aboutsummaryrefslogtreecommitdiffstats
path: root/kud/deployment_infra
diff options
context:
space:
mode:
Diffstat (limited to 'kud/deployment_infra')
-rw-r--r--kud/deployment_infra/helm/.gitignore1
-rw-r--r--kud/deployment_infra/helm/Makefile51
-rw-r--r--kud/deployment_infra/helm/multus-cni/.helmignore23
-rw-r--r--kud/deployment_infra/helm/multus-cni/Chart.yaml26
-rw-r--r--kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml45
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl62
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml31
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml16
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml9
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml83
-rw-r--r--kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml12
-rw-r--r--kud/deployment_infra/helm/multus-cni/values.yaml126
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/.helmignore23
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/Chart.yaml29
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/_helpers.tpl63
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/clusterrole.yaml21
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/clusterrolebinding.yaml16
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml86
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/nfd-worker-conf.yaml9
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/service.yaml16
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/serviceaccount.yaml12
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/templates/worker.yaml119
-rw-r--r--kud/deployment_infra/helm/node-feature-discovery/values.yaml225
-rw-r--r--kud/deployment_infra/playbooks/kud-vars.yml4
24 files changed, 1104 insertions, 4 deletions
diff --git a/kud/deployment_infra/helm/.gitignore b/kud/deployment_infra/helm/.gitignore
new file mode 100644
index 00000000..1521c8b7
--- /dev/null
+++ b/kud/deployment_infra/helm/.gitignore
@@ -0,0 +1 @@
+dist
diff --git a/kud/deployment_infra/helm/Makefile b/kud/deployment_infra/helm/Makefile
new file mode 100644
index 00000000..0cc09007
--- /dev/null
+++ b/kud/deployment_infra/helm/Makefile
@@ -0,0 +1,51 @@
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+
+EXCLUDES := sdewan_controllers
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if grep "^dependencies:" $*/Chart.yaml; then helm dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then helm lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then helm package -d $(PACKAGE_DIR) $*; fi
+ @helm repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */Chart.lock
+ @find . -type f -name '*.tgz' -delete
+ @rm -rf $(PACKAGE_DIR)/*
+ @rm -rf $(OUTPUT_DIR)
+
+%:
+ @:
diff --git a/kud/deployment_infra/helm/multus-cni/.helmignore b/kud/deployment_infra/helm/multus-cni/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/deployment_infra/helm/multus-cni/Chart.yaml b/kud/deployment_infra/helm/multus-cni/Chart.yaml
new file mode 100644
index 00000000..84d2255c
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/Chart.yaml
@@ -0,0 +1,26 @@
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+appVersion: v3.7
+description: |
+ Multus CNI is a container network interface (CNI) plugin for
+ Kubernetes that enables attaching multiple network interfaces to
+ pods.
+home: https://github.com/intel/multus-cni
+name: multus-cni
+sources:
+ - https://github.com/intel/multus-cni
+type: application
+version: 0.1.0
diff --git a/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml b/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml
new file mode 100644
index 00000000..85347bd3
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/crds/net-attach-def.yaml
@@ -0,0 +1,45 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+ group: k8s.cni.cncf.io
+ scope: Namespaced
+ names:
+ plural: network-attachment-definitions
+ singular: network-attachment-definition
+ kind: NetworkAttachmentDefinition
+ shortNames:
+ - net-attach-def
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+ Working Group to express the intent for attaching pods to one or more logical or physical
+ networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+ type: object
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this represen
+ tation of an object. Servers should convert recognized schemas to the
+ latest internal value, and may reject unrecognized values. More info:
+ https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+ type: object
+ properties:
+ config:
+ description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+ type: string
diff --git a/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl b/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl
new file mode 100644
index 00000000..71aee739
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "multus.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "multus.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "multus.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "multus.labels" -}}
+helm.sh/chart: {{ include "multus.chart" . }}
