From 7b69b6caba73dff7ef85d96544935becfb9037c1a1d0d2255bede102d73b06a4 Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 10:10:48 +0100 Subject: [PATCH 1/9] Upgrades sriov-network-operator RPM (upstream v1.5.0 -> v1.6.0) --- sriov-network-operator/_service | 2 +- sriov-network-operator/sriov-network-operator.spec | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sriov-network-operator/_service b/sriov-network-operator/_service index f2a93ab..a9402b0 100644 --- a/sriov-network-operator/_service +++ b/sriov-network-operator/_service @@ -2,7 +2,7 @@ https://github.com/k8snetworkplumbingwg/sriov-network-operator git - v1.5.0 + v1.6.0 _auto_ @PARENT_TAG@ enable diff --git a/sriov-network-operator/sriov-network-operator.spec b/sriov-network-operator/sriov-network-operator.spec index 8023128..2d2bed9 100644 --- a/sriov-network-operator/sriov-network-operator.spec +++ b/sriov-network-operator/sriov-network-operator.spec @@ -17,14 +17,14 @@ Name: sriov-network-operator -Version: 1.5.0 +Version: 0 Release: 0 Summary: Implements a Kubernetes operator for handling SRIOV VF resources License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/sriov-network-operator Source: sriov-network-operator-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) = 1.22 +BuildRequires: golang(API) = 1.23 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1 From e3ddef8e08fd07c7b4b76dd8b8bdce6a53cbbec48a8fd8bca1627147226909f3 Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 16:52:46 +0100 Subject: [PATCH 2/9] Upgrades sriov-cni RPM (upstream v2.9.0 -> v2.10.0) --- sriov-cni/_service | 2 +- sriov-cni/sriov-cni.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sriov-cni/_service b/sriov-cni/_service index d21f9e8..8038709 100644 --- a/sriov-cni/_service +++ b/sriov-cni/_service @@ -2,7 +2,7 @@ https://github.com/k8snetworkplumbingwg/sriov-cni git - v2.9.0 + v2.10.0 _auto_ @PARENT_TAG@ enable diff --git a/sriov-cni/sriov-cni.spec b/sriov-cni/sriov-cni.spec index 2128fdf..e1034d0 100644 --- a/sriov-cni/sriov-cni.spec +++ b/sriov-cni/sriov-cni.spec @@ -24,7 +24,7 @@ License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/sriov-cni Source: %{name}-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) = 1.22 +BuildRequires: golang(API) = 1.23 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1 From c821d0c02f1c5bf43f4fe262297503bc42a4d888a7997e6ae48de28db806a06b Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 17:10:41 +0100 Subject: [PATCH 3/9] Upgrades ib-sriov-cni RPM (upstream v1.2.1 -> v1.3.0) --- ib-sriov-cni/_service | 2 +- ib-sriov-cni/ib-sriov-cni.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ib-sriov-cni/_service b/ib-sriov-cni/_service index 7f8ad6d..b820656 100644 --- a/ib-sriov-cni/_service +++ b/ib-sriov-cni/_service @@ -2,7 +2,7 @@ https://github.com/k8snetworkplumbingwg/ib-sriov-cni git - v1.2.1 + v1.3.0 _auto_ @PARENT_TAG@ enable diff --git a/ib-sriov-cni/ib-sriov-cni.spec b/ib-sriov-cni/ib-sriov-cni.spec index f78e826..c0ce4bb 100644 --- a/ib-sriov-cni/ib-sriov-cni.spec +++ b/ib-sriov-cni/ib-sriov-cni.spec @@ -24,7 +24,7 @@ License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/ib-sriov-cni Source: %{name}-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) = 1.23 +BuildRequires: golang(API) = 1.24 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1 From 9c7effe6dc0b506b7a7b75617b409da78f08097897a785ca6ce00c0b4f22416a Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 23:03:09 +0100 Subject: [PATCH 4/9] Upgrades sriov-network-device-plugin RPM (upstream v3.9.0 -> v3.10.0) --- sriov-network-device-plugin/_service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sriov-network-device-plugin/_service b/sriov-network-device-plugin/_service index 5ec6d6c..1cc9cf8 100644 --- a/sriov-network-device-plugin/_service +++ b/sriov-network-device-plugin/_service @@ -2,7 +2,7 @@ https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin git - v3.9.0 + v3.10.0 _auto_ @PARENT_TAG@ enable -- 2.51.1 From 49fc45f784e6deccc3ea256ec5a4dae107043e9fa5047a8996dec1ccd2577177 Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 17:13:39 +0100 Subject: [PATCH 5/9] Upgrades network-resources-injector RPM (upstream v1.7.1 -> v1.8.0) --- network-resources-injector/_service | 2 +- network-resources-injector/network-resources-injector.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/network-resources-injector/_service b/network-resources-injector/_service index bdc6ab9..0315f25 100644 --- a/network-resources-injector/_service +++ b/network-resources-injector/_service @@ -2,7 +2,7 @@ https://github.com/k8snetworkplumbingwg/network-resources-injector git - v1.7.1 + v1.8.0 _auto_ @PARENT_TAG@ enable diff --git a/network-resources-injector/network-resources-injector.spec b/network-resources-injector/network-resources-injector.spec index 4bfac9e..ff880aa 100644 --- a/network-resources-injector/network-resources-injector.spec +++ b/network-resources-injector/network-resources-injector.spec @@ -24,7 +24,7 @@ License: Apache-2.0 URL: https://github.com/k8snetworkplumbingwg/network-resources-injector Source: %{name}-%{version}.tar Source1: vendor.tar.gz -BuildRequires: golang(API) = 1.21 +BuildRequires: golang(API) = 1.24 ExcludeArch: s390 ExcludeArch: %{ix86} -- 2.51.1 From 36c4408bddde605c46dc5ae32fde919218ee6edd1bf5f44616f16e1484232a4f Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 17:17:48 +0100 Subject: [PATCH 6/9] Upgrades node-feature-discovery RPM (upstream v0.15.7 -> v0.18.2) --- node-feature-discovery/_service | 2 +- node-feature-discovery/node-feature-discovery.spec | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/node-feature-discovery/_service b/node-feature-discovery/_service index d299576..b36d286 100644 --- a/node-feature-discovery/_service +++ b/node-feature-discovery/_service @@ -2,7 +2,7 @@ https://github.com/kubernetes-sigs/node-feature-discovery git - v0.15.7 + v0.18.2 _auto_ @PARENT_TAG@ enable diff --git a/node-feature-discovery/node-feature-discovery.spec b/node-feature-discovery/node-feature-discovery.spec index 74ea4bd..0ef4a2d 100644 --- a/node-feature-discovery/node-feature-discovery.spec +++ b/node-feature-discovery/node-feature-discovery.spec @@ -25,7 +25,7 @@ URL: https://github.com/kubernetes-sigs/node-feature-discovery Source: %{name}-%{version}.tar Source1: vendor.tar.gz BuildRequires: glibc-static -BuildRequires: golang(API) = 1.21 +BuildRequires: golang(API) = 1.25 ExcludeArch: s390 ExcludeArch: %{ix86} @@ -48,6 +48,9 @@ NFD consists of four software components: - nfd-gc: daemon responsible for cleaning obsolete NodeFeature and NodeResourceTopology objects. One instance of nfd-gc is supposed to be running in the cluster. +- nfd: + client able to export features or labels in a generic context (e.g., compute nodes that warrant assessment, but may not have Kubernetes running, + or may not be able to or want to run a central daemon service for data). %prep %autosetup -a1 -n %{name}-%{version} -p1 @@ -67,6 +70,7 @@ CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -l CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-master ./cmd/nfd-master CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-worker ./cmd/nfd-worker CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd-topology-updater ./cmd/nfd-topology-updater +CGO_ENABLED=%{cgoenabled} go build -mod=vendor -trimpath -tags %{buildgotags} -ldflags %{buildldflags} -o nfd ./cmd/nfd %install install -D -m0755 kubectl-nfd %{buildroot}%{_bindir}/kubectl-nfd @@ -74,6 +78,7 @@ install -D -m0755 nfd-gc %{buildroot}%{_bindir}/nfd-gc install -D -m0755 nfd-master %{buildroot}%{_bindir}/nfd-master install -D -m0755 nfd-worker %{buildroot}%{_bindir}/nfd-worker install -D -m0755 nfd-topology-updater %{buildroot}%{_bindir}/nfd-topology-updater +install -D -m0755 nfd %{buildroot}%{_bindir}/nfd install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{buildroot}%{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf %files @@ -84,6 +89,7 @@ install -D -m0644 ./deployment/components/worker-config/nfd-worker.conf.example %{_bindir}/nfd-master %{_bindir}/nfd-worker %{_bindir}/nfd-topology-updater +%{_bindir}/nfd %dir %{_sysconfdir}/kubernetes %dir %{_sysconfdir}/kubernetes/node-feature-discovery %{_sysconfdir}/kubernetes/node-feature-discovery/nfd-worker.conf -- 2.51.1 From b7ce8e2ce937fef7db189559f60a1469e42812435f0c95890655d4fe749f5828 Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 17:23:14 +0100 Subject: [PATCH 7/9] Upgrades sriov-crd CHART (upstream v1.5.0 -> v1.6.0) --- sriov-crd-chart/Chart.yaml | 6 +- ...sriovnetwork.openshift.io_ovsnetworks.yaml | 178 ++--- ...vnetwork.openshift.io_sriovibnetworks.yaml | 124 ++-- ...openshift.io_sriovnetworknodepolicies.yaml | 386 +++++----- ...k.openshift.io_sriovnetworknodestates.yaml | 688 +++++++++--------- ....openshift.io_sriovnetworkpoolconfigs.yaml | 218 +++--- ...iovnetwork.openshift.io_sriovnetworks.yaml | 240 +++--- ...ork.openshift.io_sriovoperatorconfigs.yaml | 190 ++--- 8 files changed, 1016 insertions(+), 1014 deletions(-) diff --git a/sriov-crd-chart/Chart.yaml b/sriov-crd-chart/Chart.yaml index 199e116..c776314 100644 --- a/sriov-crd-chart/Chart.yaml +++ b/sriov-crd-chart/Chart.yaml @@ -1,5 +1,5 @@ -#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE% -#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0 +#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.4_up1.6.0 annotations: catalog.cattle.io/experimental: "true" catalog.cattle.io/hidden: "true" @@ -10,4 +10,4 @@ apiVersion: v2 description: Installs the CRDs for the SR-IOV operator name: sriov-crd type: application -version: "%%CHART_MAJOR%%.0.2+up1.5.0" +version: "%%CHART_MAJOR%%.0.4+up1.6.0" diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml index 7c72de6..7e7d9ba 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_ovsnetworks.yaml @@ -14,92 +14,92 @@ spec: singular: ovsnetwork scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: OVSNetwork is the Schema for the ovsnetworks API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: OVSNetworkSpec defines the desired state of OVSNetwork - properties: - bridge: - description: |- - name of the OVS bridge, if not set OVS will automatically select bridge - based on VF PCI address - type: string - capabilities: - description: |- - Capabilities to be configured for this network. - Capabilities supported: (mac|ips), e.g. '{"mac": true}' - type: string - interfaceType: - description: The type of interface on ovs. - type: string - ipam: - description: IPAM configuration to be used for this network. - type: string - metaPlugins: - description: MetaPluginsConfig configuration to be used in order to - chain metaplugins - type: string - mtu: - description: Mtu for the OVS port - type: integer - networkNamespace: - description: Namespace of the NetworkAttachmentDefinition custom resource - type: string - resourceName: - description: OVS Network device plugin endpoint resource name - type: string - trunk: - description: Trunk configuration for the OVS port - items: - description: TrunkConfig contains configuration for bridge trunk - properties: - id: - maximum: 4095 - minimum: 0 - type: integer - maxID: - maximum: 4095 - minimum: 0 - type: integer - minID: - maximum: 4095 - minimum: 0 - type: integer - type: object - type: array - vlan: - description: Vlan to assign for the OVS port - maximum: 4095 - minimum: 0 - type: integer - required: - - resourceName - type: object - status: - description: OVSNetworkStatus defines the observed state of OVSNetwork - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: OVSNetwork is the Schema for the ovsnetworks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: OVSNetworkSpec defines the desired state of OVSNetwork + properties: + bridge: + description: |- + name of the OVS bridge, if not set OVS will automatically select bridge + based on VF PCI address + type: string + capabilities: + description: |- + Capabilities to be configured for this network. + Capabilities supported: (mac|ips), e.g. '{"mac": true}' + type: string + interfaceType: + description: The type of interface on ovs. + type: string + ipam: + description: IPAM configuration to be used for this network. + type: string + metaPlugins: + description: MetaPluginsConfig configuration to be used in order to + chain metaplugins + type: string + mtu: + description: Mtu for the OVS port + type: integer + networkNamespace: + description: Namespace of the NetworkAttachmentDefinition custom resource + type: string + resourceName: + description: OVS Network device plugin endpoint resource name + type: string + trunk: + description: Trunk configuration for the OVS port + items: + description: TrunkConfig contains configuration for bridge trunk + properties: + id: + maximum: 4095 + minimum: 0 + type: integer + maxID: + maximum: 4095 + minimum: 0 + type: integer + minID: + maximum: 4095 + minimum: 0 + type: integer + type: object + type: array + vlan: + description: Vlan to assign for the OVS port + maximum: 4095 + minimum: 0 + type: integer + required: + - resourceName + type: object + status: + description: OVSNetworkStatus defines the observed state of OVSNetwork + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml index 7245ba6..8a4f88c 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovibnetworks.yaml @@ -14,65 +14,65 @@ spec: singular: sriovibnetwork scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: SriovIBNetwork is the Schema for the sriovibnetworks API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork - properties: - capabilities: - description: |- - Capabilities to be configured for this network. - Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}' - type: string - ipam: - description: IPAM configuration to be used for this network. - type: string - linkState: - description: VF link state (enable|disable|auto) - enum: - - auto - - enable - - disable - type: string - metaPlugins: - description: |- - MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned - by the operator. - type: string - networkNamespace: - description: Namespace of the NetworkAttachmentDefinition custom resource - type: string - resourceName: - description: SRIOV Network device plugin endpoint resource name - type: string - required: - - resourceName - type: object - status: - description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: SriovIBNetwork is the Schema for the sriovibnetworks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork + properties: + capabilities: + description: |- + Capabilities to be configured for this network. + Capabilities supported: (infinibandGUID), e.g. '{"infinibandGUID": true}' + type: string + ipam: + description: IPAM configuration to be used for this network. + type: string + linkState: + description: VF link state (enable|disable|auto) + enum: + - auto + - enable + - disable + type: string + metaPlugins: + description: |- + MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned + by the operator. + type: string + networkNamespace: + description: Namespace of the NetworkAttachmentDefinition custom resource + type: string + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + required: + - resourceName + type: object + status: + description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml index 3c2642c..2942b18 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml @@ -14,200 +14,200 @@ spec: singular: sriovnetworknodepolicy scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy - properties: - bridge: - description: |- - contains bridge configuration for matching PFs, - valid only for eSwitchMode==switchdev - properties: - ovs: - description: contains configuration for the OVS bridge, - properties: - bridge: - description: contains bridge level settings - properties: - datapathType: - description: configure datapath_type field in the Bridge - table in OVSDB + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy + properties: + bridge: + description: |- + contains bridge configuration for matching PFs, + valid only for eSwitchMode==switchdev + properties: + ovs: + description: contains configuration for the OVS bridge, + properties: + bridge: + description: contains bridge level settings + properties: + datapathType: + description: configure datapath_type field in the Bridge + table in OVSDB + type: string + externalIDs: + additionalProperties: type: string - externalIDs: - additionalProperties: - type: string - description: IDs to inject to external_ids field in the - Bridge table in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: additional options to inject to other_config - field in the bridge table in OVSDB - type: object - type: object - uplink: - description: contains settings for uplink (PF) - properties: - interface: - description: contains settings for PF interface in the - OVS bridge - properties: - externalIDs: - additionalProperties: - type: string - description: external_ids field in the Interface table - in OVSDB - type: object - mtuRequest: - description: mtu_request field in the Interface table - in OVSDB - type: integer - options: - additionalProperties: - type: string - description: options field in the Interface table - in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: other_config field in the Interface table - in OVSDB - type: object - type: - description: type field in the Interface table in - OVSDB + description: IDs to inject to external_ids field in the + Bridge table in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: additional options to inject to other_config + field in the bridge table in OVSDB + type: object + type: object + uplink: + description: contains settings for uplink (PF) + properties: + interface: + description: contains settings for PF interface in the + OVS bridge + properties: + externalIDs: + additionalProperties: type: string - type: object - type: object - type: object - type: object - deviceType: - default: netdevice - description: The driver type for configured VFs. Allowed value "netdevice", - "vfio-pci". Defaults to netdevice. - enum: - - netdevice - - vfio-pci - type: string - eSwitchMode: - description: NIC Device Mode. Allowed value "legacy","switchdev". - enum: - - legacy - - switchdev - type: string - excludeTopology: - description: Exclude device's NUMA node when advertising this resource - by SRIOV network device plugin. Default to false. - type: boolean - externallyManaged: - description: don't create the virtual function only allocated them - to the device plugin. Defaults to false. - type: boolean - isRdma: - description: RDMA mode. Defaults to false. - type: boolean - linkType: - description: NIC Link Type. Allowed value "eth", "ETH", "ib", and - "IB". - enum: - - eth - - ETH - - ib - - IB - type: string - mtu: - description: MTU of VF - minimum: 1 - type: integer - needVhostNet: - description: mount vhost-net device. Defaults to false. - type: boolean - nicSelector: - description: NicSelector selects the NICs to be configured - properties: - deviceID: - description: The device hex code of SR-IoV device. Allowed value - "0d58", "1572", "158b", "1013", "1015", "1017", "101b". - type: string - netFilter: - description: Infrastructure Networking selection filter. Allowed - value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - type: string - pfNames: - description: Name of SR-IoV PF. - items: - type: string - type: array - rootDevices: - description: PCI address of SR-IoV PF. - items: - type: string - type: array - vendor: - description: The vendor hex code of SR-IoV device. Allowed value - "8086", "15b3". - type: string - type: object - nodeSelector: - additionalProperties: + description: external_ids field in the Interface table + in OVSDB + type: object + mtuRequest: + description: mtu_request field in the Interface table + in OVSDB + type: integer + options: + additionalProperties: + type: string + description: options field in the Interface table + in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: other_config field in the Interface table + in OVSDB + type: object + type: + description: type field in the Interface table in + OVSDB + type: string + type: object + type: object + type: object + type: object + deviceType: + default: netdevice + description: The driver type for configured VFs. Allowed value "netdevice", + "vfio-pci". Defaults to netdevice. + enum: + - netdevice + - vfio-pci + type: string + eSwitchMode: + description: NIC Device Mode. Allowed value "legacy","switchdev". + enum: + - legacy + - switchdev + type: string + excludeTopology: + description: Exclude device's NUMA node when advertising this resource + by SRIOV network device plugin. Default to false. + type: boolean + externallyManaged: + description: don't create the virtual function only allocated them + to the device plugin. Defaults to false. + type: boolean + isRdma: + description: RDMA mode. Defaults to false. + type: boolean + linkType: + description: NIC Link Type. Allowed value "eth", "ETH", "ib", and + "IB". + enum: + - eth + - ETH + - ib + - IB + type: string + mtu: + description: MTU of VF + minimum: 1 + type: integer + needVhostNet: + description: mount vhost-net device. Defaults to false. + type: boolean + nicSelector: + description: NicSelector selects the NICs to be configured + properties: + deviceID: + description: The device hex code of SR-IoV device. Allowed value + "0d58", "1572", "158b", "1013", "1015", "1017", "101b". type: string - description: NodeSelector selects the nodes to be configured - type: object - numVfs: - description: Number of VFs for each PF - minimum: 0 - type: integer - priority: - description: Priority of the policy, higher priority policies can - override lower ones. - maximum: 99 - minimum: 0 - type: integer - resourceName: - description: SRIOV Network device plugin endpoint resource name + netFilter: + description: Infrastructure Networking selection filter. Allowed + value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + type: string + pfNames: + description: Name of SR-IoV PF. + items: + type: string + type: array + rootDevices: + description: PCI address of SR-IoV PF. + items: + type: string + type: array + vendor: + description: The vendor hex code of SR-IoV device. Allowed value + "8086", "15b3". + type: string + type: object + nodeSelector: + additionalProperties: type: string - vdpaType: - description: VDPA device type. Allowed value "virtio", "vhost" - enum: - - virtio - - vhost - type: string - required: - - nicSelector - - nodeSelector - - numVfs - - resourceName - type: object - status: - description: SriovNetworkNodePolicyStatus defines the observed state of - SriovNetworkNodePolicy - type: object - type: object - served: true - storage: true - subresources: - status: {} + description: NodeSelector selects the nodes to be configured + type: object + numVfs: + description: Number of VFs for each PF + minimum: 0 + type: integer + priority: + description: Priority of the policy, higher priority policies can + override lower ones. + maximum: 99 + minimum: 0 + type: integer + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + vdpaType: + description: VDPA device type. Allowed value "virtio", "vhost" + enum: + - virtio + - vhost + type: string + required: + - nicSelector + - nodeSelector + - numVfs + - resourceName + type: object + status: + description: SriovNetworkNodePolicyStatus defines the observed state of + SriovNetworkNodePolicy + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml index 40b89a9..fc33c07 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml @@ -14,356 +14,356 @@ spec: singular: sriovnetworknodestate scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .status.syncStatus - name: Sync Status - type: string - - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state - name: Desired Sync State - type: string - - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state - name: Current Sync State - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState - properties: - bridges: - description: Bridges contains list of bridges - properties: - ovs: - items: - description: OVSConfigExt contains configuration for the concrete - OVS bridge - properties: - bridge: - description: bridge-level configuration for the bridge - properties: - datapathType: - description: configure datapath_type field in the Bridge - table in OVSDB - type: string - externalIDs: - additionalProperties: - type: string - description: IDs to inject to external_ids field in - the Bridge table in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: additional options to inject to other_config - field in the bridge table in OVSDB - type: object - type: object - name: - description: name of the bridge - type: string - uplinks: - description: |- - uplink-level bridge configuration for each uplink(PF). - currently must contain only one element - items: - description: OVSUplinkConfigExt contains configuration - for the concrete OVS uplink(PF) - properties: - interface: - description: configuration from the Interface OVS - table for the PF - properties: - externalIDs: - additionalProperties: - type: string - description: external_ids field in the Interface - table in OVSDB - type: object - mtuRequest: - description: mtu_request field in the Interface - table in OVSDB - type: integer - options: - additionalProperties: - type: string - description: options field in the Interface table - in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: other_config field in the Interface - table in OVSDB - type: object - type: - description: type field in the Interface table - in OVSDB - type: string - type: object - name: - description: name of the PF interface - type: string - pciAddress: - description: pci address of the PF - type: string - required: - - pciAddress - type: object - type: array - required: - - name - type: object - type: array - type: object - interfaces: - items: - properties: - eSwitchMode: - type: string - externallyManaged: - type: boolean - linkType: - type: string - mtu: - type: integer - name: - type: string - numVfs: - type: integer - pciAddress: - type: string - vfGroups: - items: + - additionalPrinterColumns: + - jsonPath: .status.syncStatus + name: Sync Status + type: string + - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/desired-state + name: Desired Sync State + type: string + - jsonPath: .metadata.annotations.sriovnetwork\.openshift\.io/current-state + name: Current Sync State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState + properties: + bridges: + description: Bridges contains list of bridges + properties: + ovs: + items: + description: OVSConfigExt contains configuration for the concrete + OVS bridge + properties: + bridge: + description: bridge-level configuration for the bridge properties: - deviceType: - type: string - isRdma: - type: boolean - mtu: - type: integer - policyName: - type: string - resourceName: - type: string - vdpaType: - type: string - vfRange: + datapathType: + description: configure datapath_type field in the Bridge + table in OVSDB type: string + externalIDs: + additionalProperties: + type: string + description: IDs to inject to external_ids field in + the Bridge table in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: additional options to inject to other_config + field in the bridge table in OVSDB + type: object type: object - type: array - required: - - pciAddress - type: object - type: array - system: - properties: - rdmaMode: - description: RDMA subsystem. Allowed value "shared", "exclusive". - enum: - - shared - - exclusive - type: string - type: object - type: object - status: - description: SriovNetworkNodeStateStatus defines the observed state of - SriovNetworkNodeState - properties: - bridges: - description: Bridges contains list of bridges - properties: - ovs: - items: - description: OVSConfigExt contains configuration for the concrete - OVS bridge - properties: - bridge: - description: bridge-level configuration for the bridge + name: + description: name of the bridge + type: string + uplinks: + description: |- + uplink-level bridge configuration for each uplink(PF). + currently must contain only one element + items: + description: OVSUplinkConfigExt contains configuration + for the concrete OVS uplink(PF) properties: - datapathType: - description: configure datapath_type field in the Bridge - table in OVSDB - type: string - externalIDs: - additionalProperties: - type: string - description: IDs to inject to external_ids field in - the Bridge table in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: additional options to inject to other_config - field in the bridge table in OVSDB - type: object - type: object - name: - description: name of the bridge - type: string - uplinks: - description: |- - uplink-level bridge configuration for each uplink(PF). - currently must contain only one element - items: - description: OVSUplinkConfigExt contains configuration - for the concrete OVS uplink(PF) - properties: - interface: - description: configuration from the Interface OVS - table for the PF - properties: - externalIDs: - additionalProperties: - type: string - description: external_ids field in the Interface - table in OVSDB - type: object - mtuRequest: - description: mtu_request field in the Interface - table in OVSDB - type: integer - options: - additionalProperties: - type: string - description: options field in the Interface table - in OVSDB - type: object - otherConfig: - additionalProperties: - type: string - description: other_config field in the Interface - table in OVSDB - type: object - type: - description: type field in the Interface table - in OVSDB + interface: + description: configuration from the Interface OVS + table for the PF + properties: + externalIDs: + additionalProperties: type: string - type: object - name: - description: name of the PF interface - type: string - pciAddress: - description: pci address of the PF - type: string - required: - - pciAddress - type: object - type: array - required: - - name - type: object - type: array - type: object - interfaces: - items: - properties: - Vfs: - items: - properties: - Vlan: - type: integer - assigned: - type: string - deviceID: - type: string - driver: - type: string - guid: - type: string - mac: - type: string - mtu: - type: integer - name: - type: string - pciAddress: - type: string - representorName: - type: string - vdpaType: - type: string - vendor: - type: string - vfID: - type: integer - required: + description: external_ids field in the Interface + table in OVSDB + type: object + mtuRequest: + description: mtu_request field in the Interface + table in OVSDB + type: integer + options: + additionalProperties: + type: string + description: options field in the Interface table + in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: other_config field in the Interface + table in OVSDB + type: object + type: + description: type field in the Interface table + in OVSDB + type: string + type: object + name: + description: name of the PF interface + type: string + pciAddress: + description: pci address of the PF + type: string + required: - pciAddress - - vfID - type: object - type: array - deviceID: - type: string - driver: - type: string - eSwitchMode: - type: string - externallyManaged: - type: boolean - linkAdminState: - type: string - linkSpeed: - type: string - linkType: - type: string - mac: - type: string - mtu: - type: integer - name: - type: string - netFilter: - type: string - numVfs: - type: integer - pciAddress: - type: string - totalvfs: - type: integer - vendor: - type: string - required: - - pciAddress - type: object - type: array - lastSyncError: - type: string - syncStatus: - type: string - system: + type: object + type: array + required: + - name + type: object + type: array + type: object + interfaces: + items: properties: - rdmaMode: - description: RDMA subsystem. Allowed value "shared", "exclusive". - enum: - - shared - - exclusive + eSwitchMode: type: string + externallyManaged: + type: boolean + linkType: + type: string + mtu: + type: integer + name: + type: string + numVfs: + type: integer + pciAddress: + type: string + vfGroups: + items: + properties: + deviceType: + type: string + isRdma: + type: boolean + mtu: + type: integer + policyName: + type: string + resourceName: + type: string + vdpaType: + type: string + vfRange: + type: string + type: object + type: array + required: + - pciAddress type: object - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: array + system: + properties: + rdmaMode: + description: RDMA subsystem. Allowed value "shared", "exclusive". + enum: + - shared + - exclusive + type: string + type: object + type: object + status: + description: SriovNetworkNodeStateStatus defines the observed state of + SriovNetworkNodeState + properties: + bridges: + description: Bridges contains list of bridges + properties: + ovs: + items: + description: OVSConfigExt contains configuration for the concrete + OVS bridge + properties: + bridge: + description: bridge-level configuration for the bridge + properties: + datapathType: + description: configure datapath_type field in the Bridge + table in OVSDB + type: string + externalIDs: + additionalProperties: + type: string + description: IDs to inject to external_ids field in + the Bridge table in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: additional options to inject to other_config + field in the bridge table in OVSDB + type: object + type: object + name: + description: name of the bridge + type: string + uplinks: + description: |- + uplink-level bridge configuration for each uplink(PF). + currently must contain only one element + items: + description: OVSUplinkConfigExt contains configuration + for the concrete OVS uplink(PF) + properties: + interface: + description: configuration from the Interface OVS + table for the PF + properties: + externalIDs: + additionalProperties: + type: string + description: external_ids field in the Interface + table in OVSDB + type: object + mtuRequest: + description: mtu_request field in the Interface + table in OVSDB + type: integer + options: + additionalProperties: + type: string + description: options field in the Interface table + in OVSDB + type: object + otherConfig: + additionalProperties: + type: string + description: other_config field in the Interface + table in OVSDB + type: object + type: + description: type field in the Interface table + in OVSDB + type: string + type: object + name: + description: name of the PF interface + type: string + pciAddress: + description: pci address of the PF + type: string + required: + - pciAddress + type: object + type: array + required: + - name + type: object + type: array + type: object + interfaces: + items: + properties: + Vfs: + items: + properties: + Vlan: + type: integer + assigned: + type: string + deviceID: + type: string + driver: + type: string + guid: + type: string + mac: + type: string + mtu: + type: integer + name: + type: string + pciAddress: + type: string + representorName: + type: string + vdpaType: + type: string + vendor: + type: string + vfID: + type: integer + required: + - pciAddress + - vfID + type: object + type: array + deviceID: + type: string + driver: + type: string + eSwitchMode: + type: string + externallyManaged: + type: boolean + linkAdminState: + type: string + linkSpeed: + type: string + linkType: + type: string + mac: + type: string + mtu: + type: integer + name: + type: string + netFilter: + type: string + numVfs: + type: integer + pciAddress: + type: string + totalvfs: + type: integer + vendor: + type: string + required: + - pciAddress + type: object + type: array + lastSyncError: + type: string + syncStatus: + type: string + system: + properties: + rdmaMode: + description: RDMA subsystem. Allowed value "shared", "exclusive". + enum: + - shared + - exclusive + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml index d0c58f1..a9a0826 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml @@ -14,116 +14,118 @@ spec: singular: sriovnetworkpoolconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig - properties: - maxUnavailable: - anyOf: - - type: integer - - type: string - description: |- - maxUnavailable defines either an integer number or percentage - of nodes in the pool that can go Unavailable during an update. + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig + properties: + maxUnavailable: + anyOf: + - type: integer + - type: string + description: |- + maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. - A value larger than 1 will mean multiple nodes going unavailable during - the update, which may affect your workload stress on the remaining nodes. - Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, - even if maxUnavailable is greater than one. - x-kubernetes-int-or-string: true - nodeSelector: - description: nodeSelector specifies a label selector for Nodes - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string + A value larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining nodes. