ib-sriov-cni-image/Dockerfile

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%
+#!BuildTag: %%IMG_PREFIX%%ib-sriov-cni:v%%ib-sriov-cni_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends ib-sriov-cni gawk which; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.ib-sriov-cni
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE ib-sriov-cni Container Image"
+LABEL org.opencontainers.image.description="ib-sriov-cni based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%ib-sriov-cni_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:%%ib-sriov-cni_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+ENTRYPOINT ["/entrypoint.sh"]

ib-sriov-cni-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%ib-sriov-cni_version%%</param>
+    <param name="package">ib-sriov-cni</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

ib-sriov-cni/_service

@@ -0,0 +1,25 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/k8snetworkplumbingwg/ib-sriov-cni</param>
+    <param name="scm">git</param>
+    <param name="revision">v1.2.1</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">ib-sriov-cni.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">ib-sriov-cni.spec</param>
+    <param name="var">SOURCE_COMMIT</param>
+    <param name="eval">SOURCE_COMMIT=$(grep commit ib-sriov-cni.obsinfo | cut -d" " -f2)</param>
+  </service>
+</services>

ib-sriov-cni/ib-sriov-cni.spec

@@ -0,0 +1,64 @@
+#
+# spec file for package ib-sriov-cni
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           ib-sriov-cni
+Version:        0
+Release:        0
+Summary:        Implements a Kubernetes CNI plugin operator for Infiniband SRIOV VFs
+License:        Apache-2.0
+URL:            https://github.com/k8snetworkplumbingwg/ib-sriov-cni
+Source:         %{name}-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) = 1.23
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
+A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
+The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
+MAC, VLAN, IP and more.
+
+Infiniband SR-IOV CNI plugin works with Infiniband SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus
+gets the allocated VF's deviceID(PCI address) and is responsible for invoking the Infiniband SR-IOV CNI plugin with that deviceID.
+
+%prep
+%autosetup -a1 -n %{name}-%{version} -p1
+
+%build
+# CGO is disabled by default in upstream Makefile:
+%define cgoenabled "0"
+# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
+%define gotags "no_openssl"
+%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
+%define buildcommit %%SOURCE_COMMIT%%
+%define buildldflags "-X main.version=%{version} -X main.commit=%{buildcommit}% -X main.date=%{buildtime}%"
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -tags %{gotags} -ldflags %{buildldflags} -o ib-sriov cmd/ib-sriov-cni/main.go
+
+%install
+install -D -m0755 ib-sriov %{buildroot}%{_bindir}/ib-sriov
+install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
+
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/ib-sriov
+/entrypoint.sh
+
+%changelog

network-resources-injector-image/Dockerfile

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%
+#!BuildTag: %%IMG_PREFIX%%network-resources-injector:v%%network-resources-injector_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends network-resources-injector gawk which; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.network-resources-injector
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE network-resources-injector Container Image"
+LABEL org.opencontainers.image.description="network-resources-injector based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%network-resources-injector_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:%%network-resources-injector_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+USER 1001
+COPY --from=base /installroot /
+CMD ["/usr/bin/webhook"]

network-resources-injector-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%network-resources-injector_version%%</param>
+    <param name="package">network-resources-injector</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

network-resources-injector/_service

@@ -0,0 +1,20 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/k8snetworkplumbingwg/network-resources-injector</param>
+    <param name="scm">git</param>
+    <param name="revision">v1.7.1</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">network-resources-injector.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+</services>

network-resources-injector/network-resources-injector.spec

@@ -0,0 +1,62 @@
+#
+# spec file for package network-resources-injector
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           network-resources-injector
+Version:        0
+Release:        0
+Summary:        Kubernetes admission controller able to patch pod spec's requests and limits on custom network resources
+License:        Apache-2.0
+URL:            https://github.com/k8snetworkplumbingwg/network-resources-injector
+Source:         %{name}-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) = 1.21
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+Network Resources Injector is a Kubernetes Dynamic Admission Controller application that provides functionality of
+patching Kubernetes pod specifications with requests and limits of custom network resources (managed by device plugins
+such as k8snetworkplumbingwg/sriov-network-device-plugin). Requires Multus Network-Attach-Definition (NAD) custom
+objects to be created before creating the pod object referring/pointing to them; custom network resources' request and
+limits to add to the pod spec are inferred from the pointed NAD/s.
+
+%prep
+%autosetup -a1 -n %{name}-%{version} -p1
+
+%build
+# CGO is disabled by default in upstream Makefile
+%define cgoenabled "0"
+# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile
+%define buildgotags "no_openssl"
+%define buildldflags "-w -s"
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o installer ./cmd/installer
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -tags %{buildgotags} -o webhook ./cmd/webhook
+
+
+%install
+install -D -m0755 installer %{buildroot}%{_bindir}/installer
+install -D -m0755 webhook %{buildroot}%{_bindir}/webhook
+
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/installer
+%{_bindir}/webhook
+
+%changelog