+{{ include "multus.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "multus.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "multus.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "multus.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "multus.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml b/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml
new file mode 100644
index 00000000..1a3a87e0
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/clusterrole.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.rbac.create }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "multus.fullname" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+rules:
+ - apiGroups: ["k8s.cni.cncf.io"]
+ resources:
+ - '*'
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - pods/status
+ verbs:
+ - get
+ - update
+ - apiGroups:
+ - ""
+ - events.k8s.io
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+ - update
+{{- end }} \ No newline at end of file
diff --git a/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..4e626480
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "multus.fullname" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "multus.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "multus.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }} \ No newline at end of file
diff --git a/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml b/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml
new file mode 100644
index 00000000..b1212139
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/cni-conf.yaml
@@ -0,0 +1,9 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: {{ .Values.config.name }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ tier: node
+data:
+ cni-conf.json: | {{ .Values.config.data | toPrettyJson | nindent 4}}
diff --git a/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml b/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml
new file mode 100644
index 00000000..551d6db6
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/daemonset.yaml
@@ -0,0 +1,83 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "multus.fullname" . }}-ds
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ tier: node
+spec:
+ selector:
+ matchLabels:
+ {{- include "multus.selectorLabels" . | nindent 6 }}
+ updateStrategy:
+ type: RollingUpdate
+ template:
+ metadata:
+ labels:
+ {{- include "multus.selectorLabels" . | nindent 8 }}
+ tier: node
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ hostNetwork: true
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ serviceAccountName: {{ include "multus.serviceAccountName" . }}
+ containers:
+ - name: kube-multus
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: KUBERNETES_NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ {{- if .Values.config.enabled }}
+ - /bin/bash
+ - -cex
+ - |
+ #!/bin/bash
+ sed "s|__KUBERNETES_NODE_NAME__|${KUBERNETES_NODE_NAME}|g" /tmp/multus-conf/{{ .Values.config.path }}.template > /tmp/{{ .Values.config.path }}
+ /entrypoint.sh --multus-conf-file=/tmp/{{ .Values.config.path }}
+ {{- else }}
+ - /entrypoint.sh
+ - "--multus-conf-file=auto"
+ - "--cni-version=0.3.1"
+ {{- end }}
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/bin/bash", "-c", "rm /host/etc/cni/net.d/*-multus.conf"]
+ resources:
+ {{- toYaml .Values.resources | nindent 10 }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 10 }}
+ volumeMounts:
+ - name: cni
+ mountPath: /host/etc/cni/net.d
+ - name: cnibin
+ mountPath: /host/opt/cni/bin
+ - name: multus-cfg
+ mountPath: /tmp/multus-conf
+ volumes:
+ - name: cni
+ hostPath:
+ path: /etc/cni/net.d
+ - name: cnibin
+ hostPath:
+ path: /opt/cni/bin
+ - name: multus-cfg
+ configMap:
+ name: {{ .Values.config.name }}
+ items:
+ - key: cni-conf.json
+ path: {{ .Values.config.path }}.template
diff --git a/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml b/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml
new file mode 100644
index 00000000..144a098a
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "multus.serviceAccountName" . }}
+ labels:
+ {{- include "multus.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/kud/deployment_infra/helm/multus-cni/values.yaml b/kud/deployment_infra/helm/multus-cni/values.yaml
new file mode 100644
index 00000000..e08f665e
--- /dev/null
+++ b/kud/deployment_infra/helm/multus-cni/values.yaml
@@ -0,0 +1,126 @@
+image:
+ repository: nfvpe/multus
+ pullPolicy: IfNotPresent
+ # Overrides the image tag whose default is the chart appVersion.
+ tag: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+nameOverride: ""
+fullnameOverride: ""
+
+securityContext:
+ privileged: true
+
+resources:
+ requests:
+ cpu: "100m"
+ memory: "50Mi"
+ limits:
+ cpu: "100m"
+ memory: "50Mi"
+
+nodeSelector:
+ kubernetes.io/arch: amd64
+
+tolerations:
+- operator: Exists
+ effect: NoSchedule
+
+# NOTE: If you'd prefer to manually apply a configuration file, you
+# may create one here. Additionally -- you should ensure that the
+# name "{{ .Values.config.path }}" is the alphabetically first name in
+# the /etc/cni/net.d/ directory on each node, otherwise, it will not
+# be used by the Kubelet.
