--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+appVersion: 4.8.0
+description: |
+ The Sriov Network Operator is designed to help the user to provision
+ and configure SR-IOV CNI plugin and Device plugin in the Kubernetes
+ cluster.
+name: sriov-network-operator
+sources:
+ - https://github.com/k8snetworkplumbingwg/sriov-network-operator
+ - https://downloadcenter.intel.com/download/24693/Intel-Network-Adapter-Linux-Virtual-Function-Driver-for-Intel-Ethernet-Controller-700-and-E810-Series
+home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
+type: application
+version: 0.1.0
--- /dev/null
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: sriovibnetworks.sriovnetwork.openshift.io
+spec:
+ group: sriovnetwork.openshift.io
+ names:
+ kind: SriovIBNetwork
+ listKind: SriovIBNetworkList
+ plural: sriovibnetworks
+ singular: sriovibnetwork
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: SriovIBNetwork is the Schema for the sriovibnetworks API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork
+ properties:
+ capabilities:
+ description: 'Capabilities to be configured for this network. Capabilities
+ supported: (infinibandGUID), e.g. ''{"infinibandGUID": true}'''
+ type: string
+ ipam:
+ description: IPAM configuration to be used for this network.
+ type: string
+ linkState:
+ description: VF link state (enable|disable|auto)
+ enum:
+ - auto
+ - enable
+ - disable
+ type: string
+ networkNamespace:
+ description: Namespace of the NetworkAttachmentDefinition custom resource
+ type: string
+ resourceName:
+ description: SRIOV Network device plugin endpoint resource name
+ type: string
+ required:
+ - resourceName
+ type: object
+ status:
+ description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: sriovnetworks.sriovnetwork.openshift.io
+spec:
+ group: sriovnetwork.openshift.io
+ names:
+ kind: SriovNetwork
+ listKind: SriovNetworkList
+ plural: sriovnetworks
+ singular: sriovnetwork
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: SriovNetwork is the Schema for the sriovnetworks API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SriovNetworkSpec defines the desired state of SriovNetwork
+ properties:
+ capabilities:
+ description: 'Capabilities to be configured for this network. Capabilities
+ supported: (mac|ips), e.g. ''{"mac": true}'''
+ type: string
+ ipam:
+ description: IPAM configuration to be used for this network.
+ type: string
+ linkState:
+ description: VF link state (enable|disable|auto)
+ enum:
+ - auto
+ - enable
+ - disable
+ type: string
+ maxTxRate:
+ description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no
+ rate limiting)
+ minimum: 0
+ type: integer
+ metaPlugins:
+ description: MetaPluginsConfig configuration to be used in order to
+ chain metaplugins to the sriov interface returned by the operator.
+ type: string
+ minTxRate:
+ description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no
+ rate limiting). min_tx_rate should be <= max_tx_rate.
+ minimum: 0
+ type: integer
+ networkNamespace:
+ description: Namespace of the NetworkAttachmentDefinition custom resource
+ type: string
+ resourceName:
+ description: SRIOV Network device plugin endpoint resource name
+ type: string
+ spoofChk:
+ description: VF spoof check, (on|off)
+ enum:
+ - "on"
+ - "off"
+ type: string
+ trust:
+ description: VF trust mode (on|off)
+ enum:
+ - "on"
+ - "off"
+ type: string
+ vlan:
+ description: VLAN ID to assign for the VF. Defaults to 0.
+ maximum: 4096
+ minimum: 0
+ type: integer
+ vlanQoS:
+ description: VLAN QoS ID to assign for the VF. Defaults to 0.
+ maximum: 7
+ minimum: 0
+ type: integer
+ required:
+ - resourceName
+ type: object
+ status:
+ description: SriovNetworkStatus defines the observed state of SriovNetwork
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: sriovnetworknodepolicies.sriovnetwork.openshift.io
+spec:
+ group: sriovnetwork.openshift.io
+ names:
+ kind: SriovNetworkNodePolicy
+ listKind: SriovNetworkNodePolicyList
+ plural: sriovnetworknodepolicies
+ singular: sriovnetworknodepolicy
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy
+ properties:
+ deviceType:
+ description: The driver type for configured VFs. Allowed value "netdevice",
+ "vfio-pci". Defaults to netdevice.
