openshift · openshift-merge-robot · Jun 25, 2021 · May 31, 2021 · May 19, 2021 · May 28, 2021
diff --git a/api/v1/helper.go b/api/v1/helper.go
@@ -12,8 +12,10 @@ import (
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	uns "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/types"
+	"k8s.io/client-go/kubernetes"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 
@@ -36,31 +38,16 @@ var VfIds = []string{}
 
 // NicIdMap contains supported mapping of IDs with each in the format of:
 // Vendor ID, Physical Function Device ID, Virtual Function Device ID
-var NicIdMap = []string{
-	"8086 158b 154c", // I40e 25G SFP28
-	"8086 1572 154c", // I40e 10G X710 SFP+
-	"8086 0d58 154c", // I40e XXV710 N3000
-	"8086 1583 154c", // I40e 40G XL710 QSFP+
-	"8086 1592 1889", // Columbiaville E810-CQDA2/2CQDA2
-	"8086 1593 1889", // Columbiaville E810-XXVDA4
-	"8086 159b 1889", // Columbiaville E810-XXVDA2
-	"15b3 1013 1014", // ConnectX-4
-	"15b3 1015 1016", // ConnectX-4LX
-	"15b3 1017 1018", // ConnectX-5, PCIe 3.0
-	"15b3 1019 101a", // ConnectX-5 Ex
-	"15b3 101b 101c", // ConnectX-6
-	"15b3 101d 101e", // ConnectX-6 Dx
-	"15b3 a2d6 101e", // MT42822 BlueField-2 integrated ConnectX-6 Dx
-	"14e4 16d7 16dc", // BCM57414 2x25G
-	"14e4 1750 1806", // BCM75508 2x100G
-}
+var NicIdMap = []string{}
 
 // NetFilterType Represents the NetFilter tags to be used
 type NetFilterType int
 
 const (
 	// OpenstackNetworkID network UUID
 	OpenstackNetworkID NetFilterType = iota
+
+	SUPPORTED_NIC_ID_CONFIGMAP = "supported-nic-ids"
 )
 
 func (e NetFilterType) String() string {
@@ -72,6 +59,22 @@ func (e NetFilterType) String() string {
 	}
 }
 
+func InitNicIdMap(client *kubernetes.Clientset, namespace string) error {
+	cm, err := client.CoreV1().ConfigMaps(namespace).Get(
+		context.Background(),
+		SUPPORTED_NIC_ID_CONFIGMAP,
+		metav1.GetOptions{},
+	)
+	// if the configmap does not exist, return false
+	if err != nil {
+		return err
+	}
+	for _, v := range cm.Data {
+		NicIdMap = append(NicIdMap, v)
+	}
+	return nil
+}
+
 func IsSupportedVendor(vendorId string) bool {
 	for _, n := range NicIdMap {
 		ids := strings.Split(n, " ")
@@ -114,30 +117,6 @@ func IsEnabledUnsupportedVendor(vendorId string, unsupportedNicIdMap map[string]
 	return false
 }
 
-func IsEnabledUnsupportedDevice(deviceId string, unsupportedNicIdMap map[string]string) bool {
-	for _, n := range unsupportedNicIdMap {
-		if IsValidPciString(n) {
-			ids := strings.Split(n, " ")
-			if deviceId == ids[1] {
-				return true
-			}
-		}
-	}
-	return false
-}
-
-func IsEnabledUnsupportedModel(vendorId, deviceId string, unsupportedNicIdMap map[string]string) bool {
-	for _, n := range unsupportedNicIdMap {
-		if IsValidPciString(n) {
-			ids := strings.Split(n, " ")
-			if vendorId == ids[0] && deviceId == ids[1] {
-				return true
-			}
-		}
-	}
-	return false
-}
-
 func IsValidPciString(nicIdString string) bool {
 	ids := strings.Split(nicIdString, " ")
 
