: PCI address of SR-IoV PF.
items:
type: string
type: array
vendor:
description: The vendor hex code of SR-IoV device. Allowed value
"8086", "15b3".
type: string
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector selects the nodes to be configured
type: object
numVfs:
description: Number of VFs for each PF
minimum: 0
type: integer
priority:
description: Priority of the policy, higher priority policies can
override lower ones.
maximum: 99
minimum: 0
type: integer
resourceName:
description: SRIOV Network device plugin endpoint resource name
type: string
vdpaType:
description: VDPA device type. Allowed value "virtio", "vhost"
enum:
- virtio
- vhost
type: string
required:
- nicSelector
- nodeSelector
- numVfs
- resourceName
type: object
status:
description: SriovNetworkNodePolicyStatus defines the observed state of
SriovNetworkNodePolicy
type: object
type: object
served: true
storage: true
subresources:
status: {}

656
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml
View File

@@ -14,330 +14,356 @@ spec:
singular: sriovnetworknodestate singular: sriovnetworknodestate
scope: Namespaced scope: Namespaced
versions: versions:
- additionalPrinterColumns: - additionalPrinterColumns:
- jsonPath: .status.syncStatus - jsonPath: .status.syncStatus
name: Sync Status name: Sync Status
type: string type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state
name: Desired Sync State name: Desired Sync State
type: string type: string
- jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state
name: Current Sync State name: Current Sync State
type: string type: string
- jsonPath: .metadata.creationTimestamp - jsonPath: .metadata.creationTimestamp
name: Age name: Age
type: date type: date
name: v1 name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
API API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
properties: properties:
bridges: bridges:
description: Bridges contains list of bridges description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties: properties:
eSwitchMode: ovs:
type: string
externallyManaged:
type: boolean
linkType:
type: string
mtu:
type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
items: items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties: properties:
deviceType: bridge:
type: string description: bridge-level configuration for the bridge
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
type: string
type: object
type: array
required:
- pciAddress
type: object
type: array
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties: properties:
interface: datapathType:
description: configuration from the Interface OVS description: configure datapath_type field in the Bridge
table for the PF table in OVSDB
properties: type: string
externalIDs: externalIDs:
additionalProperties: additionalProperties:
type: string type: string
description: external_ids field in the Interface description: IDs to inject to external_ids field in
table in OVSDB the Bridge table in OVSDB
type: object type: object
options: otherConfig:
additionalProperties: additionalProperties:
type: string type: string
description: options field in the Interface table description: additional options to inject to other_config
in OVSDB field in the bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name: name:
description: name of the bridge
type: string type: string
pciAddress: uplinks:
type: string description: |-
representorName: uplink-level bridge configuration for each uplink(PF).
type: string currently must contain only one element
vdpaType: items:
type: string description: OVSUplinkConfigExt contains configuration
vendor: for the concrete OVS uplink(PF)
type: string properties:
vfID: interface:
type: integer description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required: required:
- pciAddress - name
- vfID
type: object type: object
type: array type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object type: object
type: array interfaces:
lastSyncError: items:
type: string properties:
syncStatus: eSwitchMode:
type: string type: string
type: object externallyManaged:
type: object type: boolean
served: true linkType:
storage: true type: string
subresources: mtu:
status: {} type: integer
name:
type: string
numVfs:
type: integer
pciAddress:
type: string
vfGroups:
items:
properties:
deviceType:
type: string
isRdma:
type: boolean
mtu:
type: integer
policyName:
type: string
resourceName:
type: string
vdpaType:
type: string
vfRange:
type: string
type: object
type: array
required:
- pciAddress
type: object
type: array
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
SriovNetworkNodeState
properties:
bridges:
description: Bridges contains list of bridges
properties:
ovs:
items:
description: OVSConfigExt contains configuration for the concrete
OVS bridge
properties:
bridge:
description: bridge-level configuration for the bridge
properties:
datapathType:
description: configure datapath_type field in the Bridge
table in OVSDB
type: string
externalIDs:
additionalProperties:
type: string
description: IDs to inject to external_ids field in
the Bridge table in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: additional options to inject to other_config
field in the bridge table in OVSDB
type: object
type: object
name:
description: name of the bridge
type: string
uplinks:
description: |-
uplink-level bridge configuration for each uplink(PF).
currently must contain only one element
items:
description: OVSUplinkConfigExt contains configuration
for the concrete OVS uplink(PF)
properties:
interface:
description: configuration from the Interface OVS
table for the PF
properties:
externalIDs:
additionalProperties:
type: string
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
description: options field in the Interface table
in OVSDB
type: object
otherConfig:
additionalProperties:
type: string
description: other_config field in the Interface
table in OVSDB
type: object
type:
description: type field in the Interface table
in OVSDB
type: string
type: object
name:
description: name of the PF interface
type: string
pciAddress:
description: pci address of the PF
type: string
required:
- pciAddress
type: object
type: array
required:
- name
type: object
type: array
type: object
interfaces:
items:
properties:
Vfs:
items:
properties:
Vlan:
type: integer
assigned:
type: string
deviceID:
type: string
driver:
type: string
guid:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
pciAddress:
type: string
representorName:
type: string
vdpaType:
type: string
vendor:
type: string
vfID:
type: integer
required:
- pciAddress
- vfID
type: object
type: array
deviceID:
type: string
driver:
type: string
eSwitchMode:
type: string
externallyManaged:
type: boolean
linkAdminState:
type: string
linkSpeed:
type: string
linkType:
type: string
mac:
type: string
mtu:
type: integer
name:
type: string
netFilter:
type: string
numVfs:
type: integer
pciAddress:
type: string
totalvfs:
type: integer
vendor:
type: string
required:
- pciAddress
type: object
type: array
lastSyncError:
type: string
syncStatus:
type: string
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}

210
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -14,110 +14,116 @@ spec:
singular: sriovnetworkpoolconfig singular: sriovnetworkpoolconfig
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs
API API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig
properties: properties:
maxUnavailable: maxUnavailable:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: |- description: |-
maxUnavailable defines either an integer number or percentage maxUnavailable defines either an integer number or percentage
of nodes in the pool that can go Unavailable during an update. of nodes in the pool that can go Unavailable during an update.
A value larger than 1 will mean multiple nodes going unavailable during A value larger than 1 will mean multiple nodes going unavailable during
the update, which may affect your workload stress on the remaining nodes. the update, which may affect your workload stress on the remaining nodes.
Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards,
even if maxUnavailable is greater than one. even if maxUnavailable is greater than one.
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
nodeSelector: nodeSelector:
description: nodeSelector specifies a label selector for Nodes description: nodeSelector specifies a label selector for Nodes
properties: properties:
matchExpressions: matchExpressions:
description: matchExpressions is a list of label selector requirements. description: matchExpressions is a list of label selector requirements.
The requirements are ANDed. The requirements are ANDed.
items: items:
description: |- description: |-
A label selector requirement is a selector that contains values, a key, and an operator that A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values. relates the key and values.
properties: properties:
key: key:
description: key is the label key that the selector applies description: key is the label key that the selector applies
to. to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string type: string
type: array operator:
required: description: |-
- key operator represents a key's relationship to a set of values.
- operator Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object type: object
type: array type: object
matchLabels: x-kubernetes-map-type: atomic
additionalProperties: ovsHardwareOffloadConfig:
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration
for selected Nodes
properties:
name:
description: |-
Name is mandatory and must be unique.
On Kubernetes:
Name is the name of OvsHardwareOffloadConfig
On OpenShift:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string type: string
description: |- type: object
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels rdmaMode:
map is equivalent to an element of matchExpressions, whose key field is "key", the description: RDMA subsystem. Allowed value "shared", "exclusive".
operator is "In", and the values array contains only "value". The requirements are ANDed. enum:
type: object - shared
type: object - exclusive
x-kubernetes-map-type: atomic type: string
ovsHardwareOffloadConfig: type: object
description: OvsHardwareOffloadConfig describes the OVS HWOL configuration status:
for selected Nodes description: SriovNetworkPoolConfigStatus defines the observed state of
properties: SriovNetworkPoolConfig
name: type: object
description: |- type: object
Name is mandatory and must be unique. served: true
On Kubernetes: storage: true
Name is the name of OvsHardwareOffloadConfig subresources:
On OpenShift: status: {}
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
type: object
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of
SriovNetworkPoolConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}

240
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml
View File

@@ -14,123 +14,123 @@ spec:
singular: sriovnetwork singular: sriovnetwork
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovNetwork is the Schema for the sriovnetworks API description: SriovNetwork is the Schema for the sriovnetworks API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovNetworkSpec defines the desired state of SriovNetwork description: SriovNetworkSpec defines the desired state of SriovNetwork
properties: properties:
capabilities: capabilities:
description: |- description: |-
Capabilities to be configured for this network. Capabilities to be configured for this network.
Capabilities supported: (mac|ips), e.g. '{"mac": true}' Capabilities supported: (mac|ips), e.g. '{"mac": true}'
type: string type: string
ipam: ipam:
description: IPAM configuration to be used for this network. description: IPAM configuration to be used for this network.
type: string type: string
linkState: linkState:
description: VF link state (enable|disable|auto) description: VF link state (enable|disable|auto)
enum: enum:
- auto - auto
- enable - enable
- disable - disable
type: string type: string
logFile: logFile:
description: |- description: |-
LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus
to multus and container runtime logs. to multus and container runtime logs.
type: string type: string
logLevel: logLevel:
default: info default: info
description: |- description: |-
LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults
to info if left blank. to info if left blank.
enum: enum:
- panic - panic
- error - error
- warning - warning
- info - info
- debug - debug
- "" - ""
type: string type: string
maxTxRate: maxTxRate:
description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting) rate limiting)
minimum: 0 minimum: 0
type: integer type: integer
metaPlugins: metaPlugins:
description: |- description: |-
MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned
by the operator. by the operator.
type: string type: string
minTxRate: minTxRate:
description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
rate limiting). min_tx_rate should be <= max_tx_rate. rate limiting). min_tx_rate should be <= max_tx_rate.
minimum: 0 minimum: 0
type: integer type: integer
networkNamespace: networkNamespace:
description: Namespace of the NetworkAttachmentDefinition custom resource description: Namespace of the NetworkAttachmentDefinition custom resource
type: string type: string
resourceName: resourceName:
description: SRIOV Network device plugin endpoint resource name description: SRIOV Network device plugin endpoint resource name
type: string type: string
spoofChk: spoofChk:
description: VF spoof check, (on|off) description: VF spoof check, (on|off)
enum: enum:
- "on" - "on"
- "off" - "off"
type: string type: string
trust: trust:
description: VF trust mode (on|off) description: VF trust mode (on|off)
enum: enum:
- "on" - "on"
- "off" - "off"
type: string type: string
vlan: vlan:
description: VLAN ID to assign for the VF. Defaults to 0. description: VLAN ID to assign for the VF. Defaults to 0.
maximum: 4096 maximum: 4096
minimum: 0 minimum: 0
type: integer type: integer
vlanProto: vlanProto:
description: VLAN proto to assign for the VF. Defaults to 802.1q. description: VLAN proto to assign for the VF. Defaults to 802.1q.
enum: enum:
- 802.1q - 802.1q
- 802.1Q - 802.1Q
- 802.1ad - 802.1ad
- 802.1AD - 802.1AD
type: string type: string
vlanQoS: vlanQoS:
description: VLAN QoS ID to assign for the VF. Defaults to 0. description: VLAN QoS ID to assign for the VF. Defaults to 0.
maximum: 7 maximum: 7
minimum: 0 minimum: 0
type: integer type: integer
required: required:
- resourceName - resourceName
type: object type: object
status: status:
description: SriovNetworkStatus defines the observed state of SriovNetwork description: SriovNetworkStatus defines the observed state of SriovNetwork
type: object type: object
type: object type: object
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}

