From 7a54374c103e095c8ca9131e2c8e5d5da2464bdd Mon Sep 17 00:00:00 2001 From: Ivan Kolodiazhnyi Date: Tue, 27 Jul 2021 18:14:24 +0300 Subject: [PATCH] Sync upstream SR-IOV Network Operator Helm Chart We can't use SR-IOV Network Operator chart from the official repo until https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/167 will be merged and new chart will be punlished. This patch syncs the latest changes from the upstrem to Network Operator repo to deploy the lates version of the SR-IOV Network Operator. Signed-off-by: Ivan Kolodiazhnyi --- deployment/network-operator/Chart.yaml | 2 +- .../charts/sriov-network-operator/Chart.yaml | 30 +-- .../charts/sriov-network-operator/README.md | 73 +++++++ ...network.openshift.io_sriovibnetworks.yaml} | 13 +- ...penshift.io_sriovnetworknodepolicies.yaml} | 19 +- ....openshift.io_sriovnetworknodestates.yaml} | 17 +- ....openshift.io_sriovnetworkpoolconfigs.yaml | 79 ++++++++ ...ovnetwork.openshift.io_sriovnetworks.yaml} | 13 +- ...rk.openshift.io_sriovoperatorconfigs.yaml} | 21 +- .../templates/NOTES.txt | 6 +- .../templates/_helpers.tpl | 15 -- .../templates/clusterrole.yaml | 99 ++++----- .../templates/clusterrolebinding.yaml | 37 ++-- .../templates/configmap.yaml | 37 ++++ .../templates/leader_election_role.yaml | 56 ++++++ .../leader_election_role_binding.yaml | 31 +++ .../templates/operator.yaml | 49 +++-- .../templates/role.yaml | 188 ++++++++++-------- .../templates/role_binding.yaml | 46 ----- .../templates/rolebinding.yaml | 46 +++++ .../templates/service_account.yaml | 30 --- .../templates/serviceaccount.yaml | 30 +++ ...shift.io_v1_sriovnetworknodepolicy_cr.yaml | 27 --- ...penshift.io_v1_sriovoperatorconfig_cr.yaml | 26 --- .../charts/sriov-network-operator/values.yaml | 51 ++--- deployment/network-operator/values.yaml | 26 +++ 26 files changed, 685 insertions(+), 382 deletions(-) create mode 100644 deployment/network-operator/charts/sriov-network-operator/README.md rename deployment/network-operator/charts/sriov-network-operator/crds/{sriovnetwork.openshift.io_sriovibnetworks_crd.yaml => sriovnetwork.openshift.io_sriovibnetworks.yaml} (93%) rename deployment/network-operator/charts/sriov-network-operator/crds/{sriovnetwork.openshift.io_sriovnetworknodepolicies_crd.yaml => sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml} (90%) rename deployment/network-operator/charts/sriov-network-operator/crds/{sriovnetwork.openshift.io_sriovnetworknodestates_crd.yaml => sriovnetwork.openshift.io_sriovnetworknodestates.yaml} (93%) create mode 100644 deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml rename deployment/network-operator/charts/sriov-network-operator/crds/{sriovnetwork.openshift.io_sriovnetworks_crd.yaml => sriovnetwork.openshift.io_sriovnetworks.yaml} (94%) rename deployment/network-operator/charts/sriov-network-operator/crds/{sriovnetwork.openshift.io_sriovoperatorconfigs_crd.yaml => sriovnetwork.openshift.io_sriovoperatorconfigs.yaml} (84%) create mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/configmap.yaml create mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role.yaml create mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role_binding.yaml delete mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/role_binding.yaml create mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/rolebinding.yaml delete mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/service_account.yaml create mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/serviceaccount.yaml delete mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovnetworknodepolicy_cr.yaml delete mode 100644 deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovoperatorconfig_cr.yaml diff --git a/deployment/network-operator/Chart.yaml b/deployment/network-operator/Chart.yaml index 44faeeffa..3994cba6f 100644 --- a/deployment/network-operator/Chart.yaml +++ b/deployment/network-operator/Chart.yaml @@ -19,5 +19,5 @@ dependencies: - condition: sriovNetworkOperator.enabled name: sriov-network-operator repository: "" - version: 0.1.0 + version: 4.7.0 diff --git a/deployment/network-operator/charts/sriov-network-operator/Chart.yaml b/deployment/network-operator/charts/sriov-network-operator/Chart.yaml index 8c4a58a13..fbd4863af 100644 --- a/deployment/network-operator/charts/sriov-network-operator/Chart.