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, + even if maxUnavailable is greater than one. + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Nodes + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator type: object - type: object - x-kubernetes-map-type: atomic - ovsHardwareOffloadConfig: - description: OvsHardwareOffloadConfig describes the OVS HWOL configuration - for selected Nodes - properties: - name: - description: |- - Name is mandatory and must be unique. - On Kubernetes: - Name is the name of OvsHardwareOffloadConfig - On OpenShift: - Name is the name of MachineConfigPool to be enabled with OVS hardware offload + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: type: string - type: object - rdmaMode: - description: RDMA subsystem. Allowed value "shared", "exclusive". - enum: - - shared - - exclusive - type: string - type: object - status: - description: SriovNetworkPoolConfigStatus defines the observed state of - SriovNetworkPoolConfig - type: object - type: object - served: true - storage: true - subresources: - status: {} + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + ovsHardwareOffloadConfig: + description: OvsHardwareOffloadConfig describes the OVS HWOL configuration + for selected Nodes + properties: + name: + description: |- + Name is mandatory and must be unique. + On Kubernetes: + Name is the name of OvsHardwareOffloadConfig + On OpenShift: + Name is the name of MachineConfigPool to be enabled with OVS hardware offload + type: string + type: object + rdmaMode: + description: RDMA subsystem. Allowed value "shared", "exclusive". + enum: + - shared + - exclusive + type: string + type: object + status: + description: SriovNetworkPoolConfigStatus defines the observed state of + SriovNetworkPoolConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml index 60d5e9b..cd807f9 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworks.yaml @@ -14,123 +14,123 @@ spec: singular: sriovnetwork scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: SriovNetwork is the Schema for the sriovnetworks API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovNetworkSpec defines the desired state of SriovNetwork - properties: - capabilities: - description: |- - Capabilities to be configured for this network. - Capabilities supported: (mac|ips), e.g. '{"mac": true}' - type: string - ipam: - description: IPAM configuration to be used for this network. - type: string - linkState: - description: VF link state (enable|disable|auto) - enum: - - auto - - enable - - disable - type: string - logFile: - description: |- - LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus - to multus and container runtime logs. - type: string - logLevel: - default: info - description: |- - LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults - to info if left blank. - enum: - - panic - - error - - warning - - info - - debug - - "" - type: string - maxTxRate: - description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no - rate limiting) - minimum: 0 - type: integer - metaPlugins: - description: |- - MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned - by the operator. - type: string - minTxRate: - description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no - rate limiting). min_tx_rate should be <= max_tx_rate. - minimum: 0 - type: integer - networkNamespace: - description: Namespace of the NetworkAttachmentDefinition custom resource - type: string - resourceName: - description: SRIOV Network device plugin endpoint resource name - type: string - spoofChk: - description: VF spoof check, (on|off) - enum: - - "on" - - "off" - type: string - trust: - description: VF trust mode (on|off) - enum: - - "on" - - "off" - type: string - vlan: - description: VLAN ID to assign for the VF. Defaults to 0. - maximum: 4096 - minimum: 0 - type: integer - vlanProto: - description: VLAN proto to assign for the VF. Defaults to 802.1q. - enum: - - 802.1q - - 802.1Q - - 802.1ad - - 802.1AD - type: string - vlanQoS: - description: VLAN QoS ID to assign for the VF. Defaults to 0. - maximum: 7 - minimum: 0 - type: integer - required: - - resourceName - type: object - status: - description: SriovNetworkStatus defines the observed state of SriovNetwork - type: object - type: object - served: true - storage: true - subresources: - status: {} + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetwork is the Schema for the sriovnetworks API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovNetworkSpec defines the desired state of SriovNetwork + properties: + capabilities: + description: |- + Capabilities to be configured for this network. + Capabilities supported: (mac|ips), e.g. '{"mac": true}' + type: string + ipam: + description: IPAM configuration to be used for this network. + type: string + linkState: + description: VF link state (enable|disable|auto) + enum: + - auto + - enable + - disable + type: string + logFile: + description: |- + LogFile sets the log file of the SRIOV CNI plugin logs. If unset (default), this will log to stderr and thus + to multus and container runtime logs. + type: string + logLevel: + default: info + description: |- + LogLevel sets the log level of the SRIOV CNI plugin - either of panic, error, warning, info, debug. Defaults + to info if left blank. + enum: + - panic + - error + - warning + - info + - debug + - "" + type: string + maxTxRate: + description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no + rate limiting) + minimum: 0 + type: integer + metaPlugins: + description: |- + MetaPluginsConfig configuration to be used in order to chain metaplugins to the sriov interface returned + by the operator. + type: string + minTxRate: + description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no + rate limiting). min_tx_rate should be <= max_tx_rate. + minimum: 0 + type: integer + networkNamespace: + description: Namespace of the NetworkAttachmentDefinition custom resource + type: string + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + spoofChk: + description: VF spoof check, (on|off) + enum: + - "on" + - "off" + type: string + trust: + description: VF trust mode (on|off) + enum: + - "on" + - "off" + type: string + vlan: + description: VLAN ID to assign for the VF. Defaults to 0. + maximum: 4096 + minimum: 0 + type: integer + vlanProto: + description: VLAN proto to assign for the VF. Defaults to 802.1q. + enum: + - 802.1q + - 802.1Q + - 802.1ad + - 802.1AD + type: string + vlanQoS: + description: VLAN QoS ID to assign for the VF. Defaults to 0. + maximum: 7 + minimum: 0 + type: integer + required: + - resourceName + type: object + status: + description: SriovNetworkStatus defines the observed state of SriovNetwork + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml index e782d02..49d5429 100644 --- a/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml +++ b/sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml @@ -14,101 +14,101 @@ spec: singular: sriovoperatorconfig scope: Namespaced versions: - - name: v1 - schema: - openAPIV3Schema: - description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs - API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig - properties: - configDaemonNodeSelector: - additionalProperties: - type: string - description: NodeSelector selects the nodes to be configured - type: object - configurationMode: - description: |- - Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot - Default mode: daemon + - name: v1 + schema: + openAPIV3Schema: + description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig + properties: + configDaemonNodeSelector: + additionalProperties: + type: string + description: NodeSelector selects the nodes to be configured + type: object + configurationMode: + description: |- + Flag to enable the sriov-network-config-daemon to use a systemd service to configure SR-IOV devices on boot + Default mode: daemon + enum: + - daemon + - systemd + type: string + disableDrain: + description: Flag to disable nodes drain during debugging + type: boolean + disablePlugins: + description: DisablePlugins is a list of sriov-network-config-daemon + plugins to disable + items: + description: PluginNameValue defines the plugin name enum: - - daemon - - systemd + - mellanox type: string - disableDrain: - description: Flag to disable nodes drain during debugging + type: array + enableInjector: + description: Flag to control whether the network resource injector + webhook shall be deployed + type: boolean + enableOperatorWebhook: + description: Flag to control whether the operator admission controller + webhook shall be deployed + type: boolean + enableOvsOffload: + description: Flag to enable OVS hardware offload. Set to 'true' to + provision switchdev-configuration.service and enable OpenvSwitch + hw-offload on nodes. + type: boolean + featureGates: + additionalProperties: type: boolean - disablePlugins: - description: DisablePlugins is a list of sriov-network-config-daemon - plugins to disable - items: - description: PluginNameValue defines the plugin name - enum: - - mellanox - type: string - type: array - enableInjector: - description: Flag to control whether the network resource injector - webhook shall be deployed - type: boolean - enableOperatorWebhook: - description: Flag to control whether the operator admission controller - webhook shall be deployed - type: boolean - enableOvsOffload: - description: Flag to enable OVS hardware offload. Set to 'true' to - provision switchdev-configuration.service and enable OpenvSwitch - hw-offload on nodes. - type: boolean - featureGates: - additionalProperties: - type: boolean - description: FeatureGates to enable experimental features - type: object - logLevel: - description: Flag to control the log verbose level of the operator. - Set to '0' to show only the basic logs. And set to '2' to show all - the available logs. - maximum: 2 - minimum: 0 - type: integer - useCDI: - description: Flag to enable Container Device Interface mode for SR-IOV - Network Device Plugin - type: boolean - type: object - status: - description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig - properties: - injector: - description: Show the runtime status of the network resource injector - webhook - type: string - operatorWebhook: - description: Show the runtime status of the operator admission controller - webhook - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} + description: FeatureGates to enable experimental features + type: object + logLevel: + description: Flag to control the log verbose level of the operator. + Set to '0' to show only the basic logs. And set to '2' to show all + the available logs. + maximum: 2 + minimum: 0 + type: integer + useCDI: + description: Flag to enable Container Device Interface mode for SR-IOV + Network Device Plugin + type: boolean + type: object + status: + description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig + properties: + injector: + description: Show the runtime status of the network resource injector + webhook + type: string + operatorWebhook: + description: Show the runtime status of the operator admission controller + webhook + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} -- 2.51.1 From e8710ba4f74f1e76077c71bc2a08c009ef70adc64988422e142279a302fa606d Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 3 Nov 2025 17:28:42 +0100 Subject: [PATCH 8/9] Upgrades sriov-network-operator CHART (upstream v1.5.0 -> v1.6.0) including sriov-nfd subCHART (upstream v0.15.7 -> v0.18.2) --- sriov-network-operator-chart/Chart.yaml | 35 +- sriov-network-operator-chart/README.md | 16 +- sriov-network-operator-chart/_service | 6 - sriov-network-operator-chart/app-README.md | 12 - .../charts/sriov-nfd/.helmignore | 2 +- .../charts/sriov-nfd/Chart.yaml | 15 +- .../charts/sriov-nfd/README.md | 4 +- .../charts/sriov-nfd/crds/nfd-api-crds.yaml | 1068 +++++++++++------ .../charts/sriov-nfd/templates/_helpers.tpl | 33 +- .../templates/cert-manager-certs.yaml | 68 -- .../templates/cert-manager-issuer.yaml | 42 - .../sriov-nfd/templates/clusterrole.yaml | 201 ++-- .../templates/clusterrolebinding.yaml | 22 +- .../sriov-nfd/templates/master-pdb.yaml | 17 + .../charts/sriov-nfd/templates/master.yaml | 132 +- .../sriov-nfd/templates/nfd-gc-pdb.yaml | 17 + .../charts/sriov-nfd/templates/nfd-gc.yaml | 99 +- .../sriov-nfd/templates/nfd-master-conf.yaml | 2 +- .../templates/nfd-topologyupdater-conf.yaml | 4 +- .../sriov-nfd/templates/nfd-worker-conf.yaml | 2 +- .../sriov-nfd/templates/post-delete-job.yaml | 101 ++ .../sriov-nfd/templates/prometheus.yaml | 12 +- .../charts/sriov-nfd/templates/role.yaml | 31 +- .../sriov-nfd/templates/rolebinding.yaml | 7 +- .../charts/sriov-nfd/templates/service.yaml | 20 - .../sriov-nfd/templates/serviceaccount.yaml | 4 +- .../templates/topologyupdater-crds.yaml | 484 ++++---- .../sriov-nfd/templates/topologyupdater.yaml | 200 +-- .../charts/sriov-nfd/templates/worker.yaml | 197 +-- .../charts/sriov-nfd/values.yaml | 798 ++++++------ .../templates/NOTES.txt | 14 +- .../templates/_helpers.tpl | 15 - .../templates/_webhook-certs.tpl | 30 - .../templates/certificate.yaml | 10 +- .../templates/certmanagercerts.yaml | 40 - .../templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 2 +- .../templates/configmap.yaml | 7 +- .../templates/operator.yaml | 9 +- .../templates/pre-delete-webooks.yaml | 8 +- .../templates/role.yaml | 11 +- .../templates/rolebinding.yaml | 2 +- .../templates/secrets.yaml | 19 - .../templates/serviceaccount.yaml | 2 +- .../templates/validate-install-crd.yaml | 14 +- sriov-network-operator-chart/values.yaml | 79 +- 46 files changed, 2219 insertions(+), 1696 deletions(-) delete mode 100644 sriov-network-operator-chart/app-README.md delete mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml delete mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml create mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml create mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml create mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml delete mode 100644 sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml delete mode 100644 sriov-network-operator-chart/templates/_webhook-certs.tpl delete mode 100644 sriov-network-operator-chart/templates/certmanagercerts.yaml delete mode 100644 sriov-network-operator-chart/templates/secrets.yaml diff --git a/sriov-network-operator-chart/Chart.yaml b/sriov-network-operator-chart/Chart.yaml index 6d7d470..ad9db58 100644 --- a/sriov-network-operator-chart/Chart.yaml +++ b/sriov-network-operator-chart/Chart.yaml @@ -1,28 +1,27 @@ -#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0 -#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.3_up1.5.0-%RELEASE% +#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0 +#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.4_up1.6.0-%RELEASE% +apiVersion: v2 +name: sriov-network-operator +version: "%%CHART_MAJOR%%.0.4+up1.6.0" +kubeVersion: '>= 1.24.0-0' +appVersion: v1.6.0 +description: SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster +type: application +keywords: + - sriov +home: https://github.com/k8snetworkplumbingwg/sriov-network-operator +sources: + - https://github.com/k8snetworkplumbingwg/sriov-network-operator +icon: https://charts.rancher.io/assets/logos/sr-iov.svg annotations: catalog.cattle.io/auto-install: sriov-crd=match catalog.cattle.io/experimental: "true" catalog.cattle.io/namespace: cattle-sriov-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux - catalog.cattle.io/upstream-version: 1.5.0 -apiVersion: v2 -appVersion: v1.5.0 + catalog.cattle.io/upstream-version: 1.6.0 dependencies: - condition: sriov-nfd.enabled name: sriov-nfd repository: file://./charts/sriov-nfd - version: 0.15.7 -description: SR-IOV network operator configures and manages SR-IOV networks in the - kubernetes cluster -home: https://github.com/k8snetworkplumbingwg/sriov-network-operator -icon: https://charts.rancher.io/assets/logos/sr-iov.svg -keywords: - - sriov -kubeVersion: '>= 1.24.0-0' -name: sriov-network-operator -sources: - - https://github.com/k8snetworkplumbingwg/sriov-network-operator -type: application -version: "%%CHART_MAJOR%%.0.3+up1.5.0" \ No newline at end of file + version: 0.18.2 diff --git a/sriov-network-operator-chart/README.md b/sriov-network-operator-chart/README.md index 216fed4..5204aee 100644 --- a/sriov-network-operator-chart/README.md +++ b/sriov-network-operator-chart/README.md @@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia #### Deploy from OCI repo ``` -$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart +$ helm install -n sriov-network-operator --create-namespace --version 1.5.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart ``` #### Deploy from project sources @@ -84,6 +84,12 @@ We have introduced the following Chart parameters. | `operator.resourcePrefix` | string | `openshift.io` | Device plugin resource prefix | | `operator.cniBinPath` | string | `/opt/cni/bin` | Path for CNI binary | | `operator.clustertype` | string | `kubernetes` | Cluster environment type | +| `operator.metricsExporter.port` | string | `9110` | Port where the Network Metrics Exporter listen | +| `operator.metricsExporter.certificates.secretName` | string | `metrics-exporter-cert` | Secret name to serve metrics via TLS. The secret must have the same fields as `operator.admissionControllers.certificates.secretNames` | +| `operator.metricsExporter.prometheusOperator.enabled` | bool | false | Wheter the operator shoud configure Prometheus resources or not (e.g. `ServiceMonitors`). | +| `operator.metricsExporter.prometheusOperator.serviceAccount` | string | `prometheus-k8s` | The service account used by the Prometheus Operator. This is used to give Prometheus the permission to list resource in the SR-IOV operator namespace | +| `operator.metricsExporter.prometheusOperator.namespace` | string | `monitoring` | The namespace where the Prometheus Operator is installed. Setting this variable makes the operator deploy `monitoring.coreos.com` resources. | +| `operator.metricsExporter.prometheusOperator.deployRules` | bool | false | Whether the operator should deploy `PrometheusRules` to scrape namespace version of metrics. | #### Admission Controllers parameters @@ -129,7 +135,7 @@ This section contains general parameters that apply to both the operator and dae | `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` | | `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable | -**Note** +**Note** When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node. Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode. @@ -142,9 +148,13 @@ Upon chart deletion, those files are not cleaned up. For cases where this is not | `images.sriovConfigDaemon` | Daemon node agent image | | `images.sriovCni` | SR-IOV CNI image | | `images.ibSriovCni` | InfiniBand SR-IOV CNI image | +| `images.ovsCni` | OVS CNI image | +| `images.rdmaCni` | RDMA CNI image | | `images.sriovDevicePlugin` | SR-IOV device plugin image | | `images.resourcesInjector` | Resources Injector image | | `images.webhook` | Operator Webhook image | +| `images.metricsExporter` | Network Metrics Exporter image | +| `images.metricsExporterKubeRbacProxy` | Kube RBAC Proxy image used for metrics exporter | ### Extra objects parameters @@ -154,4 +164,4 @@ Please note that any resources deployed using the `extraDeploy` in this Helm cha | Name | description | | ---- | ------------| -|`extraDeploy`| Array of extra objects to deploy with the release | \ No newline at end of file +|`extraDeploy`| Array of extra objects to deploy with the release | diff --git a/sriov-network-operator-chart/_service b/sriov-network-operator-chart/_service index c8baad3..151ca59 100644 --- a/sriov-network-operator-chart/_service +++ b/sriov-network-operator-chart/_service @@ -9,12 +9,6 @@ values.yaml - IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) - IMG_PREFIX - IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo) - IMG_REPO - - charts/sriov-nfd/values.yaml IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix}) IMG_PREFIX diff --git a/sriov-network-operator-chart/app-README.md b/sriov-network-operator-chart/app-README.md deleted file mode 100644 index 1b8f604..0000000 --- a/sriov-network-operator-chart/app-README.md +++ /dev/null @@ -1,12 +0,0 @@ -# Rancher SR-IOV Network Operator - -This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator](https://github.com/k8snetworkplumbingwg/sriov-network-operator) project. The chart deploys the SR-IOV Operator and its CRDs, which are designed to help the user provision and configure the SR-IOV CNI in a cluster that uses [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni), to provide high performing extra network interfaces to pods. This chart is expected to be deployed on an RKE2 cluster and only meant for advanced use cases where multiple CNI plugins and high performing network interfaces on pods are required. Users who do not need these features are not advised to install this chart. - -The chart installs the following components: - -- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin -- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node - -Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`. - -The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs. diff --git a/sriov-network-operator-chart/charts/sriov-nfd/.helmignore b/sriov-network-operator-chart/charts/sriov-nfd/.helmignore index 39e25e2..1b9a9cc 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/.helmignore +++ b/sriov-network-operator-chart/charts/sriov-nfd/.helmignore @@ -20,4 +20,4 @@ .project .idea/ *.tmproj -.vscode/ \ No newline at end of file +.vscode/ diff --git a/sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml b/sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml index dd67b23..b2c1699 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml @@ -1,14 +1,15 @@ apiVersion: v2 -appVersion: v0.15.7 -description: Detects hardware features available on each node in a Kubernetes cluster, - and advertises those features using node labels +appVersion: v0.18.2 +description: | + Detects hardware features available on each node in a Kubernetes cluster, and advertises + those features using node labels. +name: sriov-nfd +sources: +- https://github.com/kubernetes-sigs/node-feature-discovery home: https://github.com/kubernetes-sigs/node-feature-discovery keywords: - feature-discovery - feature-detection - node-labels -name: sriov-nfd -sources: - - https://github.com/kubernetes-sigs/node-feature-discovery type: application -version: 0.15.7 \ No newline at end of file +version: 0.18.2 diff --git a/sriov-network-operator-chart/charts/sriov-nfd/README.md b/sriov-network-operator-chart/charts/sriov-nfd/README.md index d8d8b51..563b661 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/README.md +++ b/sriov-network-operator-chart/charts/sriov-nfd/README.md @@ -6,5 +6,5 @@ labels. NFD provides flexible configuration and extension points for a wide range of vendor and application specific node labeling needs. See -[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.15/deployment/helm.html) -for deployment instructions. \ No newline at end of file +[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.18/deployment/helm.html) +for deployment instructions. diff --git a/sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml b/sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml index 5c893eb..43c0919 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/crds/nfd-api-crds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.3 name: nodefeatures.