190
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml
View File

@@ -14,101 +14,101 @@ spec:
singular: sriovoperatorconfig singular: sriovoperatorconfig
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1 - name: v1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
API API
properties: properties:
apiVersion: apiVersion:
description: |- description: |-
APIVersion defines the versioned schema of this representation of an object. APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string type: string
kind: kind:
description: |- description: |-
Kind is a string value representing the REST resource this object represents. Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to. Servers may infer this from the endpoint the client submits requests to.
Cannot be updated. Cannot be updated.
In CamelCase. In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
properties: properties:
configDaemonNodeSelector: configDaemonNodeSelector:
additionalProperties: additionalProperties:
type: string type: string
description: NodeSelector selects the nodes to be configured description: NodeSelector selects the nodes to be configured
type: object type: object
configurationMode: configurationMode:
description: |- description: |-
Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot
Default mode: daemon Default mode: daemon
enum:
- daemon
- systemd
type: string
disableDrain:
description: Flag to disable nodes drain during debugging
type: boolean
disablePlugins:
description: DisablePlugins is a list of sriov-network-config-daemon
plugins to disable
items:
description: PluginNameValue defines the plugin name
enum: enum:
- mellanox - daemon
- systemd
type: string type: string
type: array disableDrain:
enableInjector: description: Flag to disable nodes drain during debugging
description: Flag to control whether the network resource injector
webhook shall be deployed
type: boolean
enableOperatorWebhook:
description: Flag to control whether the operator admission controller
webhook shall be deployed
type: boolean
enableOvsOffload:
description: Flag to enable OVS hardware offload. Set to 'true' to
provision switchdev-configuration.service and enable OpenvSwitch
hw-offload on nodes.
type: boolean
featureGates:
additionalProperties:
type: boolean type: boolean
description: FeatureGates to enable experimental features disablePlugins:
type: object description: DisablePlugins is a list of sriov-network-config-daemon
logLevel: plugins to disable
description: Flag to control the log verbose level of the operator. items:
Set to '0' to show only the basic logs. And set to '2' to show all description: PluginNameValue defines the plugin name
the available logs. enum:
maximum: 2 - mellanox
minimum: 0 type: string
type: integer type: array
useCDI: enableInjector:
description: Flag to enable Container Device Interface mode for SR-IOV description: Flag to control whether the network resource injector
Network Device Plugin webhook shall be deployed
type: boolean type: boolean
type: object enableOperatorWebhook:
status: description: Flag to control whether the operator admission controller
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig webhook shall be deployed
properties: type: boolean
injector: enableOvsOffload:
description: Show the runtime status of the network resource injector description: Flag to enable OVS hardware offload. Set to 'true' to
webhook provision switchdev-configuration.service and enable OpenvSwitch
type: string hw-offload on nodes.
operatorWebhook: type: boolean
description: Show the runtime status of the operator admission controller featureGates:
webhook additionalProperties:
type: string type: boolean
type: object description: FeatureGates to enable experimental features
type: object type: object
served: true logLevel:
storage: true description: Flag to control the log verbose level of the operator.
subresources: Set to '0' to show only the basic logs. And set to '2' to show all
status: {} the available logs.
maximum: 2
minimum: 0
type: integer
useCDI:
description: Flag to enable Container Device Interface mode for SR-IOV
Network Device Plugin
type: boolean
type: object
status:
description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
properties:
injector:
description: Show the runtime status of the network resource injector
webhook
type: string
operatorWebhook:
description: Show the runtime status of the operator admission controller
webhook
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

24
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,28 +1,28 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE% #!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0 #!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.5.0
annotations: annotations:
catalog.cattle.io/auto-install: sriov-crd=match catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true" catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.4.0 catalog.cattle.io/upstream-version: 1.5.0
apiVersion: v2 apiVersion: v2
appVersion: v1.4.0 appVersion: v1.5.0
dependencies: dependencies:
- condition: sriov-nfd.enabled - condition: sriov-nfd.enabled
name: sriov-nfd name: sriov-nfd
repository: file://./charts/sriov-nfd repository: file://./charts/sriov-nfd
version: 0.15.7 version: 0.15.7
description: SR-IOV network operator configures and manages SR-IOV networks in the description: SR-IOV network operator configures and manages SR-IOV networks in the
kubernetes cluster kubernetes cluster
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords: keywords:
- sriov - sriov
kubeVersion: '>= 1.16.0-0' kubeVersion: '>= 1.24.0-0'
name: sriov-network-operator name: sriov-network-operator
sources: sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator - https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0" version: "%%CHART_MAJOR%%.0.0+up1.5.0"

14
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo #### Deploy from OCI repo
``` ```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
``` ```
#### Deploy from project sources #### Deploy from project sources
@@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se
$ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator $ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator
# Install Operator # Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator $ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart
# View deployed resources # View deployed resources
$ kubectl -n sriov-network-operator get pods $ kubectl -n sriov-network-operator get pods
@@ -123,10 +123,16 @@ This section contains general parameters that apply to both the operator and dae
| Name | Type | Default | description | | Name | Type | Default | description |
| ---- | ---- | ------- | ----------- | | ---- | ---- | ------- | ----------- |
| `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource | | `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node slectors for sriov-network-config-daemon | | `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node selectors for sriov-network-config-daemon |
| `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon | | `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon |
| `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason | | `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason |
| `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` | | `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
| `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
**Note**
When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
### Images parameters ### Images parameters
@@ -148,4 +154,4 @@ Please note that any resources deployed using the `extraDeploy` in this Helm cha
| Name | description | | Name | description |
| ---- | ------------| | ---- | ------------|
|`extraDeploy`| Array of extra objects to deploy with the release | |`extraDeploy`| Array of extra objects to deploy with the release |

5
sriov-network-operator-chart/app-README.md
View File

@@ -4,10 +4,9 @@ This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator
The chart installs the following components: The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin - SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node - SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`. Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs. The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

2
sriov-network-operator-chart/charts/sriov-nfd/.helmignore
View File

@@ -20,4 +20,4 @@
.project .project
.idea/ .idea/
*.tmproj *.tmproj
.vscode/ .vscode/

10
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -4,11 +4,11 @@ description: Detects hardware features available on each node in a Kubernetes cl
and advertises those features using node labels and advertises those features using node labels
home: https://github.com/kubernetes-sigs/node-feature-discovery home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords: keywords:
- feature-discovery - feature-discovery
- feature-detection - feature-detection
- node-labels - node-labels
name: sriov-nfd name: sriov-nfd
sources: sources:
- https://github.com/kubernetes-sigs/node-feature-discovery - https://github.com/kubernetes-sigs/node-feature-discovery
type: application type: application
version: 0.15.7 version: 0.15.7

2
sriov-network-operator-chart/charts/sriov-nfd/README.md
View File

@@ -7,4 +7,4 @@ range of vendor and application specific node labeling needs.
See See
[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html) [NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html)
for deployment instructions. for deployment instructions.

