starlingx/app-intel-ethernet-operator
Code Issues Proposed changes

intel-ethernet-operator system app integration

Browse Source 
Initial integration of intel-ethernet-operator application.
- Add intel-ethernet-operator helm charts together with dependencies and
  fluxcd wrapper.
- Add python-k8s-app for integration with starlingx system.
- Add debian packing and other miscellaneous files.
- Add UFT (Unified Flow Tool) docker image build script.

Test Status:
- PASS: Build application .deb, generate tarball, copy to stx active
  controller.
- PASS: Build UFT image using included scripts, image is built properly
  with provided patch applied.
- PASS: Verify that app is uploaded, applied and ethernet operator as
  well as dependencies pods are created.
- PASS: Check if '/var/lib/firmware' is written to
  '/sys/module/firmware_class/parameters/path' on nodes on which fwddp
  daemon or manager pods are present, on operator deployment and after
  reboots.
- PASS: Update firmware of NIC (Network Interface Card) to any of
  supported by operator versions.
- PASS: Place requested DDP (Dynamic Device Personalization) profile
  in correct directory for ice driver to pick up.
- PASS: Create VFs (Virtual Function) using sriov-network-operator,
  create FlowConfigNodeAgent deployment, verify that UFT container
  is bound to VF0 of selected VFs pool.
- PASS: Create NodeFlowConfig and ClusterFlowConfig rules.
- PASS: App upload, apply, remove, delete verified in simplex mode.
- PASS: All sriov-network and intel-ethernet operator CRDs
  (Custom Resource Definition) are deleted before app removal in
  intel-ethernet-operator namespace.
- PASS: Check if '/sys/module/firmware_class/parameters/path' file
  is cleared after uninstall on nodes on which operator enabled
  customized firmware search path.

Failure Tests:
- PASS: Operator deployment shall fail when docker image download fails
  during system application-apply.
- PASS: Applying EthernetCLusterConfig (firmware and ddp update CR) with
  incorrect checksums shall fail.
- PASS: Applying NodeFlowConfig or ClusterFlowConfig with incorrect
  rules shall fail on webhook verification stage.
- PASS: Applying any intel-ethernet-operator CRDs when operator is not
  deployed shall fail.
- PASS: Deleting VF to which FlowConfigNodeAgent is bound shall cause
  FlowConfigNodeAgent failure.

Story: 2010562
Task: 48522

Change-Id: I1bf36c181e1dc8e1f6c37a0d0e11f234e22d42d6
Signed-off-by: Rafal Lal <rafalx.lal@intel.com>
This commit is contained in:
Rafal Lal 2023-08-01 13:32:30 +02:00
parent 8a65e4b96d
commit fe8b267b30
93 changed files with 3979 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
.zuul.yaml Normal file
View File

@ -0,0 +1,64 @@
---
- project:
check:
jobs:
- openstack-tox-linters
- k8sapp-intel-ethernet-operator-tox-py39
- k8sapp-intel-ethernet-operator-tox-pylint
- k8sapp-intel-ethernet-operator-tox-flake8
gate:
jobs:
- openstack-tox-linters
- k8sapp-intel-ethernet-operator-tox-py39
- k8sapp-intel-ethernet-operator-tox-pylint
- k8sapp-intel-ethernet-operator-tox-flake8
- job:
name: k8sapp-intel-ethernet-operator-tox-py39
parent: tox-py39
description: |
Run py39 for intel-ethernet-operator app
nodeset: debian-bullseye
required-projects:
- starlingx/config
- starlingx/fault
- starlingx/update
- starlingx/utilities
- starlingx/root
files:
- python3-k8sapp-intel-ethernet-operator/*
vars:
tox_envlist: py39
tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
- job:
name: k8sapp-intel-ethernet-operator-tox-pylint
parent: tox
description: |
Run pylint test for k8sapp_intel_ethernet_operator
required-projects:
- starlingx/config
- starlingx/fault
- starlingx/update
- starlingx/utilities
- starlingx/root
nodeset: debian-bullseye
files:
- python3-k8sapp-intel-ethernet-operator/*
vars:
tox_envlist: pylint
tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini
tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt'
- job:
name: k8sapp-intel-ethernet-operator-tox-flake8
parent: tox
description: |
Run flake8 for intel-ethernet-operator
nodeset: debian-bullseye
files:
- python3-k8sapp-intel-ethernet-operator/*
vars:
tox_envlist: flake8
tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini

10
bindep.txt Normal file
View File

@ -0,0 +1,10 @@
# This is a cross-platform list tracking distribution packages needed for install and tests;
# see https://docs.openstack.org/infra/bindep/ for additional information.
libffi-dev [platform:dpkg]
libldap2-dev [platform:dpkg]
libxml2-dev [platform:dpkg]
libxslt1-dev [platform:dpkg]
libsasl2-dev [platform:dpkg]
libffi-devel [platform:rpm]
python3-all-dev [platform:dpkg]

1
debian_build_layer.cfg Normal file
View File

@ -0,0 +1 @@
flock

1
debian_iso_image.inc Normal file
View File

@ -0,0 +1 @@
stx-intel-ethernet-operator-helm

3
debian_pkg_dirs Normal file
View File

@ -0,0 +1,3 @@
python3-k8sapp-intel-ethernet-operator
sriov-network-operator-helm
stx-intel-ethernet-operator-helm

1
debian_stable_docker_images.inc Normal file
View File

@ -0,0 +1 @@
uft-image

5
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
python3-k8sapp-intel-ethernet-operator (1.0-1) unstable; urgency=medium
* Initial release.
-- Rafal Lal <rafalx.lal@intel.com> Mon, 14 Aug 2023 14:18:00 +0000

26
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/control Normal file
View File

@ -0,0 +1,26 @@
Source: python3-k8sapp-intel-ethernet-operator
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
dh-python,
python3-all,
python3-pbr,
python3-setuptools,
python3-wheel
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: python3-k8sapp-intel-ethernet-operator
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${python3:Depends}
Description: StarlingX Sysinv Intel Ethernet Operator Extensions
This package contains sysinv plugins for the intel ethernet operator K8S app.
Package: python3-k8sapp-intel-ethernet-operator-wheels
Section: libs
Architecture: any
Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel
Description: StarlingX Sysinv Intel Ethernet Operator Extension Wheels
This package contains python wheels for the intel ethernet operator K8S app plugins.

41
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: python3-k8sapp-intel-ethernet-operator
Source: https://opendev.org/starlingx/app-intel-ethernet-operator/
Files: *
Copyright: (c) 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

1
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator-wheels.install Normal file
View File

@ -0,0 +1 @@
plugins/*.whl

1
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator.install Normal file
View File

@ -0,0 +1 @@
usr/lib/python3/dist-packages/k8sapp_*

31
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/rules Normal file
View File

@ -0,0 +1,31 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export APP_NAME = intel-ethernet-operator
export PYBUILD_NAME = k8sapp-intel-ethernet-operator
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export MAJOR = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-')
export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export PBR_VERSION = $(MAJOR).$(MINOR_PATCH)
export ROOT = $(CURDIR)/debian/tmp
export SKIP_PIP_INSTALL = 1
%:
dh $@ --with=python3 --buildsystem=pybuild
override_dh_auto_install:
python3 setup.py install \
--install-layout=deb \
--root $(ROOT)
python3 setup.py bdist_wheel \
--universal \
-d $(ROOT)/plugins
override_dh_python3:
dh_python3 --shebang=/usr/bin/python3
override_dh_auto_test:
PYTHONDIR=$(CURDIR) stestr run

1
python3-k8sapp-intel-ethernet-operator/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

9
python3-k8sapp-intel-ethernet-operator/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,9 @@
---
debname: python3-k8sapp-intel-ethernet-operator
debver: 1.0-1
src_path: k8sapp_intel_ethernet_operator
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd
SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator

35
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.gitignore vendored Normal file
View File

@ -0,0 +1,35 @@
# Compiled files
*.py[co]
*.a
*.o
*.so
# Sphinx
_build
doc/source/api/
# Packages/installer info
*.egg
*.egg-info
dist
build
eggs
parts
var
sdist
develop-eggs
.installed.cfg
# Other
*.DS_Store
.stestr
.testrepository
.tox
.venv
.*.swp
.coverage
bandit.xml
cover
AUTHORS
ChangeLog
*.sqlite

4
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.stestr.conf Normal file
View File

@ -0,0 +1,4 @@
[DEFAULT]
test_path=./k8sapp_intel_ethernet_operator/tests
top_dir=./k8sapp_intel_ethernet_operator
#parallel_class=True

202
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/LICENSE Normal file
View File

@ -0,0 +1,202 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright 2023 Intel Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

7
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/README.rst Normal file
View File

@ -0,0 +1,7 @@
k8sapp-intel-ethernet-operator
==============================
This project contains StarlingX Kubernetes application specific python plugins
for the intel-ethernet-operator. These plugins are required to integrate the intel
ethernet operator application into the StarlingX application framework and to
support the various StarlingX deployments.

