8 files changed, 474 insertions, 0 deletions

diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl b/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl
new file mode 100644
index 00000000..2d2bd47f
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sriov-network-operator.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sriov-network-operator.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sriov-network-operator.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "sriov-network-operator.labels" -}}
+helm.sh/chart: {{ include "sriov-network-operator.chart" . }}
+{{ include "sriov-network-operator.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sriov-network-operator.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sriov-network-operator.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sriov-network-operator.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "sriov-network-operator.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml
new file mode 100644
index 00000000..1a37667e
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrole.yaml
@@ -0,0 +1,54 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "sriov-network-operator.fullname" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list", "watch", "patch", "update"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["*"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: [namespaces, serviceaccounts]
+  verbs: ["*"]
+- apiGroups: ["k8s.cni.cncf.io"]
+  resources: ["network-attachment-definitions"]
+  verbs: ["*"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: [clusterroles, clusterrolebindings]
+  verbs: ["*"]
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
+  verbs: ["*"]
+- apiGroups: ["sriovnetwork.openshift.io"]
+  resources: ["*"]
+  verbs: ["*"]
+- apiGroups: ["machineconfiguration.openshift.io"]
+  resources: ["*"]
+  verbs: ["*"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: sriov-network-config-daemon
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get", "list", "watch", "patch", "update"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["*"]
+- apiGroups: ["apps"]
+  resources: ["daemonsets"]
+  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["pods/eviction"]
+  verbs: ["create"]
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..acf15ee5
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/clusterrolebinding.yaml
@@ -0,0 +1,30 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "sriov-network-operator.fullname" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "sriov-network-operator.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "sriov-network-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: sriov-network-config-daemon
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: sriov-network-config-daemon
+subjects:
+- kind: ServiceAccount
+  name: sriov-network-config-daemon
+  namespace: {{ .Release.Namespace }}
+
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml
new file mode 100644
index 00000000..b86ee383
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/drivers/daemonset.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name:  {{ include "sriov-network-operator.fullname" . }}-iavf-driver-installer
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+    role: iavf-driver-installer
+spec:
+  selector:
+    matchLabels:
+      {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }}
+      role: iavf-driver-installer
+  template:
+    metadata:
+      labels:
+        {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }}
+        role: iavf-driver-installer
+    spec:
+      hostPID: true
+      {{- with .Values.iavfDriver.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      securityContext:
+        {{- toYaml .Values.iavfDriver.podSecurityContext | nindent 8 }}
+      initContainers:
+        - image: "{{ .Values.iavfDriver.image.repository }}:{{ .Values.iavfDriver.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.iavfDriver.image.pullPolicy }}
+          name: iavf-driver-installer
+          securityContext:
+            {{- toYaml .Values.iavfDriver.securityContext | nindent 12 }}
+          resources:
+            {{- toYaml .Values.iavfDriver.resources | nindent 12 }}
+          volumeMounts:
+            - name: iavf-install-dir
+              mountPath: "/usr/local/iavf"
+            - name: root-dir
+              mountPath: "/root"
+            - name: lib-modules-dir
+              mountPath: "/root/lib/modules"
+            - name: run-systemd-dir
+              mountPath: "/root/run/systemd/system"
+      containers:
+      - image: "gcr.io/google-containers/pause:3.2"
+        name: pause
+      volumes:
+        - name: iavf-install-dir
+          hostPath:
+            path: "/opt/iavf"
+        - name: root-dir
+          hostPath:
+            path: "/"
+        - name: lib-modules-dir
+          hostPath:
+            path: "/lib/modules"
+        - name: run-systemd-dir
+          hostPath:
+            path: "/run/systemd/system"
+      {{- with .Values.iavfDriver.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.iavfDriver.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.iavfDriver.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml
new file mode 100644
index 00000000..679ed269
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/operator.yaml