676
sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml
View File

@@ -14,100 +14,100 @@ spec:
singular: nodefeature singular: nodefeature
scope: Namespaced scope: Namespaced
versions: versions:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: NodeFeature resource holds the features discovered for one node description: NodeFeature resource holds the features discovered for one node
in the cluster. in the cluster.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: NodeFeatureSpec describes a NodeFeature object. description: NodeFeatureSpec describes a NodeFeature object.
properties: properties:
features: features:
description: Features is the full "raw" features data that has been description: Features is the full "raw" features data that has been
discovered. discovered.
properties: properties:
attributes: attributes:
additionalProperties: additionalProperties:
description: AttributeFeatureSet is a set of features having description: AttributeFeatureSet is a set of features having
string value. string value.
properties: properties:
elements: elements:
additionalProperties: additionalProperties:
type: string type: string
type: object
required:
- elements
type: object
description: Attributes contains all the attribute-type features
of the node.
type: object
flags:
additionalProperties:
description: FlagFeatureSet is a set of simple features only
containing names without values.
properties:
elements:
additionalProperties:
description: Nil is a dummy empty struct for protobuf
compatibility
type: object type: object
type: object required:
required: - elements
- elements type: object
description: Attributes contains all the attribute-type features
of the node.
type: object type: object
description: Flags contains all the flag-type features of the flags:
node. additionalProperties:
type: object description: FlagFeatureSet is a set of simple features only
instances: containing names without values.
additionalProperties: properties:
description: InstanceFeatureSet is a set of features each of elements:
which is an instance having multiple attributes. additionalProperties:
properties: description: Nil is a dummy empty struct for protobuf
elements: compatibility
items: type: object
description: InstanceFeature represents one instance of
a complex features, e.g. a device.
properties:
attributes:
additionalProperties:
type: string
type: object
required:
- attributes
type: object type: object
type: array required:
required: - elements
- elements type: object
description: Flags contains all the flag-type features of the
node.
type: object type: object
description: Instances contains all the instance-type features instances:
of the node. additionalProperties:
type: object description: InstanceFeatureSet is a set of features each of
type: object which is an instance having multiple attributes.
labels: properties:
additionalProperties: elements:
type: string items:
description: Labels is the set of node labels that are requested to description: InstanceFeature represents one instance of
be created. a complex features, e.g. a device.
type: object properties:
type: object attributes:
required: additionalProperties:
- spec type: string
type: object type: object
served: true required:
storage: true - attributes
type: object
type: array
required:
- elements
type: object
description: Instances contains all the instance-type features
of the node.
type: object
type: object
labels:
additionalProperties:
type: string
description: Labels is the set of node labels that are requested to
be created.
type: object
type: object
required:
- spec
type: object
served: true
storage: true
--- ---
apiVersion: apiextensions.k8s.io/v1 apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
@@ -122,127 +122,184 @@ spec:
listKind: NodeFeatureRuleList listKind: NodeFeatureRuleList
plural: nodefeaturerules plural: nodefeaturerules
shortNames: shortNames:
- nfr - nfr
singular: nodefeaturerule singular: nodefeaturerule
scope: Cluster scope: Cluster
versions: versions:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: NodeFeatureRule resource specifies a configuration for feature-based description: NodeFeatureRule resource specifies a configuration for feature-based
customization of node objects, such as node labeling. customization of node objects, such as node labeling.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string type: string
kind: kind:
description: 'Kind is a string value representing the REST resource this description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
spec: spec:
description: NodeFeatureRuleSpec describes a NodeFeatureRule. description: NodeFeatureRuleSpec describes a NodeFeatureRule.
properties: properties:
rules: rules:
description: Rules is a list of node customization rules. description: Rules is a list of node customization rules.
items: items:
description: Rule defines a rule for node customization such as description: Rule defines a rule for node customization such as
labeling. labeling.
properties: properties:
annotations: annotations:
additionalProperties: additionalProperties:
type: string
description: Annotations to create if the rule matches.
type: object
extendedResources:
additionalProperties:
type: string
description: ExtendedResources to create if the rule matches.
type: object
labels:
additionalProperties:
type: string
description: Labels to create if the rule matches.
type: object
labelsTemplate:
description: LabelsTemplate specifies a template to expand for
dynamically generating multiple labels. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string type: string
description: Annotations to create if the rule matches. matchAny:
type: object description: MatchAny specifies a list of matchers one of which
extendedResources: must match.
additionalProperties: items:
type: string description: MatchAnyElem specifies one sub-matcher of MatchAny.
description: ExtendedResources to create if the rule matches. properties:
type: object matchFeatures:
labels: description: MatchFeatures specifies a set of matcher
additionalProperties: terms all of which must match.
type: string items:
description: Labels to create if the rule matches. description: FeatureMatcherTerm defines requirements
type: object against one feature set. All requirements (specified
labelsTemplate: as MatchExpressions) are evaluated against each element
description: LabelsTemplate specifies a template to expand for in the feature set.
dynamically generating multiple labels. Data (after template properties:
expansion) must be keys with an optional value (<key>[=<value>]) feature:
separated by newlines. description: Feature is the name of the feature
type: string set to match against.
matchAny: type: string
description: MatchAny specifies a list of matchers one of which matchExpressions:
must match. additionalProperties:
items: description: MatchExpression specifies an expression
description: MatchAnyElem specifies one sub-matcher of MatchAny. to evaluate against a set of input values. It
properties: contains an operator that is applied when matching
matchFeatures: the input and an array of values that the operator
description: MatchFeatures specifies a set of matcher evaluates the input against.
terms all of which must match. properties:
items: op:
description: FeatureMatcherTerm defines requirements description: Op is the operator to be applied.
against one feature set. All requirements (specified enum:
as MatchExpressions) are evaluated against each element - In
in the feature set. - NotIn
properties: - InRegexp
feature: - Exists
description: Feature is the name of the feature - DoesNotExist
set to match against. - Gt
type: string - Lt
matchExpressions: - GtLt
additionalProperties: - IsTrue
description: MatchExpression specifies an expression - IsFalse
to evaluate against a set of input values. It type: string
contains an operator that is applied when matching value:
the input and an array of values that the operator description: Value is the list of values that
evaluates the input against. the operand evaluates the input against.
Value should be empty if the operator is
Exists, DoesNotExist, IsTrue or IsFalse.
Value should contain exactly one element
if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In
other cases Value should contain at least
one element.
items:
type: string
type: array
required:
- op
type: object
description: MatchExpressions is the set of per-element
expressions evaluated. These match against the
value of the specified elements.
type: object
matchName:
description: MatchName in an expression that is
matched against the name of each element in the
feature set.
properties: properties:
op: op:
description: Op is the operator to be applied. description: Op is the operator to be applied.
enum: enum:
- In - In
- NotIn - NotIn
- InRegexp - InRegexp
- Exists - Exists
- DoesNotExist - DoesNotExist
- Gt - Gt
- Lt - Lt
- GtLt - GtLt
- IsTrue - IsTrue
- IsFalse - IsFalse
type: string type: string
value: value:
description: Value is the list of values that description: Value is the list of values that
the operand evaluates the input against. the operand evaluates the input against. Value
Value should be empty if the operator is should be empty if the operator is Exists,
Exists, DoesNotExist, IsTrue or IsFalse. DoesNotExist, IsTrue or IsFalse. Value should
Value should contain exactly one element contain exactly one element if the operator
if the operator is Gt or Lt and exactly is Gt or Lt and exactly two elements if the
two elements if the operator is GtLt. In operator is GtLt. In other cases Value should
other cases Value should contain at least contain at least one element.
one element.
items: items:
type: string type: string
type: array type: array
required: required:
- op - op
type: object type: object
description: MatchExpressions is the set of per-element required:
expressions evaluated. These match against the - feature
value of the specified elements. type: object
type: object type: array
matchName: required:
description: MatchName in an expression that is - matchFeatures
matched against the name of each element in the type: object
feature set. type: array
properties: matchFeatures:
op: description: MatchFeatures specifies a set of matcher terms
description: Op is the operator to be applied. all of which must match.
enum: items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
properties:
op:
description: Op is the operator to be applied.
enum:
- In - In
- NotIn - NotIn
- InRegexp - InRegexp
@@ -253,63 +310,42 @@ spec:
- GtLt - GtLt
- IsTrue - IsTrue
- IsFalse - IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other
cases Value should contain at least one element.
items:
type: string type: string
value: type: array
description: Value is the list of values that required:
the operand evaluates the input against. Value
should be empty if the operator is Exists,
DoesNotExist, IsTrue or IsFalse. Value should
contain exactly one element if the operator
is Gt or Lt and exactly two elements if the
operator is GtLt. In other cases Value should
contain at least one element.
items:
type: string
type: array
required:
- op - op
type: object type: object
required: description: MatchExpressions is the set of per-element
- feature expressions evaluated. These match against the value
of the specified elements.
type: object type: object
type: array matchName:
required: description: MatchName in an expression that is matched
- matchFeatures against the name of each element in the feature set.
type: object
type: array
matchFeatures:
description: MatchFeatures specifies a set of matcher terms
all of which must match.
items:
description: FeatureMatcherTerm defines requirements against
one feature set. All requirements (specified as MatchExpressions)
are evaluated against each element in the feature set.
properties:
feature:
description: Feature is the name of the feature set to
match against.
type: string
matchExpressions:
additionalProperties:
description: MatchExpression specifies an expression
to evaluate against a set of input values. It contains
an operator that is applied when matching the input
and an array of values that the operator evaluates
the input against.
properties: properties:
op: op:
description: Op is the operator to be applied. description: Op is the operator to be applied.
enum: enum:
- In - In
- NotIn - NotIn
- InRegexp - InRegexp
- Exists - Exists
- DoesNotExist - DoesNotExist
- Gt - Gt
- Lt - Lt
- GtLt - GtLt
- IsTrue - IsTrue
- IsFalse - IsFalse
type: string type: string
value: value:
description: Value is the list of values that the description: Value is the list of values that the
@@ -317,110 +353,74 @@ spec:
be empty if the operator is Exists, DoesNotExist, be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other two elements if the operator is GtLt. In other cases
cases Value should contain at least one element. Value should contain at least one element.
items: items:
type: string type: string
type: array type: array
required: required:
- op - op
type: object type: object
description: MatchExpressions is the set of per-element required:
expressions evaluated. These match against the value - feature
of the specified elements. type: object
type: object type: array
matchName: name:
description: MatchName in an expression that is matched description: Name of the rule.
against the name of each element in the feature set.
properties:
op:
description: Op is the operator to be applied.
enum:
- In
- NotIn
- InRegexp
- Exists
- DoesNotExist
- Gt
- Lt
- GtLt
- IsTrue
- IsFalse
type: string
value:
description: Value is the list of values that the
operand evaluates the input against. Value should
be empty if the operator is Exists, DoesNotExist,
IsTrue or IsFalse. Value should contain exactly
one element if the operator is Gt or Lt and exactly
two elements if the operator is GtLt. In other cases
Value should contain at least one element.
items:
type: string
type: array
required:
- op
type: object
required:
- feature
type: object
type: array
name:
description: Name of the rule.
type: string
taints:
description: Taints to create if the rule matches.
items:
description: The node this Taint is attached to has the "effect"
on any pod that does not tolerate the Taint.
properties:
effect:
description: Required. The effect of the taint on pods
that do not tolerate the taint. Valid effects are NoSchedule,
PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to
a node.
type: string
timeAdded:
description: TimeAdded represents the time at which the
taint was added. It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint
key.
type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
type: string type: string
description: Vars is the variables to store if the rule matches. taints:
Variables do not directly inflict any changes in the node description: Taints to create if the rule matches.
object. However, they can be referenced from other rules enabling items:
more complex rule hierarchies, without exposing intermediary description: The node this Taint is attached to has the "effect"
output values as labels. on any pod that does not tolerate the Taint.
type: object properties:
varsTemplate: effect:
description: VarsTemplate specifies a template to expand for description: Required. The effect of the taint on pods
dynamically generating multiple variables. Data (after template that do not tolerate the taint. Valid effects are NoSchedule,
expansion) must be keys with an optional value (<key>[=<value>]) PreferNoSchedule and NoExecute.
separated by newlines. type: string
type: string key:
required: description: Required. The taint key to be applied to
- name a node.
type: object type: string
type: array timeAdded:
required: description: TimeAdded represents the time at which the
- rules taint was added. It is only written for NoExecute taints.
type: object format: date-time
required: type: string
- spec value:
type: object description: The taint value corresponding to the taint
served: true key.
storage: true type: string
required:
- effect
- key
type: object
type: array
vars:
additionalProperties:
type: string
description: Vars is the variables to store if the rule matches.
Variables do not directly inflict any changes in the node
object. However, they can be referenced from other rules enabling
more complex rule hierarchies, without exposing intermediary
output values as labels.
type: object
varsTemplate:
description: VarsTemplate specifies a template to expand for
dynamically generating multiple variables. Data (after template
expansion) must be keys with an optional value (<key>[=<value>])
separated by newlines.
type: string
required:
- name
type: object
type: array
required:
- rules
type: object
required:
- spec
type: object
served: true
storage: true