node-feature-discovery-image/Dockerfile

@@ -0,0 +1,35 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%
+#!BuildTag: %%IMG_PREFIX%%node-feature-discovery:v%%node-feature-discovery_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends node-feature-discovery; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.node-feature-discovery
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE node-feature-discovery Container Image"
+LABEL org.opencontainers.image.description="node-feature-discovery based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%node-feature-discovery_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:%%node-feature-discovery_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+USER 65534:65534
+COPY --from=base /installroot /
+
+

node-feature-discovery-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%node-feature-discovery_version%%</param>
+    <param name="package">node-feature-discovery</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

node-feature-discovery/_service

@@ -0,0 +1,20 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/kubernetes-sigs/node-feature-discovery</param>
+    <param name="scm">git</param>
+    <param name="revision">v0.15.7</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">node-feature-discovery.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+</services>

node-feature-discovery/node-feature-discovery.spec

@@ -0,0 +1,91 @@
+#
+# spec file for package node-feature-discovery
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           node-feature-discovery
+Version:        0
+Release:        0
+Summary:        Advertises hardware features available on each Kubernetes node using node labels
+License:        Apache-2.0
+URL:            https://github.com/kubernetes-sigs/node-feature-discovery
+Source:         %{name}-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  glibc-static
+BuildRequires:  golang(API) = 1.21
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+Node-Feature-Discovery (NFD) software enables node feature discovery for Kubernetes. It detects hardware features available on each node in a
+Kubernetes cluster, and advertises those features using node labels and optionally node extended resources, annotations and node taints.
+Node Feature Discovery is compatible with any recent version of Kubernetes (v1.21+).
+
+NFD consists of four software components:
+- nfd-master:
+    daemon responsible for communication towards the Kubernetes API. That is, it receives labeling requests from the worker and modifies node
+    objects accordingly.
+- nfd-worker:
+    daemon responsible for feature detection. It then communicates the information to nfd-master which does the actual node labeling. One instance
+    of nfd-worker is supposed to be running on each node of the cluster.
+- nfd-topology-updater:
+    daemon responsible for examining allocated resources on a worker node to account for resources available to be allocated to new pod on a per-zone
+    basis (where a zone can be a NUMA node). It then creates or updates a NodeResourceTopology custom resource object specific to this node. One instance
+    of nfd-topology-updater is supposed to be running on each node of the cluster.
+- nfd-gc:
+    daemon responsible for cleaning obsolete NodeFeature and NodeResourceTopology objects.
+    One instance of nfd-gc is supposed to be running in the cluster.
+
+%prep
+%autosetup -a1 -n %{name}-%{version} -p1
+
+%build
+%define cgoenabled "1"
+# Most of the following go-build settings, toghether the build requirement on glibc-static package (see above) come from the aim
+# to get an statically linked binary (once CGO being enabled); they have been taken from upstream Makefile.
+#
+# Apart from that, the "host-" setting in "pathPrefix" variable in "sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath" package
+# (below) is required for alignment with the several mount paths set in the nfd chart's "worker" daemonset (yaml) template, for
+# all the hostPath volumes defined there.
+%define buildgotags "osusergo,netgo"
+%define buildldflags "-linkmode=external -extldflags '-static -Wl,--fatal-warnings' -X sigs.k8s.io/node-feature-discovery/pkg/version.version=v%{version} -X sigs.k8s.io/node-feature-discovery/pkg/utils/hostpath.pathPrefix=/host- -s -w"
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o kubectl-nfd ./cmd/kubectl-nfd
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-gc      ./cmd/nfd-gc
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-master  ./cmd/nfd-master
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-worker  ./cmd/nfd-worker
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-topology-updater ./cmd/nfd-topology-updater
+
+%install
+install -D -m0755 kubectl-nfd %{buildroot}%{_bindir}/kubectl-nfd
+install -D -m0755 nfd-gc %{buildroot}%{_bindir}/nfd-gc
+install -D -m0755 nfd-master %{buildroot}%{_bindir}/nfd-master
+install -D -m0755 nfd-worker %{buildroot}%{_bindir}/nfd-worker
+install -D -m0755 nfd-topology-updater %{buildroot}%{_bindir}/nfd-topology-updater
+install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{buildroot}%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/kubectl-nfd
+%{_bindir}/nfd-gc
+%{_bindir}/nfd-master
+%{_bindir}/nfd-worker
+%{_bindir}/nfd-topology-updater
+%dir %{_sysconfdir}/kubernetes
+%dir %{_sysconfdir}/kubernetes/node-feature-discovery
+%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf
+
+%changelog