@@ -0,0 +1,89 @@
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovOperatorConfig
+metadata:
+  name: default
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+spec:
+  {{- with .Values.configDaemon.nodeSelector }}
+  configDaemonNodeSelector:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  enableInjector: {{ .Values.enableInjector }}
+  enableOperatorWebhook: {{ .Values.enableOperatorWebhook }}
+  logLevel: {{ .Values.logLevel }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name:  {{ include "sriov-network-operator.fullname" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "sriov-network-operator.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "sriov-network-operator.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "sriov-network-operator.serviceAccountName" . }}
+      containers:
+        - name: sriov-network-operator
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          command:
+          - sriov-network-operator
+          env:
+            - name: WATCH_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: SRIOV_CNI_IMAGE
+              value: "{{ .Values.cni.image.repository }}:{{ .Values.cni.image.tag | default .Chart.AppVersion }}"
+            - name: SRIOV_INFINIBAND_CNI_IMAGE
+              value: "{{ .Values.infinibandCni.image.repository }}:{{ .Values.infinibandCni.image.tag | default .Chart.AppVersion }}"
+            - name: SRIOV_DEVICE_PLUGIN_IMAGE
+              value: "{{ .Values.devicePlugin.image.repository }}:{{ .Values.devicePlugin.image.tag | default .Chart.AppVersion }}"
+            - name: NETWORK_RESOURCES_INJECTOR_IMAGE
+              value: "{{ .Values.resourcesInjector.image.repository }}:{{ .Values.resourcesInjector.image.tag | default .Chart.AppVersion }}"
+            - name: OPERATOR_NAME
+              value: "sriov-network-operator"
+            - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE
+              value: "{{ .Values.configDaemon.image.repository }}:{{ .Values.configDaemon.image.tag | default .Chart.AppVersion }}"
+            - name: SRIOV_NETWORK_WEBHOOK_IMAGE
+              value: "{{ .Values.webhook.image.repository }}:{{ .Values.webhook.image.tag | default .Chart.AppVersion }}"
+            - name: RESOURCE_PREFIX
+              value: "{{ .Values.resourcePrefix }}"
+            - name: ENABLE_ADMISSION_CONTROLLER
+              value: "false"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: RELEASE_VERSION
+              value: "4.3.0"
+            - name: SRIOV_CNI_BIN_PATH
+              value: "/opt/cni/bin"
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml
new file mode 100644
index 00000000..96fae762
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/role.yaml
@@ -0,0 +1,107 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "sriov-network-operator.fullname" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - services
+  - endpoints
+  - persistentvolumeclaims
+  - events
+  - configmaps
+  - secrets
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - deployments
+  - daemonsets
+  - replicasets
+  - statefulsets
+  verbs:
+  - '*'
+- apiGroups:
+  - monitoring.coreos.com
+  resources:
+  - servicemonitors
+  verbs:
+  - get
+  - create
+- apiGroups:
+  - apps
+  resourceNames:
+  - sriov-network-operator
+  resources:
+  - deployments/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - serviceaccounts
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: sriov-network-config-daemon
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - '*'
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  verbs:
+  - '*'
+- apiGroups:
+  - sriovnetwork.openshift.io
+  resources:
+  - '*'
+  - sriovnetworknodestates
+  verbs:
+  - '*'
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: operator-webhook-sa
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml
new file mode 100644
index 00000000..1f8498af
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/rolebinding.yaml
@@ -0,0 +1,44 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "sriov-network-operator.fullname" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "sriov-network-operator.fullname" . }}
+subjects:
+- kind: ServiceAccount
+  name: {{ include "sriov-network-operator.serviceAccountName" . }}
+  namespace: {{ .Release.Namespace }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: sriov-network-config-daemon
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: sriov-network-config-daemon
+subjects:
+- kind: ServiceAccount
+  name: sriov-network-config-daemon
+  namespace: {{ .Release.Namespace }}
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: operator-webhook-sa
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: operator-webhook-sa
+subjects:
+- kind: ServiceAccount
+  name: operator-webhook-sa
+  namespace: {{ .Release.Namespace }}
diff --git a/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml b/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml
new file mode 100644
index 00000000..eb0ec10c
--- /dev/null
+++ b/kud/deployment_infra/helm/sriov-network-operator/templates/serviceaccount.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sriov-network-operator.serviceAccountName" . }}
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sriov-network-config-daemon
+  labels:
+    {{- include "sriov-network-operator.labels" . | nindent 4 }}