2
sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl
View File

@@ -104,4 +104,4 @@ Create the name of the service account which nfd-gc will use
{{- else -}} {{- else -}}
{{ default "default" .Values.gc.serviceAccount.name }} {{ default "default" .Values.gc.serviceAccount.name }}
{{- end -}} {{- end -}}
{{- end -}} {{- end -}}

22
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml
View File

@@ -10,14 +10,14 @@ spec:
secretName: nfd-master-cert secretName: nfd-master-cert
subject: subject:
organizations: organizations:
- node-feature-discovery - node-feature-discovery
commonName: nfd-master commonName: nfd-master
dnsNames: dnsNames:
# must match the service name # must match the service name
- {{ include "node-feature-discovery.fullname" . }}-master - {{ include "node-feature-discovery.fullname" . }}-master
# first one is configured for use by the worker; below are for completeness # first one is configured for use by the worker; below are for completeness
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc
- {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef: issuerRef:
name: nfd-ca-issuer name: nfd-ca-issuer
kind: Issuer kind: Issuer
@@ -34,10 +34,10 @@ spec:
secretName: nfd-worker-cert secretName: nfd-worker-cert
subject: subject:
organizations: organizations:
- node-feature-discovery - node-feature-discovery
commonName: nfd-worker commonName: nfd-worker
dnsNames: dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef: issuerRef:
name: nfd-ca-issuer name: nfd-ca-issuer
kind: Issuer kind: Issuer
@@ -55,14 +55,14 @@ spec:
secretName: nfd-topology-updater-cert secretName: nfd-topology-updater-cert
subject: subject:
organizations: organizations:
- node-feature-discovery - node-feature-discovery
commonName: nfd-topology-updater commonName: nfd-topology-updater
dnsNames: dnsNames:
- {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local
issuerRef: issuerRef:
name: nfd-ca-issuer name: nfd-ca-issuer
kind: Issuer kind: Issuer
group: cert-manager.io group: cert-manager.io
{{- end }} {{- end }}
{{- end }} {{- end }}

12
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,8 +1,8 @@
{{- if .Values.tls.certManager }} {{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers # See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer # - Create a self signed issuer
# - Use this to create a CA cert # - Use this to create a CA cert
# - Use this to now create a CA issuer # - Use this to now create a CA issuer
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Issuer kind: Issuer
@@ -23,7 +23,7 @@ spec:
secretName: nfd-ca-cert secretName: nfd-ca-cert
subject: subject:
organizations: organizations:
- node-feature-discovery - node-feature-discovery
commonName: nfd-ca-cert commonName: nfd-ca-cert
issuerRef: issuerRef:
name: nfd-ca-bootstrap name: nfd-ca-bootstrap
@@ -39,4 +39,4 @@ metadata:
spec: spec:
ca: ca:
secretName: nfd-ca-cert secretName: nfd-ca-cert
{{- end }} {{- end }}

178
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,40 +6,40 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes - nodes
- nodes/status - nodes/status
verbs: verbs:
- get - get
- patch - patch
- update - update
- list - list
- apiGroups: - apiGroups:
- nfd.k8s-sigs.io - nfd.k8s-sigs.io
resources: resources:
- nodefeatures - nodefeatures
- nodefeaturerules - nodefeaturerules
verbs: verbs:
- get - get
- list - list
- watch - watch
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resources: resources:
- leases - leases
verbs: verbs:
- create - create
- apiGroups: - apiGroups:
- coordination.k8s.io - coordination.k8s.io
resources: resources:
- leases - leases
resourceNames: resourceNames:
- "nfd-master.nfd.kubernetes.io" - "nfd-master.nfd.kubernetes.io"
verbs: verbs:
- get - get
- update - update
{{- end }} {{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -51,33 +51,33 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes - nodes
verbs: verbs:
- get - get
- list - list
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes/proxy - nodes/proxy
verbs: verbs:
- get - get
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods - pods
verbs: verbs:
- get - get
- apiGroups: - apiGroups:
- topology.node.k8s.io - topology.node.k8s.io
resources: resources:
- noderesourcetopologies - noderesourcetopologies
verbs: verbs:
- create - create
- get - get
- update - update
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} {{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -89,31 +89,31 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes - nodes
verbs: verbs:
- list - list
- watch - watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- nodes/proxy - nodes/proxy
verbs: verbs:
- get - get
- apiGroups: - apiGroups:
- topology.node.k8s.io - topology.node.k8s.io
resources: resources:
- noderesourcetopologies - noderesourcetopologies
verbs: verbs:
- delete - delete
- list - list
- apiGroups: - apiGroups:
- nfd.k8s-sigs.io - nfd.k8s-sigs.io
resources: resources:
- nodefeatures - nodefeatures
verbs: verbs:
- delete - delete
- list - list
{{- end }} {{- end }}

20
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -10,9 +10,9 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }} name: {{ include "node-feature-discovery.fullname" . }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }} name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }}
@@ -28,9 +28,9 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}
{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} {{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }}
@@ -46,7 +46,7 @@ roleRef:
kind: ClusterRole kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-gc name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }} name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}

18
sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml
View File

@@ -53,15 +53,15 @@ spec:
periodSeconds: 10 periodSeconds: 10
failureThreshold: 10 failureThreshold: 10
ports: ports:
- containerPort: {{ .Values.master.port | default "8080" }} - containerPort: {{ .Values.master.port | default "8080" }}
name: grpc name: grpc
- containerPort: {{ .Values.master.metricsPort | default "8081" }} - containerPort: {{ .Values.master.metricsPort | default "8081" }}
name: metrics name: metrics
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
command: command:
- "nfd-master" - "nfd-master"
resources: resources:
@@ -142,4 +142,4 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

46
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml
View File

@@ -36,31 +36,31 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.gc.podSecurityContext | nindent 8 }} {{- toYaml .Values.gc.podSecurityContext | nindent 8 }}
containers: containers:
- name: gc - name: gc
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
command: command:
- "nfd-gc" - "nfd-gc"
args: args:
{{- if .Values.gc.interval | empty | not }} {{- if .Values.gc.interval | empty | not }}
- "-gc-interval={{ .Values.gc.interval }}" - "-gc-interval={{ .Values.gc.interval }}"
{{- end }} {{- end }}
resources: resources:
{{- toYaml .Values.gc.resources | nindent 12 }} {{- toYaml .Values.gc.resources | nindent 12 }}
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities: capabilities:
drop: [ "ALL" ] drop: [ "ALL" ]
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
runAsNonRoot: true runAsNonRoot: true
ports: ports:
- name: metrics - name: metrics
containerPort: {{ .Values.gc.metricsPort | default "8081"}} containerPort: {{ .Values.gc.metricsPort | default "8081"}}
{{- with .Values.gc.nodeSelector }} {{- with .Values.gc.nodeSelector }}
nodeSelector: nodeSelector:
@@ -74,4 +74,4 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml
View File

@@ -9,4 +9,4 @@ metadata:
data: data:
nfd-master.conf: |- nfd-master.conf: |-
{{- .Values.master.config | toYaml | nindent 4 }} {{- .Values.master.config | toYaml | nindent 4 }}
{{- end }} {{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml
View File

@@ -7,4 +7,4 @@ metadata:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
data: data:
nfd-topology-updater.conf: |- nfd-topology-updater.conf: |-
{{- .Values.topologyUpdater.config | toYaml | nindent 4 }} {{- .Values.topologyUpdater.config | toYaml | nindent 4 }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml
View File

@@ -9,4 +9,4 @@ metadata:
data: data:
nfd-worker.conf: |- nfd-worker.conf: |-
{{- .Values.worker.config | toYaml | nindent 4 }} {{- .Values.worker.config | toYaml | nindent 4 }}
{{- end }} {{- end }}

8
sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml
View File

@@ -18,9 +18,9 @@ spec:
scheme: http scheme: http
namespaceSelector: namespaceSelector:
matchNames: matchNames:
- {{ include "node-feature-discovery.namespace" . }} - {{ include "node-feature-discovery.namespace" . }}
selector: selector:
matchExpressions: matchExpressions:
- {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]} - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]}
- {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]} - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]}
{{- end }} {{- end }}

30
sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml
View File

@@ -7,18 +7,18 @@ metadata:
labels: labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }} {{- include "node-feature-discovery.labels" . | nindent 4 }}
rules: rules:
- apiGroups: - apiGroups:
- nfd.k8s-sigs.io - nfd.k8s-sigs.io
resources: resources:
- nodefeatures - nodefeatures
verbs: verbs:
- create - create
- get - get
- update - update
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
- pods - pods
verbs: verbs:
- get - get
{{- end }} {{- end }}

7
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -11,8 +11,7 @@ roleRef:
kind: Role kind: Role
name: {{ include "node-feature-discovery.fullname" . }}-worker name: {{ include "node-feature-discovery.fullname" . }}-worker
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }} name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }} namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }} {{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml
View File

@@ -17,4 +17,4 @@ spec:
selector: selector:
{{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
role: master role: master
{{- end}} {{- end}}

2
sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml
View File

@@ -55,4 +55,4 @@ metadata:
annotations: annotations:
{{- toYaml . | nindent 4 }} {{- toYaml . | nindent 4 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

