From faabcf55428d2330078773366b0bc0791c8e0f09 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Mon, 30 Sep 2024 13:18:14 +0300 Subject: [PATCH] Device plugins 0.31 (#61) * device plugins: operator: sync with base project -Newer rbac-proxy and different origin -Limit TLS selection -Update ClusterRole Signed-off-by: Tuomas Katila * device plugins: sync crds Signed-off-by: Tuomas Katila * device plugins: qat: drop c6xxvf from defaults Signed-off-by: Tuomas Katila * device plugins: readme updates Signed-off-by: Tuomas Katila * device plugins: update version to 0.31.0 Signed-off-by: Tuomas Katila --------- Signed-off-by: Tuomas Katila --- charts/device-plugin-operator/Chart.yaml | 4 +- charts/device-plugin-operator/README.md | 5 +- ...viceplugin.intel.com_dlbdeviceplugins.yaml | 3 +- ...viceplugin.intel.com_dsadeviceplugins.yaml | 3 +- ...iceplugin.intel.com_fpgadeviceplugins.yaml | 3 +- ...viceplugin.intel.com_gpudeviceplugins.yaml | 7 +- ...viceplugin.intel.com_iaadeviceplugins.yaml | 3 +- ...viceplugin.intel.com_qatdeviceplugins.yaml | 7 +- ...viceplugin.intel.com_sgxdeviceplugins.yaml | 3 +- .../fpga.intel.com_acceleratorfunctions.yaml | 2 +- .../crds/fpga.intel.com_fpgaregions.yaml | 2 +- .../templates/operator.yaml | 165 +++--------------- charts/device-plugin-operator/values.yaml | 6 +- charts/dlb-device-plugin/Chart.yaml | 4 +- charts/dsa-device-plugin/Chart.yaml | 4 +- charts/gpu-device-plugin/Chart.yaml | 4 +- charts/iaa-device-plugin/Chart.yaml | 4 +- charts/qat-device-plugin/Chart.yaml | 4 +- charts/qat-device-plugin/README.md | 2 +- charts/qat-device-plugin/values.yaml | 1 - charts/sgx-device-plugin/Chart.yaml | 4 +- 21 files changed, 52 insertions(+), 188 deletions(-) diff --git a/charts/device-plugin-operator/Chart.yaml b/charts/device-plugin-operator/Chart.yaml index 7e0e1dc..e3e8b63 100644 --- a/charts/device-plugin-operator/Chart.yaml +++ b/charts/device-plugin-operator/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-operator description: A Helm chart for Intel Device Plugins Operator for Kubernetes type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/device-plugin-operator/README.md b/charts/device-plugin-operator/README.md index d40a116..648f7f5 100644 --- a/charts/device-plugin-operator/README.md +++ b/charts/device-plugin-operator/README.md @@ -44,8 +44,9 @@ You may also run `helm show values` on this chart's dependencies for additional |---------|-----------| | `manager.image.hub` | `intel` | | `manager.image.tag` | `` | -| `kubeRbacProxy.image.hub` | `gcr.io` | -| `kubeRbacProxy.image.tag` | `v0.16.0` | +| `kubeRbacProxy.image.hub` | `quay.io` | +| `kubeRbacProxy.image.hubRepo` | `brancz` | +| `kubeRbacProxy.image.tag` | `v0.18.1` | | `kubeRbacProxy.image.pullPolicy` | `IfNotPresent` | | `privateRegistry.registryUrl` | `` | | `privateRegistry.registryUser` | `` | diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml index 17f86b0..bfd11bf 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dlbdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -133,7 +133,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_dsadeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_dsadeviceplugins.yaml index 72a2fcf..f964961 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_dsadeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_dsadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dsadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -143,7 +143,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml index f4b7d2a..b4e6a99 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -140,7 +140,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_gpudeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_gpudeviceplugins.yaml index 4bd69c6..4dd89c0 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_gpudeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_gpudeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: gpudeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -139,9 +139,7 @@ spec: type: array type: object status: - description: |- - GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. - TODO(rojkov): consider code deduplication with QatDevicePluginStatus. + description: GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -159,7 +157,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_iaadeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_iaadeviceplugins.yaml index affa9b5..beb5c64 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_iaadeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_iaadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: iaadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -142,7 +142,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml index a6c044d..a9cb80d 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: qatdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -155,9 +155,7 @@ spec: type: array type: object status: - description: |- - QatDevicePluginStatus defines the observed state of QatDevicePlugin. - TODO(rojkov): consider code deduplication with GpuDevicePluginStatus. + description: QatDevicePluginStatus defines the observed state of QatDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -175,7 +173,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml b/charts/device-plugin-operator/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml index a6e12ae..33823b0 100644 --- a/charts/device-plugin-operator/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml +++ b/charts/device-plugin-operator/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: sgxdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -144,7 +144,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/charts/device-plugin-operator/crds/fpga.intel.com_acceleratorfunctions.yaml b/charts/device-plugin-operator/crds/fpga.intel.com_acceleratorfunctions.yaml