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io @@ -14,106 +14,434 @@ spec: singular: nodefeature scope: Namespaced versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: NodeFeature resource holds the features discovered for one node - in the cluster. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NodeFeatureSpec describes a NodeFeature object. - properties: - features: - description: Features is the full "raw" features data that has been - discovered. - properties: - attributes: - additionalProperties: - description: AttributeFeatureSet is a set of features having - string value. - properties: - elements: - additionalProperties: - type: string + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + NodeFeature resource holds the features discovered for one node in the + cluster. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Specification of the NodeFeature, containing features discovered + for a node. + properties: + features: + description: Features is the full "raw" features data that has been + discovered. + properties: + attributes: + additionalProperties: + description: AttributeFeatureSet is a set of features having + string value. + properties: + elements: + additionalProperties: + type: string + description: Individual features of the feature set. + type: object + required: + - elements + type: object + description: Attributes contains all the attribute-type features + of the node. + type: object + flags: + additionalProperties: + description: FlagFeatureSet is a set of simple features only + containing names without values. + properties: + elements: + additionalProperties: + description: |- + Nil is a dummy empty struct for protobuf compatibility. + NOTE: protobuf definitions have been removed but this is kept for API compatibility. type: object - required: - - elements - type: object - description: Attributes contains all the attribute-type features - of the node. + description: Individual features of the feature set. + type: object + required: + - elements type: object - flags: - additionalProperties: - description: FlagFeatureSet is a set of simple features only - containing names without values. - properties: - elements: - additionalProperties: - description: Nil is a dummy empty struct for protobuf - compatibility - type: object + description: Flags contains all the flag-type features of the + node. + type: object + instances: + additionalProperties: + description: InstanceFeatureSet is a set of features each of + which is an instance having multiple attributes. + properties: + elements: + description: Individual features of the feature set. + items: + description: InstanceFeature represents one instance of + a complex features, e.g. a device. + properties: + attributes: + additionalProperties: + type: string + description: Attributes of the instance feature. + type: object + required: + - attributes type: object - required: - - elements - type: object - description: Flags contains all the flag-type features of the - node. + type: array + required: + - elements type: object - instances: - additionalProperties: - description: InstanceFeatureSet is a set of features each of - which is an instance having multiple attributes. - properties: - elements: - items: - description: InstanceFeature represents one instance of - a complex features, e.g. a device. - properties: - attributes: - additionalProperties: - type: string - type: object - required: - - attributes - type: object - type: array - required: - - elements - type: object - description: Instances contains all the instance-type features - of the node. - type: object - type: object - labels: - additionalProperties: - type: string - description: Labels is the set of node labels that are requested to - be created. - type: object - type: object - required: - - spec - type: object - served: true - storage: true + description: Instances contains all the instance-type features + of the node. + type: object + type: object + labels: + additionalProperties: + type: string + description: Labels is the set of node labels that are requested to + be created. + type: object + type: object + required: + - spec + type: object + served: true + storage: true --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.12.1 + controller-gen.kubebuilder.io/version: v0.16.3 + name: nodefeaturegroups.nfd.k8s-sigs.io +spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeatureGroup + listKind: NodeFeatureGroupList + plural: nodefeaturegroups + shortNames: + - nfg + singular: nodefeaturegroup + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeFeatureGroup resource holds Node pools by featureGroup + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the rules to be evaluated. + properties: + featureGroupRules: + description: List of rules to evaluate to determine nodes that belong + in this group. + items: + description: GroupRule defines a rule for nodegroup filtering. + properties: + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature + set to match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature set to + match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature + type: object + type: array + name: + description: Name of the rule. + type: string + vars: + additionalProperties: + type: string + description: |- + Vars is the variables to store if the rule matches. Variables can be + referenced from other rules enabling more complex rule hierarchies. + type: object + varsTemplate: + description: |- + VarsTemplate specifies a template to expand for dynamically generating + multiple variables. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. + type: string + required: + - name + type: object + type: array + required: + - featureGroupRules + type: object + status: + description: |- + Status of the NodeFeatureGroup after the most recent evaluation of the + specification. + properties: + nodes: + description: Nodes is a list of FeatureGroupNode in the cluster that + match the featureGroupRules + items: + properties: + name: + description: Name of the node. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 name: nodefeaturerules.nfd.k8s-sigs.io spec: group: nfd.k8s-sigs.io @@ -122,305 +450,339 @@ spec: listKind: NodeFeatureRuleList plural: nodefeaturerules shortNames: - - nfr + - nfr singular: nodefeaturerule scope: Cluster versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: NodeFeatureRule resource specifies a configuration for feature-based - customization of node objects, such as node labeling. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NodeFeatureRuleSpec describes a NodeFeatureRule. - properties: - rules: - description: Rules is a list of node customization rules. - items: - description: Rule defines a rule for node customization such as - labeling. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to create if the rule matches. - type: object - extendedResources: - additionalProperties: - type: string - description: ExtendedResources to create if the rule matches. - type: object - labels: - additionalProperties: - type: string - description: Labels to create if the rule matches. - type: object - labelsTemplate: - description: LabelsTemplate specifies a template to expand for - dynamically generating multiple labels. Data (after template - expansion) must be keys with an optional value ([=]) - separated by newlines. + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + NodeFeatureRule resource specifies a configuration for feature-based + customization of node objects, such as node labeling. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec defines the rules to be evaluated. + properties: + rules: + description: Rules is a list of node customization rules. + items: + description: Rule defines a rule for node customization such as + labeling. + properties: + annotations: + additionalProperties: type: string - matchAny: - description: MatchAny specifies a list of matchers one of which - must match. - items: - description: MatchAnyElem specifies one sub-matcher of MatchAny. - properties: - matchFeatures: - description: MatchFeatures specifies a set of matcher - terms all of which must match. - items: - description: FeatureMatcherTerm defines requirements - against one feature set. All requirements (specified - as MatchExpressions) are evaluated against each element - in the feature set. - properties: - feature: - description: Feature is the name of the feature - set to match against. - type: string - matchExpressions: - additionalProperties: - description: MatchExpression specifies an expression - to evaluate against a set of input values. It - contains an operator that is applied when matching - the input and an array of values that the operator - evaluates the input against. - properties: - op: - description: Op is the operator to be applied. - enum: - - In - - NotIn - - InRegexp - - Exists - - DoesNotExist - - Gt - - Lt - - GtLt - - IsTrue - - IsFalse - type: string - value: - description: Value is the list of values that - the operand evaluates the input against. - Value should be empty if the operator is - Exists, DoesNotExist, IsTrue or IsFalse. - Value should contain exactly one element - if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In - other cases Value should contain at least - one element. - items: - type: string - type: array - required: - - op - type: object - description: MatchExpressions is the set of per-element - expressions evaluated. These match against the - value of the specified elements. - type: object - matchName: - description: MatchName in an expression that is - matched against the name of each element in the - feature set. + description: Annotations to create if the rule matches. + type: object + extendedResources: + additionalProperties: + type: string + description: ExtendedResources to create if the rule matches. + type: object + labels: + additionalProperties: + type: string + description: Labels to create if the rule matches. + type: object + labelsTemplate: + description: |- + LabelsTemplate specifies a template to expand for dynamically generating + multiple labels. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. + type: string + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature + set to match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - - In - - NotIn - - InRegexp - - Exists - - DoesNotExist - - Gt - - Lt - - GtLt - - IsTrue - - IsFalse + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: - description: Value is the list of values that - the operand evaluates the input against. Value - should be empty if the operator is Exists, - DoesNotExist, IsTrue or IsFalse. Value should - contain exactly one element if the operator - is Gt or Lt and exactly two elements if the - operator is GtLt. In other cases Value should - contain at least one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array required: - - op + - op type: object - required: - - feature - type: object - type: array - required: - - matchFeatures - type: object - type: array - matchFeatures: - description: MatchFeatures specifies a set of matcher terms - all of which must match. - items: - description: FeatureMatcherTerm defines requirements against - one feature set. All requirements (specified as MatchExpressions) - are evaluated against each element in the feature set. - properties: - feature: - description: Feature is the name of the feature set to - match against. - type: string - matchExpressions: - additionalProperties: - description: MatchExpression specifies an expression - to evaluate against a set of input values. It contains - an operator that is applied when matching the input - and an array of values that the operator evaluates - the input against. - properties: - op: - description: Op is the operator to be applied. - enum: + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: - In - NotIn - InRegexp - Exists - DoesNotExist - Gt + - Ge - Lt + - Le - GtLt + - GeLe - IsTrue - IsFalse - type: string - value: - description: Value is the list of values that the - operand evaluates the input against. Value should - be empty if the operator is Exists, DoesNotExist, - IsTrue or IsFalse. Value should contain exactly - one element if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In other - cases Value should contain at least one element. - items: type: string - type: array - required: + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: - op - type: object - description: MatchExpressions is the set of per-element - expressions evaluated. These match against the value - of the specified elements. + type: object + required: + - feature type: object - matchName: - description: MatchName in an expression that is matched - against the name of each element in the feature set. + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: |- + FeatureMatcherTerm defines requirements against one feature set. All + requirements (specified as MatchExpressions) are evaluated against each + element in the feature set. + properties: + feature: + description: Feature is the name of the feature set to + match against. + type: string + matchExpressions: + additionalProperties: + description: |- + MatchExpression specifies an expression to evaluate against a set of input + values. It contains an operator that is applied when matching the input and + an array of values that the operator evaluates the input against. properties: op: description: Op is the operator to be applied. enum: - - In - - NotIn - - InRegexp - - Exists - - DoesNotExist - - Gt - - Lt - - GtLt - - IsTrue - - IsFalse + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. type: string value: - description: Value is the list of values that the - operand evaluates the input against. Value should - be empty if the operator is Exists, DoesNotExist, - IsTrue or IsFalse. Value should contain exactly - one element if the operator is Gt or Lt and exactly - two elements if the operator is GtLt. In other cases - Value should contain at least one element. + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. items: type: string type: array required: - - op + - op type: object - required: - - feature - type: object - type: array - name: - description: Name of the rule. - type: string - taints: - description: Taints to create if the rule matches. - items: - description: The node this Taint is attached to has the "effect" - on any pod that does not tolerate the Taint. - properties: - effect: - description: Required. The effect of the taint on pods - that do not tolerate the taint. Valid effects are NoSchedule, - PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: TimeAdded represents the time at which the - taint was added. It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - vars: - additionalProperties: - type: string - description: Vars is the variables to store if the rule matches. - Variables do not directly inflict any changes in the node - object. However, they can be referenced from other rules enabling - more complex rule hierarchies, without exposing intermediary - output values as labels. + description: |- + MatchExpressions is the set of per-element expressions evaluated. These + match against the value of the specified elements. + type: object + matchName: + description: |- + MatchName in an expression that is matched against the name of each + element in the feature set. + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Ge + - Lt + - Le + - GtLt + - GeLe + - IsTrue + - IsFalse + type: string + type: + description: |- + Type defines the value type for specific operators. + The currently supported type is 'version' for Gt,Ge,Lt,Le,GtLt,GeLe operators. + type: string + value: + description: |- + Value is the list of values that the operand evaluates the input + against. Value should be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly one element if the + operator is Gt or Lt and exactly two elements if the operator is GtLt. + In other cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + required: + - feature type: object - varsTemplate: - description: VarsTemplate specifies a template to expand for - dynamically generating multiple variables. Data (after template - expansion) must be keys with an optional value ([=]) - separated by newlines. + type: array + name: + description: Name of the rule. + type: string + taints: + description: Taints to create if the rule matches. + items: + description: |- + The node this Taint is attached to has the "effect" on + any pod that does not tolerate the Taint. + properties: + effect: + description: |- + Required. The effect of the taint on pods + that do not tolerate the taint. + Valid effects are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Required. The taint key to be applied to + a node. + type: string + timeAdded: + description: |- + TimeAdded represents the time at which the taint was added. + It is only written for NoExecute taints. + format: date-time + type: string + value: + description: The taint value corresponding to the taint + key. + type: string + required: + - effect + - key + type: object + type: array + vars: + additionalProperties: type: string - required: - - name - type: object - type: array - required: - - rules - type: object - required: - - spec - type: object - served: true - storage: true \ No newline at end of file + description: |- + Vars is the variables to store if the rule matches. Variables do not + directly inflict any changes in the node object. However, they can be + referenced from other rules enabling more complex rule hierarchies, + without exposing intermediary output values as labels. + type: object + varsTemplate: + description: |- + VarsTemplate specifies a template to expand for dynamically generating + multiple variables. Data (after template expansion) must be keys with an + optional value ([=]) separated by newlines. + type: string + required: + - name + type: object + type: array + required: + - rules + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl b/sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl index c9a58c9..2e6926c 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/_helpers.tpl @@ -104,4 +104,35 @@ Create the name of the service account which nfd-gc will use {{- else -}} {{ default "default" .Values.gc.