release-manifest-image/release_images.yaml

@@ -11,6 +11,14 @@ images:
   - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2
   - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2
   - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.5.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.5.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.5.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.9.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.2.1
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.9.0
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.7.1
+  - name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.15.7
   - name: registry.rancher.com/rancher/fleet-agent:v0.13.1
   - name: registry.rancher.com/rancher/fleet:v0.13.1
   - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611
@@ -52,7 +60,6 @@ images:
   - name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1
   - name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1
   - name: registry.suse.com/rancher/elemental-operator:1.7.3
-  - name: registry.suse.com/rancher/hardened-sriov-network-operator:v1.5.0-build20250425
   - name: registry.suse.com/rancher/ip-address-manager:v1.10.2
   - name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1
   - name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1

release-manifest-image/release_manifest.yaml

@@ -155,7 +155,7 @@ spec:
         - prettyName: SRIOV
           releaseName: sriov-network-operator
           chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
-          version: '%%CHART_MAJOR%%.0.2+up1.5.0'
+          version: '%%CHART_MAJOR%%.0.3+up1.5.0'
           dependencyCharts:
             - releaseName: sriov-crd
               chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'

sriov-cni-image/Dockerfile

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%
+#!BuildTag: %%IMG_PREFIX%%sriov-cni:v%%sriov-cni_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-cni gawk which; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.sriov-cni
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE sriov-cni Container Image"
+LABEL org.opencontainers.image.description="sriov-cni based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%sriov-cni_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:%%sriov-cni_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+ENTRYPOINT ["/entrypoint.sh"]

sriov-cni-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%sriov-cni_version%%</param>
+    <param name="package">sriov-cni</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

sriov-cni/_service

@@ -0,0 +1,20 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/k8snetworkplumbingwg/sriov-cni</param>
+    <param name="scm">git</param>
+    <param name="revision">v2.9.0</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">sriov-cni.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+</services>

sriov-cni/sriov-cni.spec

@@ -0,0 +1,61 @@
+#
+# spec file for package sriov-cni
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           sriov-cni
+Version:        0
+Release:        0
+Summary:        Implements a Kubernetes CNI plugin operator for SRIOV VFs
+License:        Apache-2.0
+URL:            https://github.com/k8snetworkplumbingwg/sriov-cni
+Source:         %{name}-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) = 1.22
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+Network Interface Cards (NICs) with SR-IOV capabilities are managed through physical functions (PFs) and virtual functions (VFs).
+A PF is used by the host and usually represents a single NIC port. VF configurations are applied through the PF.
+The SR-IOV CNI allows each VF to be treated as a separate network interface, assigned to a container, and configured with its own
+MAC, VLAN, IP and more.
+
+SR-IOV CNI plugin works with SR-IOV device plugin for VF allocation in Kubernetes. A CNI metaplugin such as Multus gets the allocated
+VF's deviceID(PCI address) and is responsible for invoking the SR-IOV CNI plugin with that deviceID.
+
+%prep
+%autosetup -a1 -n %{name}-%{version} -p1
+
+%build
+# CGO is disabled by default in upstream Makefile:
+%define cgoenabled "0"
+# go build constrain (aka tag) "no_openssl" is set by default in upstream Makefile:
+%define buildgotags "no_openssl"
+%define buildldflags ""
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} -tags %{buildgotags} -o sriov cmd/sriov/main.go
+
+%install
+install -D -m0755 sriov %{buildroot}%{_bindir}/sriov
+install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/sriov
+/entrypoint.sh
+
+%changelog