494
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml
View File

@@ -14,265 +14,265 @@ spec:
listKind: NodeResourceTopologyList listKind: NodeResourceTopologyList
plural: noderesourcetopologies plural: noderesourcetopologies
shortNames: shortNames:
- node-res-topo - node-res-topo
singular: noderesourcetopology singular: noderesourcetopology
scope: Cluster scope: Cluster
versions: versions:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology. description: NodeResourceTopology describes node resources and their topology.
properties: properties:
apiVersion: apiVersion:
description: 'APIVersion defines the versioned schema of this representation description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
topologyPolicies:
items:
type: string type: string
type: array kind:
zones: description: 'Kind is a string value representing the REST resource this
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- topologyPolicies
- zones
type: object
served: true
storage: false
- name: v1alpha2
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string type: string
metadata: metadata:
type: object type: object
topologyPolicies: topologyPolicies:
description: 'DEPRECATED (to be removed in v1beta1): use top level attributes items:
type: string
type: array
zones:
description: ZoneList contains an array of Zone objects.
items:
description: Zone represents a resource topology zone, e.g. socket,
node, die or core.
properties:
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
costs:
description: CostList contains an array of CostInfo objects.
items:
description: CostInfo describes the cost (or distance) between
two Zones.
properties:
name:
type: string
value:
format: int64
type: integer
required:
- name
- value
type: object
type: array
name:
type: string
parent:
type: string
resources:
description: ResourceInfoList contains an array of ResourceInfo
objects.
items:
description: ResourceInfo contains information about one resource
type.
properties:
allocatable:
anyOf:
- type: integer
- type: string
description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this
resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
available:
anyOf:
- type: integer
- type: string
description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
capacity:
anyOf:
- type: integer
- type: string
description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that
the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
name:
description: Name of the resource.
type: string
required:
- allocatable
- available
- capacity
- name
type: object
type: array
type:
type: string
required:
- name
- type
type: object
type: array
required:
- topologyPolicies
- zones
type: object
served: true
storage: false
- name: v1alpha2
schema:
openAPIV3Schema:
description: NodeResourceTopology describes node resources and their topology.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
attributes:
description: AttributeList contains an array of AttributeInfo objects.
items:
description: AttributeInfo contains one attribute of a Zone.
properties:
name:
type: string
value:
type: string
required:
- name
- value
type: object
type: array
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
topologyPolicies:
description: 'DEPRECATED (to be removed in v1beta1): use top level attributes
if needed' if needed'
items: items:
type: string type: string
type: array type: array
zones: zones:
description: ZoneList contains an array of Zone objects. description: ZoneList contains an array of Zone objects.
items: items:
description: Zone represents a resource topology zone, e.g. socket, description: Zone represents a resource topology zone, e.g. socket,
node, die or core. node, die or core.
properties: properties:
attributes: attributes:
description: AttributeList contains an array of AttributeInfo objects. description: AttributeList contains an array of AttributeInfo objects.
items: items:
description: AttributeInfo contains one attribute of a Zone. description: AttributeInfo contains one attribute of a Zone.
properties: properties:
name: name:
type: string type: string
value: value:
type: string type: string
required: required:
- name - name
- value - value
type: object type: object
type: array type: array
costs: costs:
description: CostList contains an array of CostInfo objects. description: CostList contains an array of CostInfo objects.
items: items:
description: CostInfo describes the cost (or distance) between description: CostInfo describes the cost (or distance) between
two Zones. two Zones.
properties: properties:
name: name:
type: string type: string
value: value:
format: int64 format: int64
type: integer type: integer
required: required:
- name - name
- value - value
type: object type: object
type: array type: array
name: name:
type: string type: string
parent: parent:
type: string type: string
resources: resources:
description: ResourceInfoList contains an array of ResourceInfo description: ResourceInfoList contains an array of ResourceInfo
objects. objects.
items: items:
description: ResourceInfo contains information about one resource description: ResourceInfo contains information about one resource
type. type.
properties: properties:
allocatable: allocatable:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Allocatable quantity of the resource, corresponding description: Allocatable quantity of the resource, corresponding
to allocatable in node status, i.e. total amount of this to allocatable in node status, i.e. total amount of this
resource available to be used by pods. resource available to be used by pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
available: available:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Available is the amount of this resource currently description: Available is the amount of this resource currently
available for new (to be scheduled) pods, i.e. Allocatable available for new (to be scheduled) pods, i.e. Allocatable
minus the resources reserved by currently running pods. minus the resources reserved by currently running pods.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
capacity: capacity:
anyOf: anyOf:
- type: integer - type: integer
- type: string - type: string
description: Capacity of the resource, corresponding to capacity description: Capacity of the resource, corresponding to capacity
in node status, i.e. total amount of this resource that in node status, i.e. total amount of this resource that
the node has. the node has.
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true x-kubernetes-int-or-string: true
name: name:
description: Name of the resource. description: Name of the resource.
type: string type: string
required: required:
- allocatable - allocatable
- available - available
- capacity - capacity
- name - name
type: object type: object
type: array type: array
type: type:
type: string type: string
required: required:
- name - name
- type - type
type: object type: object
type: array type: array
required: required:
- zones - zones
type: object type: object
served: true served: true
storage: true storage: true
status: status:
acceptedNames: acceptedNames:
kind: "" kind: ""
plural: "" plural: ""
conditions: [] conditions: []
storedVersions: [] storedVersions: []
{{- end }} {{- end }}

144
sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml
View File

@@ -35,109 +35,109 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }} {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }}
containers: containers:
- name: topology-updater - name: topology-updater
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: "{{ .Values.image.pullPolicy }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}"
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: NODE_ADDRESS - name: NODE_ADDRESS
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: status.hostIP fieldPath: status.hostIP
command: command:
- "nfd-topology-updater" - "nfd-topology-updater"
args: args:
- "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock" - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock"
{{- if .Values.topologyUpdater.updateInterval | empty | not }} {{- if .Values.topologyUpdater.updateInterval | empty | not }}
- "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}" - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}"
{{- else }} {{- else }}
- "-sleep-interval=3s" - "-sleep-interval=3s"
{{- end }} {{- end }}
{{- if .Values.topologyUpdater.watchNamespace | empty | not }} {{- if .Values.topologyUpdater.watchNamespace | empty | not }}
- "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}" - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}"
{{- else }} {{- else }}
- "-watch-namespace=*" - "-watch-namespace=*"
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
{{- if .Values.topologyUpdater.podSetFingerprint }} {{- if .Values.topologyUpdater.podSetFingerprint }}
- "-pods-fingerprint" - "-pods-fingerprint"
{{- end }} {{- end }}
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- "-kubelet-config-uri=file:///host-var/kubelet-config" - "-kubelet-config-uri=file:///host-var/kubelet-config"
{{- end }} {{- end }}
{{- if .Values.topologyUpdater.kubeletStateDir | empty }} {{- if .Values.topologyUpdater.kubeletStateDir | empty }}
# Disable kubelet state tracking by giving an empty path # Disable kubelet state tracking by giving an empty path
- "-kubelet-state-dir=" - "-kubelet-state-dir="
{{- end }} {{- end }}
- -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}} - -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}}
ports: ports:
- name: metrics - name: metrics
containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}} containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config - name: kubelet-config
mountPath: /host-var/kubelet-config mountPath: /host-var/kubelet-config
{{- end }} {{- end }}
- name: kubelet-podresources-sock - name: kubelet-podresources-sock
mountPath: /host-var/lib/kubelet-podresources/kubelet.sock mountPath: /host-var/lib/kubelet-podresources/kubelet.sock
- name: host-sys - name: host-sys
mountPath: /host-sys mountPath: /host-sys
{{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
- name: kubelet-state-files - name: kubelet-state-files
mountPath: /host-var/lib/kubelet mountPath: /host-var/lib/kubelet
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert - name: nfd-topology-updater-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs" mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true readOnly: true
{{- end }} {{- end }}
- name: nfd-topology-updater-conf - name: nfd-topology-updater-conf
mountPath: "/etc/kubernetes/node-feature-discovery" mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true readOnly: true
resources: resources:
{{- toYaml .Values.topologyUpdater.resources | nindent 12 }} {{- toYaml .Values.topologyUpdater.resources | nindent 12 }}
securityContext: securityContext:
{{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }} {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }}
volumes: volumes:
- name: host-sys - name: host-sys
hostPath: hostPath:
path: "/sys" path: "/sys"
{{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }}
- name: kubelet-config - name: kubelet-config
hostPath: hostPath:
path: {{ .Values.topologyUpdater.kubeletConfigPath }} path: {{ .Values.topologyUpdater.kubeletConfigPath }}
{{- end }} {{- end }}
- name: kubelet-podresources-sock - name: kubelet-podresources-sock
hostPath: hostPath:
{{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }} {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }}
path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }} path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }}
{{- else }} {{- else }}
path: /var/lib/kubelet/pod-resources/kubelet.sock path: /var/lib/kubelet/pod-resources/kubelet.sock
{{- end }} {{- end }}
{{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }}
- name: kubelet-state-files - name: kubelet-state-files
hostPath: hostPath:
path: {{ .Values.topologyUpdater.kubeletStateDir }} path: {{ .Values.topologyUpdater.kubeletStateDir }}
{{- end }} {{- end }}
- name: nfd-topology-updater-conf - name: nfd-topology-updater-conf
configMap: configMap:
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf
items: items:
- key: nfd-topology-updater.conf - key: nfd-topology-updater.conf
path: nfd-topology-updater.conf path: nfd-topology-updater.conf
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- name: nfd-topology-updater-cert - name: nfd-topology-updater-cert
secret: secret:
secretName: nfd-topology-updater-cert secretName: nfd-topology-updater-cert
{{- end }} {{- end }}
@@ -153,4 +153,4 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

124
sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml
View File

@@ -35,76 +35,76 @@ spec:
securityContext: securityContext:
{{- toYaml .Values.worker.podSecurityContext | nindent 8 }} {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
containers: containers:
- name: worker - name: worker
securityContext: securityContext:
{{- toYaml .Values.worker.securityContext | nindent 12 }} {{- toYaml .Values.worker.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
env: env:
- name: NODE_NAME - name: NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: POD_NAME - name: POD_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: POD_UID - name: POD_UID
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.uid fieldPath: metadata.uid
resources: resources:
{{- toYaml .Values.worker.resources | nindent 12 }} {{- toYaml .Values.worker.resources | nindent 12 }}
command: command:
- "nfd-worker" - "nfd-worker"
args: args:
{{- if not .Values.enableNodeFeatureApi }} {{- if not .Values.enableNodeFeatureApi }}
- "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}"
- "-enable-nodefeature-api=false" - "-enable-nodefeature-api=false"
{{- end }} {{- end }}
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt"
- "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
- "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
{{- end }} {{- end }}
- "-metrics={{ .Values.worker.metricsPort | default "8081"}}" - "-metrics={{ .Values.worker.metricsPort | default "8081"}}"
ports: ports:
- name: metrics - name: metrics
containerPort: {{ .Values.worker.metricsPort | default "8081"}} containerPort: {{ .Values.worker.metricsPort | default "8081"}}
volumeMounts: volumeMounts:
- name: host-boot - name: host-boot
mountPath: "/host-boot" mountPath: "/host-boot"
readOnly: true readOnly: true
- name: host-os-release - name: host-os-release
mountPath: "/host-etc/os-release" mountPath: "/host-etc/os-release"
readOnly: true readOnly: true
- name: host-sys - name: host-sys
mountPath: "/host-sys" mountPath: "/host-sys"
readOnly: true readOnly: true
- name: host-usr-lib - name: host-usr-lib
mountPath: "/host-usr/lib" mountPath: "/host-usr/lib"
readOnly: true readOnly: true
- name: host-lib - name: host-lib
mountPath: "/host-lib" mountPath: "/host-lib"
readOnly: true readOnly: true
{{- if .Values.worker.mountUsrSrc }} {{- if .Values.worker.mountUsrSrc }}
- name: host-usr-src - name: host-usr-src
mountPath: "/host-usr/src" mountPath: "/host-usr/src"
readOnly: true readOnly: true
{{- end }} {{- end }}
- name: source-d - name: source-d
mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
readOnly: true readOnly: true
- name: features-d - name: features-d
mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
readOnly: true readOnly: true
- name: nfd-worker-conf - name: nfd-worker-conf
mountPath: "/etc/kubernetes/node-feature-discovery" mountPath: "/etc/kubernetes/node-feature-discovery"
readOnly: true readOnly: true
{{- if .Values.tls.enable }} {{- if .Values.tls.enable }}
- name: nfd-worker-cert - name: nfd-worker-cert
mountPath: "/etc/kubernetes/node-feature-discovery/certs" mountPath: "/etc/kubernetes/node-feature-discovery/certs"
readOnly: true readOnly: true
{{- end }} {{- end }}
volumes: volumes:
- name: host-boot - name: host-boot
@@ -159,4 +159,4 @@ spec:
{{- with .Values.worker.priorityClassName }} {{- with .Values.worker.priorityClassName }}
priorityClassName: {{ . | quote }} priorityClassName: {{ . | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}