+ enum:
+ - netdevice
+ - vfio-pci
+ type: string
+ eSwitchMode:
+ description: NIC Device Mode. Allowed value "legacy","switchdev".
+ enum:
+ - legacy
+ - switchdev
+ type: string
+ isRdma:
+ description: RDMA mode. Defaults to false.
+ type: boolean
+ linkType:
+ description: NIC Link Type. Allowed value "eth", "ETH", "ib", and
+ "IB".
+ enum:
+ - eth
+ - ETH
+ - ib
+ - IB
+ type: string
+ mtu:
+ description: MTU of VF
+ minimum: 1
+ type: integer
+ nicSelector:
+ description: NicSelector selects the NICs to be configured
+ properties:
+ deviceID:
+ description: The device hex code of SR-IoV device. Allowed value
+ "0d58", "1572", "158b", "1013", "1015", "1017", "101b".
+ type: string
+ netFilter:
+ description: Infrastructure Networking selection filter. Allowed
+ value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
+ type: string
+ pfNames:
+ description: Name of SR-IoV PF.
+ items:
+ type: string
+ type: array
+ rootDevices:
+ description: PCI address of SR-IoV PF.
+ items:
+ type: string
+ type: array
+ vendor:
+ description: The vendor hex code of SR-IoV device. Allowed value
+ "8086", "15b3".
+ type: string
+ type: object
+ nodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector selects the nodes to be configured
+ type: object
+ numVfs:
+ description: Number of VFs for each PF
+ minimum: 0
+ type: integer
+ priority:
+ description: Priority of the policy, higher priority policies can
+ override lower ones.
+ maximum: 99
+ minimum: 0
+ type: integer
+ resourceName:
+ description: SRIOV Network device plugin endpoint resource name
+ type: string
+ required:
+ - nicSelector
+ - nodeSelector
+ - numVfs
+ - resourceName
+ type: object
+ status:
+ description: SriovNetworkNodePolicyStatus defines the observed state of
+ SriovNetworkNodePolicy
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: sriovnetworknodestates.sriovnetwork.openshift.io
+spec:
+ group: sriovnetwork.openshift.io
+ names:
+ kind: SriovNetworkNodeState
+ listKind: SriovNetworkNodeStateList
+ plural: sriovnetworknodestates
+ singular: sriovnetworknodestate
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState
+ properties:
+ dpConfigVersion:
+ type: string
+ interfaces:
+ items:
+ properties:
+ eSwitchMode:
+ type: string
+ linkType:
+ type: string
+ mtu:
+ type: integer
+ name:
+ type: string
+ numVfs:
+ type: integer
+ pciAddress:
+ type: string
+ vfGroups:
+ items:
+ properties:
+ deviceType:
+ type: string
+ policyName:
+ type: string
+ resourceName:
+ type: string
+ vfRange:
+ type: string
+ type: object
+ type: array
+ required:
+ - pciAddress
+ type: object
+ type: array
+ type: object
+ status:
+ description: SriovNetworkNodeStateStatus defines the observed state of
+ SriovNetworkNodeState
+ properties:
+ interfaces:
+ items:
+ properties:
+ Vfs:
+ items:
+ properties:
+ Vlan:
+ type: integer
+ assigned:
+ type: string
+ deviceID:
+ type: string
+ driver:
+ type: string
+ mac:
+ type: string
+ mtu:
+ type: integer
+ name:
+ type: string
+ pciAddress:
+ type: string
+ vendor:
+ type: string
+ vfID:
+ type: integer
+ required:
+ - pciAddress
+ - vfID
+ type: object
+ type: array
+ deviceID:
+ type: string
+ driver:
+ type: string
+ eSwitchMode:
+ type: string
+ linkSpeed:
+ type: string
+ linkType:
+ type: string
+ mac:
+ type: string
+ mtu:
+ type: integer
+ name:
+ type: string
+ netFilter:
+ type: string
+ numVfs:
+ type: integer
+ pciAddress:
+ type: string
+ totalvfs:
+ type: integer
+ vendor:
+ type: string
+ required:
+ - pciAddress
+ type: object
+ type: array
+ lastSyncError:
+ type: string
+ syncStatus:
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.3.0
+ creationTimestamp: null
+ name: sriovoperatorconfigs.sriovnetwork.openshift.io
+spec:
+ group: sriovnetwork.openshift.io
+ names:
+ kind: SriovOperatorConfig
+ listKind: SriovOperatorConfigList
+ plural: sriovoperatorconfigs
+ singular: sriovoperatorconfig
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs
+ API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig
+ properties:
+ configDaemonNodeSelector:
+ additionalProperties:
+ type: string
+ description: NodeSelector selects the nodes to be configured
+ type: object
+ disableDrain:
+ description: Flag to disable nodes drain during debugging
+ type: boolean
+ enableInjector:
+ description: Flag to control whether the network resource injector
+ webhook shall be deployed
+ type: boolean
+ enableOperatorWebhook:
+ description: Flag to control whether the operator admission controller
+ webhook shall be deployed
+ type: boolean
+ enableOvsOffload:
+ description: Flag to enable OVS hardware offload. Set to 'true' to
+ provision switchdev-configuration.service and enable OpenvSwitch
+ hw-offload on nodes.
+ type: boolean
+ logLevel:
+ description: Flag to control the log verbose level of the operator.
+ Set to '0' to show only the basic logs. And set to '2' to show all
+ the available logs.
+ maximum: 2
+ minimum: 0
+ type: integer
+ type: object
+ status:
+ description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig
+ properties:
+ injector:
+ description: Show the runtime status of the network resource injector
+ webhook
+ type: string
+ operatorWebhook:
+ description: Show the runtime status of the operator admission controller
+ webhook
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sriov-network-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sriov-network-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sriov-network-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "sriov-network-operator.labels" -}}
+helm.sh/chart: {{ include "sriov-network-operator.chart" . }}
+{{ include "sriov-network-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sriov-network-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sriov-network-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sriov-network-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "sriov-network-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
--- /dev/null
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch", "patch", "update"]
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["*"]
+- apiGroups: ["apps"]
+ resources: ["daemonsets"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: [namespaces, serviceaccounts]
+ verbs: ["*"]
+- apiGroups: ["k8s.cni.cncf.io"]
+ resources: ["network-attachment-definitions"]
+ verbs: ["*"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+ resources: [clusterroles, clusterrolebindings]
+ verbs: ["*"]
+- apiGroups: ["admissionregistration.k8s.io"]
+ resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+ verbs: ["*"]
+- apiGroups: ["sriovnetwork.openshift.io"]
+ resources: ["*"]
+ verbs: ["*"]
+- apiGroups: ["machineconfiguration.openshift.io"]
+ resources: ["*"]
+ verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["get", "list", "watch", "patch", "update"]
+- apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["*"]
+- apiGroups: ["apps"]
+ resources: ["daemonsets"]
+ verbs: ["get"]
+- apiGroups: [""]
+ resources: ["pods/eviction"]
+ verbs: ["create"]
--- /dev/null
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "sriov-network-operator.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "sriov-network-operator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: sriov-network-config-daemon
+subjects:
+- kind: ServiceAccount
+ name: sriov-network-config-daemon
+ namespace: {{ .Release.Namespace }}
+
--- /dev/null
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}-iavf-driver-installer
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+ role: iavf-driver-installer
+spec:
+ selector:
+ matchLabels:
+ {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }}
+ role: iavf-driver-installer
+ template:
+ metadata:
+ labels:
+ {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }}
+ role: iavf-driver-installer
+ spec:
+ hostPID: true
+ {{- with .Values.iavfDriver.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.iavfDriver.podSecurityContext | nindent 8 }}
+ initContainers:
+ - image: "{{ .Values.iavfDriver.image.repository }}:{{ .Values.iavfDriver.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.iavfDriver.image.pullPolicy }}
+ name: iavf-driver-installer
+ securityContext:
+ {{- toYaml .Values.iavfDriver.securityContext | nindent 12 }}
+ resources:
+ {{- toYaml .Values.iavfDriver.resources | nindent 12 }}
+ volumeMounts:
+ - name: iavf-install-dir
+ mountPath: "/usr/local/iavf"
+ - name: root-dir
+ mountPath: "/root"
+ - name: lib-modules-dir
+ mountPath: "/root/lib/modules"
+ - name: run-systemd-dir
+ mountPath: "/root/run/systemd/system"
+ containers:
+ - image: "gcr.io/google-containers/pause:3.2"
+ name: pause
+ volumes:
+ - name: iavf-install-dir
+ hostPath:
+ path: "/opt/iavf"
+ - name: root-dir
+ hostPath:
+ path: "/"
+ - name: lib-modules-dir
+ hostPath:
+ path: "/lib/modules"
+ - name: run-systemd-dir
+ hostPath:
+ path: "/run/systemd/system"
+ {{- with .Values.iavfDriver.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.iavfDriver.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.iavfDriver.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovOperatorConfig
+metadata:
+ name: default
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+spec:
+ {{- with .Values.configDaemon.nodeSelector }}
+ configDaemonNodeSelector:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+ enableInjector: {{ .Values.enableInjector }}
+ enableOperatorWebhook: {{ .Values.enableOperatorWebhook }}
+ logLevel: {{ .Values.logLevel }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "sriov-network-operator.serviceAccountName" . }}
+ containers:
+ - name: sriov-network-operator
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - sriov-network-operator
+ env:
+ - name: WATCH_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: SRIOV_CNI_IMAGE
+ value: "{{ .Values.cni.image.repository }}:{{ .Values.cni.image.tag | default .Chart.AppVersion }}"
+ - name: SRIOV_INFINIBAND_CNI_IMAGE
+ value: "{{ .Values.infinibandCni.image.repository }}:{{ .Values.infinibandCni.image.tag | default .Chart.AppVersion }}"
+ - name: SRIOV_DEVICE_PLUGIN_IMAGE
+ value: "{{ .Values.devicePlugin.image.repository }}:{{ .Values.devicePlugin.image.tag | default .Chart.AppVersion }}"
+ - name: NETWORK_RESOURCES_INJECTOR_IMAGE
+ value: "{{ .Values.resourcesInjector.image.repository }}:{{ .Values.resourcesInjector.image.tag | default .Chart.AppVersion }}"
+ - name: OPERATOR_NAME
+ value: "sriov-network-operator"
+ - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE
+ value: "{{ .Values.configDaemon.image.repository }}:{{ .Values.configDaemon.image.tag | default .Chart.AppVersion }}"
+ - name: SRIOV_NETWORK_WEBHOOK_IMAGE
+ value: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+ - name: RESOURCE_PREFIX
+ value: "{{ .Values.resourcePrefix }}"
+ - name: ENABLE_ADMISSION_CONTROLLER
+ value: "false"
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ - name: RELEASE_VERSION
+ value: "4.3.0"
+ - name: SRIOV_CNI_BIN_PATH
+ value: "/opt/cni/bin"
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
--- /dev/null
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ - services
+ - endpoints
+ - persistentvolumeclaims
+ - events
+ - configmaps
+ - secrets
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - deployments
+ - daemonsets
+ - replicasets
+ - statefulsets
+ verbs:
+ - '*'
+- apiGroups:
+ - monitoring.coreos.com
+ resources:
+ - servicemonitors
+ verbs:
+ - get
+ - create
+- apiGroups:
+ - apps
+ resourceNames:
+ - sriov-network-operator
+ resources:
+ - deployments/finalizers
+ verbs:
+ - update
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - serviceaccounts
+ - roles
+ - rolebindings
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - pods
+ verbs:
+ - '*'
+- apiGroups:
+ - apps
+ resources:
+ - daemonsets
+ verbs:
+ - '*'
+- apiGroups:
+ - sriovnetwork.openshift.io
+ resources:
+ - '*'
+ - sriovnetworknodestates
+ verbs:
+ - '*'
+- apiGroups:
+ - security.openshift.io
+ resourceNames:
+ - privileged
+ resources:
+ - securitycontextconstraints