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/Chart.yaml @@ -1,24 +1,12 @@ apiVersion: v2 name: sriov-network-operator -description: | - SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -# Versions are expected to follow Semantic Versioning (https://semver.org/) version: 0.1.0 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. Versions are not expected to -# follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.1.0 +kubeVersion: '>= 1.16.0' +appVersion: 4.7.0 +description: SR-IOV network operator configures and manages SR-IOV networks in the kubernetes cluster +type: application +keywords: + - sriov +home: https://github.com/k8snetworkplumbingwg/sriov-network-operator +sources: + - https://github.com/k8snetworkplumbingwg/sriov-network-operator diff --git a/deployment/network-operator/charts/sriov-network-operator/README.md b/deployment/network-operator/charts/sriov-network-operator/README.md new file mode 100644 index 000000000..b34d479bd --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/README.md @@ -0,0 +1,73 @@ +# SR-IOV Network Operator Helm Chart + +SR-IOV Network Operator Helm Chart provides an easy way to install, configure and manage +the lifecycle of SR-IOV network operator. + +## SR-IOV Network Operator +SR-IOV Network Operator leverages [Kubernetes CRDs](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) +and [Operator SDK](https://github.com/operator-framework/operator-sdk) to configure and manage SR-IOV networks in a Kubernetes cluster. + +SR-IOV Network Operator features: +- Initialize the supported SR-IOV NIC types on selected nodes. +- Provision/upgrade SR-IOV device plugin executable on selected node. +- Provision/upgrade SR-IOV CNI plugin executable on selected nodes. +- Manage configuration of SR-IOV device plugin on host. +- Generate net-att-def CRs for SR-IOV CNI plugin +- Supports operation in a virtualized Kubernetes deployment + - Discovers VFs attached to the Virtual Machine (VM) + - Does not require attached of associated PFs + - VFs can be associated to SriovNetworks by selecting the appropriate PciAddress as the RootDevice in the SriovNetworkNodePolicy + +## QuickStart + +### Prerequisites + +- Kubernetes v1.17+ +- Helm v3 + +### Install Helm + +Helm provides an install script to copy helm binary to your system: +``` +$ curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 +$ chmod 500 get_helm.sh +$ ./get_helm.sh +``` + +For additional information and methods for installing Helm, refer to the official [helm website](https://helm.sh/) + +### Deploy SR-IOV Network Operator + +``` +# Install Operator +$ helm install -n sriov-network-operator --create-namespace --wait sriov-network-operator ./ + +# View deployed resources +$ kubectl -n sriov-network-operator get pods +``` + +## Chart parameters + +In order to tailor the deployment of the network operator to your cluster needs +We have introduced the following Chart parameters. + +### Operator parameters + +| Name | Type | Default | description | +| ---- | ---- | ------- | ----------- | +| `operator.resourcePrefix` | string | `openshift.io` | Device plugin resource prefix | +| `operator.enableAdmissionController` | bool | `false` | Enable SR-IOV network resource injector and operator webhook | +| `operator.cniBinPath` | string | `/opt/cni/bin` | Path for CNI binary | +| `operator.clusterType` | string | `kubernetes` | Cluster environment type | + +### Images parameters + +| Name | description | +| ---- | ----------- | +| `images.operator` | Operator controller image | +| `images.sriovConfigDaemon` | Daemon node agent image | +| `images.sriovCni` | SR-IOV CNI image | +| `images.ibSriovCni` | InfiniBand SR-IOV CNI image | +| `images.sriovDevicePlugin` | SR-IOV device plugin image | +| `images.resourcesInjector` | Resources Injector image | +| `images.webhook` | Operator Webhook image | diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks_crd.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml similarity index 93% rename from deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks_crd.yaml rename to deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml index cf514aa74..f21ceeec6 100644 --- a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks_crd.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 NVIDIA +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null name: sriovibnetworks.sriovnetwork.openshift.io spec: group: sriovnetwork.openshift.io @@ -79,3 +84,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies_crd.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml similarity index 90% rename from deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies_crd.yaml rename to deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml index 8a6feaeec..aec2478f3 100644 --- a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies_crd.