@@ -182,50 +161,13 @@ func GetSupportedVfIds() []string {
 			vfIds = append(vfIds, vfId)
 		}
 	}
-	return vfIds
-}
-
-func GetUnsupportedVfIds(unsupportedNicIdMap map[string]string) []string {
-	var vfIds []string
-	for k, n := range unsupportedNicIdMap {
-		if !IsValidPciString(n) {
-			log.Info("GetUnsupportedVfIds():", "name", k,
-				"Invalid Pci string", n)
-			continue
-		}
-		ids := strings.Split(n, " ")
-		vfId := "0x" + ids[2]
-		if !StringInArray(vfId, vfIds) {
-			vfIds = append(vfIds, vfId)
-		}
-	}
-	return vfIds
-}
-
-func GetMergedVfIds(unsupportedNicIdMap map[string]string) []string {
-	supportedVfIds := VfIds
-	unsupportedVfIds := GetUnsupportedVfIds(unsupportedNicIdMap)
-	var mergedVfIds []string
-
-	mergedVfIdsSet := make(map[string]struct{})
-	for _, v := range supportedVfIds {
-		mergedVfIdsSet[v] = struct{}{}
-	}
-	for _, v := range unsupportedVfIds {
-		mergedVfIdsSet[v] = struct{}{}
-	}
-	for k := range mergedVfIdsSet {
-		mergedVfIds = append(mergedVfIds, k)
-	}
-
 	// return a sorted slice so that udev rule is stable
-	sort.Slice(mergedVfIds, func(i, j int) bool {
-		ip, _ := strconv.ParseInt(mergedVfIds[i], 0, 32)
-		jp, _ := strconv.ParseInt(mergedVfIds[j], 0, 32)
+	sort.Slice(vfIds, func(i, j int) bool {
+		ip, _ := strconv.ParseInt(vfIds[i], 0, 32)
+		jp, _ := strconv.ParseInt(vfIds[j], 0, 32)
 		return ip < jp
 	})
-
-	return mergedVfIds
+	return vfIds
 }
 
 func GetVfDeviceId(deviceId string) string {
@@ -238,10 +180,6 @@ func GetVfDeviceId(deviceId string) string {
 	return ""
 }
 
-func init() {
-	VfIds = GetSupportedVfIds()
-}
-
 type ByPriority []SriovNetworkNodePolicy
 
 func (a ByPriority) Len() int {

diff --git a/bindata/manifests/operator-webhook/003-webhook.yaml b/bindata/manifests/operator-webhook/003-webhook.yaml
@@ -3,7 +3,6 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: {{.SRIOVMutatingWebhookName}}
-  namespace: {{.Namespace}}
   annotations:
     {{- if eq .ClusterType "openshift" }}
     service.beta.openshift.io/inject-cabundle: "true"
@@ -34,7 +33,6 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: {{.SRIOVMutatingWebhookName}}
-  namespace: {{.Namespace}}
   annotations:
     {{- if eq .ClusterType "openshift" }}
     service.beta.openshift.io/inject-cabundle: "true"

diff --git a/bindata/manifests/operator-webhook/server.yaml b/bindata/manifests/operator-webhook/server.yaml
@@ -29,7 +29,13 @@ spec:
       priorityClassName: "system-cluster-critical"
       nodeSelector:
         beta.kubernetes.io/os: linux
-        node-role.kubernetes.io/master:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
       tolerations:
       - key: "node-role.kubernetes.io/master"
         operator: Exists

diff --git a/bindata/manifests/webhook/003-webhook.yaml b/bindata/manifests/webhook/003-webhook.yaml
@@ -3,7 +3,6 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: {{.SRIOVMutatingWebhookName}}
-  namespace: {{.Namespace}}
   annotations:
     {{- if eq .ClusterType "openshift" }}
     service.beta.openshift.io/inject-cabundle: "true"

diff --git a/bindata/manifests/webhook/server.yaml b/bindata/manifests/webhook/server.yaml
@@ -32,7 +32,13 @@ spec:
       priorityClassName: "system-cluster-critical"
       nodeSelector:
         beta.kubernetes.io/os: linux
-        node-role.kubernetes.io/master:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: node-role.kubernetes.io/master
+                operator: Exists
       tolerations:
       - key: "node-role.kubernetes.io/master"
         operator: Exists

diff --git a/cmd/webhook/start.go b/cmd/webhook/start.go
@@ -136,6 +136,11 @@ func runStartCmd(cmd *cobra.Command, args []string) {
 		panic(err)
 	}
 