0
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/__init__.py Normal file
View File

0
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/__init__.py Normal file
View File

76
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/constants.py Normal file
View File

@ -0,0 +1,76 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
# Application Name
HELM_APP_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator"
# Namespace to deploy the application
HELM_NS_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator"
# Helm: Supported charts:
# These values match the names in the chart package's Chart.yaml
HELM_CHART_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator"
HELM_CHART_SRIOV_NETWORK_OPERATOR = "sriov-network-operator"
HELM_COMPONENT_LABEL_INTEL_ETHERNET_OPERATOR = "app.starlingx.io/component"
CUSTOM_RESOURCES_LIST = [
"nodeflowconfigs.flowconfig.intel.com",
"clusterflowconfigs.flowconfig.intel.com",
"flowconfignodeagentdeployments.flowconfig.intel.com",
"sriovibnetworks.sriovnetwork.openshift.io",
"sriovnetworks.sriovnetwork.openshift.io",
"sriovnetworkpoolconfigs.sriovnetwork.openshift.io",
"sriovnetworknodepolicies.sriovnetwork.openshift.io",
"ethernetclusterconfigs.ethernet.intel.com",
"ethernetnodeconfigs.ethernet.intel.com",
]
ETHERNET_OPERATOR_PRESENT_LABEL = "ethernet.intel.com/intel-ethernet-present"
ALT_FW_SEARCH_PATH_DISABLE_JOB = {
"apiVersion": "batch/v1",
"kind": "Job",
"metadata": {
"name": "",
"namespace": HELM_NS_INTEL_ETHERNET_OPERATOR,
},
"spec": {
"template": {
"spec": {
"containers": [
{
"name": "alt-fw-search-path-disabler",
"image": "docker.io/redhat/ubi9-micro:9.2-5",
"command": [
"/bin/bash",
"-c",
"head -c 1 /dev/zero | tee /host/sys/module/firmware_class/parameters/path >/dev/null",
],
"securityContext": {
"privileged": True,
"runAsUser": 0,
"readOnlyRootFilesystem": True,
},
"volumeMounts": [
{
"name": "firmware-class",
"mountPath": "/host/sys/module/firmware_class/parameters",
}
],
}
],
"volumes": [
{
"name": "firmware-class",
"hostPath": {
"path": "/sys/module/firmware_class/parameters"
},
}
],
"restartPolicy": "Never",
"nodeName": "",
}
}
},
}

0
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/__init__.py Normal file
View File

36
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/intel_ethernet_operator.py Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_intel_ethernet_operator.common import constants as app_constants
class IntelEthernetOperatorHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the Intel Ethernet Operator chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + [
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR
]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR: base.BaseHelm.SUPPORTED_NAMESPACES
+ [app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR],
}
CHART = app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR
SERVICE_NAME = app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR: {}}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART, namespace=namespace)
else:
return overrides

36
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/sriov_network_operator.py Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
from sysinv.common import exception
from sysinv.helm import base
from k8sapp_intel_ethernet_operator.common import constants as app_constants
class SriovNetworkOperatorHelm(base.FluxCDBaseHelm):
"""Class to encapsulate helm operations for the Sriov Network Operator chart"""
SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + [
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR
]
SUPPORTED_APP_NAMESPACES = {
app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR: base.BaseHelm.SUPPORTED_NAMESPACES
+ [app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR],
}
CHART = app_constants.HELM_CHART_SRIOV_NETWORK_OPERATOR
SERVICE_NAME = app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR
def get_namespaces(self):
return self.SUPPORTED_NAMESPACES
def get_overrides(self, namespace=None):
overrides = {app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR: {}}
if namespace in self.SUPPORTED_NAMESPACES:
return overrides[namespace]
elif namespace:
raise exception.InvalidHelmNamespace(chart=self.CHART, namespace=namespace)
else:
return overrides

0
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/__init__.py Normal file
View File

303
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/lifecycle_intel_ethernet_operator.py Normal file
View File

@ -0,0 +1,303 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
""" System inventory App lifecycle operator."""
from k8sapp_intel_ethernet_operator.common import constants as app_constants
from oslo_log import log as logging
from sysinv.common import constants
from sysinv.common import exception
from sysinv.common import kubernetes
from sysinv.common import utils as cutils
from sysinv.helm import lifecycle_base as base
from sysinv.helm.lifecycle_constants import LifecycleConstants
import yaml
import re
LOG = logging.getLogger(__name__)
class IntelEthernetOperatorAppLifecycleOperator(base.AppLifecycleOperator):
def app_lifecycle_actions(
self, context, conductor_obj, app_op, app, hook_info
):
"""Perform lifecycle actions for an operation
:param context: request context, can be None
:param conductor_obj: conductor object, can be None
:param app_op: AppOperator object
:param app: AppOperator.Application object
:param hook_info: LifecycleHookInfo object
"""
if (
hook_info.lifecycle_type
== constants.APP_LIFECYCLE_TYPE_FLUXCD_REQUEST
):
if hook_info.operation == constants.APP_APPLY_OP:
if (
hook_info.relative_timing
== constants.APP_LIFECYCLE_TIMING_POST
):
return self.post_apply(app_op, app, hook_info)
if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == constants.APP_REMOVE_OP:
if (
hook_info.relative_timing
== constants.APP_LIFECYCLE_TIMING_PRE
):
return self.pre_remove(app)
if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION:
if hook_info.operation == constants.APP_REMOVE_OP:
if (
hook_info.relative_timing
== constants.APP_LIFECYCLE_TIMING_POST
):
return self.post_remove(app)
super(
IntelEthernetOperatorAppLifecycleOperator, self
).app_lifecycle_actions(context, conductor_obj, app_op, app, hook_info)
def post_apply(self, app_op, app, hook_info):
if LifecycleConstants.EXTRA not in hook_info:
raise exception.LifecycleMissingInfo(
"Missing {}".format(LifecycleConstants.EXTRA)
)
if (
LifecycleConstants.RETURN_CODE
not in hook_info[LifecycleConstants.EXTRA]
):
raise exception.LifecycleMissingInfo(
"Missing {} {}".format(
LifecycleConstants.EXTRA, LifecycleConstants.RETURN_CODE
)
)
# Raise a specific exception to be caught by the
# retry decorator and attempt a re-apply
if not hook_info[LifecycleConstants.EXTRA][
LifecycleConstants.RETURN_CODE
] and not app_op.is_app_aborted(app.name):
LOG.info("%s app failed applying. Retrying." % str(app.name))
raise exception.ApplicationApplyFailure(name=app.name)
dbapi_instance = app_op._dbapi
db_app_id = dbapi_instance.kube_app_get(app.name).id
client_core = app_op._kube._get_kubernetesclient_core()
component_constant = (
app_constants.HELM_COMPONENT_LABEL_INTEL_ETHERNET_OPERATOR
)
# chart overrides
chart_overrides = self._get_helm_user_overrides(
dbapi_instance, db_app_id
)
override_label = {}
# Namespaces variables
namespace = client_core.read_namespace(
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR
)
# Old namespace variable
old_namespace_label = (
namespace.metadata.labels.get(component_constant)
if component_constant in namespace.metadata.labels
else None
)
if component_constant in chart_overrides:
# User Override variables
dict_chart_overrides = yaml.safe_load(chart_overrides)
override_label = dict_chart_overrides.get(component_constant)
if override_label == "application":
namespace.metadata.labels.update(
{component_constant: "application"}
)
app_op._kube.kube_patch_namespace(
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace
)
elif override_label == "platform":
namespace.metadata.labels.update({component_constant: "platform"})
app_op._kube.kube_patch_namespace(
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace
)
elif not override_label:
namespace.metadata.labels.update({component_constant: "platform"})
app_op._kube.kube_patch_namespace(
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace
)
else:
LOG.info(
f"WARNING: Namespace label {override_label} not supported"
)
namespace_label = namespace.metadata.labels.get(component_constant)
if old_namespace_label != namespace_label:
self._delete_security_profiles_operator_pods(app_op, client_core)
def pre_remove(self, app):
LOG.debug(
"Executing pre_remove for {} app".format(
app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR
)
)
LOG.debug("{} app: pre_remove".format(app.name))
# To prevent namespace finalizer from waiting indefinitely,
# we need to ensure that the custom resources are deleted
for custom_resource in app_constants.CUSTOM_RESOURCES_LIST:
cmd = [
"kubectl",
"--kubeconfig",
kubernetes.KUBERNETES_ADMIN_CONF,
"delete",
"--all",
custom_resource,
"-n",
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR,
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(
"{} app: cmd={} stdout={} stderr={}".format(
app.name, cmd, stdout, stderr
)
)
# Create Job that disables customized firmware search path on nodes with
# ethernet.intel.com/intel-ethernet-present label (fwddp pod present)
# and nodes with intel-ethernet-operator-controller-manager pod present
cmd = [
"kubectl",
"--kubeconfig",
kubernetes.KUBERNETES_ADMIN_CONF,
"get",
"nodes",
"-l",
"ethernet.intel.com/intel-ethernet-present",
"-o",
"jsonpath='{.items[*].metadata.name}'",
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(
"{} app: cmd={} stdout={} stderr={}".format(
app.name, cmd, stdout, stderr
)
)
label_present_nodes = stdout.replace("'", "")
label_present_nodes_list = label_present_nodes.split()
cmd = [
"kubectl",
"--kubeconfig",
kubernetes.KUBERNETES_ADMIN_CONF,
"get",
"pods",
"-o",
"wide",
"-n",
"intel-ethernet-operator",
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(
"{} app: cmd={} stdout={} stderr={}".format(
app.name, cmd, stdout, stderr
)
)
manager_present_nodes = stdout.replace("'", "")
manager_present_nodes_list = []
matches = re.findall(
r"intel-ethernet-operator-controller-manager.*",
manager_present_nodes,
)
for match in matches:
manager_present_nodes_list.append(match.split()[6])
# merge lists and remove duplicates
alt_fw_enabled_nodes = list(
set(label_present_nodes_list + manager_present_nodes_list)
)
for node in alt_fw_enabled_nodes:
app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB["metadata"][
"name"
] = ("alt-fw-search-path-disabler-" + node)
app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB["spec"]["template"][
"spec"
]["nodeName"] = node
disable_job = yaml.dump(
app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB, sort_keys=False
)
disable_job = disable_job.encode("utf-8")
cmd = [
"kubectl",
"--kubeconfig",
kubernetes.KUBERNETES_ADMIN_CONF,
"apply",
"-f",
"-",
]
stdout, stderr = cutils.trycmd(*cmd, process_input=disable_job)
LOG.debug(
"{} app: cmd={} stdout={} stderr={}".format(
app.name, cmd, stdout, stderr
)
)
def post_remove(self, app):
LOG.debug(
"Executing post_remove for {} app".format(
app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR
)
)
cmd = [
"kubectl",
"--kubeconfig",
kubernetes.KUBERNETES_ADMIN_CONF,
"delete",
"namespace",
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR,
]
stdout, stderr = cutils.trycmd(*cmd)
LOG.debug(
"{} app: cmd={} stdout={} stderr={}".format(
app.name, cmd, stdout, stderr
)
)
def _get_helm_user_overrides(self, dbapi_instance, db_app_id):
try:
overrides = dbapi_instance.helm_override_get(
app_id=db_app_id,
name=app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR,
namespace=app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR,
)
except exception.HelmOverrideNotFound:
values = {
"name": app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR,
"namespace": app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR,
"db_app_id": db_app_id,
}
overrides = dbapi_instance.helm_override_create(values=values)
return overrides.user_overrides or ""
def _delete_security_profiles_operator_pods(self, app_op, client_core):
# pod list
system_pods = client_core.list_namespaced_pod(
app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR
)
# On namespace label change delete pods to force restart
for pod in system_pods.items:
app_op._kube.kube_delete_pod(
name=pod.metadata.name,
namespace=app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR,
grace_periods_seconds=0,
)