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 NVIDIA +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null name: sriovnetworknodepolicies.sriovnetwork.openshift.io spec: group: sriovnetwork.openshift.io @@ -79,7 +84,11 @@ spec: properties: deviceID: description: The device hex code of SR-IoV device. Allowed value - "158b", "1015", "1017". + "0d58", "1572", "158b", "1013", "1015", "1017", "101b". + type: string + netFilter: + description: Infrastructure Networking selection filter. Allowed + value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" type: string pfNames: description: Name of SR-IoV PF. @@ -129,3 +138,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates_crd.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml similarity index 93% rename from deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates_crd.yaml rename to deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml index 3b049bc35..b3762653e 100644 --- a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates_crd.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 NVIDIA +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null name: sriovnetworknodestates.sriovnetwork.openshift.io spec: group: sriovnetwork.openshift.io @@ -67,6 +72,8 @@ spec: properties: deviceType: type: string + mtu: + type: integer policyName: type: string resourceName: @@ -131,6 +138,8 @@ spec: type: integer name: type: string + netFilter: + type: string numVfs: type: integer pciAddress: @@ -153,3 +162,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml new file mode 100644 index 000000000..76bab29c7 --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml @@ -0,0 +1,79 @@ +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null + name: sriovnetworkpoolconfigs.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovNetworkPoolConfig + listKind: SriovNetworkPoolConfigList + plural: sriovnetworkpoolconfigs + singular: sriovnetworkpoolconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig + properties: + ovsHardwareOffloadConfig: + description: OvsHardwareOffloadConfig describes the OVS HWOL configuration + for selected Nodes + properties: + name: + description: 'Name is mandatory and must be unique. On Kubernetes: + Name is the name of OvsHardwareOffloadConfig On OpenShift: Name + is the name of MachineConfigPool to be enabled with OVS hardware + offload' + type: string + type: object + type: object + status: + description: SriovNetworkPoolConfigStatus defines the observed state of + SriovNetworkPoolConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks_crd.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks.yaml similarity index 94% rename from deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks_crd.yaml rename to deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks.yaml index 5427911a3..093d9606f 100644 --- a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks_crd.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovnetworks.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 NVIDIA +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null name: sriovnetworks.sriovnetwork.openshift.io spec: group: sriovnetwork.openshift.io @@ -111,3 +116,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs_crd.yaml b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml similarity index 84% rename from deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs_crd.yaml rename to deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml index b6c9be796..3e677a703 100644 --- a/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs_crd.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml @@ -1,4 +1,4 @@ -# Copyright 2020 NVIDIA +# Copyright 2021 NVIDIA CORPORATION & AFFILIATES. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -11,9 +11,14 @@ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. + +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.1 + creationTimestamp: null name: sriovoperatorconfigs.sriovnetwork.openshift.io spec: group: sriovnetwork.openshift.io @@ -50,6 +55,9 @@ spec: type: string description: NodeSelector selects the nodes to be configured type: object + disableDrain: + description: Flag to disable nodes drain during debugging + type: boolean enableInjector: description: Flag to control whether the network resource injector webhook shall be deployed @@ -58,6 +66,11 @@ spec: description: Flag to control whether the operator admission controller webhook shall be deployed type: boolean + enableOvsOffload: + description: Flag to enable OVS hardware offload. Set to 'true' to + provision switchdev-configuration.service and enable OpenvSwitch + hw-offload on nodes. + type: boolean logLevel: description: Flag to control the log verbose level of the operator. Set to '0' to show only the basic logs. And set to '2' to show all @@ -83,3 +96,9 @@ spec: storage: true subresources: status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/NOTES.txt b/deployment/network-operator/charts/sriov-network-operator/templates/NOTES.txt index b959c20ff..94dcf3111 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/NOTES.txt +++ b/deployment/network-operator/charts/sriov-network-operator/templates/NOTES.txt @@ -1,2 +1,6 @@ +Get Network Operator deployed resources by running the following commands: + +$ kubectl -n {{ .Release.Namespace }} get pods + For additional instructions on how to use SR-IOV network operator, -refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator +refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator \ No newline at end of file diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/_helpers.tpl b/deployment/network-operator/charts/sriov-network-operator/templates/_helpers.tpl index 987432a39..51527739e 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/_helpers.tpl +++ b/deployment/network-operator/charts/sriov-network-operator/templates/_helpers.tpl @@ -1,18 +1,3 @@ -{{/* - Copyright 2020 NVIDIA - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/}} {{/* Expand the name of the chart. */}} diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/clusterrole.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/clusterrole.yaml index c4436ee7b..7565f9cdd 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/clusterrole.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/templates/clusterrole.yaml @@ -1,66 +1,69 @@ {{/* - Copyright 2020 NVIDIA + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. */}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "sriov-network-operator.fullname" . }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch", "patch", "update"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["*"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["get"] -- apiGroups: [""] - resources: [namespaces, serviceaccounts] - verbs: ["*"] -- apiGroups: ["k8s.cni.cncf.io"] - resources: ["network-attachment-definitions"] - verbs: ["*"] -- apiGroups: ["rbac.authorization.k8s.io"] - resources: [clusterroles, clusterrolebindings] - verbs: ["*"] -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] - verbs: ["*"] -- apiGroups: ["sriovnetwork.openshift.io"] - resources: ["*"] - verbs: ["*"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["namespaces", "serviceaccounts"] + verbs: ["*"] + - apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["*"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["*"] + - apiGroups: ["sriovnetwork.openshift.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["machineconfiguration.openshift.io"] + resources: ["*"] + verbs: ["*"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: sriov-network-config-daemon labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch", "patch", "update"] -- apiGroups: [""] - resources: ["pods"] - verbs: ["*"] -- apiGroups: ["apps"] - resources: ["daemonsets"] - verbs: ["get"] -- apiGroups: [""] - resources: ["pods/eviction"] - verbs: ["create"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/clusterrolebinding.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/clusterrolebinding.yaml index b3329d7ee..37e33eac0 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/clusterrolebinding.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/templates/clusterrolebinding.yaml @@ -1,45 +1,44 @@ {{/* - Copyright 2020 NVIDIA + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. */}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "sriov-network-operator.fullname" . }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} roleRef: kind: ClusterRole name: {{ include "sriov-network-operator.fullname" . }} apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: {{ include "sriov-network-operator.fullname" . }} + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ include "sriov-network-operator.fullname" . }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: sriov-network-config-daemon labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} roleRef: kind: ClusterRole name: sriov-network-config-daemon apiGroup: rbac.authorization.k8s.io subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace }} - name: sriov-network-config-daemon - + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: sriov-network-config-daemon diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/configmap.