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} + +{{/* +imagePullSecrets helper - uses local values or falls back to global values +*/}} +{{- define "node-feature-discovery.imagePullSecrets" -}} +{{- $imagePullSecrets := list -}} +{{- if .Values.imagePullSecrets -}} + {{- range .Values.imagePullSecrets -}} + {{- $imagePullSecrets = append $imagePullSecrets . -}} + {{- end -}} +{{- else if and .Values.global .Values.global.imagePullSecrets -}} + {{- range .Values.global.imagePullSecrets -}} + {{- $imagePullSecrets = append $imagePullSecrets . -}} + {{- end -}} +{{- end -}} +{{- if $imagePullSecrets -}} +{{- $imagePullSecrets | toJson }} +{{- end -}} +{{- end -}} + +{{/* +system_default_registry helper - prints global value "cattle.systemDefaultRegistry" (adding a "/" at the end) +or empty string (if this global Helm param. not defined) +*/}} +{{- define "node-feature-discovery.system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} + {{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} + {{- "" -}} +{{- end -}} +{{- end -}} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml deleted file mode 100644 index df10f88..0000000 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-certs.yaml +++ /dev/null @@ -1,68 +0,0 @@ -{{- if .Values.tls.certManager }} -{{- if .Values.master.enable }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-master-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-master-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-master - dnsNames: - # must match the service name - - {{ include "node-feature-discovery.fullname" . }}-master - # first one is configured for use by the worker; below are for completeness - - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc - - {{ include "node-feature-discovery.fullname" . }}-master.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: nfd-ca-issuer - kind: Issuer - group: cert-manager.io -{{- end }} ---- -{{- if .Values.worker.enable }} -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-worker-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-worker-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-worker - dnsNames: - - {{ include "node-feature-discovery.fullname" . }}-worker.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: nfd-ca-issuer - kind: Issuer - group: cert-manager.io -{{- end }} - -{{- if .Values.topologyUpdater.enable }} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-topology-updater-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - secretName: nfd-topology-updater-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-topology-updater - dnsNames: - - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ include "node-feature-discovery.namespace" . }}.svc.cluster.local - issuerRef: - name: nfd-ca-issuer - kind: Issuer - group: cert-manager.io -{{- end }} - -{{- end }} \ No newline at end of file diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml deleted file mode 100644 index d60c700..0000000 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml +++ /dev/null @@ -1,42 +0,0 @@ -{{- if .Values.tls.certManager }} - # See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers - # - Create a self signed issuer - # - Use this to create a CA cert - # - Use this to now create a CA issuer ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: nfd-ca-bootstrap - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - selfSigned: {} - ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: nfd-ca-cert - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - isCA: true - secretName: nfd-ca-cert - subject: - organizations: - - node-feature-discovery - commonName: nfd-ca-cert - issuerRef: - name: nfd-ca-bootstrap - kind: Issuer - group: cert-manager.io - ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: nfd-ca-issuer - namespace: {{ include "node-feature-discovery.namespace" . }} -spec: - ca: - secretName: nfd-ca-cert -{{- end }} \ No newline at end of file diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml index f10e2df..0b938b7 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml @@ -6,40 +6,55 @@ metadata: labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - - apiGroups: - - "" - resources: - - nodes - - nodes/status - verbs: - - get - - patch - - update - - list - - apiGroups: - - nfd.k8s-sigs.io - resources: - - nodefeatures - - nodefeaturerules - verbs: - - get - - list - - watch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create - - apiGroups: - - coordination.k8s.io - resources: - - leases - resourceNames: - - "nfd-master.nfd.kubernetes.io" - verbs: - - get - - update +- apiGroups: + - "" + resources: + - namespaces + verbs: + - watch + - list +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - get + - patch + - update + - list +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + - nodefeaturerules + - nodefeaturegroups + verbs: + - get + - list + - watch +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeaturegroups/status + verbs: + - patch + - update +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create +- apiGroups: + - coordination.k8s.io + resources: + - leases + resourceNames: + - "nfd-master.nfd.kubernetes.io" + verbs: + - get + - update {{- end }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} @@ -51,36 +66,42 @@ metadata: labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - apiGroups: - - "" - resources: - - nodes/proxy - verbs: - - get - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - apiGroups: - - topology.node.k8s.io - resources: - - noderesourcetopologies - verbs: - - create - - get - - update +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - create + - get + - update {{- end }} -{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} +{{- if and .Values.gc.enable .Values.gc.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -89,31 +110,31 @@ metadata: labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - nodes/proxy - verbs: - - get - - apiGroups: - - topology.node.k8s.io - resources: - - noderesourcetopologies - verbs: - - delete - - list - - apiGroups: - - nfd.k8s-sigs.io - resources: - - nodefeatures - verbs: - - delete - - list -{{- end }} \ No newline at end of file +- apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - delete + - list +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + verbs: + - delete + - list +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml index 09bd374..a18191c 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml @@ -10,9 +10,9 @@ roleRef: kind: ClusterRole name: {{ include "node-feature-discovery.fullname" . }} subjects: - - kind: ServiceAccount - name: {{ include "node-feature-discovery.master.serviceAccountName" . }} - namespace: {{ include "node-feature-discovery.namespace" . }} +- kind: ServiceAccount + name: {{ include "node-feature-discovery.master.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} {{- end }} {{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.rbac.create }} @@ -28,12 +28,12 @@ roleRef: kind: ClusterRole name: {{ include "node-feature-discovery.fullname" . }}-topology-updater subjects: - - kind: ServiceAccount - name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} - namespace: {{ include "node-feature-discovery.namespace" . }} +- kind: ServiceAccount + name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} {{- end }} -{{- if and .Values.gc.enable .Values.gc.rbac.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} +{{- if and .Values.gc.enable .Values.gc.rbac.create }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -46,7 +46,7 @@ roleRef: kind: ClusterRole name: {{ include "node-feature-discovery.fullname" . }}-gc subjects: - - kind: ServiceAccount - name: {{ include "node-feature-discovery.gc.serviceAccountName" . }} - namespace: {{ include "node-feature-discovery.namespace" . }} -{{- end }} \ No newline at end of file +- kind: ServiceAccount + name: {{ include "node-feature-discovery.gc.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml new file mode 100644 index 0000000..5816f63 --- /dev/null +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/master-pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.master.enable }} +{{- if .Values.master.podDisruptionBudget.enable -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: master +{{- toYaml (omit .Values.master.podDisruptionBudget "enable") | nindent 2 }} +{{- end }} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml index 64031fa..5df35f9 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/master.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.master.replicaCount }} + revisionHistoryLimit: {{ .Values.master.revisionHistoryLimit }} selector: matchLabels: {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} @@ -22,46 +23,90 @@ spec: labels: {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} role: master - {{- with .Values.master.annotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-master-conf.yaml") . | sha256sum }} + {{- with .Values.master.annotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + dnsPolicy: {{ .Values.master.dnsPolicy }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} {{- end }} + imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }} serviceAccountName: {{ include "node-feature-discovery.master.serviceAccountName" . }} enableServiceLinks: false securityContext: {{- toYaml .Values.master.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.master.hostNetwork }} containers: - name: master securityContext: {{- toYaml .Values.master.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + startupProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.master.startupProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.startupProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} livenessProbe: - grpc: - port: 8080 - initialDelaySeconds: 10 - periodSeconds: 10 + httpGet: + path: /healthz + port: http + {{- with .Values.master.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} readinessProbe: - grpc: - port: 8080 - initialDelaySeconds: 5 - periodSeconds: 10 - failureThreshold: 10 + httpGet: + path: /healthz + port: http + {{- with .Values.master.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.master.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} ports: - - containerPort: {{ .Values.master.port | default "8080" }} - name: grpc - - containerPort: {{ .Values.master.metricsPort | default "8081" }} - name: metrics + - containerPort: {{ .Values.master.port | default "8080" }} + name: http env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- with .Values.master.extraEnvs }} + {{- toYaml . | nindent 10 }} + {{- end}} command: - "nfd-master" resources: @@ -70,60 +115,35 @@ spec: {{- if .Values.master.instance | empty | not }} - "-instance={{ .Values.master.instance }}" {{- end }} - {{- if not .Values.enableNodeFeatureApi }} - - "-port={{ .Values.master.port | default "8080" }}" - - "-enable-nodefeature-api=false" - {{- else if gt (int .Values.master.replicaCount) 1 }} - "-enable-leader-election" - {{- end }} {{- if .Values.master.extraLabelNs | empty | not }} - "-extra-label-ns={{- join "," .Values.master.extraLabelNs }}" {{- end }} {{- if .Values.master.denyLabelNs | empty | not }} - "-deny-label-ns={{- join "," .Values.master.denyLabelNs }}" {{- end }} - {{- if .Values.master.resourceLabels | empty | not }} - - "-resource-labels={{- join "," .Values.master.resourceLabels }}" - {{- end }} {{- if .Values.master.enableTaints }} - "-enable-taints" {{- end }} - {{- if .Values.master.crdController | kindIs "invalid" | not }} - - "-crd-controller={{ .Values.master.crdController }}" - {{- else }} - ## By default, disable crd controller for other than the default instances - - "-crd-controller={{ .Values.master.instance | empty }}" - {{- end }} - {{- if .Values.master.featureRulesController | kindIs "invalid" | not }} - - "-featurerules-controller={{ .Values.master.featureRulesController }}" - {{- end }} {{- if .Values.master.resyncPeriod }} - "-resync-period={{ .Values.master.resyncPeriod }}" {{- end }} {{- if .Values.master.nfdApiParallelism | empty | not }} - "-nfd-api-parallelism={{ .Values.master.nfdApiParallelism }}" {{- end }} - {{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" + # Go over featureGates and add the feature-gate flag + {{- range $key, $value := .Values.featureGates }} + - "-feature-gates={{ $key }}={{ $value }}" + {{- end }} + - "-port={{ .Values.master.port | default "8080" }}" + {{- with .Values.master.extraArgs }} + {{- toYaml . | nindent 12 }} {{- end }} - - "-metrics={{ .Values.master.metricsPort | default "8081" }}" volumeMounts: - {{- if .Values.tls.enable }} - - name: nfd-master-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true - {{- end }} - name: nfd-master-conf mountPath: "/etc/kubernetes/node-feature-discovery" readOnly: true volumes: - {{- if .Values.tls.enable }} - - name: nfd-master-cert - secret: - secretName: nfd-master-cert - {{- end }} - name: nfd-master-conf configMap: name: {{ include "node-feature-discovery.fullname" . }}-master-conf @@ -142,4 +162,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml new file mode 100644 index 0000000..9e10613 --- /dev/null +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc-pdb.yaml @@ -0,0 +1,17 @@ +{{- if .Values.gc.enable }} +{{- if .Values.gc.podDisruptionBudget.enable -}} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-gc + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: gc +{{- toYaml (omit .Values.gc.podDisruptionBudget "enable") | nindent 2 }} +{{- end }} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml index 1c792ec..16d0020 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-gc.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.gc.enable (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) -}} +{{- if and .Values.gc.enable -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.gc.replicaCount | default 1 }} + revisionHistoryLimit: {{ .Values.gc.revisionHistoryLimit }} selector: matchLabels: {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} @@ -28,39 +29,81 @@ spec: {{- end }} spec: serviceAccountName: {{ include "node-feature-discovery.gc.serviceAccountName" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + dnsPolicy: {{ .Values.gc.dnsPolicy }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} {{- end }} + imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }} securityContext: {{- toYaml .Values.gc.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.gc.hostNetwork }} containers: - - name: gc - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - command: - - "nfd-gc" - args: + - name: gc + image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + livenessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.gc.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.gc.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.gc.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.gc.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.gc.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.gc.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.gc.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.gc.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.gc.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- with .Values.gc.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + command: + - "nfd-gc" + args: {{- if .Values.gc.interval | empty | not }} - - "-gc-interval={{ .Values.gc.interval }}" + - "-gc-interval={{ .Values.gc.interval }}" {{- end }} - resources: + {{- with .Values.gc.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + resources: {{- toYaml .Values.gc.resources | nindent 12 }} - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: [ "ALL" ] - readOnlyRootFilesystem: true - runAsNonRoot: true - ports: - - name: metrics - containerPort: {{ .Values.gc.metricsPort | default "8081"}} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + ports: + - name: http + containerPort: {{ .Values.gc.port | default "8080"}} {{- with .Values.gc.nodeSelector }} nodeSelector: @@ -74,4 +117,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml index e580fd1..be92601 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-master-conf.yaml @@ -9,4 +9,4 @@ metadata: data: nfd-master.conf: |- {{- .Values.master.config | toYaml | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml index 2775698..57ada83 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-topologyupdater-conf.yaml @@ -1,3 +1,4 @@ +{{- if .Values.topologyUpdater.enable -}} apiVersion: v1 kind: ConfigMap metadata: @@ -7,4 +8,5 @@ metadata: {{- include "node-feature-discovery.labels" . | nindent 4 }} data: nfd-topology-updater.conf: |- - {{- .Values.topologyUpdater.config | toYaml | nindent 4 }} \ No newline at end of file + {{- .Values.topologyUpdater.config | toYaml | nindent 4 }} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml index e56ef70..3e1148d 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/nfd-worker-conf.yaml @@ -9,4 +9,4 @@ metadata: data: nfd-worker.conf: |- {{- .Values.worker.config | toYaml | nindent 4 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml new file mode 100644 index 0000000..c40e6bc --- /dev/null +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/post-delete-job.yaml @@ -0,0 +1,101 @@ +{{- if .Values.postDeleteCleanup }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/status + verbs: + - get + - patch + - update + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-prune +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-prune + namespace: {{ include "node-feature-discovery.namespace" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + metadata: + labels: + {{- include "node-feature-discovery.labels" . | nindent 8 }} + role: prune + spec: + serviceAccountName: {{ include "node-feature-discovery.fullname" . }}-prune + imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }} + containers: + - name: nfd-master + securityContext: + {{- toYaml .Values.master.securityContext | nindent 12 }} + image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - "nfd-master" + args: + - "-prune" + {{- if .Values.master.instance | empty | not }} + - "-instance={{ .Values.master.instance }}" + {{- end }} + restartPolicy: Never + {{- with .Values.master.