+	if err := webhook.RetriveSupportedNics(); err != nil {
+		glog.Error(err)
+		panic(err)
+	}
+
 	keyPair, err := webhook.NewTlsKeypairReloader(certFile, keyFile)
 	if err != nil {
 		glog.Fatalf("error load certificate: %s", err.Error())

diff --git a/controllers/sriovoperatorconfig_controller.go b/controllers/sriovoperatorconfig_controller.go
@@ -25,7 +25,6 @@ import (
 	"github.com/go-logr/logr"
 	"github.com/openshift/machine-config-operator/lib/resourcemerge"
 	mcfgv1 "github.com/openshift/machine-config-operator/pkg/apis/machineconfiguration.openshift.io/v1"
-	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/errors"
@@ -250,7 +249,7 @@ func (r *SriovOperatorConfigReconciler) syncWebhookObjs(dc *sriovnetworkv1.Sriov
 
 		// Sync Webhook
 		for _, obj := range objs {
-			err = r.syncWebhookObject(dc, obj)
+			err = r.syncK8sResource(dc, obj)
 			if err != nil {
 				logger.Error(err, "Couldn't sync webhook objects")
 				return err
@@ -268,129 +267,6 @@ func (r *SriovOperatorConfigReconciler) deleteWebhookObject(obj *uns.Unstructure
 	return nil
 }
 