+#
+# __KUBERNETES_NODE_NAME__ below is replaced by spec.nodeName at
+# startup.
+config:
+ enabled: true
+ name: multus-cni-config
+ path: 00-multus.conf
+ # data:
+ # {
+ # "name": "multus-cni-network",
+ # "type": "multus",
+ # "capabilities": {
+ # "portMappings": true
+ # },
+ # "delegates": [
+ # {
+ # "cniVersion": "0.3.1",
+ # "name": "default-cni-network",
+ # "plugins": [
+ # {
+ # "name": "k8s-pod-network",
+ # "cniVersion": "0.3.1",
+ # "type": "calico",
+ # "log_level": "info",
+ # "datastore_type": "kubernetes",
+ # "nodename": "__KUBERNETES_NODE_NAME__",
+ # "mtu": 1440,
+ # "ipam": {
+ # "type": "calico-ipam"
+ # },
+ # "policy": {
+ # "type": "k8s"
+ # },
+ # "kubernetes": {
+ # "kubeconfig": "/etc/cni/net.d/calico-kubeconfig"
+ # }
+ # },
+ # {
+ # "type": "portmap",
+ # "snat": true,
+ # "capabilities": {"portMappings": true}
+ # }
+ # ]
+ # }
+ # ],
+ # "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig"
+ # }
+ data:
+ {
+ "cniVersion": "0.3.1",
+ "name": "multus-cni-network",
+ "type": "multus",
+ "capabilities": {
+ "portMappings": true
+ },
+ "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig",
+ "delegates": [
+ {
+ "name": "cbr0",
+ "cniVersion": "0.3.1",
+ "plugins": [
+ {
+ "type": "flannel",
+ "delegate": {
+ "isDefaultGateway": true,
+ "hairpinMode": true
+ }
+ },
+ {
+ "type": "portmap",
+ "capabilities": {
+ "portMappings": true
+ }
+ }
+ ]
+ }
+ ]
+ }
+
+## RBAC parameteres
+## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+##
+rbac:
+ create: true
+ serviceAccountName:
diff --git a/kud/deployment_infra/helm/node-feature-discovery/.helmignore b/kud/deployment_infra/helm/node-feature-discovery/.helmignore
new file mode 100644
index 00000000..0e8a0eb3
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/kud/deployment_infra/helm/node-feature-discovery/Chart.yaml b/kud/deployment_infra/helm/node-feature-discovery/Chart.yaml
new file mode 100644
index 00000000..387794f4
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/Chart.yaml
@@ -0,0 +1,29 @@
+# Copyright 2021 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v2
+appVersion: v0.7.0
+description: |
+ Detects hardware features available on each node in a Kubernetes cluster, and advertises
+ those features using node labels.
+name: node-feature-discovery
+sources:
+ - https://github.com/kubernetes-sigs/node-feature-discovery
+home: https://github.com/kubernetes-sigs/node-feature-discovery
+keywords:
+ - feature-discovery
+ - feature-detection
+ - node-labels
+type: application
+version: 0.1.0
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/_helpers.tpl b/kud/deployment_infra/helm/node-feature-discovery/templates/_helpers.tpl
new file mode 100644
index 00000000..73784a54
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "node-feature-discovery.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "node-feature-discovery.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "node-feature-discovery.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "node-feature-discovery.labels" -}}
+helm.sh/chart: {{ include "node-feature-discovery.chart" . }}
+{{ include "node-feature-discovery.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "node-feature-discovery.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "node-feature-discovery.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "node-feature-discovery.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrole.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrole.yaml
new file mode 100644
index 00000000..a4da2303
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrole.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - nodes
+ # when using command line flag --resource-labels to create extended resources
+ # you will need to uncomment "- nodes/status"
+ # - nodes/status
+ verbs:
+ - get
+ - patch
+ - update
+ - list
+{{- end }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrolebinding.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..4766d9a1
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/clusterrolebinding.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "node-feature-discovery.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "node-feature-discovery.serviceAccountName" . }}
+ namespace: {{ $.Release.Namespace }}
+{{- end }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml
new file mode 100644
index 00000000..7ea68ff9
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/master.yaml
@@ -0,0 +1,86 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-master
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: master
+spec:
+ replicas: {{ .Values.master.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: master
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: master
+ annotations:
+ {{- toYaml .Values.master.annotations | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.master.podSecurityContext | nindent 8 }}
+ containers:
+ - name: master
+ securityContext:
+ {{- toYaml .Values.master.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - containerPort: 8080
+ name: grpc
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ command:
+ - "nfd-master"
+ resources:
+ {{- toYaml .Values.master.resources | nindent 12 }}
+ args:
+ {{- if .Values.master.instance | empty | not }}
+ - "--instance={{ .Values.master.instance }}"
+ {{- end }}
+## Enable TLS authentication
+## The example below assumes having the root certificate named ca.crt stored in
+## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
+## in a TLS Secret named nfd-master-cert.
