diff options
author | Todd Malsbary <todd.malsbary@intel.com> | 2021-03-12 13:48:25 -0800 |
---|---|---|
committer | Todd Malsbary <todd.malsbary@intel.com> | 2021-05-04 13:02:48 -0700 |
commit | 61fda160a7ba656f73a0a89cca4d3f5fd8e575d4 (patch) | |
tree | 40fb6d319ece6a68d46427966401d98fadeee80e /kud/deployment_infra/helm/sriov-network-operator/templates | |
parent | c7cc63c3e76d5739c67314008b01f6fe70289641 (diff) |
Add sriov-network-operator addon helm chart
This chart contains the upstream sriov-network-operator from
k8snetworkplumbingwg together with an iavf driver installer.
Issue-ID: MULTICLOUD-1324
Signed-off-by: Todd Malsbary <todd.malsbary@intel.com>
Change-Id: Ic925c66f8e2b28b7604240c3ed35b1a56883b60b
Diffstat (limited to 'kud/deployment_infra/helm/sriov-network-operator/templates')
8 files changed, 474 insertions, 0 deletions
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl b/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl new file mode 100644 index 00000000..2d2bd47f --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl @@ -0,0 +1,63 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sriov-network-operator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sriov-network-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sriov-network-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "sriov-network-operator.labels" -}} +helm.sh/chart: {{ include "sriov-network-operator.chart" . }} +{{ include "sriov-network-operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "sriov-network-operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "sriov-network-operator.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sriov-network-operator.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "sriov-network-operator.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml new file mode 100644 index 00000000..1a37667e --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml @@ -0,0 +1,54 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: [namespaces, serviceaccounts] + verbs: ["*"] +- apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: [clusterroles, clusterrolebindings] + verbs: ["*"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["*"] +- apiGroups: ["sriovnetwork.openshift.io"] + resources: ["*"] + verbs: ["*"] +- apiGroups: ["machineconfiguration.openshift.io"] + resources: ["*"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["*"] +- apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml new file mode 100644 index 00000000..acf15ee5 --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml @@ -0,0 +1,30 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "sriov-network-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "sriov-network-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: sriov-network-config-daemon +subjects: +- kind: ServiceAccount + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml new file mode 100644 index 00000000..b86ee383 --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml @@ -0,0 +1,70 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "sriov-network-operator.fullname" . }}-iavf-driver-installer + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} + role: iavf-driver-installer +spec: + selector: + matchLabels: + {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }} + role: iavf-driver-installer + template: + metadata: + labels: + {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }} + role: iavf-driver-installer + spec: + hostPID: true + {{- with .Values.iavfDriver.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.iavfDriver.podSecurityContext | nindent 8 }} + initContainers: + - image: "{{ .Values.iavfDriver.image.repository }}:{{ .Values.iavfDriver.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.iavfDriver.image.pullPolicy }} + name: iavf-driver-installer + securityContext: + {{- toYaml .Values.iavfDriver.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.iavfDriver.resources | nindent 12 }} + volumeMounts: + - name: iavf-install-dir + mountPath: "/usr/local/iavf" + - name: root-dir + mountPath: "/root" + - name: lib-modules-dir + mountPath: "/root/lib/modules" + - name: run-systemd-dir + mountPath: "/root/run/systemd/system" + containers: + - image: "gcr.io/google-containers/pause:3.2" + name: pause + volumes: + - name: iavf-install-dir + hostPath: + path: "/opt/iavf" + - name: root-dir + hostPath: + path: "/" + - name: lib-modules-dir + hostPath: + path: "/lib/modules" + - name: run-systemd-dir + hostPath: + path: "/run/systemd/system" + {{- with .Values.iavfDriver.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.iavfDriver.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.iavfDriver.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml new file mode 100644 index 00000000..679ed269 --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml @@ -0,0 +1,89 @@ +apiVersion: sriovnetwork.openshift.io/v1 +kind: SriovOperatorConfig +metadata: + name: default + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +spec: + {{- with .Values.configDaemon.nodeSelector }} + configDaemonNodeSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + enableInjector: {{ .Values.enableInjector }} + enableOperatorWebhook: {{ .Values.enableOperatorWebhook }} + logLevel: {{ .Values.logLevel }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "sriov-network-operator.serviceAccountName" . }} + containers: + - name: sriov-network-operator + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - sriov-network-operator + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SRIOV_CNI_IMAGE + value: "{{ .Values.cni.image.repository }}:{{ .Values.cni.image.tag | default .Chart.AppVersion }}" + - name: SRIOV_INFINIBAND_CNI_IMAGE + value: "{{ .Values.infinibandCni.image.repository }}:{{ .Values.infinibandCni.image.tag | default .Chart.AppVersion }}" + - name: SRIOV_DEVICE_PLUGIN_IMAGE + value: "{{ .Values.devicePlugin.image.repository }}:{{ .Values.devicePlugin.image.tag | default .Chart.AppVersion }}" + - name: NETWORK_RESOURCES_INJECTOR_IMAGE + value: "{{ .Values.resourcesInjector.image.repository }}:{{ .Values.resourcesInjector.image.tag | default .Chart.AppVersion }}" + - name: OPERATOR_NAME + value: "sriov-network-operator" + - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE + value: "{{ .Values.configDaemon.image.repository }}:{{ .Values.configDaemon.image.tag | default .Chart.AppVersion }}" + - name: SRIOV_NETWORK_WEBHOOK_IMAGE + value: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}" + - name: RESOURCE_PREFIX + value: "{{ .Values.resourcePrefix }}" + - name: ENABLE_ADMISSION_CONTROLLER + value: "false" + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: RELEASE_VERSION + value: "4.3.0" + - name: SRIOV_CNI_BIN_PATH + value: "/opt/cni/bin" + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml new file mode 100644 index 00000000..96fae762 --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml @@ -0,0 +1,107 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' +- apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create +- apiGroups: + - apps + resourceNames: + - sriov-network-operator + resources: + - deployments/finalizers + verbs: + - update +- apiGroups: + - rbac.authorization.k8s.io + resources: + - serviceaccounts + - roles + - rolebindings + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - '*' +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - '*' +- apiGroups: + - sriovnetwork.openshift.io + resources: + - '*' + - sriovnetworknodestates + verbs: + - '*' +- apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: operator-webhook-sa + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml new file mode 100644 index 00000000..1f8498af --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml @@ -0,0 +1,44 @@ +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "sriov-network-operator.fullname" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sriov-network-operator.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "sriov-network-operator.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sriov-network-config-daemon +subjects: +- kind: ServiceAccount + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: operator-webhook-sa + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: operator-webhook-sa +subjects: +- kind: ServiceAccount + name: operator-webhook-sa + namespace: {{ .Release.Namespace }} diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml new file mode 100644 index 00000000..eb0ec10c --- /dev/null +++ b/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "sriov-network-operator.serviceAccountName" . }} + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov-network-operator.labels" . | nindent 4 }} |