+ verbs:
+ - use
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
+ - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: operator-webhook-sa
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - get
--- /dev/null
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "sriov-network-operator.fullname" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "sriov-network-operator.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "sriov-network-operator.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: sriov-network-config-daemon
+subjects:
+- kind: ServiceAccount
+ name: sriov-network-config-daemon
+ namespace: {{ .Release.Namespace }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: operator-webhook-sa
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: operator-webhook-sa
+subjects:
+- kind: ServiceAccount
+ name: operator-webhook-sa
+ namespace: {{ .Release.Namespace }}
--- /dev/null
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "sriov-network-operator.serviceAccountName" . }}
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: sriov-network-config-daemon
+ labels:
+ {{- include "sriov-network-operator.labels" . | nindent 4 }}
--- /dev/null
+# enableInjector controls whether the network resource injector
+# webhook shall be deployed
+enableInjector: false
+
+# enableOperatorWebhook controls whether the operator admission
+# controller webhook shall be deployed
+enableOperatorWebhook: false
+
+# logLevel controls the log verbose level of the operator. Set to '0'
+# to show only the basic logs. And set to '2' to show all the
+# available logs.
+logLevel: 2
+
+# resourcePrefix is the device plugin resource prefix.
+resourcePrefix: "intel.com"
+
+image:
+ repository: integratedcloudnative/origin-sriov-network-operator
+ # This should be set to 'IfNotPresent' for released version
+ pullPolicy: IfNotPresent
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+ # tag
+imagePullSecrets: []
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+nameOverride: ""
+fullnameOverride: ""
+
+nodeSelector:
+ node-role.kubernetes.io/master: ""
+
+affinity: {}
+
+tolerations:
+- effect: NoSchedule
+ key: node-role.kubernetes.io/master
+ operator: Exists
+
+cni:
+ image:
+ repository: integratedcloudnative/origin-sriov-cni
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+infinibandCni:
+ image:
+ repository: integratedcloudnative/origin-sriov-infiniband-cni
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+devicePlugin:
+ image:
+ repository: integratedcloudnative/origin-sriov-network-device-plugin
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+resourcesInjector:
+ image:
+ repository: integratedcloudnative/origin-sriov-dp-admission-controller
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+configDaemon:
+ image:
+ repository: integratedcloudnative/sriov-network-config-daemon
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+ nodeSelector:
+ beta.kubernetes.io/os: "linux"
+
+webhook:
+ image:
+ repository: integratedcloudnative/origin-sriov-network-webhook
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+
+iavfDriver:
+ image:
+ repository: integratedcloudnative/iavf-driver-installer
+ pullPolicy: IfNotPresent
+ tag: latest
+ imagePullSecrets: []
+
+ nodeSelector:
+ feature.node.kubernetes.io/custom-iavf: "true"
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ securityContext:
+ privileged: true
+
+ resources: {}
+
+ affinity: {}
+
+ tolerations: {}
--- /dev/null
+FROM ubuntu:18.04
+
+RUN apt-get update && \
+ apt-get install -y \
+ bc \
+ build-essential \
+ curl \
+ kmod \
+ libelf-dev \
+ libssl-dev \
+ libudev-dev \
+ pciutils \
+ pkg-config \
+ && \
+ rm -rf /var/lib/apt/lists/*
+
+COPY _common.sh /
+COPY entrypoint-iavf-driver-installer.sh /entrypoint.sh
+
+CMD /entrypoint.sh
--- /dev/null
+REGISTRY?=integratedcloudnative
+TAG?=latest
+IMAGES=iavf-driver-installer
+
+.PHONY: all $(IMAGES)
+
+all: $(IMAGES)
+
+$(IMAGES):
+ docker build -t $(REGISTRY)/$@:$(TAG) -f Dockerfile.$@ .