+## Additional hardening can be enabled by specifying --verify-node-name in
+## args, in which case every nfd-worker requires a individual node-specific
+## TLS certificate.
+# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
+# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+# volumeMounts:
+# - name: nfd-ca-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
+# readOnly: true
+# - name: nfd-master-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+# readOnly: true
+# volumes:
+# - name: nfd-ca-cert
+# configMap:
+# name: nfd-ca-cert
+# - name: nfd-master-cert
+# secret:
+# secretName: nfd-master-cert
+ {{- with .Values.master.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.master.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/nfd-worker-conf.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/nfd-worker-conf.yaml
new file mode 100644
index 00000000..56763fe1
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/nfd-worker-conf.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Values.worker.configmapName }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+data:
+ nfd-worker.conf: |
+ {{- .Values.worker.config | nindent 4 }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/service.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/service.yaml
new file mode 100644
index 00000000..65483625
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: nfd-master
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: master
+spec:
+ type: {{ .Values.master.service.type }}
+ ports:
+ - port: {{ .Values.master.service.port }}
+ targetPort: grpc
+ protocol: TCP
+ name: grpc
+ selector:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/serviceaccount.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/serviceaccount.yaml
new file mode 100644
index 00000000..e4b09bad
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "node-feature-discovery.serviceAccountName" . }}
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end -}}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/templates/worker.yaml b/kud/deployment_infra/helm/node-feature-discovery/templates/worker.yaml
new file mode 100644
index 00000000..998a0686
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/templates/worker.yaml
@@ -0,0 +1,119 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: {{ include "node-feature-discovery.fullname" . }}-worker
+ labels:
+ {{- include "node-feature-discovery.labels" . | nindent 4 }}
+ role: worker
+spec:
+ selector:
+ matchLabels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }}
+ role: worker
+ template:
+ metadata:
+ labels:
+ {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }}
+ role: worker
+ annotations:
+ {{- toYaml .Values.worker.annotations | nindent 8 }}
+ spec:
+ dnsPolicy: ClusterFirstWithHostNet
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ securityContext:
+ {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
+ containers:
+ - name: worker
+ securityContext:
+ {{- toYaml .Values.worker.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ resources:
+ {{- toYaml .Values.worker.resources | nindent 12 }}
+ command:
+ - "nfd-worker"
+ args:
+ - "--sleep-interval={{ .Values.worker.sleepTime }}s"
+ - "--server=nfd-master:{{ .Values.master.service.port }}"
+## Enable TLS authentication (1/3)
+## The example below assumes having the root certificate named ca.crt stored in
+## a ConfigMap named nfd-ca-cert, and, the TLS authentication credentials stored
+## in a TLS Secret named nfd-worker-cert
+# - "--ca-file=/etc/kubernetes/node-feature-discovery/trust/ca.crt"
+# - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key"
+# - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt"
+ volumeMounts:
+ - name: host-boot
+ mountPath: "/host-boot"
+ readOnly: true
+ - name: host-os-release
+ mountPath: "/host-etc/os-release"
+ readOnly: true
+ - name: host-sys
+ mountPath: "/host-sys"
+ readOnly: true
+ - name: source-d
+ mountPath: "/etc/kubernetes/node-feature-discovery/source.d/"
+ readOnly: true
+ - name: features-d
+ mountPath: "/etc/kubernetes/node-feature-discovery/features.d/"
+ readOnly: true
+ - name: nfd-worker-conf
+ mountPath: "/etc/kubernetes/node-feature-discovery"
+ readOnly: true
+## Enable TLS authentication (2/3)
+# - name: nfd-ca-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/trust"
+# readOnly: true
+# - name: nfd-worker-cert
+# mountPath: "/etc/kubernetes/node-feature-discovery/certs"
+# readOnly: true
+ volumes:
+ - name: host-boot
+ hostPath:
+ path: "/boot"
+ - name: host-os-release
+ hostPath:
+ path: "/etc/os-release"
+ - name: host-sys
+ hostPath:
+ path: "/sys"
+ - name: source-d
+ hostPath:
+ path: "/etc/kubernetes/node-feature-discovery/source.d/"
+ - name: features-d
+ hostPath:
+ path: "/etc/kubernetes/node-feature-discovery/features.d/"
+ - name: nfd-worker-conf
+ configMap:
+ name: {{ .Values.worker.configmapName }}
+ items:
+ - key: nfd-worker.conf
+ path: nfd-worker.conf
+## Enable TLS authentication (3/3)
+# - name: nfd-ca-cert
+# configMap:
+# name: nfd-ca-cert
+# - name: nfd-worker-cert
+# secret:
+# secretName: nfd-worker-cert
+ {{- with .Values.worker.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.worker.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.worker.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/kud/deployment_infra/helm/node-feature-discovery/values.yaml b/kud/deployment_infra/helm/node-feature-discovery/values.yaml
new file mode 100644
index 00000000..3b9091b1
--- /dev/null
+++ b/kud/deployment_infra/helm/node-feature-discovery/values.yaml
@@ -0,0 +1,225 @@
+image:
+ repository: k8s.gcr.io/nfd/node-feature-discovery
+ # This should be set to 'IfNotPresent' for released version
+ pullPolicy: IfNotPresent
+ # tag, if defined will use the given image tag, else Chart.AppVersion will be used
+ # tag
+imagePullSecrets: []
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: true
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name:
+
+nameOverride: ""
+fullnameOverride: ""
+
+master:
+ instance:
+ replicaCount: 1
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: [ "ALL" ]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ # runAsUser: 1000
+
+ service:
+ type: ClusterIP
+ port: 8080
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ nodeSelector: {}
+
+ tolerations:
+ - key: "node-role.kubernetes.io/master"
+ operator: "Equal"
+ value: ""
+ effect: "NoSchedule"
+
+ annotations: {}
+
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ preference:
+ matchExpressions:
+ - key: "node-role.kubernetes.io/master"
+ operator: In
+ values: [""]
+
+worker:
+ configmapName: nfd-worker-conf
+ config: |
+ sources:
+ custom:
+ - name: "iavf"
+ matchOn:
+ - pciId:
+ class: ["0200"]
+ vendor: ["8086"]
+ device: ["1574", "1580", "1583", "1584", "1587", "1588", "37ce", "37cf", "37d0", "37d1", "37d2", "37d3"]
+ - name: "qat"
+ matchOn:
+ - pciId:
+ class: ["0b40"]
+ vendor: ["8086"]
+ device: ["0435", "37c8", "6f54", "19e2"]
+ pci:
+ deviceClassWhitelist:
+ - "03"
+ - "12"
+ - "0200"
+ - "0b40"
+ deviceLabelFields:
+ - "class"
+ - "vendor"
+ - "device"
+ #sources:
+ # cpu:
+ # cpuid:
+ ## NOTE: whitelist has priority over blacklist
+ # attributeBlacklist:
+ # - "BMI1"
+ # - "BMI2"
+ # - "CLMUL"
+ # - "CMOV"
+ # - "CX16"
+ # - "ERMS"
+ # - "F16C"
+ # - "HTT"
+ # - "LZCNT"
+ # - "MMX"
+ # - "MMXEXT"
+ # - "NX"
+ # - "POPCNT"
+ # - "RDRAND"
+ # - "RDSEED"
+ # - "RDTSCP"
+ # - "SGX"
+ # - "SSE"
+ # - "SSE2"
+ # - "SSE3"
+ # - "SSE4.1"
+ # - "SSE4.2"
+ # - "SSSE3"
+ # attributeWhitelist:
+ # kernel:
+ # kconfigFile: "/path/to/kconfig"
+ # configOpts:
+ # - "NO_HZ"
+ # - "X86"
+ # - "DMI"
+ # pci:
+ # deviceClassWhitelist:
+ # - "0200"
+ # - "03"
+ # - "12"
+ # deviceLabelFields:
+ # - "class"
+ # - "vendor"
+ # - "device"
+ # - "subsystem_vendor"
+ # - "subsystem_device"
+ # usb:
+ # deviceClassWhitelist:
+ # - "0e"
+ # - "ef"
+ # - "fe"
+ # - "ff"
+ # deviceLabelFields:
+ # - "class"
+ # - "vendor"
+ # - "device"
+ # custom:
+ # - name: "my.kernel.feature"
+ # matchOn:
+ # - loadedKMod: ["example_kmod1", "example_kmod2"]
+ # - name: "my.pci.feature"
+ # matchOn:
+ # - pciId:
+ # class: ["0200"]
+ # vendor: ["15b3"]
+ # device: ["1014", "1017"]
+ # - pciId :
+ # vendor: ["8086"]
+ # device: ["1000", "1100"]
+ # - name: "my.usb.feature"
+ # matchOn:
+ # - usbId:
+ # class: ["ff"]
+ # vendor: ["03e7"]
+ # device: ["2485"]
+ # - usbId:
+ # class: ["fe"]
+ # vendor: ["1a6e"]
+ # device: ["089a"]
+ # - name: "my.combined.feature"
+ # matchOn:
+ # - pciId:
+ # vendor: ["15b3"]
+ # device: ["1014", "1017"]
+ # loadedKMod : ["vendor_kmod1", "vendor_kmod2"]
+
+ podSecurityContext: {}
+ # fsGroup: 2000
+
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop: [ "ALL" ]
+ readOnlyRootFilesystem: true
+ runAsNonRoot: true
+ # runAsUser: 1000
+
+ resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+ nodeSelector: {}
+
+ tolerations: {}
+
+ annotations: {}
+
+ # sleepTime is the sleep interval in seconds between consecutive worker runs
+ sleepTime: 60
+
+## RBAC parameteres
+## https://kubernetes.io/docs/reference/access-authn-authz/rbac/
+##
+rbac:
+ create: true
+ serviceAccountName:
+ ## Annotations for the Service Account
+ ##
+ serviceAccountAnnotations: {}
diff --git a/kud/deployment_infra/playbooks/kud-vars.yml b/kud/deployment_infra/playbooks/kud-vars.yml
index 51607020..c430b46f 100644
--- a/kud/deployment_infra/playbooks/kud-vars.yml
+++ b/kud/deployment_infra/playbooks/kud-vars.yml
@@ -41,10 +41,8 @@ istio_version: 1.0.3
istio_url: "https://github.com/istio/istio/releases/download/{{ istio_version }}/istio-{{ istio_version }}-linux.tar.gz"
# Intel CPU Manager for Kubernetes
-cmk_enabled: true
cmk_namespace: kube-system
cmk_use_all_hosts: false # 'true' will deploy CMK on the master nodes too
-cmk_untaint_nodes: [compute01, compute02]
cmk_shared_num_cores: 1 # number of CPU cores to be assigned to the "shared" pool on each of the nodes
cmk_exclusive_num_cores: 2 # number of CPU cores to be assigned to the "exclusive" pool on each of the nodes
cmk_git_url: "https://github.com/intel/CPU-Manager-for-Kubernetes.git"
@@ -53,8 +51,6 @@ cmk_dir: "/tmp/cmk"
registry_local_address: "localhost:5000"
cmk_pkgs: make,jq
cmk_untaint_required: true
-#cmk_shared_mode: packed # choose between: packed, spread, default: packed
-#cmk_exclusive_mode: packed # choose between: packed, spread, default: packed
go_version: '1.12.5'
kubespray_version: 2.14.1