592
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -3,7 +3,7 @@ image:
# This should be set to 'IfNotPresent' for released version # This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used # tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7-build20241113 tag: v0.15.7-build20250402
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""
@@ -15,40 +15,40 @@ enableNodeFeatureApi: true
master: master:
enable: true enable: true
config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-MASTER-CONF-START-DO-NOT-REMOVE>
# noPublish: false # noPublish: false
# autoDefaultNs: true # autoDefaultNs: true
# extraLabelNs: ["added.ns.io","added.kubernets.io"] # extraLabelNs: ["added.ns.io","added.kubernets.io"]
# denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"]
# resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"]
# enableTaints: false # enableTaints: false
# labelWhiteList: "foo" # labelWhiteList: "foo"
# resyncPeriod: "2h" # resyncPeriod: "2h"
# klog: # klog:
# addDirHeader: false # addDirHeader: false
# alsologtostderr: false # alsologtostderr: false
# logBacktraceAt: # logBacktraceAt:
# logtostderr: true # logtostderr: true
# skipHeaders: false # skipHeaders: false
# stderrthreshold: 2 # stderrthreshold: 2
# v: 0 # v: 0
# vmodule: # vmodule:
## NOTE: the following options are not dynamically run-time configurable ## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-master restart to take effect after being changed ## and require a nfd-master restart to take effect after being changed
# logDir: # logDir:
# logFile: # logFile:
# logFileMaxSize: 1800 # logFileMaxSize: 1800
# skipLogHeaders: false # skipLogHeaders: false
# leaderElection: # leaderElection:
# leaseDuration: 15s # leaseDuration: 15s
# # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2
# renewDeadline: 10s # renewDeadline: 10s
# # this value has to be greater than 0 # # this value has to be greater than 0
# retryPeriod: 2s # retryPeriod: 2s
# nfdApiParallelism: 10 # nfdApiParallelism: 10
### <NFD-MASTER-CONF-END-DO-NOT-REMOVE> ### <NFD-MASTER-CONF-END-DO-NOT-REMOVE>
# The TCP port that nfd-master listens for incoming requests. Default: 8080 # The TCP port that nfd-master listens for incoming requests. Default: 8080
# Deprecated this parameter is related to the deprecated gRPC API and will # Deprecated this parameter is related to the deprecated gRPC API and will
# be removed with it in a future release # be removed with it in a future release
port: 8080 port: 8080
metricsPort: 8081 metricsPort: 8081
instance: instance:
@@ -65,7 +65,7 @@ master:
replicaCount: 1 replicaCount: 1
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -101,19 +101,19 @@ master:
# memory: 128Mi # memory: 128Mi
# requests: # requests:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
nodeSelector: {} nodeSelector: {}
tolerations: tolerations:
- key: "node-role.kubernetes.io/master" - key: "node-role.kubernetes.io/master"
operator: "Equal" operator: "Equal"
value: "" value: ""
effect: "NoSchedule" effect: "NoSchedule"
- key: "node-role.kubernetes.io/control-plane" - key: "node-role.kubernetes.io/control-plane"
operator: "Equal" operator: "Equal"
value: "" value: ""
effect: "NoSchedule" effect: "NoSchedule"
annotations: {} annotations: {}
@@ -136,252 +136,252 @@ master:
worker: worker:
enable: true enable: true
config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-WORKER-CONF-START-DO-NOT-REMOVE>
#core: #core:
# labelWhiteList: # labelWhiteList:
# noPublish: false # noPublish: false
# sleepInterval: 60s # sleepInterval: 60s
# featureSources: [all] # featureSources: [all]
# labelSources: [all] # labelSources: [all]
# klog: # klog:
# addDirHeader: false # addDirHeader: false
# alsologtostderr: false # alsologtostderr: false
# logBacktraceAt: # logBacktraceAt:
# logtostderr: true # logtostderr: true
# skipHeaders: false # skipHeaders: false
# stderrthreshold: 2 # stderrthreshold: 2
# v: 0 # v: 0
# vmodule: # vmodule:
## NOTE: the following options are not dynamically run-time configurable ## NOTE: the following options are not dynamically run-time configurable
## and require a nfd-worker restart to take effect after being changed ## and require a nfd-worker restart to take effect after being changed
# logDir: # logDir:
# logFile: # logFile:
# logFileMaxSize: 1800 # logFileMaxSize: 1800
# skipLogHeaders: false # skipLogHeaders: false
#sources: #sources:
# cpu: # cpu:
# cpuid: # cpuid:
## NOTE: whitelist has priority over blacklist ## NOTE: whitelist has priority over blacklist
# attributeBlacklist: # attributeBlacklist:
# - "BMI1" # - "BMI1"
# - "BMI2" # - "BMI2"
# - "CLMUL" # - "CLMUL"
# - "CMOV" # - "CMOV"
# - "CX16" # - "CX16"
# - "ERMS" # - "ERMS"
# - "F16C" # - "F16C"
# - "HTT" # - "HTT"
# - "LZCNT" # - "LZCNT"
# - "MMX" # - "MMX"
# - "MMXEXT" # - "MMXEXT"
# - "NX" # - "NX"
# - "POPCNT" # - "POPCNT"
# - "RDRAND" # - "RDRAND"
# - "RDSEED" # - "RDSEED"
# - "RDTSCP" # - "RDTSCP"
# - "SGX" # - "SGX"
# - "SSE" # - "SSE"
# - "SSE2" # - "SSE2"
# - "SSE3" # - "SSE3"
# - "SSE4" # - "SSE4"
# - "SSE42" # - "SSE42"
# - "SSSE3" # - "SSSE3"
# - "TDX_GUEST" # - "TDX_GUEST"
# attributeWhitelist: # attributeWhitelist:
# kernel: # kernel:
# kconfigFile: "/path/to/kconfig" # kconfigFile: "/path/to/kconfig"
# configOpts: # configOpts:
# - "NO_HZ" # - "NO_HZ"
# - "X86" # - "X86"
# - "DMI" # - "DMI"
# pci: # pci:
# deviceClassWhitelist: # deviceClassWhitelist:
# - "0200" # - "0200"
# - "03" # - "03"
# - "12" # - "12"
# deviceLabelFields: # deviceLabelFields:
# - "class" # - "class"
# - "vendor" # - "vendor"
# - "device" # - "device"
# - "subsystem_vendor" # - "subsystem_vendor"
# - "subsystem_device" # - "subsystem_device"
# usb: # usb:
# deviceClassWhitelist: # deviceClassWhitelist:
# - "0e" # - "0e"
# - "ef" # - "ef"
# - "fe" # - "fe"
# - "ff" # - "ff"
# deviceLabelFields: # deviceLabelFields:
# - "class" # - "class"
# - "vendor" # - "vendor"
# - "device" # - "device"
# local: # local:
# hooksEnabled: false # hooksEnabled: false
# custom: # custom:
# # The following feature demonstrates the capabilities of the matchFeatures # # The following feature demonstrates the capabilities of the matchFeatures
# - name: "my custom rule" # - name: "my custom rule"
# labels: # labels:
# "vendor.io/my-ng-feature": "true" # "vendor.io/my-ng-feature": "true"
# # matchFeatures implements a logical AND over all matcher terms in the # # matchFeatures implements a logical AND over all matcher terms in the
# # list (i.e. all of the terms, or per-feature matchers, must match) # # list (i.e. all of the terms, or per-feature matchers, must match)
# matchFeatures: # matchFeatures:
# - feature: cpu.cpuid # - feature: cpu.cpuid
# matchExpressions: # matchExpressions:
# AVX512F: {op: Exists} # AVX512F: {op: Exists}
# - feature: cpu.cstate # - feature: cpu.cstate
# matchExpressions: # matchExpressions:
# enabled: {op: IsTrue} # enabled: {op: IsTrue}
# - feature: cpu.pstate # - feature: cpu.pstate
# matchExpressions: # matchExpressions:
# no_turbo: {op: IsFalse} # no_turbo: {op: IsFalse}
# scaling_governor: {op: In, value: ["performance"]} # scaling_governor: {op: In, value: ["performance"]}
# - feature: cpu.rdt # - feature: cpu.rdt
# matchExpressions: # matchExpressions:
# RDTL3CA: {op: Exists} # RDTL3CA: {op: Exists}
# - feature: cpu.sst # - feature: cpu.sst
# matchExpressions: # matchExpressions:
# bf.enabled: {op: IsTrue} # bf.enabled: {op: IsTrue}
# - feature: cpu.topology # - feature: cpu.topology
# matchExpressions: # matchExpressions:
# hardware_multithreading: {op: IsFalse} # hardware_multithreading: {op: IsFalse}
# #
# - feature: kernel.config # - feature: kernel.config
# matchExpressions: # matchExpressions:
# X86: {op: Exists} # X86: {op: Exists}
# LSM: {op: InRegexp, value: ["apparmor"]} # LSM: {op: InRegexp, value: ["apparmor"]}
# - feature: kernel.loadedmodule # - feature: kernel.loadedmodule
# matchExpressions: # matchExpressions:
# e1000e: {op: Exists} # e1000e: {op: Exists}
# - feature: kernel.selinux # - feature: kernel.selinux
# matchExpressions: # matchExpressions:
# enabled: {op: IsFalse} # enabled: {op: IsFalse}
# - feature: kernel.version # - feature: kernel.version
# matchExpressions: # matchExpressions:
# major: {op: In, value: ["5"]} # major: {op: In, value: ["5"]}
# minor: {op: Gt, value: ["10"]} # minor: {op: Gt, value: ["10"]}
# #
# - feature: storage.block # - feature: storage.block
# matchExpressions: # matchExpressions:
# rotational: {op: In, value: ["0"]} # rotational: {op: In, value: ["0"]}
# dax: {op: In, value: ["0"]} # dax: {op: In, value: ["0"]}
# #
# - feature: network.device # - feature: network.device
# matchExpressions: # matchExpressions:
# operstate: {op: In, value: ["up"]} # operstate: {op: In, value: ["up"]}
# speed: {op: Gt, value: ["100"]} # speed: {op: Gt, value: ["100"]}
# #
# - feature: memory.numa # - feature: memory.numa
# matchExpressions: # matchExpressions:
# node_count: {op: Gt, value: ["2"]} # node_count: {op: Gt, value: ["2"]}
# - feature: memory.nv # - feature: memory.nv
# matchExpressions: # matchExpressions:
# devtype: {op: In, value: ["nd_dax"]} # devtype: {op: In, value: ["nd_dax"]}
# mode: {op: In, value: ["memory"]} # mode: {op: In, value: ["memory"]}
# #
# - feature: system.osrelease # - feature: system.osrelease
# matchExpressions: # matchExpressions:
# ID: {op: In, value: ["fedora", "centos"]} # ID: {op: In, value: ["fedora", "centos"]}
# - feature: system.name # - feature: system.name
# matchExpressions: # matchExpressions:
# nodename: {op: InRegexp, value: ["^worker-X"]} # nodename: {op: InRegexp, value: ["^worker-X"]}
# #
# - feature: local.label # - feature: local.label
# matchExpressions: # matchExpressions:
# custom-feature-knob: {op: Gt, value: ["100"]} # custom-feature-knob: {op: Gt, value: ["100"]}
# #
# # The following feature demonstrates the capabilities of the matchAny # # The following feature demonstrates the capabilities of the matchAny
# - name: "my matchAny rule" # - name: "my matchAny rule"
# labels: # labels:
# "vendor.io/my-ng-feature-2": "my-value" # "vendor.io/my-ng-feature-2": "my-value"
# # matchAny implements a logical IF over all elements (sub-matchers) in # # matchAny implements a logical IF over all elements (sub-matchers) in
# # the list (i.e. at least one feature matcher must match) # # the list (i.e. at least one feature matcher must match)
# matchAny: # matchAny:
# - matchFeatures: # - matchFeatures:
# - feature: kernel.loadedmodule # - feature: kernel.loadedmodule
# matchExpressions: # matchExpressions:
# driver-module-X: {op: Exists} # driver-module-X: {op: Exists}
# - feature: pci.device # - feature: pci.device
# matchExpressions: # matchExpressions:
# vendor: {op: In, value: ["8086"]} # vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["0200"]} # class: {op: In, value: ["0200"]}
# - matchFeatures: # - matchFeatures:
# - feature: kernel.loadedmodule # - feature: kernel.loadedmodule
# matchExpressions: # matchExpressions:
# driver-module-Y: {op: Exists} # driver-module-Y: {op: Exists}
# - feature: usb.device # - feature: usb.device
# matchExpressions: # matchExpressions:
# vendor: {op: In, value: ["8086"]} # vendor: {op: In, value: ["8086"]}
# class: {op: In, value: ["02"]} # class: {op: In, value: ["02"]}
# #
# - name: "avx wildcard rule" # - name: "avx wildcard rule"
# labels: # labels:
# "my-avx-feature": "true" # "my-avx-feature": "true"
# matchFeatures: # matchFeatures:
# - feature: cpu.cpuid # - feature: cpu.cpuid
# matchName: {op: InRegexp, value: ["^AVX512"]} # matchName: {op: InRegexp, value: ["^AVX512"]}
# #
# # The following features demonstreate label templating capabilities # # The following features demonstreate label templating capabilities
# - name: "my template rule" # - name: "my template rule"
# labelsTemplate: | # labelsTemplate: |
# {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }} # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }}
# {{ end }} # {{ end }}
# matchFeatures: # matchFeatures:
# - feature: system.osrelease # - feature: system.osrelease
# matchExpressions: # matchExpressions:
# ID: {op: InRegexp, value: ["^open.*"]} # ID: {op: InRegexp, value: ["^open.*"]}
# VERSION_ID.major: {op: In, value: ["13", "15"]} # VERSION_ID.major: {op: In, value: ["13", "15"]}
# #
# - name: "my template rule 2" # - name: "my template rule 2"
# labelsTemplate: | # labelsTemplate: |
# {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid
# {{ end }} # {{ end }}
# matchFeatures: # matchFeatures:
# - feature: pci.device # - feature: pci.device
# matchExpressions: # matchExpressions:
# class: {op: InRegexp, value: ["^06"]} # class: {op: InRegexp, value: ["^06"]}
# vendor: ["8086"] # vendor: ["8086"]
# - feature: cpu.cpuid # - feature: cpu.cpuid
# matchExpressions: # matchExpressions:
# AVX: {op: Exists} # AVX: {op: Exists}
# #
# # The following examples demonstrate vars field and back-referencing # # The following examples demonstrate vars field and back-referencing
# # previous labels and vars # # previous labels and vars
# - name: "my dummy kernel rule" # - name: "my dummy kernel rule"
# labels: # labels:
# "vendor.io/my.kernel.feature": "true" # "vendor.io/my.kernel.feature": "true"
# matchFeatures: # matchFeatures:
# - feature: kernel.version # - feature: kernel.version
# matchExpressions: # matchExpressions:
# major: {op: Gt, value: ["2"]} # major: {op: Gt, value: ["2"]}
# #
# - name: "my dummy rule with no labels" # - name: "my dummy rule with no labels"
# vars: # vars:
# "my.dummy.var": "1" # "my.dummy.var": "1"
# matchFeatures: # matchFeatures:
# - feature: cpu.cpuid # - feature: cpu.cpuid
# matchExpressions: {} # matchExpressions: {}
# #
# - name: "my rule using backrefs" # - name: "my rule using backrefs"
# labels: # labels:
# "vendor.io/my.backref.feature": "true" # "vendor.io/my.backref.feature": "true"
# matchFeatures: # matchFeatures:
# - feature: rule.matched # - feature: rule.matched
# matchExpressions: # matchExpressions:
# vendor.io/my.kernel.feature: {op: IsTrue} # vendor.io/my.kernel.feature: {op: IsTrue}
# my.dummy.var: {op: Gt, value: ["0"]} # my.dummy.var: {op: Gt, value: ["0"]}
# #
# - name: "kconfig template rule" # - name: "kconfig template rule"
# labelsTemplate: | # labelsTemplate: |
# {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }}
# {{ end }} # {{ end }}
# matchFeatures: # matchFeatures:
# - feature: kernel.config # - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]} # matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE> ### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081 metricsPort: 8081
daemonsetAnnotations: {} daemonsetAnnotations: {}
podSecurityContext: {} podSecurityContext: {}
# fsGroup: 2000 # fsGroup: 2000
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
@@ -418,7 +418,7 @@ worker:
# memory: 128Mi # memory: 128Mi
# requests: # requests:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
nodeSelector: {} nodeSelector: {}
@@ -432,14 +432,14 @@ worker:
topologyUpdater: topologyUpdater:
config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE> config: ### <NFD-TOPOLOGY-UPDATER-CONF-START-DO-NOT-REMOVE>
## key = node name, value = list of resources to be excluded. ## key = node name, value = list of resources to be excluded.
## use * to exclude from all nodes. ## use * to exclude from all nodes.
## an example for how the exclude list should looks like ## an example for how the exclude list should looks like
#excludeList: #excludeList:
# node1: [cpu] # node1: [cpu]
# node2: [memory, example/deviceA] # node2: [memory, example/deviceA]
# *: [hugepages-2Mi] # *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE> ### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: false enable: false
createCRDs: false createCRDs: false
@@ -476,7 +476,7 @@ topologyUpdater:
# memory: 128Mi # memory: 128Mi
# requests: # requests:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
nodeSelector: {} nodeSelector: {}
tolerations: [] tolerations: []
@@ -510,7 +510,7 @@ gc:
# memory: 128Mi # memory: 128Mi
# requests: # requests:
# cpu: 100m # cpu: 100m
# memory: 128Mi # memory: 128Mi
metricsPort: 8081 metricsPort: 8081
@@ -531,4 +531,4 @@ tls:
prometheus: prometheus:
enable: false enable: false
labels: {} labels: {}

2
sriov-network-operator-chart/templates/NOTES.txt
View File

@@ -14,4 +14,4 @@ These certificates have a one-year validity and will not be rotated
automatically. This should not be a production cluster. Please deploy automatically. This should not be a production cluster. Please deploy
and use cert-manager for production clusters. and use cert-manager for production clusters.
{{- end }} {{- end }}
{{- end }} {{- end }}

2
sriov-network-operator-chart/templates/_helpers.tpl
View File

@@ -82,4 +82,4 @@ add below linux tolerations to workloads could be scheduled to those linux nodes
{{- define "linux-node-selector" -}} {{- define "linux-node-selector" -}}
kubernetes.io/os: linux kubernetes.io/os: linux
{{- end -}} {{- end -}}

1
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -28,4 +28,3 @@ tls.key: {{ $cert.Key | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }} tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }} tls.key: {{ $cert.Key | b64enc }}
{{- end }} {{- end }}

10
sriov-network-operator-chart/templates/certificate.yaml
View File

@@ -8,8 +8,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
dnsNames: dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc - operator-webhook-service.{{ .Release.Namespace }}.svc
- operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: operator-webhook-selfsigned-issuer name: operator-webhook-selfsigned-issuer
@@ -30,8 +30,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
spec: spec:
dnsNames: dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc - network-resources-injector-service.{{ .Release.Namespace }}.svc
- network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: network-resources-injector-selfsigned-issuer name: network-resources-injector-selfsigned-issuer
@@ -68,4 +68,4 @@ data:
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }} tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }} tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}

5
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -18,7 +18,7 @@ metadata:
spec: spec:
secretName: operator-webhook-service secretName: operator-webhook-service
dnsNames: dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc - operator-webhook-service.{{ .Release.Namespace }}.svc
issuerRef: issuerRef:
name: sriov-network-operator-selfsigned-issuer name: sriov-network-operator-selfsigned-issuer
privateKey: privateKey:
@@ -32,10 +32,9 @@ metadata:
spec: spec:
secretName: network-resources-injector-secret secretName: network-resources-injector-secret
dnsNames: dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc - network-resources-injector-service.{{ .Release.Namespace }}.svc
issuerRef: issuerRef:
name: sriov-network-operator-selfsigned-issuer name: sriov-network-operator-selfsigned-issuer
privateKey: privateKey:
rotationPolicy: Always rotationPolicy: Always
{{- end -}} {{- end -}}

54
sriov-network-operator-chart/templates/clusterrole.yaml
View File

@@ -49,12 +49,6 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["nodes"] resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"] verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [ "config.openshift.io" ] - apiGroups: [ "config.openshift.io" ]
resources: [ "infrastructures" ] resources: [ "infrastructures" ]
verbs: [ "get", "list", "watch" ] verbs: [ "get", "list", "watch" ]
@@ -67,14 +61,14 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }} {{- end }}
rules: rules:
- apiGroups: - apiGroups:
- sriovnetwork.openshift.io - sriovnetwork.openshift.io
resources: resources:
- '*' - '*'
verbs: verbs:
- "get" - "get"
- "watch" - "watch"
- "list" - "list"
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@@ -84,14 +78,14 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- end }} {{- end }}
rules: rules:
- apiGroups: - apiGroups:
- sriovnetwork.openshift.io - sriovnetwork.openshift.io
resources: resources:
- '*' - '*'
verbs: verbs:
- "get" - "get"
- "watch" - "watch"
- "list" - "list"
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
@@ -101,11 +95,11 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- end }} {{- end }}
rules: rules:
- apiGroups: - apiGroups:
- sriovnetwork.openshift.io - sriovnetwork.openshift.io
resources: resources:
- '*' - '*'
verbs: verbs:
- "get" - "get"
- "watch" - "watch"
- "list" - "list"

2
sriov-network-operator-chart/templates/clusterrolebinding.yaml
View File

@@ -26,4 +26,4 @@ roleRef:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
name: sriov-network-config-daemon name: sriov-network-config-daemon

6
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -20,8 +20,11 @@ data:
Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889" Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889"
Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889" Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889"
Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889" Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889"
Intel_ice_Columbiaville_E810-XXV_BACKPLANE: "8086 1599 1889"
Intel_ice_Columbiaville_E810: "8086 1591 1889" Intel_ice_Columbiaville_E810: "8086 1591 1889"
Intel_ice_Columbiapark_E823C: "8086 188a 1889" Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014" Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016" Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018" Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
@@ -30,6 +33,7 @@ data:
Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e" Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e"
Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e" Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e"
Nvidia_mlx5_ConnectX-7: "15b3 1021 101e" Nvidia_mlx5_ConnectX-7: "15b3 1021 101e"
Nvidia_mlx5_ConnectX-8: "15b3 1023 101e"
Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e" Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e"
Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e" Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e"
Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc" Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc"
@@ -44,4 +48,4 @@ data:
Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03" Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03"
{{- range .Values.supportedExtraNICs }} {{- range .Values.supportedExtraNICs }}
{{ . }} {{ . }}
{{- end }} {{- end }}

6
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -42,7 +42,7 @@ spec:
{{- if .Values.imagePullSecrets }} {{- if .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- range .Values.imagePullSecrets }} {{- range .Values.imagePullSecrets }}
- name: {{ . }} - name: {{ . }}
{{- end }} {{- end }}
{{- end }} {{- end }}
containers: containers:
@@ -95,6 +95,8 @@ spec:
value: {{ .Values.operator.cniBinPath }} value: {{ .Values.operator.cniBinPath }}
- name: CLUSTER_TYPE - name: CLUSTER_TYPE
value: {{ .Values.operator.clusterType }} value: {{ .Values.operator.clusterType }}
- name: STALE_NODE_STATE_CLEANUP_DELAY_MINUTES
value: "{{ .Values.operator.staleNodeStateCleanupDelayMinutes }}"
{{- if .Values.operator.admissionControllers.enabled }} {{- if .Values.operator.admissionControllers.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME - name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }} value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
@@ -115,4 +117,4 @@ spec:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }} name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
key: ca.crt key: ca.crt
{{- end }} {{- end }}
{{- end }} {{- end }}

33
sriov-network-operator-chart/templates/pre-delete-webooks.yaml Normal file
View File

@@ -0,0 +1,33 @@
# The following job will be used as Helm pre-delete hook. It executes a small go-client binary
# which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
# e.g. mutating/validating webhooks, within operator's recoinciling loop and
# preventing operator cluster object remainings while using helm uninstall
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "sriov-network-operator.fullname" . }}-pre-delete-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
spec:
template:
spec:
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: cleanup
image: {{ .Values.images.operator }}
command:
- sriov-network-operator-config-cleanup
args:
- --namespace
- {{ .Release.Namespace }}
restartPolicy: Never
backoffLimit: 2

16
sriov-network-operator-chart/templates/role.yaml
View File

@@ -32,9 +32,12 @@ rules:
- monitoring.coreos.com - monitoring.coreos.com
resources: resources:
- servicemonitors - servicemonitors
- prometheusrules
verbs: verbs:
- get - get
- create - create
- update
- delete
- apiGroups: - apiGroups:
- apps - apps
resourceNames: resourceNames:
@@ -79,13 +82,10 @@ rules:
resources: resources:
- pods - pods
verbs: verbs:
- '*' - "get"
- apiGroups: - "list"
- apps - "watch"
resources: - "delete"
- daemonsets
verbs:
- '*'
- apiGroups: - apiGroups:
- sriovnetwork.openshift.io - sriovnetwork.openshift.io
resources: resources:
@@ -135,4 +135,4 @@ rules:
resources: resources:
- configmaps - configmaps
verbs: verbs:
- get - get

6
sriov-network-operator-chart/templates/rolebinding.yaml
View File

@@ -36,9 +36,9 @@ metadata:
name: operator-webhook-sa name: operator-webhook-sa
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: operator-webhook-sa name: operator-webhook-sa
roleRef: roleRef:
kind: Role kind: Role
name: operator-webhook-sa name: operator-webhook-sa
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io

1
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -17,4 +17,3 @@ metadata:
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }} data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }} {{- end }}
{{- end }} {{- end }}

2
sriov-network-operator-chart/templates/serviceaccount.yaml
View File

@@ -12,4 +12,4 @@ metadata:
name: sriov-network-config-daemon name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }} {{- include "sriov-network-operator.labels" . | nindent 4 }}

4
sriov-network-operator-chart/templates/sriovoperatorconfig.yaml
View File

@@ -14,4 +14,8 @@ spec:
logLevel: {{ .Values.sriovOperatorConfig.logLevel }} logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }} disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }} configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
{{- with .Values.sriovOperatorConfig.featureGates }}
featureGates:
{{- range $k, $v := .}}{{printf "%s: %t" $k $v | nindent 4 }}{{ end }}
{{- end }}
{{ end }} {{ end }}

4
sriov-network-operator-chart/templates/validate-install-crd.yaml
View File

@@ -16,5 +16,5 @@
# {{- if (eq $exists false) -}} # {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} # {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}} # {{- end -}}
# {{- end -}} # {{- end -}}
#{{- end -}} #{{- end -}}

30
sriov-network-operator-chart/values.yaml
View File

@@ -30,6 +30,10 @@ operator:
resourcePrefix: "rancher.io" resourcePrefix: "rancher.io"
cniBinPath: "/opt/cni/bin" cniBinPath: "/opt/cni/bin"
clusterType: "kubernetes" clusterType: "kubernetes"
# minimal amount of time (in minutes) the operator will wait before removing
# stale SriovNetworkNodeState objects (objects that doesn't match node with the daemon)
# "0" means no extra delay, in this case the CR will be removed by the next reconcilation cycle (may take up to 5 minutes)
staleNodeStateCleanupDelayMinutes: "30"
admissionControllers: admissionControllers:
enabled: false enabled: false
certificates: certificates:
@@ -81,7 +85,7 @@ operator:
sriovOperatorConfig: sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values # deploy sriovOperatorConfig CR with the below values
deploy: true deploy: true
# node slectors for sriov-network-config-daemon # node selectors for sriov-network-config-daemon
configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'} configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
# log level for both operator and sriov-network-config-daemon # log level for both operator and sriov-network-config-daemon
logLevel: 2 logLevel: 2
@@ -90,31 +94,33 @@ sriovOperatorConfig:
disableDrain: false disableDrain: false
# sriov-network-config-daemon configuration mode. either "daemon" or "systemd" # sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
configurationMode: daemon configurationMode: daemon
# feature gates to enable/disable
featureGates: {}
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"'] # Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: [] supportedExtraNICs: []
# Image URIs for sriov-network-operator components # Image URIs for sriov-network-operator components
images: images:
operator: operator:
repository: rancher/hardened-sriov-network-operator repository: rancher/hardened-sriov-network-operator
tag: v1.4.0-build20241113 tag: v1.5.0-build20250402
sriovConfigDaemon: sriovConfigDaemon:
repository: rancher/hardened-sriov-network-config-daemon repository: rancher/hardened-sriov-network-config-daemon
tag: v1.4.0-build20241113 tag: v1.5.0-build20250402
sriovCni: sriovCni:
repository: rancher/hardened-sriov-cni repository: rancher/hardened-sriov-cni
tag: v2.8.1-build20241113 tag: v2.9.0-build20250402
ibSriovCni: ibSriovCni:
repository: rancher/hardened-ib-sriov-cni repository: rancher/hardened-ib-sriov-cni
tag: v1.1.1-build20241113 tag: v1.2.0-build20250402
sriovDevicePlugin: sriovDevicePlugin:
repository: rancher/hardened-sriov-network-device-plugin repository: rancher/hardened-sriov-network-device-plugin
tag: v3.8.0-build20241114 tag: v3.9.0-build20250402
resourcesInjector: resourcesInjector:
repository: rancher/hardened-sriov-network-resources-injector repository: rancher/hardened-sriov-network-resources-injector
tag: v1.6.0-build20241113 tag: v1.7.1-build20250402
webhook: webhook:
repository: rancher/hardened-sriov-network-webhook repository: rancher/hardened-sriov-network-webhook
tag: v1.4.0-build20241113 tag: v1.5.0-build20250402
imagePullSecrets: [] imagePullSecrets: []
extraDeploy: [] extraDeploy: []
global: global:
@@ -122,4 +128,4 @@ global:
systemDefaultRegistry: "" systemDefaultRegistry: ""
rbac: rbac:
userRoles: userRoles:
aggregateToDefaultRoles: false aggregateToDefaultRoles: false