--- /dev/null
+#!/bin/bash
+
+set -o errexit
+set -o pipefail
+set -u
+
+ROOT_MOUNT_DIR="${ROOT_MOUNT_DIR:-/root}"
+ROOT_OS_RELEASE="${ROOT_OS_RELEASE:-$ROOT_MOUNT_DIR/etc/os-release}"
+KERNEL_SRC_DIR=$(readlink -f "${ROOT_MOUNT_DIR}/lib/modules/$(uname -r)/build")
+[[ "${KERNEL_SRC_DIR}" == "${ROOT_MOUNT_DIR}/*" ]] || KERNEL_SRC_DIR="${ROOT_MOUNT_DIR}${KERNEL_SRC_DIR}"
+KERNEL_MOD_SIGN_CMD="${KERNEL_MOD_SIGN_CMD:-}"
+
+RETCODE_SUCCESS=0
+RETCODE_ERROR=1
+
+_log() {
+ local -r prefix="$1"
+ shift
+ echo "[${prefix}$(date -u "+%Y-%m-%d %H:%M:%S %Z")] ""$*" >&2
+}
+
+info() {
+ _log "INFO " "$*"
+}
+
+warn() {
+ _log "WARNING " "$*"
+}
+
+error() {
+ _log "ERROR " "$*"
+}
+
+load_etc_os_release() {
+ if [[ ! -f "${ROOT_OS_RELEASE}" ]]; then
+ error "File ${ROOT_OS_RELEASE} not found, /etc/os-release from host must be mounted"
+ exit ${RETCODE_ERROR}
+ fi
+ . "${ROOT_OS_RELEASE}"
+ info "Running on ${NAME} kernel version $(uname -r)"
+}
--- /dev/null
+#!/bin/bash
+
+#set -x
+source _common.sh
+
+IAVF_DRIVER_VERSION="${IAVF_DRIVER_VERSION:-4.0.2}"
+IAVF_DRIVER_DOWNLOAD_URL_DEFAULT="https://downloadmirror.intel.com/24693/eng/iavf-${IAVF_DRIVER_VERSION}.tar.gz"
+IAVF_DRIVER_DOWNLOAD_URL="${IAVF_DRIVER_DOWNLOAD_URL:-$IAVF_DRIVER_DOWNLOAD_URL_DEFAULT}"
+IAVF_DRIVER_ARCHIVE="$(basename "${IAVF_DRIVER_DOWNLOAD_URL}")"
+IAVF_INSTALL_DIR_HOST="${IAVF_INSTALL_DIR_HOST:-/opt/iavf}"
+IAVF_INSTALL_DIR_CONTAINER="${IAVF_INSTALL_DIR_CONTAINER:-/usr/local/iavf}"
+CACHE_FILE="${IAVF_INSTALL_DIR_CONTAINER}/.cache"
+
+check_adapter() {
+ local -r nic_models="X710 XL710 X722"
+ if [[ $(lspci | grep -c "Ethernet .* \(${nic_models// /\\|}\)") != "0" ]]; then
+ info "Found adapter"
+ else
+ error "Missing adapter"
+ exit "${RETCODE_ERROR}"
+ fi
+}
+
+download_iavf_src() {
+ info "Downloading IAVF source ... "
+ mkdir -p "${IAVF_INSTALL_DIR_CONTAINER}"
+ pushd "${IAVF_INSTALL_DIR_CONTAINER}" > /dev/null
+ curl -L -sS "${IAVF_DRIVER_DOWNLOAD_URL}" -o "${IAVF_DRIVER_ARCHIVE}"
+ tar xf "${IAVF_DRIVER_ARCHIVE}" --strip-components=1
+ popd > /dev/null
+}
+
+build_iavf_src() {
+ info "Building IAVF source ... "
+ pushd "${IAVF_INSTALL_DIR_CONTAINER}/src" > /dev/null
+ KSRC=${KERNEL_SRC_DIR} SYSTEM_MAP_FILE="${ROOT_MOUNT_DIR}/boot/System.map-$(uname -r)" INSTALL_MOD_PATH="${ROOT_MOUNT_DIR}" make install
+ # TODO Unable to update initramfs. You may need to do this manaully.