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml index fcdb630..fa5c0a4 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/prometheus.yaml @@ -12,15 +12,15 @@ metadata: spec: podMetricsEndpoints: - honorLabels: true - interval: 10s + interval: {{ .Values.prometheus.scrapeInterval }} path: /metrics - port: metrics + port: http scheme: http namespaceSelector: matchNames: - - {{ include "node-feature-discovery.namespace" . }} + - {{ include "node-feature-discovery.namespace" . }} selector: matchExpressions: - - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]} - - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]} -{{- end }} \ No newline at end of file + - {key: app.kubernetes.io/instance, operator: In, values: ["{{ .Release.Name }}"]} + - {key: app.kubernetes.io/name, operator: In, values: ["{{ include "node-feature-discovery.name" . }}"]} +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml index 3f4cf32..ac6e954 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml @@ -7,18 +7,19 @@ metadata: labels: {{- include "node-feature-discovery.labels" . | nindent 4 }} rules: - - apiGroups: - - nfd.k8s-sigs.io - resources: - - nodefeatures - verbs: - - create - - get - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get -{{- end }} \ No newline at end of file +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeatures + verbs: + - create + - get + - update + - delete +- apiGroups: + - "" + resources: + - pods + verbs: + - get +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml index 8fef91c..46ac7f7 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml @@ -11,7 +11,8 @@ roleRef: kind: Role name: {{ include "node-feature-discovery.fullname" . }}-worker subjects: - - kind: ServiceAccount - name: {{ include "node-feature-discovery.worker.serviceAccountName" . }} - namespace: {{ include "node-feature-discovery.namespace" . }} +- kind: ServiceAccount + name: {{ include "node-feature-discovery.worker.serviceAccountName" . }} + namespace: {{ include "node-feature-discovery.namespace" . }} {{- end }} + diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml deleted file mode 100644 index 8ece9d1..0000000 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and (not .Values.enableNodeFeatureApi) .Values.master.enable }} -apiVersion: v1 -kind: Service -metadata: - name: {{ include "node-feature-discovery.fullname" . }}-master - namespace: {{ include "node-feature-discovery.namespace" . }} - labels: - {{- include "node-feature-discovery.labels" . | nindent 4 }} - role: master -spec: - type: {{ .Values.master.service.type }} - ports: - - port: {{ .Values.master.service.port | default "8080" }} - targetPort: grpc - protocol: TCP - name: grpc - selector: - {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} - role: master -{{- end}} \ No newline at end of file diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml index 970ec3c..f7703be 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/serviceaccount.yaml @@ -27,7 +27,7 @@ metadata: {{- end }} {{- end }} -{{- if and .Values.gc.enable .Values.gc.serviceAccount.create (or .Values.enableNodeFeatureApi .Values.topologyUpdater.enable) }} +{{- if and .Values.gc.enable .Values.gc.serviceAccount.create }} --- apiVersion: v1 kind: ServiceAccount @@ -55,4 +55,4 @@ metadata: annotations: {{- toYaml . | nindent 4 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml index 13efaaf..94b7b35 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater-crds.yaml @@ -14,265 +14,265 @@ spec: listKind: NodeResourceTopologyList plural: noderesourcetopologies shortNames: - - node-res-topo + - node-res-topo singular: noderesourcetopology scope: Cluster versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: NodeResourceTopology describes node resources and their topology. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + items: type: string - metadata: + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type type: object - topologyPolicies: - items: - type: string - type: array - zones: - description: ZoneList contains an array of Zone objects. - items: - description: Zone represents a resource topology zone, e.g. socket, - node, die or core. - properties: - attributes: - description: AttributeList contains an array of AttributeInfo objects. - items: - description: AttributeInfo contains one attribute of a Zone. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - costs: - description: CostList contains an array of CostInfo objects. - items: - description: CostInfo describes the cost (or distance) between - two Zones. - properties: - name: - type: string - value: - format: int64 - type: integer - required: - - name - - value - type: object - type: array - name: - type: string - parent: - type: string - resources: - description: ResourceInfoList contains an array of ResourceInfo - objects. - items: - description: ResourceInfo contains information about one resource - type. - properties: - allocatable: - anyOf: - - type: integer - - type: string - description: Allocatable quantity of the resource, corresponding - to allocatable in node status, i.e. total amount of this - resource available to be used by pods. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - available: - anyOf: - - type: integer - - type: string - description: Available is the amount of this resource currently - available for new (to be scheduled) pods, i.e. Allocatable - minus the resources reserved by currently running pods. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the resource, corresponding to capacity - in node status, i.e. total amount of this resource that - the node has. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - name: - description: Name of the resource. - type: string - required: - - allocatable - - available - - capacity - - name - type: object - type: array - type: - type: string - required: - - name - - type - type: object - type: array - required: - - topologyPolicies - - zones - type: object - served: true - storage: false - - name: v1alpha2 - schema: - openAPIV3Schema: - description: NodeResourceTopology describes node resources and their topology. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + type: array + required: + - topologyPolicies + - zones + type: object + served: true + storage: false + - name: v1alpha2 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - attributes: - description: AttributeList contains an array of AttributeInfo objects. - items: - description: AttributeInfo contains one attribute of a Zone. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - kind: - description: 'Kind is a string value representing the REST resource this + type: string + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - topologyPolicies: - description: 'DEPRECATED (to be removed in v1beta1): use top level attributes + type: string + metadata: + type: object + topologyPolicies: + description: 'DEPRECATED (to be removed in v1beta1): use top level attributes if needed' - items: - type: string - type: array - zones: - description: ZoneList contains an array of Zone objects. - items: - description: Zone represents a resource topology zone, e.g. socket, - node, die or core. - properties: - attributes: - description: AttributeList contains an array of AttributeInfo objects. - items: - description: AttributeInfo contains one attribute of a Zone. - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - costs: - description: CostList contains an array of CostInfo objects. - items: - description: CostInfo describes the cost (or distance) between - two Zones. - properties: - name: - type: string - value: - format: int64 - type: integer - required: - - name - - value - type: object - type: array - name: - type: string - parent: - type: string - resources: - description: ResourceInfoList contains an array of ResourceInfo - objects. - items: - description: ResourceInfo contains information about one resource - type. - properties: - allocatable: - anyOf: - - type: integer - - type: string - description: Allocatable quantity of the resource, corresponding - to allocatable in node status, i.e. total amount of this - resource available to be used by pods. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - available: - anyOf: - - type: integer - - type: string - description: Available is the amount of this resource currently - available for new (to be scheduled) pods, i.e. Allocatable - minus the resources reserved by currently running pods. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - capacity: - anyOf: - - type: integer - - type: string - description: Capacity of the resource, corresponding to capacity - in node status, i.e. total amount of this resource that - the node has. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - name: - description: Name of the resource. - type: string - required: - - allocatable - - available - - capacity - - name - type: object - type: array - type: - type: string - required: - - name - - type - type: object - type: array - required: - - zones - type: object - served: true - storage: true + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - zones + type: object + served: true + storage: true status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml index 6a88fe1..f7b4fda 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/topologyupdater.yaml @@ -12,6 +12,7 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + revisionHistoryLimit: {{ .Values.topologyUpdater.revisionHistoryLimit }} selector: matchLabels: {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} @@ -21,125 +22,152 @@ spec: labels: {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} role: topology-updater - {{- with .Values.topologyUpdater.annotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-topologyupdater-conf.yaml") . | sha256sum }} + {{- with .Values.topologyUpdater.annotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} spec: serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} - dnsPolicy: ClusterFirstWithHostNet - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + dnsPolicy: {{ .Values.topologyUpdater.dnsPolicy }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} {{- end }} + imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }} securityContext: {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.topologyUpdater.hostNetwork }} containers: - - name: topology-updater - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: NODE_ADDRESS - valueFrom: - fieldRef: - fieldPath: status.hostIP - command: - - "nfd-topology-updater" - args: - - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock" + - name: topology-updater + image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + livenessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.topologyUpdater.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.topologyUpdater.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.topologyUpdater.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: NODE_ADDRESS + valueFrom: + fieldRef: + fieldPath: status.hostIP + {{- with .Values.topologyUpdater.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + command: + - "nfd-topology-updater" + args: + - "-podresources-socket=/host-var/lib/kubelet-podresources/kubelet.sock" {{- if .Values.topologyUpdater.updateInterval | empty | not }} - - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}" + - "-sleep-interval={{ .Values.topologyUpdater.updateInterval }}" {{- else }} - - "-sleep-interval=3s" + - "-sleep-interval=3s" {{- end }} {{- if .Values.topologyUpdater.watchNamespace | empty | not }} - - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}" + - "-watch-namespace={{ .Values.topologyUpdater.watchNamespace }}" {{- else }} - - "-watch-namespace=*" + - "-watch-namespace=*" {{- end }} - {{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" - {{- end }} - {{- if .Values.topologyUpdater.podSetFingerprint }} - - "-pods-fingerprint" + {{- if not .Values.topologyUpdater.podSetFingerprint }} + - "-pods-fingerprint=false" {{- end }} {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} - - "-kubelet-config-uri=file:///host-var/kubelet-config" + - "-kubelet-config-uri=file:///host-var/kubelet-config" {{- end }} {{- if .Values.topologyUpdater.kubeletStateDir | empty }} - # Disable kubelet state tracking by giving an empty path - - "-kubelet-state-dir=" + # Disable kubelet state tracking by giving an empty path + - "-kubelet-state-dir=" {{- end }} - - -metrics={{ .Values.topologyUpdater.metricsPort | default "8081"}} - ports: - - name: metrics - containerPort: {{ .Values.topologyUpdater.metricsPort | default "8081"}} - volumeMounts: + - "-port={{ .Values.topologyUpdater.port | default "8080"}}" + {{- with .Values.topologyUpdater.extraArgs }} + {{- toYaml . | nindent 10 }} + {{- end }} + ports: + - containerPort: {{ .Values.topologyUpdater.port | default "8080"}} + name: http + volumeMounts: {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} - - name: kubelet-config - mountPath: /host-var/kubelet-config + - name: kubelet-config + mountPath: /host-var/kubelet-config {{- end }} - - name: kubelet-podresources-sock - mountPath: /host-var/lib/kubelet-podresources/kubelet.sock - - name: host-sys - mountPath: /host-sys + - name: kubelet-podresources-sock + mountPath: /host-var/lib/kubelet-podresources/kubelet.sock + - name: host-sys + mountPath: /host-sys {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} - - name: kubelet-state-files - mountPath: /host-var/lib/kubelet - readOnly: true + - name: kubelet-state-files + mountPath: /host-var/lib/kubelet + readOnly: true {{- end }} - {{- if .Values.tls.enable }} - - name: nfd-topology-updater-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true - {{- end }} - - name: nfd-topology-updater-conf - mountPath: "/etc/kubernetes/node-feature-discovery" - readOnly: true + - name: nfd-topology-updater-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true - resources: + resources: {{- toYaml .Values.topologyUpdater.resources | nindent 12 }} - securityContext: + securityContext: {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }} volumes: - - name: host-sys - hostPath: - path: "/sys" + - name: host-sys + hostPath: + path: "/sys" {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} - - name: kubelet-config - hostPath: - path: {{ .Values.topologyUpdater.kubeletConfigPath }} + - name: kubelet-config + hostPath: + path: {{ .Values.topologyUpdater.kubeletConfigPath }} {{- end }} - - name: kubelet-podresources-sock - hostPath: + - name: kubelet-podresources-sock + hostPath: {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }} - path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }} + path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }} {{- else }} - path: /var/lib/kubelet/pod-resources/kubelet.sock + path: /var/lib/kubelet/pod-resources/kubelet.sock {{- end }} {{- if .Values.topologyUpdater.kubeletStateDir | empty | not }} - - name: kubelet-state-files - hostPath: - path: {{ .Values.topologyUpdater.kubeletStateDir }} + - name: kubelet-state-files + hostPath: + path: {{ .Values.topologyUpdater.kubeletStateDir }} {{- end }} - - name: nfd-topology-updater-conf - configMap: - name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf - items: - - key: nfd-topology-updater.conf - path: nfd-topology-updater.conf - {{- if .Values.tls.enable }} - - name: nfd-topology-updater-cert - secret: - secretName: nfd-topology-updater-cert - {{- end }} - + - name: nfd-topology-updater-conf + configMap: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater-conf + items: + - key: nfd-topology-updater.conf + path: nfd-topology-updater.conf {{- with .Values.topologyUpdater.nodeSelector }} nodeSelector: @@ -153,4 +181,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml b/sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml index daaca75..f65fa41 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/templates/worker.yaml @@ -12,6 +12,11 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + revisionHistoryLimit: {{ .Values.worker.revisionHistoryLimit }} + {{- with .Values.worker.updateStrategy }} + updateStrategy: + {{- toYaml . | nindent 4 }} + {{- end}} selector: matchLabels: {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} @@ -21,91 +26,124 @@ spec: labels: {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} role: worker - {{- with .Values.worker.annotations }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/nfd-worker-conf.yaml") . | sha256sum }} + {{- with .Values.worker.annotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} spec: - dnsPolicy: ClusterFirstWithHostNet - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} + dnsPolicy: {{ .Values.worker.dnsPolicy }} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} {{- end }} + imagePullSecrets: {{ include "node-feature-discovery.imagePullSecrets" . }} serviceAccountName: {{ include "node-feature-discovery.worker.serviceAccountName" . }} securityContext: {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + hostNetwork: {{ .Values.worker.hostNetwork }} containers: - - name: worker - securityContext: + - name: worker + securityContext: {{- toYaml .Values.worker.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - resources: + image: "{{ include "node-feature-discovery.system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.worker.livenessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.livenessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + readinessProbe: + httpGet: + path: /healthz + port: http + {{- with .Values.worker.readinessProbe.initialDelaySeconds }} + initialDelaySeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.failureThreshold }} + failureThreshold: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.periodSeconds }} + periodSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.timeoutSeconds }} + timeoutSeconds: {{ . }} + {{- end }} + {{- with .Values.worker.readinessProbe.successThreshold }} + successThreshold: {{ . }} + {{- end }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + {{- with .Values.worker.extraEnvs }} + {{- toYaml . | nindent 8 }} + {{- end}} + resources: {{- toYaml .Values.worker.resources | nindent 12 }} - command: - - "nfd-worker" - args: - {{- if not .Values.enableNodeFeatureApi }} - - "-server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" - - "-enable-nodefeature-api=false" + command: + - "nfd-worker" + args: + # Go over featureGate and add the feature-gate flag + {{- range $key, $value := .Values.featureGates }} + - "-feature-gates={{ $key }}={{ $value }}" {{- end }} -{{- if .Values.tls.enable }} - - "-ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" - - "-key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" - - "-cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" -{{- end }} - - "-metrics={{ .Values.worker.metricsPort | default "8081"}}" - ports: - - name: metrics - containerPort: {{ .Values.worker.metricsPort | default "8081"}} - volumeMounts: - - name: host-boot - mountPath: "/host-boot" - readOnly: true - - name: host-os-release - mountPath: "/host-etc/os-release" - readOnly: true - - name: host-sys - mountPath: "/host-sys" - readOnly: true - - name: host-usr-lib - mountPath: "/host-usr/lib" - readOnly: true - - name: host-lib - mountPath: "/host-lib" - readOnly: true + - "-port={{ .Values.worker.port | default "8080"}}" + {{- with .Values.worker.extraArgs }} + {{- toYaml . | nindent 8 }} + {{- end }} + ports: + - containerPort: {{ .Values.worker.port | default "8080"}} + name: http + volumeMounts: + - name: host-boot + mountPath: "/host-boot" + readOnly: true + - name: host-os-release + mountPath: "/host-etc/os-release" + readOnly: true + - name: host-sys + mountPath: "/host-sys" + readOnly: true + - name: host-usr-lib + mountPath: "/host-usr/lib" + readOnly: true + - name: host-lib + mountPath: "/host-lib" + readOnly: true + - name: host-proc-swaps + mountPath: "/host-proc/swaps" + readOnly: true {{- if .Values.worker.mountUsrSrc }} - - name: host-usr-src - mountPath: "/host-usr/src" - readOnly: true + - name: host-usr-src + mountPath: "/host-usr/src" + readOnly: true {{- end }} - - name: source-d - mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" - readOnly: true - - name: features-d - mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" - readOnly: true - - name: nfd-worker-conf - mountPath: "/etc/kubernetes/node-feature-discovery" - readOnly: true -{{- if .Values.tls.enable }} - - name: nfd-worker-cert - mountPath: "/etc/kubernetes/node-feature-discovery/certs" - readOnly: true -{{- end }} + - name: features-d + mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" + readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true volumes: - name: host-boot hostPath: @@ -122,14 +160,14 @@ spec: - name: host-lib hostPath: path: "/lib" + - name: host-proc-swaps + hostPath: + path: "/proc/swaps" {{- if .Values.worker.mountUsrSrc }} - name: host-usr-src hostPath: path: "/usr/src" {{- end }} - - name: source-d - hostPath: - path: "/etc/kubernetes/node-feature-discovery/source.d/" - name: features-d hostPath: path: "/etc/kubernetes/node-feature-discovery/features.d/" @@ -139,12 +177,7 @@ spec: items: - key: nfd-worker.conf path: nfd-worker.conf -{{- if .Values.tls.enable }} - - name: nfd-worker-cert - secret: - secretName: nfd-worker-cert -{{- end }} - {{- with .Values.worker.nodeSelector }} + {{- with .Values.worker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} @@ -159,4 +192,4 @@ spec: {{- with .Values.worker.