sriov-network-device-plugin-image/Dockerfile

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%
+#!BuildTag: %%IMG_PREFIX%%sriov-network-device-plugin:v%%sriov-network-device-plugin_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-device-plugin hwdata gawk which; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.sriov-network-device-plugin
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE sriov-network-device-plugin Container Image"
+LABEL org.opencontainers.image.description="sriov-network-device-plugin based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%sriov-network-device-plugin_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:%%sriov-network-device-plugin_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+ENTRYPOINT ["/entrypoint.sh"]

sriov-network-device-plugin-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%sriov-network-device-plugin_version%%</param>
+    <param name="package">sriov-network-device-plugin</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

sriov-network-device-plugin/_service

@@ -0,0 +1,20 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin</param>
+    <param name="scm">git</param>
+    <param name="revision">v3.9.0</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">sriov-network-device-plugin.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+</services>

sriov-network-device-plugin/sriov-network-device-plugin.spec

@@ -0,0 +1,69 @@
+#
+# spec file for package sriov-network-device-plugin
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           sriov-network-device-plugin
+Version:        0
+Release:        0
+Summary:        Kubernetes device plugin for discovering and advertising SR-IOV available resources in the host
+License:        Apache-2.0
+URL:            https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin
+Source:         %{name}-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) = 1.23
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+The SR-IOV Network Device Plugin is a Kubernetes device plugin for discovering and advertising networking resources in the form of
+(i) SR-IOV virtual functions [VFs], (ii) PCI physical functions [PFs] and (iii) Auxiliary network devices (in particular Subfunctions [SFs])
+which are available on a Kubernetes host.
+To deploy workloads with SR-IOV resources this plugin needs to work together a CNI meta plugin supporting Device Plugin based network
+provisioning (e.g., Multus CNI) and a CNI capable of consuming the SR-IOV network device allocated to the Pod (e.g., sriov-cni).
+
+List of supported SR-IOV devices (not limited to NICs): https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin/blob/main/README.md
+(select the right version/tag)
+
+%prep
+%autosetup -a1 -n %{name}-%{version} -p1
+
+%build
+# Following go-build settings have been taken from upstream Makefile (for the STATIC option, the one set by rancher/ecm hardened
+# image used as baseline: https://github.com/rancher/image-build-sriov-network-device-plugin/blob/v3.9.0-build20250425/Dockerfile#L18 ):
+#
+# - CGO being disabled:
+%define cgoenabled "0"
+# - go-build constrain (aka tag) "no_openssl" being set:
+%define buildgotags "no_openssl"
+# - go-build to invoke external linker (i.e., gcc's ld) to which "static" option is being passed
+%define buildldflags "-extldflags '-static'"
+# - force rebuilding of packages that are already up-to-date
+#define buildgoflags "-a"
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -ldflags %{buildldflags} ${buildgoflags} -tags %{buildgotags} -o sriovdp ./cmd/sriovdp
+
+%install
+install -D -m0755 sriovdp %{buildroot}%{_bindir}/sriovdp
+install -D -m0755 images/entrypoint.sh %{buildroot}/entrypoint.sh
+
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/sriovdp
+/entrypoint.sh
+
+%changelog

sriov-network-operator-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
-#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
+#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0
+#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0-%RELEASE%
 annotations:
   catalog.cattle.io/auto-install: sriov-crd=match
   catalog.cattle.io/experimental: "true"
@@ -25,4 +25,4 @@ name: sriov-network-operator
 sources:
   - https://github.com/k8snetworkplumbingwg/sriov-network-operator
 type: application
-version: "%%CHART_MAJOR%%.0.2+up1.5.0"
+version: "%%CHART_MAJOR%%.0.3+up1.5.0"

sriov-network-operator-chart/_service

@@ -7,4 +7,18 @@
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>
   </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">values.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">charts/sriov-nfd/values.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+  </service>
 </services>

sriov-network-operator-chart/charts/sriov-nfd/values.yaml

@@ -1,9 +1,9 @@
 image:
-  repository: registry.rancher.com/rancher/hardened-node-feature-discovery
+  repository: "%%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery"
   # This should be set to 'IfNotPresent' for released version
   pullPolicy: IfNotPresent
   # tag, if defined will use the given image tag, else Chart.AppVersion will be used
-  tag: v0.15.7-build20250425
+  tag: v0.15.7
 imagePullSecrets: []
 