+ popd > /dev/null
+}
+
+install_iavf() {
+ check_adapter
+ download_iavf_src
+ build_iavf_src
+}
+
+uninstall_iavf() {
+ if [[ $(lsmod | grep -c "iavf") != "0" ]]; then
+ rmmod iavf
+ fi
+ if [[ $(lsmod | grep -c "i40evf") != "0" ]]; then
+ rmmod i40evf
+ fi
+ if [[ -d "${IAVF_INSTALL_DIR_CONTAINER}/src" ]]; then
+ pushd "${IAVF_INSTALL_DIR_CONTAINER}/src" > /dev/null
+ KSRC=${KERNEL_SRC_DIR} SYSTEM_MAP_FILE="${ROOT_MOUNT_DIR}/boot/System.map-$(uname -r)" INSTALL_MOD_PATH="${ROOT_MOUNT_DIR}" make uninstall
+ popd > /dev/null
+ fi
+ # This is a workaround for missing INSTALL_MOD_PATH prefix in the Makefile:
+ rm -f "${ROOT_MOUNT_DIR}/etc/modprobe.d/iavf.conf"
+}
+
+check_cached_version() {
+ info "Checking cached version"
+ if [[ ! -f "${CACHE_FILE}" ]]; then
+ info "Cache file ${CACHE_FILE} not found"
+ return "${RETCODE_ERROR}"
+ fi
+ # Source the cache file and check if the cached driver matches
+ # currently running kernel and driver versions.
+ . "${CACHE_FILE}"
+ if [[ "$(uname -r)" == "${CACHE_KERNEL_VERSION}" ]]; then
+ if [[ "${IAVF_DRIVER_VERSION}" == "${CACHE_IAVF_DRIVER_VERSION}" ]]; then
+ info "Found existing driver installation for kernel version $(uname -r) and driver version ${IAVF_DRIVER_VERSION}"
+ return "${RETCODE_SUCCESS}"
+ fi
+ fi
+ return "${RETCODE_ERROR}"
+}
+
+update_cached_version() {
+ cat >"${CACHE_FILE}"<<__EOF__
+CACHE_KERNEL_VERSION=$(uname -r)
+CACHE_IAVF_DRIVER_VERSION=${IAVF_DRIVER_VERSION}
+__EOF__
+
+ info "Updated cached version as:"
+ cat "${CACHE_FILE}"
+}
+
+upgrade_driver() {
+ uninstall_iavf
+ install_iavf
+}
+
+check_driver_started() {
+ if [[ $(lsmod | grep -c "iavf") == "0" ]]; then
+ return "${RETCODE_ERROR}"
+ fi
+ return 0
+}
+
+start_driver() {
+ modprobe -d "${ROOT_MOUNT_DIR}" -C "${ROOT_MOUNT_DIR}/etc/modprobe.d" iavf
+ if ! check_driver_started; then
+ error "Driver not started"
+ fi
+}
+
+uninstall_driver() {
+ uninstall_iavf
+ rm -f "${CACHE_FILE}"
+}
+
+main() {
+ load_etc_os_release
+ local -r cmd="${1:-install}"
+ case $cmd in
+ install)
+ if ! check_cached_version; then
+ upgrade_driver
+ update_cached_version
+ fi
+ if ! check_driver_started; then
+ start_driver
+ fi
+ ;;
+ uninstall)
+ uninstall_driver
+ ;;
+ esac
+}
+
+main "$@"
Code Review / multicloud / k8s.git / commitdiff