index a0a0c8c..b0bca11 100644 --- a/charts/device-plugin-operator/crds/fpga.intel.com_acceleratorfunctions.yaml +++ b/charts/device-plugin-operator/crds/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: acceleratorfunctions.fpga.intel.com spec: group: fpga.intel.com diff --git a/charts/device-plugin-operator/crds/fpga.intel.com_fpgaregions.yaml b/charts/device-plugin-operator/crds/fpga.intel.com_fpgaregions.yaml index aed132f..0618636 100644 --- a/charts/device-plugin-operator/crds/fpga.intel.com_fpgaregions.yaml +++ b/charts/device-plugin-operator/crds/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgaregions.fpga.intel.com spec: group: fpga.intel.com diff --git a/charts/device-plugin-operator/templates/operator.yaml b/charts/device-plugin-operator/templates/operator.yaml index 5846dc1..5be8da4 100644 --- a/charts/device-plugin-operator/templates/operator.yaml +++ b/charts/device-plugin-operator/templates/operator.yaml @@ -54,6 +54,13 @@ metadata: creationTimestamp: null name: inteldeviceplugins-manager-role rules: +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get + - list - apiGroups: - "" resources: @@ -103,155 +110,11 @@ rules: - deviceplugin.intel.com resources: - dlbdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - dsadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - fpgadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - gpudeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - iaadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - iaadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - qatdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - sgxdeviceplugins verbs: - create @@ -264,12 +127,24 @@ rules: - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/finalizers + - dsadeviceplugins/finalizers + - fpgadeviceplugins/finalizers + - gpudeviceplugins/finalizers + - iaadeviceplugins/finalizers + - qatdeviceplugins/finalizers - sgxdeviceplugins/finalizers verbs: - update - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/status + - dsadeviceplugins/status + - fpgadeviceplugins/status + - gpudeviceplugins/status + - iaadeviceplugins/status + - qatdeviceplugins/status - sgxdeviceplugins/status verbs: - get @@ -469,7 +344,7 @@ spec: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - --v=10 image: "{{ .Values.kubeRbacProxy.image.hub }}/{{ .Values.kubeRbacProxy.image.hubRepo }}/kube-rbac-proxy:{{ .Values.kubeRbacProxy.image.tag }}" name: kube-rbac-proxy diff --git a/charts/device-plugin-operator/values.yaml b/charts/device-plugin-operator/values.yaml index a9d98e1..bef85a2 100644 --- a/charts/device-plugin-operator/values.yaml +++ b/charts/device-plugin-operator/values.yaml @@ -9,9 +9,9 @@ manager: kubeRbacProxy: image: - hub: gcr.io - hubRepo: kubebuilder - tag: v0.16.0 + hub: quay.io + hubRepo: brancz + tag: v0.18.1 pullPolicy: IfNotPresent privateRegistry: diff --git a/charts/dlb-device-plugin/Chart.yaml b/charts/dlb-device-plugin/Chart.yaml index 66e94fd..99e8276 100644 --- a/charts/dlb-device-plugin/Chart.yaml +++ b/charts/dlb-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-dlb description: A Helm chart for Intel DLB Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/dsa-device-plugin/Chart.yaml b/charts/dsa-device-plugin/Chart.yaml index ca66eb9..5ec811c 100644 --- a/charts/dsa-device-plugin/Chart.yaml +++ b/charts/dsa-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-dsa description: A Helm chart for Intel DSA Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/gpu-device-plugin/Chart.yaml b/charts/gpu-device-plugin/Chart.yaml index 8424a11..015d5b6 100644 --- a/charts/gpu-device-plugin/Chart.yaml +++ b/charts/gpu-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-gpu description: A Helm chart for Intel GPU Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/iaa-device-plugin/Chart.yaml b/charts/iaa-device-plugin/Chart.yaml index 2f2357b..f6249bf 100644 --- a/charts/iaa-device-plugin/Chart.yaml +++ b/charts/iaa-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-iaa description: A Helm chart for Intel IAA Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/qat-device-plugin/Chart.yaml b/charts/qat-device-plugin/Chart.yaml index d99a6de..80426b6 100644 --- a/charts/qat-device-plugin/Chart.yaml +++ b/charts/qat-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-qat description: A Helm chart for Intel QAT Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file diff --git a/charts/qat-device-plugin/README.md b/charts/qat-device-plugin/README.md index 7321aff..04b0b52 100644 --- a/charts/qat-device-plugin/README.md +++ b/charts/qat-device-plugin/README.md @@ -43,7 +43,7 @@ You may also run `helm show values` on this chart's dependencies for additional | `initImage.hub` | `intel` | | `initImage.tag` | `` | | `dpdkDriver` | `vfio-pci` | -| `kernelVfDrivers` | `c6xxvf`, `4xxxvf`, `420xxvf` | +| `kernelVfDrivers` | `4xxxvf`, `420xxvf` | | `maxNumDevices` | `128` | | `logLevel` | `4` | | `nodeFeatureRule` | `true` | diff --git a/charts/qat-device-plugin/values.yaml b/charts/qat-device-plugin/values.yaml index 4c9dcfb..98ca374 100644 --- a/charts/qat-device-plugin/values.yaml +++ b/charts/qat-device-plugin/values.yaml @@ -10,7 +10,6 @@ initImage: dpdkDriver: vfio-pci kernelVfDrivers: - - c6xxvf - 4xxxvf - 420xxvf maxNumDevices: 128 diff --git a/charts/sgx-device-plugin/Chart.yaml b/charts/sgx-device-plugin/Chart.yaml index c14b259..f9fd4cf 100644 --- a/charts/sgx-device-plugin/Chart.yaml +++ b/charts/sgx-device-plugin/Chart.yaml @@ -2,5 +2,5 @@ apiVersion: v2 name: intel-device-plugins-sgx description: A Helm chart for Intel SGX Device Plugin type: application -version: 0.30.0 -appVersion: "0.30.0" \ No newline at end of file +version: 0.31.0 +appVersion: "0.31.0" \ No newline at end of file