 nameOverride: ""

sriov-network-operator-chart/values.yaml

@@ -101,26 +101,26 @@ supportedExtraNICs: []
 # Image URIs for sriov-network-operator components
 images:
   operator:
-    repository: registry.suse.com/rancher/hardened-sriov-network-operator
-    tag: v1.5.0-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager"
+    tag: v1.5.0
   sriovConfigDaemon:
-    repository: registry.suse.com/rancher/hardened-sriov-network-config-daemon
-    tag: v1.5.0-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon"
+    tag: v1.5.0
   sriovCni:
-    repository: registry.suse.com/rancher/hardened-sriov-cni
-    tag: v2.9.0-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni"
+    tag: v2.9.0
   ibSriovCni:
-    repository: registry.suse.com/rancher/hardened-ib-sriov-cni
-    tag: v1.2.1-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni"
+    tag: v1.2.1
   sriovDevicePlugin:
-    repository: registry.suse.com/rancher/hardened-sriov-network-device-plugin
-    tag: v3.9.0-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin"
+    tag: v3.9.0
   resourcesInjector:
-    repository: registry.suse.com/rancher/hardened-sriov-network-resources-injector
-    tag: v1.7.1-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector"
+    tag: v1.7.1
   webhook:
-    repository: registry.suse.com/rancher/hardened-sriov-network-webhook
-    tag: v1.5.0-build20250425
+    repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook"
+    tag: v1.5.0
 imagePullSecrets: []
 extraDeploy: []
 global:

sriov-network-operator-config-daemon-image/Dockerfile

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%sriov-network-config-daemon:v%%sriov-network-config-daemon_version%%
+#!BuildTag: %%IMG_PREFIX%%sriov-network-config-daemon:v%%sriov-network-config-daemon_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-config-dm hwdata mstflint; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.sriov-network-config-daemon
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE sriov-network-config-daemon Container Image"
+LABEL org.opencontainers.image.description="sriov-network-config-daemon based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%sriov-network-config-daemon_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:%%sriov-network-config-daemon_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+ENTRYPOINT ["/usr/bin/sriov-network-config-daemon"]

sriov-network-operator-config-daemon-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%sriov-network-config-daemon_version%%</param>
+    <param name="package">sriov-network-operator-config-dm</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

sriov-network-operator-manager-image/Dockerfile

@@ -0,0 +1,33 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%sriov-network-manager:v%%sriov-network-manager_version%%
+#!BuildTag: %%IMG_PREFIX%%sriov-network-manager:v%%sriov-network-manager_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-manager; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.sriov-network-manager
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE sriov-network-manager Container Image"
+LABEL org.opencontainers.image.description="sriov-network-manager based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%sriov-network-manager_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:%%sriov-network-manager_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+ENTRYPOINT ["/usr/bin/sriov-network-operator"]

sriov-network-operator-manager-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%sriov-network-manager_version%%</param>
+    <param name="package">sriov-network-operator-manager</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

sriov-network-operator-webhook-image/Dockerfile

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%sriov-network-webhook:v%%sriov-network-webhook_version%%
+#!BuildTag: %%IMG_PREFIX%%sriov-network-webhook:v%%sriov-network-webhook_version%%-%RELEASE%
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends sriov-network-operator-webhook; \
+    zypper -n clean; \
+    rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.sriov-network-webhook
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE sriov-network-webhook Container Image"
+LABEL org.opencontainers.image.description="sriov-network-webhook based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%%sriov-network-webhook_version%%"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:%%sriov-network-webhook_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+USER 1001
+COPY --from=base /installroot /
+CMD ["/usr/bin/webhook"]

sriov-network-operator-webhook-image/_service

@@ -0,0 +1,19 @@
+<services>
+  <service name="kiwi_metainfo_helper" mode="buildtime"/>
+  <service name="docker_label_helper" mode="buildtime"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%sriov-network-webhook_version%%</param>
+    <param name="package">sriov-network-operator-webhook</param>
+    <param name="parse-version">patch</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