-func (r *SriovOperatorConfigReconciler) syncWebhookObject(dc *sriovnetworkv1.SriovOperatorConfig, obj *uns.Unstructured) error {
-	var err error
-	logger := r.Log.WithName("syncWebhookObject")
-	logger.Info("Start to sync Objects")
-	scheme := kscheme.Scheme
-	switch kind := obj.GetKind(); kind {
-	case "MutatingWebhookConfiguration":
-		whs := &admissionregistrationv1.MutatingWebhookConfiguration{}
-		err = scheme.Convert(obj, whs, nil)
-		r.syncMutatingWebhook(dc, whs)
-		if err != nil {
-			logger.Error(err, "Fail to sync mutate webhook")
-			return err
-		}
-	case "ValidatingWebhookConfiguration":
-		whs := &admissionregistrationv1.ValidatingWebhookConfiguration{}
-		err = scheme.Convert(obj, whs, nil)
-		r.syncValidatingWebhook(dc, whs)
-		if err != nil {
-			logger.Error(err, "Fail to sync validate webhook")
-			return err
-		}
-	case "ServiceAccount", "DaemonSet", "Service", "ClusterRole", "ClusterRoleBinding":
-		err = r.syncK8sResource(dc, obj)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (r *SriovOperatorConfigReconciler) syncMutatingWebhook(cr *sriovnetworkv1.SriovOperatorConfig, in *admissionregistrationv1.MutatingWebhookConfiguration) error {
-	logger := r.Log.WithName("syncMutatingWebhook")
-	logger.Info("Start to sync mutating webhook", "Name", in.Name, "Namespace", in.Namespace)
-
-	if err := controllerutil.SetControllerReference(cr, in, r.Scheme); err != nil {
-		return err
-	}
-	whs := &admissionregistrationv1.MutatingWebhookConfiguration{}
-	err := r.Get(context.TODO(), types.NamespacedName{Name: in.Name}, whs)
-	if err != nil {
-		if errors.IsNotFound(err) {
-			err = r.Create(context.TODO(), in)
-			if err != nil {
-				return fmt.Errorf("Couldn't create webhook: %v", err)
-			}
-			logger.Info("Create webhook for", in.Namespace, in.Name)
-		} else {
-			return fmt.Errorf("Fail to get webhook: %v", err)
-		}
-	}
-
-	// Delete deprecated operator mutating webhook CR
-	deprecated_webhook := &admissionregistrationv1.MutatingWebhookConfiguration{}
-	err = r.Get(context.TODO(), types.NamespacedName{Name: DEPRECATED_OPERATOR_WEBHOOK_NAME}, deprecated_webhook)
-	if err != nil {
-		if errors.IsNotFound(err) {
-			return nil
-		} else {
-			logger.Info("Failed to get deprecated operator mutating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		}
-	} else {
-		err := r.Delete(context.TODO(), deprecated_webhook)
-		if err != nil {
-			logger.Info("Failed to delete deprecated operator mutating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		} else {
-			logger.Info("Deleted deprecated operator mutating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		}
-	}
-
-	// Note:
-	// we don't need to manage the update of MutatingWebhookConfiguration here
-	// as it's handled by caconfig controller
-
-	return nil
-}
-
-func (r *SriovOperatorConfigReconciler) syncValidatingWebhook(cr *sriovnetworkv1.SriovOperatorConfig, in *admissionregistrationv1.ValidatingWebhookConfiguration) error {
-	logger := r.Log.WithName("syncValidatingWebhook")
-	logger.Info("Start to sync validating webhook", "Name", in.Name, "Namespace", in.Namespace)
-
-	if err := controllerutil.SetControllerReference(cr, in, r.Scheme); err != nil {
-		return err
-	}
-	whs := &admissionregistrationv1.ValidatingWebhookConfiguration{}
-	err := r.Get(context.TODO(), types.NamespacedName{Name: in.Name}, whs)
-	if err != nil {
-		if errors.IsNotFound(err) {
-			err = r.Create(context.TODO(), in)
-			if err != nil {
-				return fmt.Errorf("Couldn't create webhook: %v", err)
-			}
-			logger.Info("Create webhook for", in.Namespace, in.Name)
-		} else {
-			return fmt.Errorf("Fail to get webhook: %v", err)
-		}
-	}
-
-	// Delete deprecated operator validating webhook CR
-	deprecated_webhook := &admissionregistrationv1.ValidatingWebhookConfiguration{}
-	err = r.Get(context.TODO(), types.NamespacedName{Name: DEPRECATED_OPERATOR_WEBHOOK_NAME}, deprecated_webhook)
-	if err != nil {
-		if errors.IsNotFound(err) {
-			return nil
-		} else {
-			logger.Info("Failed to get deprecated operator validating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		}
-	} else {
-		err := r.Delete(context.TODO(), deprecated_webhook)
-		if err != nil {
-			logger.Info("Failed to delete deprecated operator validating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		} else {
-			logger.Info("Deleted deprecated operator validating webhook for", namespace, DEPRECATED_OPERATOR_WEBHOOK_NAME)
-		}
-	}
-
-	// Note:
-	// we don't need to manage the update of MutatingWebhookConfiguration here
-	// as it's handled by caconfig controller
-
-	return nil
-}
-
 func (r *SriovOperatorConfigReconciler) deleteK8sResource(in *uns.Unstructured) error {
 	if err := apply.DeleteObject(context.TODO(), r, in); err != nil {
 		return fmt.Errorf("failed to delete object %v with err: %v", in, err)
@@ -399,8 +275,10 @@ func (r *SriovOperatorConfigReconciler) deleteK8sResource(in *uns.Unstructured)
 }
 
 func (r *SriovOperatorConfigReconciler) syncK8sResource(cr *sriovnetworkv1.SriovOperatorConfig, in *uns.Unstructured) error {
-	// set owner-reference only for namespaced objects
-	if in.GetKind() != "ClusterRole" && in.GetKind() != "ClusterRoleBinding" {
+	switch in.GetKind() {
+	case "ClusterRole", "ClusterRoleBinding", "MutatingWebhookConfiguration", "ValidatingWebhookConfiguration":
+	default:
+		// set owner-reference only for namespaced objects
 		if err := controllerutil.SetControllerReference(cr, in, r.Scheme); err != nil {
 			return err
 		}