diff --git a/bindata/manifests/metrics-exporter/metrics-daemonset.yaml b/bindata/manifests/metrics-exporter/metrics-daemonset.yaml index 6e433f07d..8393bd1bb 100644 --- a/bindata/manifests/metrics-exporter/metrics-daemonset.yaml +++ b/bindata/manifests/metrics-exporter/metrics-daemonset.yaml @@ -88,7 +88,7 @@ spec: readOnly: true nodeSelector: {{- range $key, $value := .NodeSelectorField }} - {{ $key }}: {{ $value }} + {{ $key }}: "{{ $value }}" {{- end }} restartPolicy: Always volumes: diff --git a/bindata/manifests/operator-webhook/002-rbac.yaml b/bindata/manifests/operator-webhook/002-rbac.yaml index 35158ad94..7396c3ca4 100644 --- a/bindata/manifests/operator-webhook/002-rbac.yaml +++ b/bindata/manifests/operator-webhook/002-rbac.yaml @@ -10,48 +10,23 @@ kind: ClusterRole metadata: name: operator-webhook rules: -- apiGroups: [""] - resources: ["nodes"] - verbs: ["get", "list", "watch"] -- apiGroups: - - certificates.k8s.io - resources: - - certificatesigningrequests - - certificatesigningrequests/approval - verbs: - - '*' -- apiGroups: - - "" - resources: - - secrets - verbs: - - '*' - apiGroups: - "" resources: + - nodes - configmaps verbs: - get - - update + - list + - watch - apiGroups: - - admissionregistration.k8s.io + - "sriovnetwork.openshift.io" resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations + - "*" verbs: - - '*' -- apiGroups: - - "" - resources: - - services - verbs: - - '*' -- apiGroups: - - "sriovnetwork.openshift.io" - resources: - - "*" - verbs: - - "*" + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/bindata/manifests/webhook/002-rbac.yaml b/bindata/manifests/webhook/002-rbac.yaml index 0c33e3a08..77b2d95d7 100644 --- a/bindata/manifests/webhook/002-rbac.yaml +++ b/bindata/manifests/webhook/002-rbac.yaml @@ -11,46 +11,21 @@ metadata: name: network-resources-injector rules: - apiGroups: - - "" - - k8s.cni.cncf.io - - extensions - - apps + - k8s.cni.cncf.io resources: - - pods - - network-attachment-definitions - - replicationcontrollers - - replicasets - - daemonsets - - statefulsets - - configmaps + - network-attachment-definitions verbs: - - '*' + - 'watch' + - 'list' + - 'get' - apiGroups: - - certificates.k8s.io + - "" resources: - - certificatesigningrequests - - certificatesigningrequests/approval + - configmap verbs: - - '*' -- apiGroups: - - "" - resources: - - secrets - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - "" - resources: - - services - verbs: - - '*' + - 'watch' + - 'list' + - 'get' --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/bundle/manifests/sriov-network-operator.clusterserviceversion.yaml b/bundle/manifests/sriov-network-operator.clusterserviceversion.yaml index 26a4741d0..fc91ceb29 100644 --- a/bundle/manifests/sriov-network-operator.clusterserviceversion.yaml +++ b/bundle/manifests/sriov-network-operator.clusterserviceversion.yaml @@ -100,7 +100,7 @@ metadata: categories: Networking certified: "false" containerImage: quay.io/openshift/origin-sriov-network-operator:4.18 - createdAt: "2024-09-01T23:50:40Z" + createdAt: "2024-09-10T23:50:28Z" description: An operator for configuring SR-IOV components and initializing SRIOV network devices in Openshift cluster. features.operators.openshift.io/cnf: "false" diff --git a/controllers/sriovoperatorconfig_controller_test.go b/controllers/sriovoperatorconfig_controller_test.go index 582d9781d..9ba05490b 100644 --- a/controllers/sriovoperatorconfig_controller_test.go +++ b/controllers/sriovoperatorconfig_controller_test.go @@ -226,12 +226,9 @@ var _ = Describe("SriovOperatorConfig controller", Ordered, func() { It("should be able to update the node selector of sriov-network-config-daemon", func() { By("specify the configDaemonNodeSelector") - config := &sriovnetworkv1.SriovOperatorConfig{} - Expect(k8sClient.Get(ctx, types.NamespacedName{Namespace: testNamespace, Name: "default"}, config)).NotTo(HaveOccurred()) - - config.Spec.ConfigDaemonNodeSelector = map[string]string{"node-role.kubernetes.io/worker": ""} - err := k8sClient.Update(ctx, config) - Expect(err).NotTo(HaveOccurred()) + nodeSelector := map[string]string{"node-role.kubernetes.io/worker": ""} + restore := updateConfigDaemonNodeSelector(nodeSelector) + DeferCleanup(restore) daemonSet := &appsv1.DaemonSet{} Eventually(func() map[string]string { @@ -241,19 +238,17 @@ var _ = Describe("SriovOperatorConfig controller", Ordered, func() { return nil } return daemonSet.Spec.Template.Spec.NodeSelector - }, util.APITimeout, util.RetryInterval).Should(Equal(config.Spec.ConfigDaemonNodeSelector)) + }, util.APITimeout, util.RetryInterval).Should(Equal(nodeSelector)) }) It("should be able to do multiple updates to the node selector of sriov-network-config-daemon", func() { By("changing the configDaemonNodeSelector") - config := &sriovnetworkv1.SriovOperatorConfig{} - Expect(k8sClient.Get(ctx, types.NamespacedName{Namespace: testNamespace, Name: "default"}, config)).NotTo(HaveOccurred()) - config.Spec.ConfigDaemonNodeSelector = map[string]string{"labelA": "", "labelB": "", "labelC": ""} - err := k8sClient.Update(ctx, config) - Expect(err).NotTo(HaveOccurred()) - config.Spec.ConfigDaemonNodeSelector = map[string]string{"labelA": "", "labelB": ""} - err = k8sClient.Update(ctx, config) - Expect(err).NotTo(HaveOccurred()) + firstNodeSelector := map[string]string{"labelA": "", "labelB": "", "labelC": ""} + restore := updateConfigDaemonNodeSelector(firstNodeSelector) + DeferCleanup(restore) + + secondNodeSelector := map[string]string{"labelA": "", "labelB": ""} + updateConfigDaemonNodeSelector(secondNodeSelector) daemonSet := &appsv1.DaemonSet{} Eventually(func() map[string]string { @@ -262,7 +257,7 @@ var _ = Describe("SriovOperatorConfig controller", Ordered, func() { return nil } return daemonSet.Spec.Template.Spec.NodeSelector - }, util.APITimeout, util.RetryInterval).Should(Equal(config.Spec.ConfigDaemonNodeSelector)) + }, util.APITimeout, util.RetryInterval).Should(Equal(secondNodeSelector)) }) It("should not render disable-plugins cmdline flag of sriov-network-config-daemon if disablePlugin not provided in spec", func() { @@ -365,6 +360,23 @@ var _ = Describe("SriovOperatorConfig controller", Ordered, func() { Expect(err).ToNot(HaveOccurred()) }) + It("should deploy the sriov-network-metrics-exporter using the Spec.ConfigDaemonNodeSelector field", func() { + nodeSelector := map[string]string{ + "node-role.kubernetes.io/worker": "", + "bool-key": "true", + } + + restore := updateConfigDaemonNodeSelector(nodeSelector) + DeferCleanup(restore) + + Eventually(func(g Gomega) { + metricsDaemonset := appsv1.DaemonSet{} + err := util.WaitForNamespacedObject(&metricsDaemonset, k8sClient, testNamespace, "sriov-network-metrics-exporter", util.RetryInterval, util.APITimeout) + g.Expect(err).NotTo(HaveOccurred()) + g.Expect(metricsDaemonset.Spec.Template.Spec.NodeSelector).To((Equal(nodeSelector))) + }).Should(Succeed()) + }) + It("should deploy extra configuration when the Prometheus operator is installed", func() { DeferCleanup(os.Setenv, "METRICS_EXPORTER_PROMETHEUS_OPERATOR_ENABLED", os.Getenv("METRICS_EXPORTER_PROMETHEUS_OPERATOR_ENABLED")) os.Setenv("METRICS_EXPORTER_PROMETHEUS_OPERATOR_ENABLED", "true") @@ -501,3 +513,20 @@ func assertResourceExists(gvk schema.GroupVersionKind, key client.ObjectKey) { err := k8sClient.Get(context.Background(), key, u) Expect(err).NotTo(HaveOccurred()) } + +func updateConfigDaemonNodeSelector(newValue map[string]string) func() { + config := &sriovnetworkv1.SriovOperatorConfig{} + err := k8sClient.Get(context.Background(), types.NamespacedName{Namespace: testNamespace, Name: "default"}, config) + Expect(err).NotTo(HaveOccurred()) + + previousValue := config.Spec.ConfigDaemonNodeSelector + ret := func() { + updateConfigDaemonNodeSelector(previousValue) + } + + config.Spec.ConfigDaemonNodeSelector = newValue + err = k8sClient.Update(context.Background(), config) + Expect(err).NotTo(HaveOccurred()) + + return ret +} diff --git a/manifests/stable/sriov-network-operator.clusterserviceversion.yaml b/manifests/stable/sriov-network-operator.clusterserviceversion.yaml index 26a4741d0..fc91ceb29 100644 --- a/manifests/stable/sriov-network-operator.clusterserviceversion.yaml +++ b/manifests/stable/sriov-network-operator.clusterserviceversion.yaml @@ -100,7 +100,7 @@ metadata: categories: Networking certified: "false" containerImage: quay.io/openshift/origin-sriov-network-operator:4.18 - createdAt: "2024-09-01T23:50:40Z" + createdAt: "2024-09-10T23:50:28Z" description: An operator for configuring SR-IOV components and initializing SRIOV network devices in Openshift cluster. features.operators.openshift.io/cnf: "false"