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/charts/sriov-nfd/values.yaml b/sriov-network-operator-chart/charts/sriov-nfd/values.yaml index 290cc2b..18e5a19 100644 --- a/sriov-network-operator-chart/charts/sriov-nfd/values.yaml +++ b/sriov-network-operator-chart/charts/sriov-nfd/values.yaml @@ -3,69 +3,84 @@ image: # This should be set to 'IfNotPresent' for released version pullPolicy: IfNotPresent # tag, if defined will use the given image tag, else Chart.AppVersion will be used - tag: v0.15.7 + # tag imagePullSecrets: [] nameOverride: "" fullnameOverride: "" namespaceOverride: "" -enableNodeFeatureApi: true +featureGates: + NodeFeatureGroupAPI: false + +priorityClassName: "" + +postDeleteCleanup: true master: enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false + dnsPolicy: ClusterFirstWithHostNet config: ### - # noPublish: false - # autoDefaultNs: true - # extraLabelNs: ["added.ns.io","added.kubernets.io"] - # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] - # resourceLabels: ["vendor-1.com/feature-1","vendor-2.io/feature-2"] - # enableTaints: false - # labelWhiteList: "foo" - # resyncPeriod: "2h" - # klog: - # addDirHeader: false - # alsologtostderr: false - # logBacktraceAt: - # logtostderr: true - # skipHeaders: false - # stderrthreshold: 2 - # v: 0 - # vmodule: - ## NOTE: the following options are not dynamically run-time configurable - ## and require a nfd-master restart to take effect after being changed - # logDir: - # logFile: - # logFileMaxSize: 1800 - # skipLogHeaders: false - # leaderElection: - # leaseDuration: 15s - # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 - # renewDeadline: 10s - # # this value has to be greater than 0 - # retryPeriod: 2s - # nfdApiParallelism: 10 + # noPublish: false + # extraLabelNs: ["added.ns.io","added.kubernets.io"] + # denyLabelNs: ["denied.ns.io","denied.kubernetes.io"] + # enableTaints: false + # informerPageSize: 200 + # labelWhiteList: "foo" + # resyncPeriod: "2h" + # restrictions: + # disableLabels: true + # disableTaints: true + # disableExtendedResources: true + # disableAnnotations: true + # allowOverwrite: false + # denyNodeFeatureLabels: true + # nodeFeatureNamespaceSelector: + # matchLabels: + # kubernetes.io/metadata.name: "node-feature-discovery" + # matchExpressions: + # - key: "kubernetes.io/metadata.name" + # operator: "In" + # values: + # - "node-feature-discovery" + # klog: + # addDirHeader: false + # alsologtostderr: false + # logBacktraceAt: + # logtostderr: true + # skipHeaders: false + # stderrthreshold: 2 + # v: 0 + # vmodule: + ## NOTE: the following options are not dynamically run-time configurable + ## and require a nfd-master restart to take effect after being changed + # logDir: + # logFile: + # logFileMaxSize: 1800 + # skipLogHeaders: false + # leaderElection: + # leaseDuration: 15s + # # this value has to be lower than leaseDuration and greater than retryPeriod*1.2 + # renewDeadline: 10s + # # this value has to be greater than 0 + # retryPeriod: 2s + # nfdApiParallelism: 10 ### - # The TCP port that nfd-master listens for incoming requests. Default: 8080 - # Deprecated this parameter is related to the deprecated gRPC API and will - # be removed with it in a future release port: 8080 - metricsPort: 8081 instance: - featureApi: resyncPeriod: denyLabelNs: [] extraLabelNs: [] - resourceLabels: [] enableTaints: false - crdController: null - featureRulesController: null nfdApiParallelism: null deploymentAnnotations: {} replicaCount: 1 podSecurityContext: {} - # fsGroup: 2000 + # fsGroup: 2000 securityContext: allowPrivilegeEscalation: false @@ -84,304 +99,321 @@ master: # If not set and create is true, a name is generated using the fullname template name: + # specify how many old ReplicaSets for the Deployment to retain. + revisionHistoryLimit: + rbac: create: true - service: - type: ClusterIP - port: 8080 - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + #limits: + # memory: 4Gi + #requests: + # cpu: 100m + # You may want to use the same value for `requests.memory` and `limits.memory`. The “requests” value affects scheduling to accommodate pods on nodes. + # If there is a large difference between “requests” and “limits” and nodes experience memory pressure, the kernel may invoke + # the OOM Killer, even if the memory does not exceed the “limits” threshold. This can cause unexpected pod evictions. Memory + # cannot be compressed and once allocated to a pod, it can only be reclaimed by killing the pod. + # Natan Yellin 22/09/2022 https://home.robusta.dev/blog/kubernetes-memory-limit + # memory: 128Mi nodeSelector: {} tolerations: - - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "" - effect: "NoSchedule" - - key: "node-role.kubernetes.io/control-plane" - operator: "Equal" - value: "" - effect: "NoSchedule" + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + + podDisruptionBudget: + enable: false + minAvailable: 1 + unhealthyPodEvictionPolicy: AlwaysAllow annotations: {} affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 1 - preference: - matchExpressions: - - key: "node-role.kubernetes.io/master" - operator: In - values: [""] - weight: 1 preference: matchExpressions: - key: "node-role.kubernetes.io/control-plane" operator: In values: [""] + + startupProbe: + failureThreshold: 30 + # periodSeconds: 10 + livenessProbe: {} + # failureThreshold: 3 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + failureThreshold: 10 + # initialDelaySeconds: 0 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 worker: enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false + dnsPolicy: ClusterFirstWithHostNet config: ### - #core: - # labelWhiteList: - # noPublish: false - # sleepInterval: 60s - # featureSources: [all] - # labelSources: [all] - # klog: - # addDirHeader: false - # alsologtostderr: false - # logBacktraceAt: - # logtostderr: true - # skipHeaders: false - # stderrthreshold: 2 - # v: 0 - # vmodule: - ## NOTE: the following options are not dynamically run-time configurable - ## and require a nfd-worker restart to take effect after being changed - # logDir: - # logFile: - # logFileMaxSize: 1800 - # skipLogHeaders: false - #sources: - # cpu: - # cpuid: - ## NOTE: whitelist has priority over blacklist - # attributeBlacklist: - # - "BMI1" - # - "BMI2" - # - "CLMUL" - # - "CMOV" - # - "CX16" - # - "ERMS" - # - "F16C" - # - "HTT" - # - "LZCNT" - # - "MMX" - # - "MMXEXT" - # - "NX" - # - "POPCNT" - # - "RDRAND" - # - "RDSEED" - # - "RDTSCP" - # - "SGX" - # - "SSE" - # - "SSE2" - # - "SSE3" - # - "SSE4" - # - "SSE42" - # - "SSSE3" - # - "TDX_GUEST" - # attributeWhitelist: - # kernel: - # kconfigFile: "/path/to/kconfig" - # configOpts: - # - "NO_HZ" - # - "X86" - # - "DMI" - # pci: - # deviceClassWhitelist: - # - "0200" - # - "03" - # - "12" - # deviceLabelFields: - # - "class" - # - "vendor" - # - "device" - # - "subsystem_vendor" - # - "subsystem_device" - # usb: - # deviceClassWhitelist: - # - "0e" - # - "ef" - # - "fe" - # - "ff" - # deviceLabelFields: - # - "class" - # - "vendor" - # - "device" - # local: - # hooksEnabled: false - # custom: - # # The following feature demonstrates the capabilities of the matchFeatures - # - name: "my custom rule" - # labels: - # "vendor.io/my-ng-feature": "true" - # # matchFeatures implements a logical AND over all matcher terms in the - # # list (i.e. all of the terms, or per-feature matchers, must match) - # matchFeatures: - # - feature: cpu.cpuid - # matchExpressions: - # AVX512F: {op: Exists} - # - feature: cpu.cstate - # matchExpressions: - # enabled: {op: IsTrue} - # - feature: cpu.pstate - # matchExpressions: - # no_turbo: {op: IsFalse} - # scaling_governor: {op: In, value: ["performance"]} - # - feature: cpu.rdt - # matchExpressions: - # RDTL3CA: {op: Exists} - # - feature: cpu.sst - # matchExpressions: - # bf.enabled: {op: IsTrue} - # - feature: cpu.topology - # matchExpressions: - # hardware_multithreading: {op: IsFalse} - # - # - feature: kernel.config - # matchExpressions: - # X86: {op: Exists} - # LSM: {op: InRegexp, value: ["apparmor"]} - # - feature: kernel.loadedmodule - # matchExpressions: - # e1000e: {op: Exists} - # - feature: kernel.selinux - # matchExpressions: - # enabled: {op: IsFalse} - # - feature: kernel.version - # matchExpressions: - # major: {op: In, value: ["5"]} - # minor: {op: Gt, value: ["10"]} - # - # - feature: storage.block - # matchExpressions: - # rotational: {op: In, value: ["0"]} - # dax: {op: In, value: ["0"]} - # - # - feature: network.device - # matchExpressions: - # operstate: {op: In, value: ["up"]} - # speed: {op: Gt, value: ["100"]} - # - # - feature: memory.numa - # matchExpressions: - # node_count: {op: Gt, value: ["2"]} - # - feature: memory.nv - # matchExpressions: - # devtype: {op: In, value: ["nd_dax"]} - # mode: {op: In, value: ["memory"]} - # - # - feature: system.osrelease - # matchExpressions: - # ID: {op: In, value: ["fedora", "centos"]} - # - feature: system.name - # matchExpressions: - # nodename: {op: InRegexp, value: ["^worker-X"]} - # - # - feature: local.label - # matchExpressions: - # custom-feature-knob: {op: Gt, value: ["100"]} - # - # # The following feature demonstrates the capabilities of the matchAny - # - name: "my matchAny rule" - # labels: - # "vendor.io/my-ng-feature-2": "my-value" - # # matchAny implements a logical IF over all elements (sub-matchers) in - # # the list (i.e. at least one feature matcher must match) - # matchAny: - # - matchFeatures: - # - feature: kernel.loadedmodule - # matchExpressions: - # driver-module-X: {op: Exists} - # - feature: pci.device - # matchExpressions: - # vendor: {op: In, value: ["8086"]} - # class: {op: In, value: ["0200"]} - # - matchFeatures: - # - feature: kernel.loadedmodule - # matchExpressions: - # driver-module-Y: {op: Exists} - # - feature: usb.device - # matchExpressions: - # vendor: {op: In, value: ["8086"]} - # class: {op: In, value: ["02"]} - # - # - name: "avx wildcard rule" - # labels: - # "my-avx-feature": "true" - # matchFeatures: - # - feature: cpu.cpuid - # matchName: {op: InRegexp, value: ["^AVX512"]} - # - # # The following features demonstreate label templating capabilities - # - name: "my template rule" - # labelsTemplate: | - # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }} - # {{ end }} - # matchFeatures: - # - feature: system.osrelease - # matchExpressions: - # ID: {op: InRegexp, value: ["^open.*"]} - # VERSION_ID.major: {op: In, value: ["13", "15"]} - # - # - name: "my template rule 2" - # labelsTemplate: | - # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid - # {{ end }} - # matchFeatures: - # - feature: pci.device - # matchExpressions: - # class: {op: InRegexp, value: ["^06"]} - # vendor: ["8086"] - # - feature: cpu.cpuid - # matchExpressions: - # AVX: {op: Exists} - # - # # The following examples demonstrate vars field and back-referencing - # # previous labels and vars - # - name: "my dummy kernel rule" - # labels: - # "vendor.io/my.kernel.feature": "true" - # matchFeatures: - # - feature: kernel.version - # matchExpressions: - # major: {op: Gt, value: ["2"]} - # - # - name: "my dummy rule with no labels" - # vars: - # "my.dummy.var": "1" - # matchFeatures: - # - feature: cpu.cpuid - # matchExpressions: {} - # - # - name: "my rule using backrefs" - # labels: - # "vendor.io/my.backref.feature": "true" - # matchFeatures: - # - feature: rule.matched - # matchExpressions: - # vendor.io/my.kernel.feature: {op: IsTrue} - # my.dummy.var: {op: Gt, value: ["0"]} - # - # - name: "kconfig template rule" - # labelsTemplate: | - # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} - # {{ end }} - # matchFeatures: - # - feature: kernel.config - # matchName: {op: In, value: ["SWAP", "X86", "ARM"]} - ### + #core: + # labelWhiteList: + # noPublish: false + # noOwnerRefs: false + # sleepInterval: 60s + # featureSources: [all] + # labelSources: [all] + # klog: + # addDirHeader: false + # alsologtostderr: false + # logBacktraceAt: + # logtostderr: true + # skipHeaders: false + # stderrthreshold: 2 + # v: 0 + # vmodule: + ## NOTE: the following options are not dynamically run-time configurable + ## and require a nfd-worker restart to take effect after being changed + # logDir: + # logFile: + # logFileMaxSize: 1800 + # skipLogHeaders: false + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "AVX10" + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4" + # - "SSE42" + # - "SSSE3" + # - "TDX_GUEST" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # # The following feature demonstrates the capabilities of the matchFeatures + # - name: "my custom rule" + # labels: + # "vendor.io/my-ng-feature": "true" + # # matchFeatures implements a logical AND over all matcher terms in the + # # list (i.e. all of the terms, or per-feature matchers, must match) + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: + # AVX512F: {op: Exists} + # - feature: cpu.cstate + # matchExpressions: + # enabled: {op: IsTrue} + # - feature: cpu.pstate + # matchExpressions: + # no_turbo: {op: IsFalse} + # scaling_governor: {op: In, value: ["performance"]} + # - feature: cpu.rdt + # matchExpressions: + # RDTL3CA: {op: Exists} + # - feature: cpu.sst + # matchExpressions: + # bf.enabled: {op: IsTrue} + # - feature: cpu.topology + # matchExpressions: + # hardware_multithreading: {op: IsFalse} + # + # - feature: kernel.config + # matchExpressions: + # X86: {op: Exists} + # LSM: {op: InRegexp, value: ["apparmor"]} + # - feature: kernel.loadedmodule + # matchExpressions: + # e1000e: {op: Exists} + # - feature: kernel.selinux + # matchExpressions: + # enabled: {op: IsFalse} + # - feature: kernel.version + # matchExpressions: + # major: {op: In, value: ["5"]} + # minor: {op: Gt, value: ["10"]} + # + # - feature: storage.block + # matchExpressions: + # rotational: {op: In, value: ["0"]} + # dax: {op: In, value: ["0"]} + # + # - feature: network.device + # matchExpressions: + # operstate: {op: In, value: ["up"]} + # speed: {op: Gt, value: ["100"]} + # + # - feature: memory.numa + # matchExpressions: + # node_count: {op: Gt, value: ["2"]} + # - feature: memory.nv + # matchExpressions: + # devtype: {op: In, value: ["nd_dax"]} + # mode: {op: In, value: ["memory"]} + # + # - feature: system.osrelease + # matchExpressions: + # ID: {op: In, value: ["fedora", "centos"]} + # - feature: system.name + # matchExpressions: + # nodename: {op: InRegexp, value: ["^worker-X"]} + # + # - feature: local.label + # matchExpressions: + # custom-feature-knob: {op: Gt, value: ["100"]} + # + # # The following feature demonstrates the capabilities of the matchAny + # - name: "my matchAny rule" + # labels: + # "vendor.io/my-ng-feature-2": "my-value" + # # matchAny implements a logical IF over all elements (sub-matchers) in + # # the list (i.e. at least one feature matcher must match) + # matchAny: + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-X: {op: Exists} + # - feature: pci.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["0200"]} + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-Y: {op: Exists} + # - feature: usb.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["02"]} + # + # - name: "avx wildcard rule" + # labels: + # "my-avx-feature": "true" + # matchFeatures: + # - feature: cpu.cpuid + # matchName: {op: InRegexp, value: ["^AVX512"]} + # + # # The following features demonstreate label templating capabilities + # - name: "my template rule" + # labelsTemplate: | + # {{ range .system.osrelease }}vendor.io/my-system-feature.{{ .Name }}={{ .Value }} + # {{ end }} + # matchFeatures: + # - feature: system.osrelease + # matchExpressions: + # ID: {op: InRegexp, value: ["^open.*"]} + # VERSION_ID.major: {op: In, value: ["13", "15"]} + # + # - name: "my template rule 2" + # labelsTemplate: | + # {{ range .pci.device }}vendor.io/my-pci-device.{{ .class }}-{{ .device }}=with-cpuid + # {{ end }} + # matchFeatures: + # - feature: pci.device + # matchExpressions: + # class: {op: InRegexp, value: ["^06"]} + # vendor: ["8086"] + # - feature: cpu.cpuid + # matchExpressions: + # AVX: {op: Exists} + # + # # The following examples demonstrate vars field and back-referencing + # # previous labels and vars + # - name: "my dummy kernel rule" + # labels: + # "vendor.io/my.kernel.feature": "true" + # matchFeatures: + # - feature: kernel.version + # matchExpressions: + # major: {op: Gt, value: ["2"]} + # + # - name: "my dummy rule with no labels" + # vars: + # "my.dummy.var": "1" + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: {} + # + # - name: "my rule using backrefs" + # labels: + # "vendor.io/my.backref.feature": "true" + # matchFeatures: + # - feature: rule.matched + # matchExpressions: + # vendor.io/my.kernel.feature: {op: IsTrue} + # my.dummy.var: {op: Gt, value: ["0"]} + # + # - name: "kconfig template rule" + # labelsTemplate: | + # {{ range .kernel.config }}kconfig-{{ .Name }}={{ .Value }} + # {{ end }} + # matchFeatures: + # - feature: kernel.config + # matchName: {op: In, value: ["SWAP", "X86", "ARM"]} +### - metricsPort: 8081 + port: 8080 daemonsetAnnotations: {} podSecurityContext: {} - # fsGroup: 2000 + # fsGroup: 2000 securityContext: allowPrivilegeEscalation: false @@ -391,6 +423,18 @@ worker: runAsNonRoot: true # runAsUser: 1000 + livenessProbe: + initialDelaySeconds: 10 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + initialDelaySeconds: 5 + failureThreshold: 10 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + serviceAccount: # Specifies whether a service account should be created. # We create this by default to make it easier for downstream users to apply PodSecurityPolicies. @@ -401,6 +445,9 @@ worker: # If not set and create is true, a name is generated using the fullname template name: + # specify how many old ControllerRevisions for the DaemonSet to retain. + revisionHistoryLimit: + rbac: create: true @@ -409,16 +456,11 @@ worker: mountUsrSrc: false resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + #limits: + # memory: 512Mi + #requests: + # cpu: 5m + # memory: 64Mi nodeSelector: {} @@ -430,28 +472,42 @@ worker: priorityClassName: "" + updateStrategy: {} + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: "10%" + topologyUpdater: config: ### - ## key = node name, value = list of resources to be excluded. - ## use * to exclude from all nodes. - ## an example for how the exclude list should looks like - #excludeList: - # node1: [cpu] - # node2: [memory, example/deviceA] - # *: [hugepages-2Mi] - ### + ## key = node name, value = list of resources to be excluded. + ## use * to exclude from all nodes. + ## an example for how the exclude list should looks like + #excludeList: + # node1: [cpu] + # node2: [memory, example/deviceA] + # *: [hugepages-2Mi] +### enable: false createCRDs: false + extraArgs: [] + extraEnvs: [] + hostNetwork: false + dnsPolicy: ClusterFirstWithHostNet serviceAccount: create: true annotations: {} name: + + # specify how many old ControllerRevisions for the DaemonSet to retain. + revisionHistoryLimit: + rbac: create: true - metricsPort: 8081 + port: 8080 kubeletConfigPath: kubeletPodResourcesSockPath: updateInterval: 60s @@ -466,17 +522,24 @@ topologyUpdater: readOnlyRootFilesystem: true runAsUser: 0 + livenessProbe: + initialDelaySeconds: 10 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + initialDelaySeconds: 5 + failureThreshold: 10 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 + resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + #limits: + # memory: 60Mi + #requests: + # cpu: 50m + # memory: 40Mi nodeSelector: {} tolerations: [] @@ -487,7 +550,11 @@ topologyUpdater: gc: enable: true + extraArgs: [] + extraEnvs: [] + hostNetwork: false replicaCount: 1 + dnsPolicy: ClusterFirstWithHostNet serviceAccount: create: true @@ -500,19 +567,26 @@ gc: podSecurityContext: {} - resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + livenessProbe: + initialDelaySeconds: 10 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + readinessProbe: + initialDelaySeconds: 5 + # failureThreshold: 3 + # periodSeconds: 10 + # timeoutSeconds: 1 + # successThreshold: 1 - metricsPort: 8081 + resources: {} + #limits: + # memory: 1Gi + #requests: + # cpu: 10m + # memory: 128Mi + + port: 8080 nodeSelector: {} tolerations: [] @@ -520,15 +594,15 @@ gc: deploymentAnnotations: {} affinity: {} -# Optionally use encryption for worker <--> master comms -# TODO: verify hostname is not yet supported -# -# If you do not enable certManager (and have it installed) you will -# need to manually, or otherwise, provision the TLS certs as secrets -tls: - enable: false - certManager: false + podDisruptionBudget: + enable: false + minAvailable: 1 + unhealthyPodEvictionPolicy: AlwaysAllow + + # specify how many old ReplicaSets for the Deployment to retain. + revisionHistoryLimit: prometheus: enable: false - labels: {} \ No newline at end of file + scrapeInterval: 10s + labels: {} diff --git a/sriov-network-operator-chart/templates/NOTES.txt b/sriov-network-operator-chart/templates/NOTES.txt index 7944c5c..f00da66 100644 --- a/sriov-network-operator-chart/templates/NOTES.txt +++ b/sriov-network-operator-chart/templates/NOTES.txt @@ -5,13 +5,15 @@ $ kubectl -n {{ .Release.Namespace }} get pods For additional instructions on how to use SR-IOV network operator, refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator -{{- if .Values.operator.enableAdmissionController }} -{{- if not .Values.cert_manager }} +{{- if .Values.operator.admissionControllers.enabled }} +{{- if not .Values.operator.admissionControllers.certificates.certManager.enabled }} Thank you for installing {{ .Chart.Name }}. -WARNING! Self signed certificates have been generated for webhooks. -These certificates have a one-year validity and will not be rotated -automatically. This should not be a production cluster. Please deploy -and use cert-manager for production clusters. +WARNING! Self signed certificates have been generated for the two +deployed SRIOV dynamic admission controllers: sriov-network-webhook +and network-resources-injector. These certificates have a one-year +validity and will not be rotated automatically. +This should NOT be a production cluster. Please deploy and use +cert-manager for production clusters. {{- end }} {{- end }} \ No newline at end of file diff --git a/sriov-network-operator-chart/templates/_helpers.tpl b/sriov-network-operator-chart/templates/_helpers.tpl index 1e27a5a..2a6e043 100644 --- a/sriov-network-operator-chart/templates/_helpers.tpl +++ b/sriov-network-operator-chart/templates/_helpers.tpl @@ -68,18 +68,3 @@ Create the name of the service account to use {{- "" -}} {{- end -}} {{- end -}} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} \ No newline at end of file diff --git a/sriov-network-operator-chart/templates/_webhook-certs.tpl b/sriov-network-operator-chart/templates/_webhook-certs.tpl deleted file mode 100644 index 26ac74d..0000000 --- a/sriov-network-operator-chart/templates/_webhook-certs.tpl +++ /dev/null @@ -1,30 +0,0 @@ -{{/* -Generate TLS certificates for webhooks. -Note: these 2 lines, that are repeated several times below, are a trick to -ensure the CA certs are generated only once: - $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) - $_ := set . "ca" $ca -Please, don't try to "simplify" them as without this trick, every generated -certificate would be signed by a different CA. -*/}} -{{- define "sriov_operator_ca_cert" }} -{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}} -{{- $_ := set . "ca" $ca -}} -{{- printf "%s" $ca.Cert | b64enc -}} -{{- end }} -{{- define "sriov_operator_cert" }} -{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}} -{{- $_ := set . "ca" $ca -}} -{{- $cn := printf "operator-webhook-service.%s.svc" .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end }} -{{- define "sriov_resource_injector_cert" }} -{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}} -{{- $_ := set . "ca" $ca -}} -{{- $cn := printf "network-resources-injector-service.%s.svc" .Release.Namespace -}} -{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}} -tls.crt: {{ $cert.Cert | b64enc }} -tls.key: {{ $cert.Key | b64enc }} -{{- end }} diff --git a/sriov-network-operator-chart/templates/certificate.yaml b/sriov-network-operator-chart/templates/certificate.yaml index ff8e5b5..1c6a38c 100644 --- a/sriov-network-operator-chart/templates/certificate.yaml +++ b/sriov-network-operator-chart/templates/certificate.yaml @@ -8,8 +8,8 @@ metadata: namespace: {{ .Release.Namespace }} spec: dnsNames: - - operator-webhook-service.{{ .Release.Namespace }}.svc - - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local + - operator-webhook-service.{{ .Release.Namespace }}.svc + - operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local issuerRef: kind: Issuer name: operator-webhook-selfsigned-issuer @@ -30,8 +30,8 @@ metadata: namespace: {{ .Release.Namespace }} spec: dnsNames: - - network-resources-injector-service.{{ .Release.Namespace }}.svc - - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local + - network-resources-injector-service.{{ .Release.Namespace }}.svc + - network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local issuerRef: kind: Issuer name: network-resources-injector-selfsigned-issuer @@ -68,4 +68,4 @@ data: tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }} tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/sriov-network-operator-chart/templates/certmanagercerts.yaml b/sriov-network-operator-chart/templates/certmanagercerts.yaml deleted file mode 100644 index 2e3e991..0000000 --- a/sriov-network-operator-chart/templates/certmanagercerts.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and (.Values.operator.enableAdmissionController) (.Values.cert_manager) -}} -{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}} -{{- required "cert-manager is required but not found" "" -}} -{{- end -}} -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: sriov-network-operator-selfsigned-issuer - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: operator-webhook-service - namespace: {{ .Release.Namespace }} -spec: - secretName: operator-webhook-service - dnsNames: - - operator-webhook-service.{{ .Release.Namespace }}.svc - issuerRef: - name: sriov-network-operator-selfsigned-issuer - privateKey: - rotationPolicy: Always ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: network-resources-injector-service - namespace: {{ .Release.Namespace }} -spec: - secretName: network-resources-injector-secret - dnsNames: - - network-resources-injector-service.{{ .Release.Namespace }}.svc - issuerRef: - name: sriov-network-operator-selfsigned-issuer - privateKey: - rotationPolicy: Always -{{- end -}} diff --git a/sriov-network-operator-chart/templates/clusterrole.yaml b/sriov-network-operator-chart/templates/clusterrole.yaml index c472dda..1b9d207 100644 --- a/sriov-network-operator-chart/templates/clusterrole.yaml +++ b/sriov-network-operator-chart/templates/clusterrole.yaml @@ -102,4 +102,4 @@ rules: verbs: - "get" - "watch" - - "list" \ No newline at end of file + - "list" diff --git a/sriov-network-operator-chart/templates/clusterrolebinding.yaml b/sriov-network-operator-chart/templates/clusterrolebinding.yaml index f5c3b14..56788db 100644 --- a/sriov-network-operator-chart/templates/clusterrolebinding.yaml +++ b/sriov-network-operator-chart/templates/clusterrolebinding.yaml @@ -26,4 +26,4 @@ roleRef: subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} - name: sriov-network-config-daemon \ No newline at end of file + name: sriov-network-config-daemon diff --git a/sriov-network-operator-chart/templates/configmap.yaml b/sriov-network-operator-chart/templates/configmap.yaml index 41f970c..1a0bc56 100644 --- a/sriov-network-operator-chart/templates/configmap.yaml +++ b/sriov-network-operator-chart/templates/configmap.yaml @@ -25,6 +25,11 @@ data: Intel_ice_Columbiapark_E823C: "8086 188a 1889" Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889" Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889" + Intel_ice_Columbiapark_E825C_BACKPLANE: "8086 579c 1889" + Intel_ice_Columbiapark_E825C_QSFP: "8086 579d 1889" + Intel_ice_Columbiapark_E825C_SFP: "8086 579e 1889" + Intel_ice_Connorsville_E830_QSFP: "8086 12d2 1889" + Intel_ice_Connorsville_E830_SFP: "8086 12d3 1889" Nvidia_mlx5_ConnectX-4: "15b3 1013 1014" Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016" Nvidia_mlx5_ConnectX-5: "15b3 1017 1018" @@ -48,4 +53,4 @@ data: Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03" {{- range .Values.supportedExtraNICs }} {{ . }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/sriov-network-operator-chart/templates/operator.yaml b/sriov-network-operator-chart/templates/operator.yaml index f2b699c..ddddf38 100644 --- a/sriov-network-operator-chart/templates/operator.yaml +++ b/sriov-network-operator-chart/templates/operator.yaml @@ -6,7 +6,6 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sriov-network-operator.fullname" . }} - namespace: {{ .Release.Namespace }} labels: {{- include "sriov-network-operator.labels" . | nindent 4 }} spec: @@ -15,9 +14,7 @@ spec: matchLabels: name: sriov-network-operator strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 33% + type: Recreate template: metadata: annotations: @@ -42,7 +39,7 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} - - name: {{ . }} + - name: {{ . }} {{- end }} {{- end }} containers: @@ -117,4 +114,4 @@ spec: name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }} key: ca.crt {{- end }} - {{- end }} \ No newline at end of file + {{- end }} diff --git a/sriov-network-operator-chart/templates/pre-delete-webooks.yaml b/sriov-network-operator-chart/templates/pre-delete-webooks.yaml index 1100026..39a057b 100644 --- a/sriov-network-operator-chart/templates/pre-delete-webooks.yaml +++ b/sriov-network-operator-chart/templates/pre-delete-webooks.yaml @@ -1,6 +1,6 @@ # The following job will be used as Helm pre-delete hook. It executes a small go-client binary # which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects -# e.g. mutating/validating webhooks, within operator's recoinciling loop and +# e.g. mutating/validating webhooks, within operator's recoinciling loop and # preventing operator cluster object remainings while using helm uninstall apiVersion: batch/v1 kind: Job @@ -17,9 +17,9 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} - - name: {{ . }} - {{- end }} + - name: {{ . }} {{- end }} + {{- end }} containers: - name: cleanup image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }} @@ -30,4 +30,4 @@ spec: - {{ .Release.Namespace }} restartPolicy: Never backoffLimit: 2 - \ No newline at end of file + diff --git a/sriov-network-operator-chart/templates/role.yaml b/sriov-network-operator-chart/templates/role.yaml index 16268c0..b3682b9 100644 --- a/sriov-network-operator-chart/templates/role.yaml +++ b/sriov-network-operator-chart/templates/role.yaml @@ -28,6 +28,15 @@ rules: - statefulsets verbs: - '*' + - apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - get + - create + - update + - delete - apiGroups: - monitoring.coreos.com resources: @@ -135,4 +144,4 @@ rules: resources: - configmaps verbs: - - get \ No newline at end of file + - get diff --git a/sriov-network-operator-chart/templates/rolebinding.yaml b/sriov-network-operator-chart/templates/rolebinding.yaml index cd64fb5..c26eb19 100644 --- a/sriov-network-operator-chart/templates/rolebinding.yaml +++ b/sriov-network-operator-chart/templates/rolebinding.yaml @@ -41,4 +41,4 @@ subjects: roleRef: kind: Role name: operator-webhook-sa - apiGroup: rbac.authorization.k8s.io \ No newline at end of file + apiGroup: rbac.authorization.k8s.io diff --git a/sriov-network-operator-chart/templates/secrets.yaml b/sriov-network-operator-chart/templates/secrets.yaml deleted file mode 100644 index e224c3d..0000000 --- a/sriov-network-operator-chart/templates/secrets.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if not .Values.cert_manager -}} -{{- if .Values.operator.enableAdmissionController }} -apiVersion: v1 -kind: Secret -metadata: - name: operator-webhook-service - namespace: {{ .Release.Namespace }} -data: {{ include "sriov_operator_cert" . | nindent 2 }} -{{- end }} ---- -{{- if .Values.operator.enableAdmissionController }} -apiVersion: v1 -kind: Secret -metadata: - name: network-resources-injector-secret - namespace: {{ .Release.Namespace }} -data: {{ include "sriov_resource_injector_cert" . | nindent 2 }} -{{- end }} -{{- end }} diff --git a/sriov-network-operator-chart/templates/serviceaccount.yaml b/sriov-network-operator-chart/templates/serviceaccount.yaml index 226fbaf..98b7553 100644 --- a/sriov-network-operator-chart/templates/serviceaccount.yaml +++ b/sriov-network-operator-chart/templates/serviceaccount.yaml @@ -12,4 +12,4 @@ metadata: name: sriov-network-config-daemon namespace: {{ .Release.Namespace }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} \ No newline at end of file + {{- include "sriov-network-operator.labels" . | nindent 4 }} diff --git a/sriov-network-operator-chart/templates/validate-install-crd.yaml b/sriov-network-operator-chart/templates/validate-install-crd.yaml index b8536e0..fc65538 100644 --- a/sriov-network-operator-chart/templates/validate-install-crd.yaml +++ b/sriov-network-operator-chart/templates/validate-install-crd.yaml @@ -8,13 +8,13 @@ # {{- set $found "sriovnetwork.openshift.io/v1/SriovNetwork" false -}} # {{- set $found "sriovnetwork.openshift.io/v1/SriovOperatorConfig" false -}} # {{- range .Capabilities.APIVersions -}} -# {{- if hasKey $found (toString .) -}} -# {{- set $found (toString .) true -}} -# {{- end -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} # {{- end -}} # {{- range $_, $exists := $found -}} -# {{- if (eq $exists false) -}} -# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRDs chart before installing this chart." "" -}} +# {{- end -}} # {{- end -}} - # {{- end -}} - #{{- end -}} \ No newline at end of file +#{{- end -}} \ No newline at end of file diff --git a/sriov-network-operator-chart/values.yaml b/sriov-network-operator-chart/values.yaml index aaf1914..df67abf 100644 --- a/sriov-network-operator-chart/values.yaml +++ b/sriov-network-operator-chart/values.yaml @@ -50,38 +50,39 @@ operator: # cluster. In that case, the ca.crt must be base64 encoded twice since it ends up being an env variable. custom: enabled: false - # operator: - # caCrt: | - # -----BEGIN CERTIFICATE----- - # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G - # ... - # -----END CERTIFICATE----- - # tlsCrt: | - # -----BEGIN CERTIFICATE----- - # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G - # ... - # -----END CERTIFICATE----- - # tlsKey: | - # -----BEGIN EC PRIVATE KEY----- - # MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= - # ... - # -----END EC PRIVATE KEY----- - # injector: - # caCrt: | - # -----BEGIN CERTIFICATE----- - # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G - # ... - # -----END CERTIFICATE----- - # tlsCrt: | - # -----BEGIN CERTIFICATE----- - # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G - # ... - # -----END CERTIFICATE----- - # tlsKey: | - # -----BEGIN EC PRIVATE KEY----- - # MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= - # ... - # -----END EC PRIVATE KEY----- + # operator: + # caCrt: | + # -----BEGIN CERTIFICATE----- + # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G + # ... + # -----END CERTIFICATE----- + # tlsCrt: | + # -----BEGIN CERTIFICATE----- + # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G + # ... + # -----END CERTIFICATE----- + # tlsKey: | + # -----BEGIN EC PRIVATE KEY----- + # MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= + # ... + # -----END EC PRIVATE KEY----- + # injector: + # caCrt: | + # -----BEGIN CERTIFICATE----- + # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G + # ... + # -----END CERTIFICATE----- + # tlsCrt: | + # -----BEGIN CERTIFICATE----- + # MIIMIICLDCCAdKgAwIBAgIBADAKBggqhkjOPQQDAjB9MQswCQYDVQQGEwJCRTEPMA0G + # ... + # -----END CERTIFICATE----- + # tlsKey: | + # -----BEGIN EC PRIVATE KEY----- + # MHcl4wOuDwKQa+upc8GftXE2C//4mKANBC6It01gUaTIpo= + # ... + # -----END EC PRIVATE KEY----- + sriovOperatorConfig: # deploy sriovOperatorConfig CR with the below values deploy: true @@ -102,25 +103,25 @@ supportedExtraNICs: [] images: operator: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager" - tag: v1.5.0 + tag: v1.6.0 sriovConfigDaemon: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon" - tag: v1.5.0 + tag: v1.6.0 sriovCni: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni" - tag: v2.9.0 + tag: v2.10.0 ibSriovCni: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni" - tag: v1.2.1 + tag: v1.3.0 sriovDevicePlugin: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin" - tag: v3.9.0 + tag: v3.10.0 resourcesInjector: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector" - tag: v1.7.1 + tag: v1.8.0 webhook: repository: "%%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook" - tag: v1.5.0 + tag: v1.6.0 imagePullSecrets: [] extraDeploy: [] global: -- 2.51.1 From f9bdebe17547bd53e95e6fa330043e1f230180d384d098c606520ddae012f6de Mon Sep 17 00:00:00 2001 From: Antonio Alonso Alarcon Date: Mon, 27 Oct 2025 13:17:58 +0100 Subject: [PATCH 9/9] Updates release_images.yaml and release_manifest.yaml files with new SRIOV images and charts versions --- release-manifest-image/release_images.yaml | 16 ++++++++-------- release-manifest-image/release_manifest.yaml | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/release-manifest-image/release_images.yaml b/release-manifest-image/release_images.yaml index 2fc6b0c..967ed94 100644 --- a/release-manifest-image/release_images.yaml +++ b/release-manifest-image/release_images.yaml @@ -11,14 +11,14 @@ images: - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2 - name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2 - name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.5.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.5.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.5.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.9.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.2.1 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.9.0 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.7.1 - - name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.15.7 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.8.0 + - name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.18.2 - name: registry.rancher.com/rancher/fleet-agent:v0.13.1 - name: registry.rancher.com/rancher/fleet:v0.13.1 - name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611 diff --git a/release-manifest-image/release_manifest.yaml b/release-manifest-image/release_manifest.yaml index 1359d5d..fea575e 100644 --- a/release-manifest-image/release_manifest.yaml +++ b/release-manifest-image/release_manifest.yaml @@ -155,11 +155,11 @@ spec: - prettyName: SRIOV releaseName: sriov-network-operator chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator' - version: '%%CHART_MAJOR%%.0.3+up1.5.0' + version: '%%CHART_MAJOR%%.0.4+up1.6.0' dependencyCharts: - releaseName: sriov-crd chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd' - version: '%%CHART_MAJOR%%.0.2+up1.5.0' + version: '%%CHART_MAJOR%%.0.4+up1.6.0' - prettyName: Akri releaseName: akri chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri' -- 2.51.1