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/configmap.yaml new file mode 100644 index 000000000..be321e804 --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/templates/configmap.yaml @@ -0,0 +1,37 @@ +{{/* + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: supported-nic-ids +data: + Intel_i40e_XXV710: "8086 158a 154c" + Intel_i40e_25G_SFP28: "8086 158b 154c" + Intel_i40e_10G_X710_SFP: "8086 1572 154c" + Intel_i40e_XXV710_N3000: "8086 0d58 154c" + Intel_i40e_40G_XL710_QSFP: "8086 1583 154c" + Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889" + Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889" + Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889" + Nvidia_mlx5_ConnectX-4: "15b3 1013 1014" + Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016" + Nvidia_mlx5_ConnectX-5: "15b3 1017 1018" + Nvidia_mlx5_ConnectX-5_Ex: "15b3 1019 101a" + Nvidia_mlx5_ConnectX-6: "15b3 101b 101c" + Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e" + Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e" + Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc" + Broadcom_bnxt_BCM75508_2x100G: "14e4 1750 1806" diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role.yaml new file mode 100644 index 000000000..08fc248d5 --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role.yaml @@ -0,0 +1,56 @@ +{{/* + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role_binding.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role_binding.yaml new file mode 100644 index 000000000..bfb3ac5cb --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/templates/leader_election_role_binding.yaml @@ -0,0 +1,31 @@ +{{/* + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: leader-election-rolebinding + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/operator.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/operator.yaml index e7fd1692a..c9a3bd13f 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/operator.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/templates/operator.yaml @@ -1,29 +1,33 @@ {{/* - Copyright 2020 NVIDIA + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. */}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "sriov-network-operator.fullname" . }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} spec: replicas: 1 selector: matchLabels: name: sriov-network-operator + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 33% template: metadata: labels: @@ -38,12 +42,17 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "sriov-network-operator.fullname" . }} + priorityClassName: "system-node-critical" containers: - - name: sriov-network-operator + - name: {{ include "sriov-network-operator.fullname" . }} image: {{ .Values.images.operator }} command: - - sriov-network-operator + - sriov-network-operator imagePullPolicy: IfNotPresent + resources: + requests: + cpu: 100m + memory: 100Mi env: - name: WATCH_NAMESPACE valueFrom: @@ -56,17 +65,17 @@ spec: - name: SRIOV_DEVICE_PLUGIN_IMAGE value: {{ .Values.images.sriovDevicePlugin }} - name: NETWORK_RESOURCES_INJECTOR_IMAGE - value: "" + value: {{ .Values.images.resourcesInjector }} - name: OPERATOR_NAME value: sriov-network-operator - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE value: {{ .Values.images.sriovConfigDaemon }} - name: SRIOV_NETWORK_WEBHOOK_IMAGE - value: "" + value: {{ .Values.images.webhook }} - name: RESOURCE_PREFIX - value: nvidia.com + value: {{ .Values.operator.resourcePrefix }} - name: ENABLE_ADMISSION_CONTROLLER - value: "false" + value: {{ .Values.operator.enableAdmissionController | quote }} - name: NAMESPACE valueFrom: fieldRef: @@ -78,6 +87,6 @@ spec: - name: RELEASE_VERSION value: {{ .Release.AppVersion }} - name: SRIOV_CNI_BIN_PATH - value: /opt/cni/bin - resources: - {{- toYaml .Values.resources | nindent 12 }} + value: {{ .Values.operator.cniBinPath }} + - name: CLUSTER_TYPE + value: {{ .Values.operator.clusterType }} diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/role.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/role.yaml index 49f449d31..cb489e1d1 100644 --- a/deployment/network-operator/charts/sriov-network-operator/templates/role.