0
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/__init__.py Normal file
View File

26
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_intel_ethernet_operator.py Normal file
View File

@ -0,0 +1,26 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
from k8sapp_intel_ethernet_operator.tests import test_plugins
from sysinv.tests.db import base as dbbase
from sysinv.db import api as dbapi
from sysinv.tests.db import utils as dbutils
from sysinv.tests.helm import base
class IntelEthernetOperatorTestCase(
test_plugins.K8SAppIntelEthernetOperatorAppMixin, base.HelmTestCaseMixin
):
def setUp(self):
super(IntelEthernetOperatorTestCase, self).setUp()
self.app = dbutils.create_test_app(name="intel-ethernet-operator")
self.dbapi = dbapi.get_instance()
class IntelEthernetOperatorTestCaseDummy(
IntelEthernetOperatorTestCase, dbbase.ProvisionedControllerHostTestCase
):
# without a test zuul will fail
def test_dummy(self):
pass

36
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_plugins.py Normal file
View File

@ -0,0 +1,36 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
from sysinv.tests.db import base as dbbase
class K8SAppIntelEthernetOperatorAppMixin(object):
def setUp(self):
super(K8SAppIntelEthernetOperatorAppMixin, self).setUp()
# Test Configuration:
# - Controller
# - IPv6
# - Ceph Storage
# - intel-ethernet-operator app
class K8SAppIntelEthernetOperatorControllerTestCase(
K8SAppIntelEthernetOperatorAppMixin,
dbbase.BaseIPv6Mixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.ControllerHostTestCase,
):
pass
# Test Configuration:
# - AIO
# - IPv4
# - Ceph Storage
# - intel-ethernet-operator-app
class K8SAppIntelEthernetOperatorAIOTestCase(
K8SAppIntelEthernetOperatorAppMixin,
dbbase.BaseCephStorageBackendMixin,
dbbase.AIOSimplexHostTestCase,
):
pass

336
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/pylint.rc Normal file
View File

@ -0,0 +1,336 @@
[MASTER]
# Specify a configuration file.
rcfile=pylint.rc
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. Should be base names, not paths.
ignore=
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Use multiple processes to speed up Pylint.
jobs=4
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=lxml.etree,greenlet
[MESSAGES CONTROL]
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once).
# See "Messages Control" section of
# https://pylint.readthedocs.io/en/latest/user_guide
disable=
# C codes refer to Convention
C0103, # invalid-name
C0104, # disallowed-nameA
C0112, # empty-docstring
C0114, # missing-module-docstring
C0115, # missing-class-docstring
C0116, # missing-function-docstring
C0123, # unidiomatic-typecheck !!!
C0201, # consider-iterating-dictionary
C0202, # bad-classmethod-argument
C0206, # consider-using-dict-items
C0207, # use-maxsplit-arg
C0209, # consider-using-f-string
C0301, # line-too-long
C0302, # too-many-lines
C0325, # superfluous-parens
C0411, # wrong-import-order
C0412, # ungrouped-imports
C0413, # wrong-import-position
C0414, # useless-import-alias !!!
C0415, # import-outside-toplevel
C1802, # use-implicit-booleaness-not-len !!!
C2801, # unnecessary-dunder-call !!!
C3002, # unnecessary-direct-lambda-call !!!
# R codes refer to refactoring
R0022, # useless-option-value !!!
R0205, # useless-object-inheritance
R0402, # consider-using-from-import
R0901, # too-many-ancestors
R0902, # too-many-instance-attributes
R0903, # too-few-public-methods
R0904, # too-many-public-methods
R0911, # too-many-return-statements
R0912, # too-many-branches
R0913, # too-many-arguments
R0914, # too-many-locals
R0915, # too-many-statements
R0916, # too-many-boolean-expressions
R1702, # too-many-nested-blocks
R1703, # simplifiable-if-statement
R1704, # redefined-argument-from-local !!!
R1705, # no-else-return
R1707, # trailing-comma-tuple !!!
R1708, # stop-iteration-return !!!
R1710, # inconsistent-return-statements
R1711, # useless-return
R1714, # consider-using-in
R1717, # consider-using-dict-comprehension !!!
R1718, # consider-using-set-comprehension
R1719, # simplifiable-if-expression
R1720, # no-else-raise
R1721, # unnecessary-comprehension
R1722, # consider-using-sys-exit !!!
R1723, # no-else-break
R1724, # no-else-continue
R1725, # super-with-arguments
R1726, # simplifiable-condition !!!
R1728, # consider-using-generator
R1729, # use-a-generator
R1730, # consider-using-min-builtin !!!
R1731, # consider-using-max-builtin !!!
R1732, # consider-using-with
R1733, # unnecessary-dict-index-lookup !!
R1734, # use-list-literal
R1735, # use-dict-literal
# W codes are warnings
W0101, # unreachable
W0105, # pointless-string-statement
W0106, # expression-not-assigned
W0107, # unnecessary-pass
W0108, # unnecessary-lambda
W0109, # duplicate-key !!!
W0123, # eval-used
W0125, # using-constant-test !!!
W0133, # pointless-exception-statement !!!
W0143, # comparison-with-callable !!!
W0150, # lost-exception
W0201, # attribute-defined-outside-init
W0211, # bad-staticmethod-argument
W0212, # protected-access
W0221, # arguments-differ
W0223, # abstract-method
W0231, # super-init-not-called
W0235, # useless-super-delegation
W0237, # arguments-renamed !!!
W0311, # bad-indentation
W0402, # deprecated-module
W0404, # reimported
W0511, # fixme
W0602, # global-variable-not-assigned !!!
W0603, # global-statement
W0612, # unused-variable
W0613, # unused-argument
W0621, # redefined-outer-name
W0622, # redefined-builtin
W0631, # undefined-loop-variable
W0703, # broad-except (pylint 2.16 renamed to broad-except-caught)
W0706, # try-except-raise
W0707, # raise-missing-from
W0719, # broad-exception-raised
W1113, # keyword-arg-before-vararg
W1310, # format-string-without-interpolation !!!
W1401, # anomalous-backslash-in-string
W1406, # redundant-u-string-prefix
W1505, # deprecated-method
W1514, # unspecified-encoding
W3101, # missing-timeout
E0601, # used-before-assignment !!!
E0605, # invalid-all-format !!!
E1101, # no-member
E1111, # assignment-from-no-return
E1121, # too-many-function-args !!!
E1123, # unexpected-keyword-arg !!!
E1136, # unsubscriptable-object !!!
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html
output-format=text
# Tells whether to display a full report or only the messages
reports=no
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=85
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab).
indent-string=' '
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis
ignored-modules=distutils,eventlet.green.subprocess,six,six.moves
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set).
# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types
# ie: (unprovisioned, identity)
# LookupDict in requests library confuses pylint
ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local,
Table, unprovisioned, identity, LookupDict
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E0201 when accessed. Python regular
# expressions are accepted.
generated-members=REQUEST,acl_users,aq_parent
[BASIC]
# Regular expression which should only match correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression which should only match correct module level names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression which should only match correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Regular expression which should only match correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct instance attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match correct list comprehension /
# generator expression variable names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Regular expression which should only match functions or classes name which do
# not require a docstring
no-docstring-rgx=__.*__
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the beginning of the name of dummy variables
# (i.e. not used).
dummy-variables-rgx=_|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,string,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Maximum number of locals for function / method body
max-locals=15
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of branch for function / method body
max-branches=12
# Maximum number of statements in function / method body
max-statements=50
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
[EXCEPTIONS]
# Exceptions that will emit a warning when caught.
overgeneral-exceptions=builtins.BaseException,builtins.Exception

2
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/requirements.txt Normal file
View File

@ -0,0 +1,2 @@
pbr>=2.0.0
PyYAML>=3.10

44
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.cfg Normal file
View File