sriov-network-operator/_service

@@ -0,0 +1,20 @@
+<services>
+ <service name="obs_scm">
+    <param name="url">https://github.com/k8snetworkplumbingwg/sriov-network-operator</param>
+    <param name="scm">git</param>
+    <param name="revision">v1.5.0</param>
+    <param name="version">_auto_</param>
+    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="changesgenerate">enable</param>
+    <param name="changesauthor">antonio.alarcon@suse.com</param>
+    <param name="match-tag">v*</param>
+    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
+    <param name="without-version">yes</param>
+    <param name="versionrewrite-replacement">\1</param>
+  </service>
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">sriov-network-operator.obsinfo</param>
+  </service>
+  <service name="go_modules" />
+  <service mode="buildtime" name="set_version" />
+</services>

sriov-network-operator/sriov-network-operator.spec

@@ -0,0 +1,116 @@
+#
+# spec file for package sriov-network-operator
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           sriov-network-operator
+Version:        1.5.0
+Release:        0
+Summary:        Implements a Kubernetes operator for handling SRIOV VF resources
+License:        Apache-2.0
+URL:            https://github.com/k8snetworkplumbingwg/sriov-network-operator
+Source:         sriov-network-operator-%{version}.tar
+Source1:        vendor.tar.gz
+BuildRequires:  golang(API) = 1.22
+ExcludeArch:    s390
+ExcludeArch:    %{ix86}
+
+%description
+The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources. It helps users to
+provision and configure SR-IOV CNI plugins and SR-IOV Device plugin in a kubernetes cluster.
+
+Handling (i.e., assigning, removing) SRIOV Virtual Functions (VF) across workloads orchestrated by a kubernetes
+cluster requires different components to be provisioned and configured accordingly; the SRIOV Network
+Operator takes care of deploying and coordinating all those required components, providing an elegant API to
+simplify the process.
+
+%package common
+Summary:        SRIOV Network Operator Common
+Group:          System/Management
+
+%description common
+The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
+This subpackage is required to take ownership of the bindata files shared across subpackages.
+
+%package manager
+Summary:        SRIOV Network Operator Manager
+Group:          System/Management
+Requires:       %{name}-common = %{version}
+
+%description manager
+The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
+This subpackage provides the controllers' manager and the config-cleanup binaries.
+
+%package config-dm
+Summary:        SRIOV Network Operator Config Daemon
+Group:          System/Management
+Requires:       %{name}-common = %{version}
+
+%description config-dm
+The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
+This subpackage provides the config-daemon binary.
+
+%package webhook
+Summary:        SRIOV Network Operator Webhook
+Group:          System/Management
+
+%description webhook
+The SRIOV Network Operator implements a Kubernetes operator for handling SRIOV VF resources.
+This subpackage provides the webhook binary.
+
+%prep
+%autosetup -a1 -n sriov-network-operator-%{version} -p1
+
+%build
+# CGO is disable by default in upstream Makefile
+%define cgoenabled "0"
+%define buildldflags "-X github.com/k8snetworkplumbingwg/sriov-network-operator/pkg/version.Raw=%{version} -s -w"
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o manager main.go
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o sriov-network-operator-config-cleanup ./cmd/sriov-network-operator-config-cleanup
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o sriov-network-config-daemon ./cmd/sriov-network-config-daemon
+CGO_ENABLED=%{cgoenabled} go build -mod=vendor -buildmode=pie -trimpath -ldflags %{buildldflags} -o webhook ./cmd/webhook
+
+%install
+install -D -m0755 manager %{buildroot}%{_bindir}/sriov-network-operator
+install -D -m0755 sriov-network-operator-config-cleanup %{buildroot}%{_bindir}/sriov-network-operator-config-cleanup
+install -D -m0755 sriov-network-config-daemon %{buildroot}%{_bindir}/sriov-network-config-daemon
+install -D -m0755 webhook %{buildroot}%{_bindir}/webhook
+mkdir -p %{buildroot}/bindata
+cp -aR bindata/* %{buildroot}/bindata/
+chmod 755 %{buildroot}/bindata/scripts/*
+
+%files common
+%license LICENSE
+%doc README.md
+/bindata
+
+%files manager
+%license LICENSE
+%doc README.md
+%{_bindir}/sriov-network-operator
+%{_bindir}/sriov-network-operator-config-cleanup
+
+%files config-dm
+%license LICENSE
+%doc README.md
+%{_bindir}/sriov-network-config-daemon
+
+%files webhook
+%license LICENSE
+%doc README.md
+%{_bindir}/webhook
+
+%changelog