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/templates/role.yaml @@ -1,17 +1,17 @@ {{/* - Copyright 2020 NVIDIA + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 + http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. */}} apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -20,52 +20,52 @@ metadata: name: {{ include "sriov-network-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: -- apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - '*' -- apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - '*' -- apiGroups: - - monitoring.coreos.com - resources: - - servicemonitors - verbs: - - get - - create -- apiGroups: - - apps - resourceNames: - - sriov-network-operator - resources: - - deployments/finalizers - verbs: - - update -- apiGroups: - - rbac.authorization.k8s.io - resources: - - serviceaccounts - - roles - - rolebindings - verbs: - - '*' + - apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - sriov-network-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - serviceaccounts + - roles + - rolebindings + verbs: + - '*' --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -73,32 +73,54 @@ metadata: name: sriov-network-config-daemon namespace: {{ .Release.Namespace }} labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- include "sriov-network-operator.labels" . | nindent 4 }} rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - '*' -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - '*' -- apiGroups: - - sriovnetwork.openshift.io - resources: - - '*' - - sriovnetworknodestates - verbs: - - '*' -- apiGroups: - - security.openshift.io - resourceNames: - - privileged - resources: - - securitycontextconstraints - verbs: - - use + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - '*' + - apiGroups: + - sriovnetwork.openshift.io + resources: + - '*' + - sriovnetworknodestates + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: operator-webhook-sa + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/role_binding.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/role_binding.yaml deleted file mode 100644 index 00db7d33f..000000000 --- a/deployment/network-operator/charts/sriov-network-operator/templates/role_binding.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{/* - Copyright 2020 NVIDIA - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/}} -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ include "sriov-network-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: {{ include "sriov-network-operator.fullname" . }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: {{ include "sriov-network-operator.fullname" . }} - apiGroup: rbac.authorization.k8s.io ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: sriov-network-config-daemon - namespace: {{ .Release.Namespace }} - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} -subjects: -- kind: ServiceAccount - name: sriov-network-config-daemon - namespace: {{ .Release.Namespace }} -roleRef: - kind: Role - name: sriov-network-config-daemon - apiGroup: rbac.authorization.k8s.io diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/rolebinding.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/rolebinding.yaml new file mode 100644 index 000000000..e1a25676d --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/templates/rolebinding.yaml @@ -0,0 +1,46 @@ +{{/* + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "sriov-network-operator.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "sriov-network-operator.fullname" . }} + apiGroup: rbac.authorization.k8s.io +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: sriov-network-config-daemon + apiGroup: rbac.authorization.k8s.io diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/service_account.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/service_account.yaml deleted file mode 100644 index cd0ac3f30..000000000 --- a/deployment/network-operator/charts/sriov-network-operator/templates/service_account.yaml +++ /dev/null @@ -1,30 +0,0 @@ -{{/* - Copyright 2020 NVIDIA - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "sriov-network-operator.fullname" . }} - namespace: {{ .Release.Namespace }} - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: sriov-network-config-daemon - namespace: {{ .Release.Namespace }} - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/serviceaccount.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/serviceaccount.yaml new file mode 100644 index 000000000..4ca1caa24 --- /dev/null +++ b/deployment/network-operator/charts/sriov-network-operator/templates/serviceaccount.yaml @@ -0,0 +1,30 @@ +{{/* + Copyright 2021 NVIDIA CORPORATION & AFFILIATES. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovnetworknodepolicy_cr.