@ -0,0 +1,44 @@
[metadata]
name = k8sapp-intel-ethernet-operator
summary = StarlingX sysinv extensions for intel ethernet operator
long_description = file: README.rst
long_description_content_type = text/x-rst
license = Apache 2.0
author = StarlingX
author-email = starlingx-discuss@lists.starlingx.io
home-page = https://www.starlingx.io/
classifier =
Environment :: OpenStack
Intended Audience :: Information Technology
Intended Audience :: System Administrators
License :: OSI Approved :: Apache Software License
Operating System :: POSIX :: Linux
Programming Language :: Python
Programming Language :: Python :: 2
Programming Language :: Python :: 2.7
Programming Language :: Python :: 3
Programming Language :: Python :: 3.4
Programming Language :: Python :: 3.5
Programming Language :: Python :: 3.9
[files]
packages =
k8sapp_intel_ethernet_operator
[global]
setup-hooks =
pbr.hooks.setup_hook
[entry_points]
systemconfig.helm_applications =
intel-ethernet-operator = systemconfig.helm_plugins.intel_ethernet_operator
systemconfig.helm_plugins.intel-ethernet-operator =
001_intel-ethernet-operator = k8sapp_intel_ethernet_operator.helm.intel_ethernet_operator:IntelEthernetOperatorHelm
002_sriov-network-operator = k8sapp_intel_ethernet_operator.helm.sriov_network_operator:SriovNetworkOperatorHelm
systemconfig.app_lifecycle =
intel-ethernet-operator = k8sapp_intel_ethernet_operator.lifecycle.lifecycle_intel_ethernet_operator:IntelEthernetOperatorAppLifecycleOperator
[wheel]
universal = 1

6
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.py Normal file
View File

@ -0,0 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
import setuptools
setuptools.setup(setup_requires=["pbr>=2.0.0"], pbr=True)

20
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/test-requirements.txt Normal file
View File

@ -0,0 +1,20 @@
# The order of packages is significant, because pip processes them in the order
# of appearance. Changing the order has an impact on the overall integration
# process, which may cause wedges in the gate later.
hacking>=1.1.0,<=2.0.0 # Apache-2.0
astroid
bandit<1.7.2;python_version>="3.0"
coverage>=3.6
fixtures>=3.0.0 # Apache-2.0/BSD
mock>=2.0.0 # BSD
python-subunit>=0.0.18
requests-mock>=0.6.0 # Apache-2.0
sphinx
oslosphinx
oslotest>=3.2.0 # Apache-2.0
stestr>=1.0.0 # Apache-2.0
testrepository>=0.0.18
testtools!=1.2.0,>=0.9.36
isort<5;python_version>="3.0"
pylint
pycryptodomex

183
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini Normal file
View File

@ -0,0 +1,183 @@
[tox]
envlist = flake8,py39,pylint
minversion = 1.6
skipsdist = True
# tox does not work if the path to the workdir is too long, so move it to /tmp
# tox 3.1.0 adds TOX_LIMITED_SHEBANG
toxworkdir = /tmp/{env:USER}_k8sapp_intel_ethernet_operatortox
stxdir = {toxinidir}/../../..
distshare={toxworkdir}/.tox/distshare
[testenv]
basepython = python3.9
usedevelop = True
# tox is silly... these need to be separated by a newline....
allowlist_externals = bash
find
install_command = pip install -v -v -v \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
{opts} {packages}
# Note the hash seed is set to 0 until can be tested with a
# random hash seed successfully.
setenv = VIRTUAL_ENV={envdir}
PYTHONHASHSEED=0
PIP_RESOLVER_DEBUG=1
PYTHONDONTWRITEBYTECODE=1
OS_TEST_PATH=./k8sapp_intel_ethernet_operator/tests
LANG=en_US.UTF-8
LANGUAGE=en_US:en
LC_ALL=C
EVENTS_YAML=./k8sapp_intel_ethernet_operator/tests/events_for_testing.yaml
SYSINV_TEST_ENV=True
TOX_WORK_DIR={toxworkdir}
PYLINTHOME={toxworkdir}
deps = -r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
-e{[tox]stxdir}/config/tsconfig/tsconfig
-e{[tox]stxdir}/fault/fm-api/source
-e{[tox]stxdir}/fault/python-fmclient/fmclient
-e{[tox]stxdir}/config/controllerconfig/controllerconfig
-e{[tox]stxdir}/update/sw-patch/cgcs-patch
-e{[tox]stxdir}/utilities/utilities/platform-util/platform-util
-e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient
-e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client
-e{[tox]stxdir}/config/sysinv/sysinv/sysinv
commands =
find . -type f -name "*.pyc" -delete
[flake8]
# H series are hacking
# H101 is TODO
# H102 is apache license
# H104 file contains only comments (ie: license)
# H105 author tags
# H306 imports not in alphabetical order
# H401 docstring should not start with a space
# H403 multi line docstrings should end on a new line
# H404 multi line docstring should start without a leading new line
# H405 multi line docstring summary not separated with an empty line
# H701 Empty localization string
# H702 Formatting operation should be outside of localization method call
# H703 Multiple positional placeholders
# B series are bugbear
# B006 Do not use mutable data structures for argument defaults. Needs to be FIXED.
# B007 Loop control variable not used within the loop body.
# B009 Do not call getattr with a constant attribute value
# B010 Do not call setattr with a constant attribute value
# B012 return/continue/break inside finally blocks cause exceptions to be silenced
# B014 Redundant exception types
# B301 Python 3 does not include `.iter*` methods on dictionaries. (this should be suppressed on a per line basis)
# W series are warnings
# W503 line break before binary operator
# W504 line break after binary operator
# W605 invalid escape sequence
# E series are pep8
# E117 over-indented
# E126 continuation line over-indented for hanging indent
# E127 continuation line over-indented for visual indent
# E128 continuation line under-indented for visual indent
# E402 module level import not at top of file
# E741 ambiguous variable name
ignore = H101,H102,H104,H105,H306,H401,H403,H404,H405,H701,H702,H703,
B006,B007,B009,B010,B012,B014,B301
W503,W504,W605,
E117,E126,E127,E128,E402,E741
exclude = build,dist,tools,.eggs
max-line-length=120
[testenv:flake8]
deps = -r{toxinidir}/test-requirements.txt
commands =
flake8 {posargs} .
[testenv:py39]
commands =
stestr run {posargs}
stestr slowest
[testenv:pep8]
# testenv:flake8 clone
deps = -r{toxinidir}/test-requirements.txt
commands = {[testenv:flake8]commands}
[testenv:venv]
commands = {posargs}
[bandit]
# The following bandit tests are being skipped:
# B101: Test for use of assert
# B103: Test for setting permissive file permissions
# B104: Test for binding to all interfaces
# B105: Test for use of hard-coded password strings
# B108: Test for insecure usage of tmp file/directory
# B110: Try, Except, Pass detected.
# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function.
# B307: Blacklisted call to eval.
# B310: Audit url open for permitted schemes
# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes
# B314: Blacklisted calls to xml.etree.ElementTree
# B318: Blacklisted calls to xml.dom.minidom
# B320: Blacklisted calls to lxml.etree
# B404: Import of subprocess module
# B405: import xml.etree
# B408: import xml.minidom
# B410: import lxml
# B506: Test for use of yaml load
# B602: Test for use of popen with shell equals true
# B603: Test for use of subprocess without shell equals true
# B604: Test for any function with shell equals true
# B605: Test for starting a process with a shell
# B607: Test for starting a process with a partial path
# B608: Possible SQL injection vector through string-based query
#
# Note: 'skips' entry cannot be split across multiple lines
#
skips = B101,B103,B104,B105,B108,B110,B303,B307,B310,B311,B314,B318,B320,B404,B405,B408,B410,B506,B602,B603,B604,B605,B607,B608
exclude = tests
[testenv:bandit]
deps = -r{toxinidir}/test-requirements.txt
commands = bandit --ini tox.ini -n 5 -r k8sapp_intel_ethernet_operator
[testenv:pylint]
install_command = pip install -v -v -v \
-c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \
{opts} {packages}
commands =
pylint {posargs} k8sapp_intel_ethernet_operator --rcfile=./pylint.rc
[testenv:cover]
# not sure is passenv is still needed
passenv = CURL_CA_BUNDLE
deps = {[testenv]deps}
setenv = {[testenv]setenv}
PYTHON=coverage run --parallel-mode
commands =
{[testenv]commands}
coverage erase
stestr run {posargs}
coverage combine
coverage html -d cover
coverage xml -o cover/coverage.xml
coverage report
[testenv:pip-missing-reqs]
# do not install test-requirements as that will pollute the virtualenv for
# determining missing packages
# this also means that pip-missing-reqs must be installed separately, outside
# of the requirements.txt files
deps = pip_missing_reqs
-rrequirements.txt
commands=pip-missing-reqs -d --ignore-file=/k8sapp_intel_ethernet_operator/tests k8sapp_intel_ethernet_operator

1
python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/upper-constraints.txt Normal file
View File

@ -0,0 +1 @@
# Override upstream constraints based on StarlingX load

1
requirements.txt Normal file
View File

@ -0,0 +1 @@
# Nothing

5
sriov-network-operator-helm/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
sriov-network-operator-helm (1.2-0) unstable; urgency=medium
* Initial release.
-- Rafal Lal <rafalx.lal@intel.com> Mon, 14 Aug 2023 14:18:00 +0000

15
sriov-network-operator-helm/debian/deb_folder/control Normal file
View File

@ -0,0 +1,15 @@
Source: sriov-network-operator-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: sriov-network-operator-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Sriov Network Operator Helm Charts
This package contains helm charts for the Sriov Network Operator application.

41
sriov-network-operator-helm/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: sriov-network-operator-helm
Source: https://opendev.org/starlingx/app-intel-ethernet-operator/
Files: *
Copyright: (c) 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

80
sriov-network-operator-helm/debian/deb_folder/patches/0001-sriov-network-operator-delete-existing-crd.patch Normal file
View File

@ -0,0 +1,80 @@
From dbe50139fe33e5337ce8d017e7f81d1f863e799f Mon Sep 17 00:00:00 2001
From: Rafal Lal <rafalx.lal@intel.com>
Date: Fri, 25 Aug 2023 14:54:47 +0200
Subject: [PATCH] sriov-network-operator: delete NetworkAttachmentDefinition CRD
This patch deletes mentioned CRD, because the same exact version is
already installed in cluster by sriov-device-plugin, which is present on
StarlingX by default.
Signed-off-by: Rafal Lal <rafalx.lal@intel.com>
---
...f.io_networkattachmentdefinitions_crd.yaml | 57 -------------------
1 file changed, 57 deletions(-)
delete mode 100644 deployment/sriov-network-operator/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml
diff --git a/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml b/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml
deleted file mode 100644
index 5916055f..00000000
--- a/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml
+++ /dev/null
@@ -1,57 +0,0 @@
-# Copyright 2020 NVIDIA
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- name: network-attachment-definitions.k8s.cni.cncf.io
-spec:
- group: k8s.cni.cncf.io
- scope: Namespaced
- names:
- plural: network-attachment-definitions
- singular: network-attachment-definition
- kind: NetworkAttachmentDefinition
- shortNames:
- - net-attach-def
- versions:
- - name: v1
- served: true
- storage: true
- schema:
- openAPIV3Schema:
- description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
- Working Group to express the intent for attaching pods to one or more logical or physical
- networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
- type: object
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this represen
- tation of an object. Servers should convert recognized schemas to the
- latest internal value, and may reject unrecognized values. More info:
- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
- type: object
- properties:
- config:
- description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
- type: string
--
2.34.1

38
sriov-network-operator-helm/debian/deb_folder/patches/0002-sriov-network-operator-fix-pull-image-error.patch Normal file
View File

@ -0,0 +1,38 @@
From e0b1258d97e60ffae29788af67158c82e5e039b8 Mon Sep 17 00:00:00 2001
From: Rafal Lal <rafalx.lal@intel.com>
Date: Fri, 25 Aug 2023 15:09:58 +0200
Subject: [PATCH] sriov-network-operator: fix pull image error
This patch consists of adding imagePullSecrets with name
default-registry-key only in ServiceAccounts.
It's necessary because without it the system can't use the
images from the registry local.
Signed-off-by: Rafal Lal <rafalx.lal@intel.com>
---
templates/serviceaccount.yaml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml
index fc0bb570..7ab5b465 100644
--- a/templates/serviceaccount.yaml
+++ b/templates/serviceaccount.yaml
@@ -1,5 +1,7 @@
apiVersion: v1
kind: ServiceAccount
+imagePullSecrets:
+ - name: default-registry-key
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
@@ -8,6 +10,8 @@ metadata:
---
apiVersion: v1
kind: ServiceAccount
+imagePullSecrets:
+ - name: default-registry-key
metadata:
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
--
2.34.1

2
sriov-network-operator-helm/debian/deb_folder/patches/series Normal file
View File

@ -0,0 +1,2 @@
0001-sriov-network-operator-delete-existing-crd.patch
0002-sriov-network-operator-fix-pull-image-error.patch

20
sriov-network-operator-helm/debian/deb_folder/rules Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/make -f
export DH_VERBOSE = 1
export ROOT = debian/tmp
export APP_FOLDER = $(ROOT)/usr/lib/helm
%:
dh $@
override_dh_auto_build:
mkdir -p sriov-network-operator
mv Chart.yaml README.md crds templates values.yaml sriov-network-operator
make sriov-network-operator
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 sriov-network-operator*.tgz $(APP_FOLDER)
override_dh_auto_test:

1
sriov-network-operator-helm/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

1
sriov-network-operator-helm/debian/deb_folder/sriov-network-operator-helm.install Normal file
View File

@ -0,0 +1 @@
usr/lib/helm/*

14
sriov-network-operator-helm/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,14 @@
---
debname: sriov-network-operator-helm
debver: 1.2-0
dl_path:
name: sriov-network-operator-1.2.0.tar.gz
url: https://github.com/k8snetworkplumbingwg/sriov-network-operator/releases/download/v1.2.0/sriov-network-operator-1.2.0.tgz
sha256sum: 7aabe8eae545fb14288d05b6271326a2c2bfdec1e5e2d1250821baca83b37cc8
src_files:
- sriov-network-operator-helm/files/Makefile
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd
SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator/sriov-network-operator-helm

43
sriov-network-operator-helm/sriov-network-operator-helm/files/Makefile Normal file
View File

@ -0,0 +1,43 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2023 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -f *tgz */charts/*tgz */requirements.lock
rm -rf */charts */tmpcharts
%:
@:

5
stx-intel-ethernet-operator-helm/debian/deb_folder/changelog Normal file
View File

@ -0,0 +1,5 @@
stx-intel-ethernet-operator-helm (1.0-1) unstable; urgency=medium
* Initial release.
-- Rafal Lal <rafalx.lal@intel.com> Mon, 14 Aug 2023 14:18:00 +0000

19
stx-intel-ethernet-operator-helm/debian/deb_folder/control Normal file
View File

@ -0,0 +1,19 @@
Source: stx-intel-ethernet-operator-helm
Section: libs
Priority: optional
Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
Build-Depends: debhelper-compat (= 13),
helm,
procps,
python3-k8sapp-intel-ethernet-operator,
python3-k8sapp-intel-ethernet-operator-wheels,
sriov-network-operator-helm
Standards-Version: 4.5.1
Homepage: https://www.starlingx.io
Package: stx-intel-ethernet-operator-helm
Section: libs
Architecture: any
Depends: ${misc:Depends}
Description: StarlingX Intel Ethernet Operator Helm Charts
This package contains helm charts for the Intel Ethernet Operator application.

41
stx-intel-ethernet-operator-helm/debian/deb_folder/copyright Normal file
View File

@ -0,0 +1,41 @@
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: stx-intel-ethernet-operator-helm
Source: https://opendev.org/starlingx/app-intel-ethernet-operator/
Files: *
Copyright: (c) 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.
# If you want to use GPL v2 or later for the /debian/* files use
# the following clauses, or change it to suit. Delete these two lines
Files: debian/*
Copyright: 2023 Intel Corporation
License: Apache-2
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
.
https://www.apache.org/licenses/LICENSE-2.0
.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
.
On Debian-based systems the full text of the Apache version 2.0 license
can be found in `/usr/share/common-licenses/Apache-2.0'.

57
stx-intel-ethernet-operator-helm/debian/deb_folder/rules Normal file
View File

@ -0,0 +1,57 @@
#!/usr/bin/make -f
# export DH_VERBOSE = 1
export ROOT = debian/tmp
export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm
export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ')
export RELEASE = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-')
export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.')
export APP_NAME = intel-ethernet-operator
export APP_VERSION = $(RELEASE)-$(REVISION)
export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz
export HELM_FOLDER = /usr/lib/helm
export HELM_REPO = stx-platform
export STAGING = staging
%:
dh $@
override_dh_auto_build:
# Create the helm-chart TGZ file.
cd helm-charts && make
# Setup the staging directory.
mkdir -p $(STAGING)
cp files/metadata.yaml $(STAGING)
cp -Rv fluxcd-manifests $(STAGING)
mkdir -p $(STAGING)/charts
cp $(HELM_FOLDER)/*.tgz $(STAGING)/charts
cp helm-charts/*.tgz $(STAGING)/charts
# Populate metadata.
sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml
sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml
sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml
# Copy the plugins: installed in the buildroot
mkdir -p $(STAGING)/plugins
cp /plugins/*.whl $(STAGING)/plugins
# Create the app package.
cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5
tar cfz $(APP_TARBALL_FLUXCD) -C $(STAGING)/ .
# Cleanup staging
rm -rf $(STAGING)
override_dh_auto_install:
# Install the app tar file.
install -d -m 755 $(APP_FOLDER)
install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER)
override_dh_auto_test:
override_dh_usrlocal:

1
stx-intel-ethernet-operator-helm/debian/deb_folder/source/format Normal file
View File

@ -0,0 +1 @@
3.0 (quilt)

1
stx-intel-ethernet-operator-helm/debian/deb_folder/stx-intel-ethernet-operator-helm.install Normal file
View File

@ -0,0 +1 @@
usr/local/share/applications/helm/*

9
stx-intel-ethernet-operator-helm/debian/meta_data.yaml Normal file
View File

@ -0,0 +1,9 @@
---
debname: stx-intel-ethernet-operator-helm
debver: 1.0-1
src_path: stx-intel-ethernet-operator-helm
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd
SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator

13
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/files/metadata.yaml Normal file
View File

@ -0,0 +1,13 @@
maintain_user_overrides: true
app_name: @APP_NAME@
app_version: @APP_VERSION@
helm_repo: @HELM_REPO@
upgrades:
auto_update: true
behavior:
evaluate_reapply:
after:
- node-feature-discovery

10
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/helmrepository.yaml Normal file
View File

@ -0,0 +1,10 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: HelmRepository
metadata:
name: stx-platform
spec:
url: http://192.168.206.1:8080/helm_charts/stx-platform
interval: 1m

7
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/kustomization.yaml Normal file
View File

@ -0,0 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- helmrepository.yaml

9
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/namespace.yaml Normal file
View File

@ -0,0 +1,9 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: v1
kind: Namespace
metadata:
labels:
control-plane: controller-manager
name: intel-ethernet-operator

33
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/helmrelease.yaml Normal file
View File

@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: intel-ethernet-operator
labels:
chart_group: intel-ethernet-operator
spec:
releaseName: intel-ethernet-operator
chart:
spec:
chart: intel-ethernet-operator
version: 1.0.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: intel-ethernet-operator-static-overrides
valuesKey: intel-ethernet-operator-static-overrides.yaml
- kind: Secret
name: intel-ethernet-operator-system-overrides
valuesKey: intel-ethernet-operator-system-overrides.yaml

14
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-static-overrides.yaml Normal file
View File

@ -0,0 +1,14 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
imagePullSecrets: [{ "name": "default-registry-key" }]
images:
tags:
intel-ethernet-operator-labeler: docker.io/intel/intel-ethernet-operator-labeler:stx9.0-v2.0.0
intel-ethernet-operator-daemon: docker.io/intel/intel-ethernet-operator-daemon:stx9.0-v2.0.0
manager:
image:
repository: docker.io/intel/intel-ethernet-operator-manager
tag: "stx9.0-v2.0.0"

2
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-system-overrides.yaml Normal file
View File

@ -0,0 +1,2 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation

17
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,17 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: intel-ethernet-operator
resources:
- helmrelease.yaml
secretGenerator:
- name: intel-ethernet-operator-static-overrides
files:
- intel-ethernet-operator-static-overrides.yaml
- name: intel-ethernet-operator-system-overrides
files:
- intel-ethernet-operator-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

10
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/kustomization.yaml Normal file
View File

@ -0,0 +1,10 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: intel-ethernet-operator
resources:
- base
- intel-ethernet-operator
- sriov-network-operator

33
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/helmrelease.yaml Normal file
View File

@ -0,0 +1,33 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: "helm.toolkit.fluxcd.io/v2beta1"
kind: HelmRelease
metadata:
name: sriov-network-operator
labels:
chart_group: intel-ethernet-operator
spec:
releaseName: sriov-network-operator
chart:
spec:
chart: sriov-network-operator
version: 1.2.0
sourceRef:
kind: HelmRepository
name: stx-platform
interval: 1m
timeout: 30m
test:
enable: false
install:
disableHooks: false
upgrade:
disableHooks: false
valuesFrom:
- kind: Secret
name: sriov-network-operator-static-overrides
valuesKey: sriov-network-operator-static-overrides.yaml
- kind: Secret
name: sriov-network-operator-system-overrides
valuesKey: sriov-network-operator-system-overrides.yaml

17
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/kustomization.yaml Normal file
View File

@ -0,0 +1,17 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: intel-ethernet-operator
resources:
- helmrelease.yaml
secretGenerator:
- name: sriov-network-operator-static-overrides
files:
- sriov-network-operator-static-overrides.yaml
- name: sriov-network-operator-system-overrides
files:
- sriov-network-operator-system-overrides.yaml
generatorOptions:
disableNameSuffixHash: true

2
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-static-overrides.yaml Normal file
View File

@ -0,0 +1,2 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation

2
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-system-overrides.yaml Normal file
View File

@ -0,0 +1,2 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation

43
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/Makefile Normal file
View File

@ -0,0 +1,43 @@
#
# Copyright 2017 The Openstack-Helm Authors.
#
# Copyright (c) 2023 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
#
# It's necessary to set this because some environments don't link sh -> bash.
SHELL := /bin/bash
TASK := build
EXCLUDES := doc tests tools logs tmp
CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
.PHONY: $(EXCLUDES) $(CHARTS)
all: $(CHARTS)
$(CHARTS):
@if [ -d $@ ]; then \
echo; \
echo "===== Processing [$@] chart ====="; \
make $(TASK)-$@; \
fi
init-%:
if [ -f $*/Makefile ]; then make -C $*; fi
if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
lint-%: init-%
if [ -d $* ]; then helm lint $*; fi
build-%:
if [ -d $* ]; then helm package $*; fi
clean:
@echo "Clean all build artifacts"
rm -f */templates/_partials.tpl */templates/_globals.tpl
rm -f *tgz */charts/*tgz */requirements.lock
rm -rf */charts */tmpcharts
%:
@:

23
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
name: intel-ethernet-operator
description: A Helm chart for Intel Ethernet Operator deployment
type: application
version: 1.0.0
appVersion: "stx9.0-v2.0.0"

32
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/README.md Normal file
View File

@ -0,0 +1,32 @@
# Intel Ethernet Operator Helm Chart
This Helm chart deploys the Intel Ethernet Operator on Kubernetes clusters.
Application images that are used here are prepared specifically for Starlingx,
difference from regular ones is addition of `initContainers` to fwddp and
manager pods which enable customized firmware search path on hosts they are
scheduled to run.
## Source
Charts are based on
<https://github.com/intel/intel-ethernet-operator/releases/tag/v23.08-stx9.0>.
Upstream deployment is based on OLM
[Operator Lifecycle Manager](<https://olm.operatorframework.io/>).
Manifests used here are close representation of what can be found in
[config](<https://github.com/intel/intel-ethernet-operator/tree/v23.08-stx9.0/config>).
Resources from that directory are organized into usual helm templates structure.
CRDs found here are located in
[apis](<https://github.com/intel/intel-ethernet-operator/tree/v23.08-stx9.0/apis>)
directory, in OLM deployment they are built from that directory into yamls.
## Installation
```bash
$ helm install intel-ethernet-operator intel-ethernet-operator
```
Will install application in intel-ethernet-operator namespace. Operator
dependencies are not included in this chart. Node Feature Discovery is
already integrated as StarlingX app and Sriov Network Operator is part
of app-intel-ethernet-operator, but is built as seperate package from
upstream source.

25
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/certificate.yaml Normal file
View File

@ -0,0 +1,25 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: intel-ethernet-operator-serving-cert
namespace: intel-ethernet-operator
spec:
dnsNames:
- intel-ethernet-operator-webhook-service.intel-ethernet-operator.svc
- intel-ethernet-operator-webhook-service.intel-ethernet-operator.svc.cluster.local
issuerRef:
kind: Issuer
name: intel-ethernet-operator-selfsigned-issuer
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: intel-ethernet-operator-selfsigned-issuer
namespace: intel-ethernet-operator
spec:
selfSigned: {}

469
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role.yaml Normal file
View File

@ -0,0 +1,469 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
# permissions for end users to edit clusterflowconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-clusterflowconfig-editor-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs/status
verbs:
- get
---
# permissions for end users to view clusterflowconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-clusterflowconfig-viewer-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs
verbs:
- get
- list
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs/status
verbs:
- get
---
# permissions for end users to edit ethernetclusterconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-ethernetclusterconfig-editor-role
rules:
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs/status
verbs:
- get
---
# permissions for end users to view ethernetclusterconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-ethernetclusterconfig-viewer-role
rules:
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs
verbs:
- get
- list
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs/status
verbs:
- get
---
# permissions for end users to edit ethernetnodeconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-ethernetnodeconfig-editor-role
rules:
- apiGroups:
- ethernet.intel.com
resources:
- ethernetnodeconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetnodeconfigs/status
verbs:
- get
---
# permissions for end users to view ethernetnodeconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-ethernetnodeconfig-viewer-role
rules:
- apiGroups:
- ethernet.intel.com
resources:
- ethernetnodeconfigs
verbs:
- get
- list
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetnodeconfigs/status
verbs:
- get
---
# permissions for end users to edit flowconfignodeagentdeployments.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-flowconfignodeagentdeployment-editor-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments/status
verbs:
- get
---
# permissions for end users to view flowconfignodeagentdeployments.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-flowconfignodeagentdeployment-viewer-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments
verbs:
- get
- list
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments/status
verbs:
- get
---
# permissions for end users to edit nodeflowconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-nodeflowconfig-editor-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs/status
verbs:
- get
---
# permissions for end users to view nodeflowconfigs.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: intel-ethernet-operator-nodeflowconfig-viewer-role
rules:
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs
verbs:
- get
- list
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs/status
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: intel-ethernet-operator-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- serviceaccounts
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/finalizers
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- apiGroups:
- config.openshift.io
resources:
- infrastructures
verbs:
- get
- list
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs
- ethernetnodeconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs/finalizers
- ethernetnodeconfigs/finalizers
verbs:
- update
- apiGroups:
- ethernet.intel.com
resources:
- ethernetclusterconfigs/status
- ethernetnodeconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs/finalizers
verbs:
- update
- apiGroups:
- flowconfig.intel.com
resources:
- clusterflowconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments/finalizers
verbs:
- update
- apiGroups:
- flowconfig.intel.com
resources:
- flowconfignodeagentdeployments/status
verbs:
- get
- patch
- update
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs/finalizers
verbs:
- update
- apiGroups:
- flowconfig.intel.com
resources:
- nodeflowconfigs/status
verbs:
- get
- patch
- update
- apiGroups:
- flowconfig.intel.com
resources:
- nodes
verbs:
- get
- list
- update
- watch
- apiGroups:
- machineconfiguration.openshift.io
resources:
- machineconfigs
verbs:
- create
- get
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
- rolebindings
- roles
verbs:
- create
- delete
- deletecollection
- get
- list
- patch
- update
- watch
- bind
- escalate
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- get
- list
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

15
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role_binding.yaml Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: intel-ethernet-operator-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: intel-ethernet-operator-manager-role
subjects:
- kind: ServiceAccount
name: intel-ethernet-operator-controller-manager
namespace: intel-ethernet-operator

21
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/config_map.yaml Normal file
View File

@ -0,0 +1,21 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :8081
metrics:
bindAddress: 127.0.0.1:8080
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: 8ee6d2ed.intel.com
kind: ConfigMap
metadata:
name: intel-ethernet-operator-manager-config
namespace: intel-ethernet-operator

174
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/clusterflow_config.yaml Normal file
View File

@ -0,0 +1,174 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2
name: clusterflowconfigs.flowconfig.intel.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: flowconfig.intel.com
names:
kind: ClusterFlowConfig
listKind: ClusterFlowConfigList
plural: clusterflowconfigs
singular: clusterflowconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ClusterFlowConfig is the Schema for the clusterflowconfigs API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: ClusterFlowConfigSpec defines the desired state of ClusterFlowConfig
properties:
podSelector:
description:
This is a label selector which selects Pods. This field
follows standard label selector semantics; if present but empty,
it selects all pods.
properties:
matchExpressions:
description:
matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description:
A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description:
key is the label key that the selector applies
to.
type: string
operator:
description:
operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description:
values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description:
matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
rules:
description: Rules is a list of FlowCreate rules
items:
description:
ClusterFlowRules struct for flow rules creation and
validation
properties:
action:
items:
description: ClusterFlowAction defines flow actions
properties:
conf:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
attr:
description: FlowAttr defines Flow rule attributes
properties:
egress:
format: int32
type: integer
group:
format: int32
type: integer
ingress:
format: int32
type: integer
priority:
format: int32
type: integer
reserved:
format: int32
type: integer
transfer:
format: int32
type: integer
type: object
pattern:
items:
description: FlowItem defines flow pattern definition
properties:
last:
type: object
x-kubernetes-preserve-unknown-fields: true
mask:
type: object
x-kubernetes-preserve-unknown-fields: true
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
type: object
type: array
type: object
status:
description: ClusterFlowConfigStatus defines the observed state of ClusterFlowConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}

131
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_cluster_config.yaml Normal file
View File

@ -0,0 +1,131 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2
name: ethernetclusterconfigs.ethernet.intel.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: ethernet.intel.com
names:
kind: EthernetClusterConfig
listKind: EthernetClusterConfigList
plural: ethernetclusterconfigs
shortNames:
- ecc
singular: ethernetclusterconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description:
EthernetClusterConfig is the Schema for the ethernetclusterconfigs
API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: EthernetClusterConfigSpec defines the desired state of EthernetClusterConfig
properties:
deviceConfig:
description:
Contains configuration which will be applied to selected
devices
properties:
ddpChecksum:
description: SHA-1 checksum of .zip DDP package
pattern: ^[a-fA-F0-9]{40}$
type: string
ddpURL:
description: Path to .zip DDP package to be applied
pattern: '[a-zA-Z0-9\.\-\/]+'
type: string
fwChecksum:
description: SHA-1 checksum of .tar.gz Firmware
pattern: ^[a-fA-F0-9]{40}$
type: string
fwURL:
description:
Path to .tar.gz Firmware (NVMUpdate package) to be
applied
pattern: '[a-zA-Z0-9\.\-\/]+'
type: string
fwUpdateParam:
description: Additional arguments for NVMUpdate utility
type: string
type: object
deviceSelector:
description:
Selector for devices on nodes. If value is not set, then
configuration is applied to all CLV cards on selected nodes
properties:
deviceId:
description:
DeviceId of devices to be selected. If value is not
set, then CLV cards with any DeviceId are selected
type: string
pciAddress:
description:
PciAdress of devices to be selected. If value is
not set, then CLV cards with any PciAddress are selected
pattern: ^[a-fA-F0-9]{4}:[a-fA-F0-9]{2}:[01][a-fA-F0-9]\.[0-7]$
type: string
vendorId:
description:
VendorId of devices to be selected. If value is not
set, then CLV cards with any VendorId are selected
type: string
type: object
nodeSelectors:
additionalProperties:
type: string
description:
Selector for nodes. If value is not set, then configuration
is applied to all nodes with CLV cards in cluster
type: object
priority:
description:
Higher priority policies can override lower ones. If
several ClusterConfigs have same Priority, then operator will apply
ClusterConfig with highest CreationTimestamp (newest one)
type: integer
required:
- deviceConfig
type: object
status:
description:
EthernetClusterConfigStatus defines the observed state of
EthernetClusterConfig
type: object
type: object
served: true
storage: true
subresources:
status: {}

255
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_node_config.yaml Normal file
View File

@ -0,0 +1,255 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2
name: ethernetnodeconfigs.ethernet.intel.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: ethernet.intel.com
names:
kind: EthernetNodeConfig
listKind: EthernetNodeConfigList
plural: ethernetnodeconfigs
shortNames:
- enc
singular: ethernetnodeconfig
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.conditions[?(@.type=="Updated")].reason
name: Update
type: string
- jsonPath: .status.conditions[?(@.type=="Updated")].message
name: Message
type: string
name: v1
schema:
openAPIV3Schema:
description:
EthernetNodeConfig is the Schema for the ethernetnodeconfigs
API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: EthernetNodeConfigSpec defines the desired state of EthernetNodeConfig
properties:
config:
description:
Contains mapping of PciAddress to Configuration which
will be applied to device on particular PciAddress
items:
properties:
PCIAddress:
description: PciAddress of device
pattern: ^[a-fA-F0-9]{4}:[a-fA-F0-9]{2}:[01][a-fA-F0-9]\.[0-7]$
type: string
deviceConfig:
description: Configuration which will be applied to this device
properties:
ddpChecksum:
description: SHA-1 checksum of .zip DDP package
pattern: ^[a-fA-F0-9]{40}$
type: string
ddpURL:
description: Path to .zip DDP package to be applied
pattern: '[a-zA-Z0-9\.\-\/]+'
type: string
fwChecksum:
description: SHA-1 checksum of .tar.gz Firmware
pattern: ^[a-fA-F0-9]{40}$
type: string
fwURL:
description:
Path to .tar.gz Firmware (NVMUpdate package)
to be applied
pattern: '[a-zA-Z0-9\.\-\/]+'
type: string
fwUpdateParam:
description: Additional arguments for NVMUpdate utility
type: string
type: object
required:
- PCIAddress
- deviceConfig
type: object
type: array
drainSkip:
description:
Skips drain process when true; default false. Should
be true if operator is running on SNO
type: boolean
type: object
status:
description: EthernetNodeConfigStatus defines the observed state of EthernetNodeConfig
properties:
conditions:
description: Provides information about device update status
items:
description:
"Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
use as an array at the field path .status.conditions. For example,
\n type FooStatus struct{ // Represents the observations of a
foo's current state. // Known .status.conditions.type are: \"Available\",
\"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
// +listType=map // +listMapKey=type Conditions []metav1.Condition
`json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
properties:
lastTransitionTime:
description:
lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description:
message is a human readable message indicating
details about the transition. This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description:
observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
minimum: 0
type: integer
reason:
description:
reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description:
type of condition in CamelCase or in foo.example.com/CamelCase.
--- Many .condition.type values are consistent across resources
like Available, but because arbitrary conditions can be useful
(see .node.status.conditions), the ability to deconflict is
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
devices:
description:
Contains list of supported CLV cards and details about
them
items:
properties:
DDP:
description: DDPInfo contains information about loaded DDP profile
properties:
packageName:
type: string
trackId:
type: string
version:
type: string
required:
- packageName
- trackId
- version
type: object
PCIAddress:
description: PciAddress of card
type: string
deviceID:
description: DeviceId of card
type: string
driver:
description: Contains name of driver which is managing card
type: string
driverVersion:
description: Version of driver
type: string
firmware:
description:
FirmwareInfo contains information about MAC address
of card and loaded version of Firmware
properties:
MAC:
type: string
version:
type: string
required:
- MAC
- version
type: object
name:
description: Contains human-readable name of card
type: string
vendorID:
description: VendorId of card
type: string
required:
- DDP
- PCIAddress
- deviceID
- driver
- driverVersion
- firmware
- name
- vendorID
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}

75
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/flowconfig_node_agent_deployment.yaml Normal file
View File

@ -0,0 +1,75 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2
name: flowconfignodeagentdeployments.flowconfig.intel.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: flowconfig.intel.com
names:
kind: FlowConfigNodeAgentDeployment
listKind: FlowConfigNodeAgentDeploymentList
plural: flowconfignodeagentdeployments
singular: flowconfignodeagentdeployment
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description:
FlowConfigNodeAgentDeployment is the Schema for the flowconfignodeagentdeployments
API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description:
FlowConfigNodeAgentDeploymentSpec defines the desired state
of FlowConfigNodeAgentDeployment
properties:
DCFVfPoolName:
description: DCFVfPoolName is the name reference to CVL admin VF pool
type: string
NADAnnotation:
description:
NADAnnotation is the name reference to Network Attachement
Definition required by UFT container
type: string
type: object
status:
description:
FlowConfigNodeAgentDeploymentStatus defines the observed
state of FlowConfigNodeAgentDeployment
type: object
type: object
served: true
storage: true
subresources:
status: {}

204
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/nodeflow_config.yaml Normal file
View File

@ -0,0 +1,204 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.9.2
name: nodeflowconfigs.flowconfig.intel.com
spec:
conversion:
strategy: Webhook
webhook:
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /convert
conversionReviewVersions:
- v1
- v1beta1
group: flowconfig.intel.com
names:
kind: NodeFlowConfig
listKind: NodeFlowConfigList
plural: nodeflowconfigs
singular: nodeflowconfig
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: NodeFlowConfig is the Schema for the nodeflowconfigs API
properties:
apiVersion:
description:
"APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
type: string
kind:
description:
"Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
type: string
metadata:
type: object
spec:
description: NodeFlowConfigSpec defines the desired state of NodeFlowConfig
properties:
rules:
description: Rules is a list of FlowCreate rules
items:
description: FlowRules struct for flow rules creation and validation
properties:
action:
items:
description: FlowAction defines flow actions
properties:
conf:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
attr:
description: FlowAttr defines Flow rule attributes
properties:
egress:
format: int32
type: integer
group:
format: int32
type: integer
ingress:
format: int32
type: integer
priority:
format: int32
type: integer
reserved:
format: int32
type: integer
transfer:
format: int32
type: integer
type: object
pattern:
items:
description: FlowItem defines flow pattern definition
properties:
last:
type: object
x-kubernetes-preserve-unknown-fields: true
mask:
type: object
x-kubernetes-preserve-unknown-fields: true
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
portId:
format: int32
type: integer
type: object
type: array
type: object
status:
description: NodeFlowConfigStatus defines the observed state of NodeFlowConfig
properties:
portInfo:
items:
description: PortsInformation defines port information
properties:
portId:
format: int32
type: integer
portMode:
type: string
portPci:
type: string
required:
- portId
type: object
type: array
rules:
description: Last applied rules
items:
description: FlowRules struct for flow rules creation and validation
properties:
action:
items:
description: FlowAction defines flow actions
properties:
conf:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
attr:
description: FlowAttr defines Flow rule attributes
properties:
egress:
format: int32
type: integer
group:
format: int32
type: integer
ingress:
format: int32
type: integer
priority:
format: int32
type: integer
reserved:
format: int32
type: integer
transfer:
format: int32
type: integer
type: object
pattern:
items:
description: FlowItem defines flow pattern definition
properties:
last:
type: object
x-kubernetes-preserve-unknown-fields: true
mask:
type: object
x-kubernetes-preserve-unknown-fields: true
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
type:
type: string
type: object
type: array
portId:
format: int32
type: integer
type: object
type: array
syncMsg:
type: string
syncStatus:
type: string
required:
- portInfo
type: object
type: object
served: true
storage: true
subresources:
status: {}

108
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/deployment.yaml Normal file
View File

@ -0,0 +1,108 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: apps/v1
kind: Deployment
metadata:
name: intel-ethernet-operator-controller-manager
namespace: intel-ethernet-operator
labels:
control-plane: controller-manager
spec:
selector:
matchLabels:
control-plane: controller-manager
replicas: 2
template:
metadata:
labels:
control-plane: controller-manager
annotations:
kubectl.kubernetes.io/default-container: manager
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
control-plane: controller-manager
initContainers:
- command:
- /bin/bash
args:
- -c
- echo -n /var/lib/firmware/ > /host/sys/module/firmware_class/parameters/path
name: alt-fw-search-path-enabler
image: docker.io/redhat/ubi9-micro:9.2-5
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
securityContext:
privileged: true
runAsUser: 0
readOnlyRootFilesystem: true
volumeMounts:
- name: firmware-class
mountPath: /host/sys/module/firmware_class/parameters
containers:
- command:
- /manager
args:
- --leader-elect
image: "{{ .Values.manager.image.repository}}:{{ .Values.manager.image.tag}}"
name: manager
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- all
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
env:
- name: ETHERNET_NODE_LABEL
value: "ethernet.intel.com/intel-ethernet-present"
- name: ETHERNET_NODE_LABELER_IMAGE
value: "{{ .Values.env.ETHERNET_NODE_LABELER_IMAGE }}"
- name: ETHERNET_DAEMON_IMAGE
value: "{{ .Values.env.ETHERNET_DAEMON_IMAGE }}"
- name: ETHERNET_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
- name: firmware-class
hostPath:
path: /sys/module/firmware_class/parameters
serviceAccountName: intel-ethernet-operator-controller-manager
terminationGracePeriodSeconds: 10

41
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role.yaml Normal file
View File

@ -0,0 +1,41 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
# permissions to do leader election.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: intel-ethernet-operator-leader-election-role
namespace: intel-ethernet-operator
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch

15
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role_binding.yaml Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: intel-ethernet-operator-leader-election-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: intel-ethernet-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: intel-ethernet-operator-controller-manager
namespace: intel-ethernet-operator

30
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service.yaml Normal file
View File

@ -0,0 +1,30 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: intel-ethernet-operator-controller-manager-metrics-service
namespace: intel-ethernet-operator
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: v1
kind: Service
metadata:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
spec:
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager

10
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service_account.yaml Normal file
View File

@ -0,0 +1,10 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: default-registry-key
metadata:
name: intel-ethernet-operator-controller-manager
namespace: intel-ethernet-operator

51
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/validate_webhook.yaml Normal file
View File

@ -0,0 +1,51 @@
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: intel-ethernet-operator-validating-webhook-configuration
annotations:
cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /validate-flowconfig-intel-com-v1-clusterflowconfig
failurePolicy: Fail
name: vclusterflowconfig.kb.io
rules:
- apiGroups:
- flowconfig.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- clusterflowconfigs
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: intel-ethernet-operator-webhook-service
namespace: intel-ethernet-operator
path: /validate-flowconfig-intel-com-v1-nodeflowconfig
failurePolicy: Fail
name: vnodeflowconfig.kb.io
rules:
- apiGroups:
- flowconfig.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- nodeflowconfigs
sideEffects: None

13
stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/values.yaml Normal file
View File

@ -0,0 +1,13 @@
# Default values for intel-ethernet-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
manager:
image:
repository: docker.io/intel/intel-ethernet-operator-manager
tag: "stx9.0-v2.0.0"
env:
INTEL_ETHERNET_IMAGE_PULL_SECRET: "default-registry-key"
ETHERNET_NODE_LABELER_IMAGE: docker.io/intel/intel-ethernet-operator-labeler:stx9.0-v2.0.0
ETHERNET_DAEMON_IMAGE: docker.io/intel/intel-ethernet-operator-daemon:stx9.0-v2.0.0

3
test-requirements.txt Normal file
View File

@ -0,0 +1,3 @@
# hacking pulls in flake8
hacking>=1.1.0,<=2.0.0 # Apache-2.0
bashate >= 0.2

55
tox.ini Normal file
View File

@ -0,0 +1,55 @@
[tox]
envlist = linters
minversion = 2.9
skipsdist = True
sitepackages=False
[testenv]
install_command = pip install -U \
{opts} {packages} \
-c{env:TOX_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt}
setenv =
VIRTUAL_ENV={envdir}
OS_STDOUT_CAPTURE=1
OS_STDERR_CAPTURE=1
OS_DEBUG=1
OS_LOG_CAPTURE=1
deps =
-r{toxinidir}/requirements.txt
-r{toxinidir}/test-requirements.txt
allowlist_externals =
bash
passenv =
XDG_CACHE_HOME
[testenv:bashate]
# Treat all E* codes as Errors rather than warnings using: -e 'E*'
commands =
bash -c "find {toxinidir} \
-not \( -type d -name .?\* -prune \) \
-type f \
-not -name \*~ \
-not -name \*.md \
-name \*.sh \
-print0 | xargs -r -n 1 -0 bashate -v \
-e 'E*'"
[testenv:linters]
commands =
{[testenv:bashate]commands}
[testenv:flake8]
basepython = python3
description = Dummy environment to allow flake8 to be run in subdir tox
[testenv:pylint]
basepython = python3
description = Dummy environment to allow pylint to be run in subdir tox
[testenv:bandit]
basepython = python3
description = Dummy environment to allow bandit to be run in subdir tox

16
uft-image/debian/build-uft-image.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/sh
#
# SPDX-License-Identifier: Apache-2.0
# Copyright (c) 2023 Intel Corporation
echo "=============== build script ================"
echo image: uft
echo image_tag: v22.07
docker build -t uft -f images/Dockerfile.uft . \
--build-arg http_proxy="$http_proxy" \
--build-arg https_proxy="$https_proxy" \
--build-arg DPDK_TAG=v22.07 \
--build-arg UFT_INSTALL_PATH=/usr/local/lib64
exit 0

7
uft-image/debian/uft.stable_docker_image Normal file
View File

@ -0,0 +1,7 @@
BUILDER=script
LABEL=uft
SOURCE_REPO=https://github.com/intel/UFT.git
SOURCE_REF=43cdc7277897093f7e894bfc103e7ca1fe9edc8c
SOURCE_PATCHES="../files/uft-fix.patch"
COMMAND=bash
SCRIPT=build-uft-image.sh

46
uft-image/files/uft-fix.patch Normal file
View File

@ -0,0 +1,46 @@
From acb157a47a145afc694eacdf16db75e16c81b0eb Mon Sep 17 00:00:00 2001
From: Rafal Lal <rafalx.lal@intel.com>
Date: Fri, 25 Aug 2023 13:16:50 +0000
Subject: [PATCH] uft-image: fix entrypoint.sh issue
When using more recent versions of sriov-network-operator there is
an issue that cause failure during creation of UFT container.
Provided patch fixes that issue so there is no requirement to use
specific, older version of sriov-network-operator.
This patch can be dropped once https://github.com/intel/UFT/pull/9
is merged upstream.
Signed-off-by: Rafal Lal <rafalx.lal@intel.com>
---
images/entrypoint.sh | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/images/entrypoint.sh b/images/entrypoint.sh
index 902d2fd..4883dcd 100755
--- a/images/entrypoint.sh
+++ b/images/entrypoint.sh
@@ -13,11 +13,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
####
-# This script generate server config file dynamically from VF PCI address
-# given in Environment varible exported by device plugin in following
-# format: PCIDEVICE_INTEL_COM_INTEL_ENP24S0F0=0000:18:02.2
+# This script generates a server config file dynamically from VF PCI address
+# provided by network device plugin. The environment variable is in the format:
+# PCIDEVICE_<RESOURCE_NAME>=<PCI_ADDRESSES>
+# E.g - PCIDEVICE_INTEL_COM_INTEL_ENP24S0F0=0000:18:02.2
+#
+# Device plugin also exposes a variable in the format of:
+# PCIDEVICE_<RESOURCE_NAME>_INFO which contains additional information about
+# the allocated devices. Information in that variable is not needed by this script
+# and so it is ignored.
####
-rawpci=$(env | grep PCIDEVICE_ | awk -F'=' '{ print $2 }')
+rawpci=$(env | grep -P 'PCIDEVICE_[A-Z0-9_]{1,}(?<!_INFO)=' | awk -F'=' '{ print $2 }')
pciids=(${rawpci//,/ })
SERVER_CONF_FILE=/opt/dcf/server_conf.yaml
--
2.34.1