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovnetworknodepolicy_cr.yaml deleted file mode 100644 index 29537680d..000000000 --- a/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovnetworknodepolicy_cr.yaml +++ /dev/null @@ -1,27 +0,0 @@ -{{/* - Copyright 2020 NVIDIA - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/}} -apiVersion: sriovnetwork.openshift.io/v1 -kind: SriovNetworkNodePolicy -metadata: - name: default - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} -spec: - priority: 99 - numVfs: 0 - resourceName: "" - nicSelector: {} - nodeSelector: {} diff --git a/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovoperatorconfig_cr.yaml b/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovoperatorconfig_cr.yaml deleted file mode 100644 index 3c7992aac..000000000 --- a/deployment/network-operator/charts/sriov-network-operator/templates/sriovnetwork.openshift.io_v1_sriovoperatorconfig_cr.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{/* - Copyright 2020 NVIDIA - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/}} -apiVersion: sriovnetwork.openshift.io/v1 -kind: SriovOperatorConfig -metadata: - name: default - labels: - {{- include "sriov-network-operator.labels" . | nindent 4 }} -spec: - # Add fields here - enableInjector: false - enableOperatorWebhook: false - configDaemonNodeSelector: {} diff --git a/deployment/network-operator/charts/sriov-network-operator/values.yaml b/deployment/network-operator/charts/sriov-network-operator/values.yaml index 68e7f08ea..6d583a41e 100644 --- a/deployment/network-operator/charts/sriov-network-operator/values.yaml +++ b/deployment/network-operator/charts/sriov-network-operator/values.yaml @@ -1,50 +1,23 @@ -# Copyright 2020 NVIDIA -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Default values for sriov-network-operator. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. operator: tolerations: - key: "node-role.kubernetes.io/master" - operator: "Equal" - value: "" + operator: "Exists" effect: "NoSchedule" nodeSelector: node-role.kubernetes.io/master: "" nameOverride: "" fullnameOverride: "" - # tag, if defined will use the given image tag, else Chart.AppVersion will be used - # tag - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi + resourcePrefix: "openshift.io" + enableAdmissionController: false + cniBinPath: "/opt/cni/bin" + clusterType: "kubernetes" # Image URIs for sriov-network-operator components images: - operator: ghcr.io/k8snetworkplumbingwg/sriov-network-operator:a4979827d56fecf50d6f7925f995d065bb982f4e - sriovConfigDaemon: ghcr.io/k8snetworkplumbingwg/sriov-network-operator-config-daemon:a4979827d56fecf50d6f7925f995d065bb982f4e - sriovCni: ghcr.io/k8snetworkplumbingwg/sriov-cni:v2.6.1 - ibSriovCni: ghcr.io/k8snetworkplumbingwg/ib-sriov-cni:af8a57a2e5394c2409f8d5a5b796c0aa1ee02be0 - # Upstream image nfvpe/sriov-device-plugin:v3.2 failing - sriovDevicePlugin: ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin:1f1822bf0bbb25bff55190fcad861617c1a2abb7 + operator: quay.io/openshift/origin-sriov-network-operator + sriovConfigDaemon: quay.io/openshift/origin-sriov-network-config-daemon + sriovCni: quay.io/openshift/origin-sriov-cni + ibSriovCni: quay.io/openshift/origin-sriov-infiniband-cni + sriovDevicePlugin: quay.io/openshift/origin-sriov-network-device-plugin + resourcesInjector: quay.io/openshift/origin-sriov-dp-admission-controller + webhook: quay.io/openshift/origin-sriov-network-webhook diff --git a/deployment/network-operator/values.yaml b/deployment/network-operator/values.yaml index ea3500c3e..8ffdcf3b0 100644 --- a/deployment/network-operator/values.yaml +++ b/deployment/network-operator/values.yaml @@ -49,6 +49,32 @@ node-feature-discovery: - vendor +# SR-IOV Network Operator chart related values +sriov-network-operator: + operator: + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Exists" + effect: "NoSchedule" + nodeSelector: + node-role.kubernetes.io/master: "" + nameOverride: "" + fullnameOverride: "" + resourcePrefix: "openshift.io" + enableAdmissionController: false + cniBinPath: "/opt/cni/bin" + clusterType: "kubernetes" + + # Image URIs for sriov-network-operator components + images: + operator: ghcr.io/k8snetworkplumbingwg/sriov-network-operator:a4979827d56fecf50d6f7925f995d065bb982f4e + sriovConfigDaemon: ghcr.io/k8snetworkplumbingwg/sriov-network-operator-config-daemon:a4979827d56fecf50d6f7925f995d065bb982f4e + sriovCni: ghcr.io/k8snetworkplumbingwg/sriov-cni:v2.6.1 + ibSriovCni: ghcr.io/k8snetworkplumbingwg/ib-sriov-cni:af8a57a2e5394c2409f8d5a5b796c0aa1ee02be0 + sriovDevicePlugin: ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin:1f1822bf0bbb25bff55190fcad861617c1a2abb7 + resourcesInjector: ghcr.io/k8snetworkplumbingwg/network-resources-injector:v1.2 + webhook: ghcr.io/k8snetworkplumbingwg/sriov-network-operator-webhook:a4979827d56fecf50d6f7925f995d065bb982f4e + # General Operator related values # The operator element allows to deploy network operator from an alternate location operator: