diff --git a/.zuul.yaml b/.zuul.yaml new file mode 100644 index 0000000..ee603f1 --- /dev/null +++ b/.zuul.yaml @@ -0,0 +1,64 @@ +--- +- project: + check: + jobs: + - openstack-tox-linters + - k8sapp-intel-ethernet-operator-tox-py39 + - k8sapp-intel-ethernet-operator-tox-pylint + - k8sapp-intel-ethernet-operator-tox-flake8 + gate: + jobs: + - openstack-tox-linters + - k8sapp-intel-ethernet-operator-tox-py39 + - k8sapp-intel-ethernet-operator-tox-pylint + - k8sapp-intel-ethernet-operator-tox-flake8 + +- job: + name: k8sapp-intel-ethernet-operator-tox-py39 + parent: tox-py39 + description: | + Run py39 for intel-ethernet-operator app + nodeset: debian-bullseye + required-projects: + - starlingx/config + - starlingx/fault + - starlingx/update + - starlingx/utilities + - starlingx/root + files: + - python3-k8sapp-intel-ethernet-operator/* + vars: + tox_envlist: py39 + tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini + tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt' + +- job: + name: k8sapp-intel-ethernet-operator-tox-pylint + parent: tox + description: | + Run pylint test for k8sapp_intel_ethernet_operator + required-projects: + - starlingx/config + - starlingx/fault + - starlingx/update + - starlingx/utilities + - starlingx/root + nodeset: debian-bullseye + files: + - python3-k8sapp-intel-ethernet-operator/* + vars: + tox_envlist: pylint + tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini + tox_constraints_file: '{{ ansible_user_dir }}/src/opendev.org/starlingx/root/build-tools/requirements/debian/upper-constraints.txt' + +- job: + name: k8sapp-intel-ethernet-operator-tox-flake8 + parent: tox + description: | + Run flake8 for intel-ethernet-operator + nodeset: debian-bullseye + files: + - python3-k8sapp-intel-ethernet-operator/* + vars: + tox_envlist: flake8 + tox_extra_args: -c python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini diff --git a/bindep.txt b/bindep.txt new file mode 100644 index 0000000..3ffe69f --- /dev/null +++ b/bindep.txt @@ -0,0 +1,10 @@ +# This is a cross-platform list tracking distribution packages needed for install and tests; +# see https://docs.openstack.org/infra/bindep/ for additional information. + +libffi-dev [platform:dpkg] +libldap2-dev [platform:dpkg] +libxml2-dev [platform:dpkg] +libxslt1-dev [platform:dpkg] +libsasl2-dev [platform:dpkg] +libffi-devel [platform:rpm] +python3-all-dev [platform:dpkg] diff --git a/debian_build_layer.cfg b/debian_build_layer.cfg new file mode 100644 index 0000000..c581999 --- /dev/null +++ b/debian_build_layer.cfg @@ -0,0 +1 @@ +flock diff --git a/debian_iso_image.inc b/debian_iso_image.inc new file mode 100644 index 0000000..a25099a --- /dev/null +++ b/debian_iso_image.inc @@ -0,0 +1 @@ +stx-intel-ethernet-operator-helm diff --git a/debian_pkg_dirs b/debian_pkg_dirs new file mode 100644 index 0000000..ed19d72 --- /dev/null +++ b/debian_pkg_dirs @@ -0,0 +1,3 @@ +python3-k8sapp-intel-ethernet-operator +sriov-network-operator-helm +stx-intel-ethernet-operator-helm diff --git a/debian_stable_docker_images.inc b/debian_stable_docker_images.inc new file mode 100644 index 0000000..311c5f0 --- /dev/null +++ b/debian_stable_docker_images.inc @@ -0,0 +1 @@ +uft-image diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/changelog b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/changelog new file mode 100644 index 0000000..168fd20 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +python3-k8sapp-intel-ethernet-operator (1.0-1) unstable; urgency=medium + + * Initial release. + + -- Rafal Lal Mon, 14 Aug 2023 14:18:00 +0000 diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/control b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/control new file mode 100644 index 0000000..02427ae --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/control @@ -0,0 +1,26 @@ +Source: python3-k8sapp-intel-ethernet-operator +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + dh-python, + python3-all, + python3-pbr, + python3-setuptools, + python3-wheel +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: python3-k8sapp-intel-ethernet-operator +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends} +Description: StarlingX Sysinv Intel Ethernet Operator Extensions + This package contains sysinv plugins for the intel ethernet operator K8S app. + +Package: python3-k8sapp-intel-ethernet-operator-wheels +Section: libs +Architecture: any +Depends: ${misc:Depends}, ${python3:Depends}, python3-wheel +Description: StarlingX Sysinv Intel Ethernet Operator Extension Wheels + This package contains python wheels for the intel ethernet operator K8S app plugins. diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/copyright b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/copyright new file mode 100644 index 0000000..dc05e80 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: python3-k8sapp-intel-ethernet-operator +Source: https://opendev.org/starlingx/app-intel-ethernet-operator/ + +Files: * +Copyright: (c) 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator-wheels.install b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator-wheels.install new file mode 100644 index 0000000..19a9e4c --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator-wheels.install @@ -0,0 +1 @@ +plugins/*.whl diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator.install b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator.install new file mode 100644 index 0000000..91d1d9d --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/python3-k8sapp-intel-ethernet-operator.install @@ -0,0 +1 @@ +usr/lib/python3/dist-packages/k8sapp_* diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/rules b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/rules new file mode 100644 index 0000000..31786ec --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/rules @@ -0,0 +1,31 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export APP_NAME = intel-ethernet-operator +export PYBUILD_NAME = k8sapp-intel-ethernet-operator + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export MAJOR = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-') +export MINOR_PATCH = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') +export PBR_VERSION = $(MAJOR).$(MINOR_PATCH) + +export ROOT = $(CURDIR)/debian/tmp +export SKIP_PIP_INSTALL = 1 + +%: + dh $@ --with=python3 --buildsystem=pybuild + +override_dh_auto_install: + python3 setup.py install \ + --install-layout=deb \ + --root $(ROOT) + + python3 setup.py bdist_wheel \ + --universal \ + -d $(ROOT)/plugins + +override_dh_python3: + dh_python3 --shebang=/usr/bin/python3 + +override_dh_auto_test: + PYTHONDIR=$(CURDIR) stestr run diff --git a/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/source/format b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/python3-k8sapp-intel-ethernet-operator/debian/meta_data.yaml b/python3-k8sapp-intel-ethernet-operator/debian/meta_data.yaml new file mode 100644 index 0000000..61ba244 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/debian/meta_data.yaml @@ -0,0 +1,9 @@ +--- +debname: python3-k8sapp-intel-ethernet-operator +debver: 1.0-1 +src_path: k8sapp_intel_ethernet_operator +revision: + dist: $STX_DIST + GITREVCOUNT: + BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd + SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.gitignore b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.gitignore new file mode 100644 index 0000000..78c457c --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.gitignore @@ -0,0 +1,35 @@ +# Compiled files +*.py[co] +*.a +*.o +*.so + +# Sphinx +_build +doc/source/api/ + +# Packages/installer info +*.egg +*.egg-info +dist +build +eggs +parts +var +sdist +develop-eggs +.installed.cfg + +# Other +*.DS_Store +.stestr +.testrepository +.tox +.venv +.*.swp +.coverage +bandit.xml +cover +AUTHORS +ChangeLog +*.sqlite diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.stestr.conf b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.stestr.conf new file mode 100644 index 0000000..7df537f --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/.stestr.conf @@ -0,0 +1,4 @@ +[DEFAULT] +test_path=./k8sapp_intel_ethernet_operator/tests +top_dir=./k8sapp_intel_ethernet_operator +#parallel_class=True diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/LICENSE b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/LICENSE new file mode 100644 index 0000000..b045158 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 Intel Corporation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/README.rst b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/README.rst new file mode 100644 index 0000000..2b4989e --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/README.rst @@ -0,0 +1,7 @@ +k8sapp-intel-ethernet-operator +============================== + +This project contains StarlingX Kubernetes application specific python plugins +for the intel-ethernet-operator. These plugins are required to integrate the intel +ethernet operator application into the StarlingX application framework and to +support the various StarlingX deployments. diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/__init__.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/__init__.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/constants.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/constants.py new file mode 100644 index 0000000..df19835 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/common/constants.py @@ -0,0 +1,76 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +# Application Name +HELM_APP_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator" + +# Namespace to deploy the application +HELM_NS_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator" + +# Helm: Supported charts: +# These values match the names in the chart package's Chart.yaml +HELM_CHART_INTEL_ETHERNET_OPERATOR = "intel-ethernet-operator" +HELM_CHART_SRIOV_NETWORK_OPERATOR = "sriov-network-operator" + +HELM_COMPONENT_LABEL_INTEL_ETHERNET_OPERATOR = "app.starlingx.io/component" + +CUSTOM_RESOURCES_LIST = [ + "nodeflowconfigs.flowconfig.intel.com", + "clusterflowconfigs.flowconfig.intel.com", + "flowconfignodeagentdeployments.flowconfig.intel.com", + "sriovibnetworks.sriovnetwork.openshift.io", + "sriovnetworks.sriovnetwork.openshift.io", + "sriovnetworkpoolconfigs.sriovnetwork.openshift.io", + "sriovnetworknodepolicies.sriovnetwork.openshift.io", + "ethernetclusterconfigs.ethernet.intel.com", + "ethernetnodeconfigs.ethernet.intel.com", +] + +ETHERNET_OPERATOR_PRESENT_LABEL = "ethernet.intel.com/intel-ethernet-present" + +ALT_FW_SEARCH_PATH_DISABLE_JOB = { + "apiVersion": "batch/v1", + "kind": "Job", + "metadata": { + "name": "", + "namespace": HELM_NS_INTEL_ETHERNET_OPERATOR, + }, + "spec": { + "template": { + "spec": { + "containers": [ + { + "name": "alt-fw-search-path-disabler", + "image": "docker.io/redhat/ubi9-micro:9.2-5", + "command": [ + "/bin/bash", + "-c", + "head -c 1 /dev/zero | tee /host/sys/module/firmware_class/parameters/path >/dev/null", + ], + "securityContext": { + "privileged": True, + "runAsUser": 0, + "readOnlyRootFilesystem": True, + }, + "volumeMounts": [ + { + "name": "firmware-class", + "mountPath": "/host/sys/module/firmware_class/parameters", + } + ], + } + ], + "volumes": [ + { + "name": "firmware-class", + "hostPath": { + "path": "/sys/module/firmware_class/parameters" + }, + } + ], + "restartPolicy": "Never", + "nodeName": "", + } + } + }, +} diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/__init__.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/intel_ethernet_operator.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/intel_ethernet_operator.py new file mode 100644 index 0000000..85aa792 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/intel_ethernet_operator.py @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_intel_ethernet_operator.common import constants as app_constants + + +class IntelEthernetOperatorHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the Intel Ethernet Operator chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + [ + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR + ] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR: base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR], + } + + CHART = app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR + + SERVICE_NAME = app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = {app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR: {}} + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/sriov_network_operator.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/sriov_network_operator.py new file mode 100644 index 0000000..355cd57 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/helm/sriov_network_operator.py @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +from sysinv.common import exception +from sysinv.helm import base + +from k8sapp_intel_ethernet_operator.common import constants as app_constants + + +class SriovNetworkOperatorHelm(base.FluxCDBaseHelm): + """Class to encapsulate helm operations for the Sriov Network Operator chart""" + + SUPPORTED_NAMESPACES = base.BaseHelm.SUPPORTED_NAMESPACES + [ + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR + ] + SUPPORTED_APP_NAMESPACES = { + app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR: base.BaseHelm.SUPPORTED_NAMESPACES + + [app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR], + } + + CHART = app_constants.HELM_CHART_SRIOV_NETWORK_OPERATOR + + SERVICE_NAME = app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR + + def get_namespaces(self): + return self.SUPPORTED_NAMESPACES + + def get_overrides(self, namespace=None): + overrides = {app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR: {}} + + if namespace in self.SUPPORTED_NAMESPACES: + return overrides[namespace] + elif namespace: + raise exception.InvalidHelmNamespace(chart=self.CHART, namespace=namespace) + else: + return overrides diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/__init__.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/lifecycle_intel_ethernet_operator.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/lifecycle_intel_ethernet_operator.py new file mode 100644 index 0000000..7c23f7c --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/lifecycle/lifecycle_intel_ethernet_operator.py @@ -0,0 +1,303 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +""" System inventory App lifecycle operator.""" + +from k8sapp_intel_ethernet_operator.common import constants as app_constants +from oslo_log import log as logging +from sysinv.common import constants +from sysinv.common import exception +from sysinv.common import kubernetes +from sysinv.common import utils as cutils +from sysinv.helm import lifecycle_base as base +from sysinv.helm.lifecycle_constants import LifecycleConstants +import yaml +import re + +LOG = logging.getLogger(__name__) + + +class IntelEthernetOperatorAppLifecycleOperator(base.AppLifecycleOperator): + def app_lifecycle_actions( + self, context, conductor_obj, app_op, app, hook_info + ): + """Perform lifecycle actions for an operation + + :param context: request context, can be None + :param conductor_obj: conductor object, can be None + :param app_op: AppOperator object + :param app: AppOperator.Application object + :param hook_info: LifecycleHookInfo object + + """ + if ( + hook_info.lifecycle_type + == constants.APP_LIFECYCLE_TYPE_FLUXCD_REQUEST + ): + if hook_info.operation == constants.APP_APPLY_OP: + if ( + hook_info.relative_timing + == constants.APP_LIFECYCLE_TIMING_POST + ): + return self.post_apply(app_op, app, hook_info) + + if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION: + if hook_info.operation == constants.APP_REMOVE_OP: + if ( + hook_info.relative_timing + == constants.APP_LIFECYCLE_TIMING_PRE + ): + return self.pre_remove(app) + + if hook_info.lifecycle_type == constants.APP_LIFECYCLE_TYPE_OPERATION: + if hook_info.operation == constants.APP_REMOVE_OP: + if ( + hook_info.relative_timing + == constants.APP_LIFECYCLE_TIMING_POST + ): + return self.post_remove(app) + + super( + IntelEthernetOperatorAppLifecycleOperator, self + ).app_lifecycle_actions(context, conductor_obj, app_op, app, hook_info) + + def post_apply(self, app_op, app, hook_info): + if LifecycleConstants.EXTRA not in hook_info: + raise exception.LifecycleMissingInfo( + "Missing {}".format(LifecycleConstants.EXTRA) + ) + if ( + LifecycleConstants.RETURN_CODE + not in hook_info[LifecycleConstants.EXTRA] + ): + raise exception.LifecycleMissingInfo( + "Missing {} {}".format( + LifecycleConstants.EXTRA, LifecycleConstants.RETURN_CODE + ) + ) + + # Raise a specific exception to be caught by the + # retry decorator and attempt a re-apply + if not hook_info[LifecycleConstants.EXTRA][ + LifecycleConstants.RETURN_CODE + ] and not app_op.is_app_aborted(app.name): + LOG.info("%s app failed applying. Retrying." % str(app.name)) + raise exception.ApplicationApplyFailure(name=app.name) + + dbapi_instance = app_op._dbapi + db_app_id = dbapi_instance.kube_app_get(app.name).id + + client_core = app_op._kube._get_kubernetesclient_core() + component_constant = ( + app_constants.HELM_COMPONENT_LABEL_INTEL_ETHERNET_OPERATOR + ) + + # chart overrides + chart_overrides = self._get_helm_user_overrides( + dbapi_instance, db_app_id + ) + + override_label = {} + + # Namespaces variables + namespace = client_core.read_namespace( + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR + ) + + # Old namespace variable + old_namespace_label = ( + namespace.metadata.labels.get(component_constant) + if component_constant in namespace.metadata.labels + else None + ) + + if component_constant in chart_overrides: + # User Override variables + dict_chart_overrides = yaml.safe_load(chart_overrides) + override_label = dict_chart_overrides.get(component_constant) + + if override_label == "application": + namespace.metadata.labels.update( + {component_constant: "application"} + ) + app_op._kube.kube_patch_namespace( + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace + ) + elif override_label == "platform": + namespace.metadata.labels.update({component_constant: "platform"}) + app_op._kube.kube_patch_namespace( + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace + ) + elif not override_label: + namespace.metadata.labels.update({component_constant: "platform"}) + app_op._kube.kube_patch_namespace( + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, namespace + ) + else: + LOG.info( + f"WARNING: Namespace label {override_label} not supported" + ) + + namespace_label = namespace.metadata.labels.get(component_constant) + if old_namespace_label != namespace_label: + self._delete_security_profiles_operator_pods(app_op, client_core) + + def pre_remove(self, app): + LOG.debug( + "Executing pre_remove for {} app".format( + app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR + ) + ) + LOG.debug("{} app: pre_remove".format(app.name)) + + # To prevent namespace finalizer from waiting indefinitely, + # we need to ensure that the custom resources are deleted + for custom_resource in app_constants.CUSTOM_RESOURCES_LIST: + cmd = [ + "kubectl", + "--kubeconfig", + kubernetes.KUBERNETES_ADMIN_CONF, + "delete", + "--all", + custom_resource, + "-n", + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, + ] + stdout, stderr = cutils.trycmd(*cmd) + LOG.debug( + "{} app: cmd={} stdout={} stderr={}".format( + app.name, cmd, stdout, stderr + ) + ) + + # Create Job that disables customized firmware search path on nodes with + # ethernet.intel.com/intel-ethernet-present label (fwddp pod present) + # and nodes with intel-ethernet-operator-controller-manager pod present + cmd = [ + "kubectl", + "--kubeconfig", + kubernetes.KUBERNETES_ADMIN_CONF, + "get", + "nodes", + "-l", + "ethernet.intel.com/intel-ethernet-present", + "-o", + "jsonpath='{.items[*].metadata.name}'", + ] + stdout, stderr = cutils.trycmd(*cmd) + LOG.debug( + "{} app: cmd={} stdout={} stderr={}".format( + app.name, cmd, stdout, stderr + ) + ) + label_present_nodes = stdout.replace("'", "") + label_present_nodes_list = label_present_nodes.split() + + cmd = [ + "kubectl", + "--kubeconfig", + kubernetes.KUBERNETES_ADMIN_CONF, + "get", + "pods", + "-o", + "wide", + "-n", + "intel-ethernet-operator", + ] + stdout, stderr = cutils.trycmd(*cmd) + LOG.debug( + "{} app: cmd={} stdout={} stderr={}".format( + app.name, cmd, stdout, stderr + ) + ) + manager_present_nodes = stdout.replace("'", "") + manager_present_nodes_list = [] + matches = re.findall( + r"intel-ethernet-operator-controller-manager.*", + manager_present_nodes, + ) + for match in matches: + manager_present_nodes_list.append(match.split()[6]) + + # merge lists and remove duplicates + alt_fw_enabled_nodes = list( + set(label_present_nodes_list + manager_present_nodes_list) + ) + + for node in alt_fw_enabled_nodes: + app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB["metadata"][ + "name" + ] = ("alt-fw-search-path-disabler-" + node) + app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB["spec"]["template"][ + "spec" + ]["nodeName"] = node + disable_job = yaml.dump( + app_constants.ALT_FW_SEARCH_PATH_DISABLE_JOB, sort_keys=False + ) + disable_job = disable_job.encode("utf-8") + + cmd = [ + "kubectl", + "--kubeconfig", + kubernetes.KUBERNETES_ADMIN_CONF, + "apply", + "-f", + "-", + ] + stdout, stderr = cutils.trycmd(*cmd, process_input=disable_job) + LOG.debug( + "{} app: cmd={} stdout={} stderr={}".format( + app.name, cmd, stdout, stderr + ) + ) + + def post_remove(self, app): + LOG.debug( + "Executing post_remove for {} app".format( + app_constants.HELM_APP_INTEL_ETHERNET_OPERATOR + ) + ) + cmd = [ + "kubectl", + "--kubeconfig", + kubernetes.KUBERNETES_ADMIN_CONF, + "delete", + "namespace", + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, + ] + stdout, stderr = cutils.trycmd(*cmd) + LOG.debug( + "{} app: cmd={} stdout={} stderr={}".format( + app.name, cmd, stdout, stderr + ) + ) + + def _get_helm_user_overrides(self, dbapi_instance, db_app_id): + try: + overrides = dbapi_instance.helm_override_get( + app_id=db_app_id, + name=app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR, + namespace=app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, + ) + except exception.HelmOverrideNotFound: + values = { + "name": app_constants.HELM_CHART_INTEL_ETHERNET_OPERATOR, + "namespace": app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, + "db_app_id": db_app_id, + } + overrides = dbapi_instance.helm_override_create(values=values) + return overrides.user_overrides or "" + + def _delete_security_profiles_operator_pods(self, app_op, client_core): + # pod list + system_pods = client_core.list_namespaced_pod( + app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR + ) + + # On namespace label change delete pods to force restart + for pod in system_pods.items: + app_op._kube.kube_delete_pod( + name=pod.metadata.name, + namespace=app_constants.HELM_NS_INTEL_ETHERNET_OPERATOR, + grace_periods_seconds=0, + ) diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/__init__.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_intel_ethernet_operator.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_intel_ethernet_operator.py new file mode 100644 index 0000000..b876fa8 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_intel_ethernet_operator.py @@ -0,0 +1,26 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +from k8sapp_intel_ethernet_operator.tests import test_plugins + +from sysinv.tests.db import base as dbbase +from sysinv.db import api as dbapi +from sysinv.tests.db import utils as dbutils +from sysinv.tests.helm import base + + +class IntelEthernetOperatorTestCase( + test_plugins.K8SAppIntelEthernetOperatorAppMixin, base.HelmTestCaseMixin +): + def setUp(self): + super(IntelEthernetOperatorTestCase, self).setUp() + self.app = dbutils.create_test_app(name="intel-ethernet-operator") + self.dbapi = dbapi.get_instance() + + +class IntelEthernetOperatorTestCaseDummy( + IntelEthernetOperatorTestCase, dbbase.ProvisionedControllerHostTestCase +): + # without a test zuul will fail + def test_dummy(self): + pass diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_plugins.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_plugins.py new file mode 100644 index 0000000..f946353 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/k8sapp_intel_ethernet_operator/tests/test_plugins.py @@ -0,0 +1,36 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +from sysinv.tests.db import base as dbbase + + +class K8SAppIntelEthernetOperatorAppMixin(object): + def setUp(self): + super(K8SAppIntelEthernetOperatorAppMixin, self).setUp() + + +# Test Configuration: +# - Controller +# - IPv6 +# - Ceph Storage +# - intel-ethernet-operator app +class K8SAppIntelEthernetOperatorControllerTestCase( + K8SAppIntelEthernetOperatorAppMixin, + dbbase.BaseIPv6Mixin, + dbbase.BaseCephStorageBackendMixin, + dbbase.ControllerHostTestCase, +): + pass + + +# Test Configuration: +# - AIO +# - IPv4 +# - Ceph Storage +# - intel-ethernet-operator-app +class K8SAppIntelEthernetOperatorAIOTestCase( + K8SAppIntelEthernetOperatorAppMixin, + dbbase.BaseCephStorageBackendMixin, + dbbase.AIOSimplexHostTestCase, +): + pass diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/pylint.rc b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/pylint.rc new file mode 100644 index 0000000..d9e84e0 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/pylint.rc @@ -0,0 +1,336 @@ +[MASTER] +# Specify a configuration file. +rcfile=pylint.rc + +# Python code to execute, usually for sys.path manipulation such as +# pygtk.require(). +#init-hook= + +# Add files or directories to the blacklist. Should be base names, not paths. +ignore= + +# Pickle collected data for later comparisons. +persistent=yes + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins= + +# Use multiple processes to speed up Pylint. +jobs=4 + +# Allow loading of arbitrary C extensions. Extensions are imported into the +# active Python interpreter and may run arbitrary code. +unsafe-load-any-extension=no + +# A comma-separated list of package or module names from where C extensions may +# be loaded. Extensions are loading into the active Python interpreter and may +# run arbitrary code +extension-pkg-whitelist=lxml.etree,greenlet + + + +[MESSAGES CONTROL] +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifier separated by comma (,) or put this option +# multiple time (only on the command line, not in the configuration file where +# it should appear only once). +# See "Messages Control" section of +# https://pylint.readthedocs.io/en/latest/user_guide +disable= + # C codes refer to Convention + C0103, # invalid-name + C0104, # disallowed-nameA + C0112, # empty-docstring + C0114, # missing-module-docstring + C0115, # missing-class-docstring + C0116, # missing-function-docstring + C0123, # unidiomatic-typecheck !!! + C0201, # consider-iterating-dictionary + C0202, # bad-classmethod-argument + C0206, # consider-using-dict-items + C0207, # use-maxsplit-arg + C0209, # consider-using-f-string + C0301, # line-too-long + C0302, # too-many-lines + C0325, # superfluous-parens + C0411, # wrong-import-order + C0412, # ungrouped-imports + C0413, # wrong-import-position + C0414, # useless-import-alias !!! + C0415, # import-outside-toplevel + C1802, # use-implicit-booleaness-not-len !!! + C2801, # unnecessary-dunder-call !!! + C3002, # unnecessary-direct-lambda-call !!! + # R codes refer to refactoring + R0022, # useless-option-value !!! + R0205, # useless-object-inheritance + R0402, # consider-using-from-import + R0901, # too-many-ancestors + R0902, # too-many-instance-attributes + R0903, # too-few-public-methods + R0904, # too-many-public-methods + R0911, # too-many-return-statements + R0912, # too-many-branches + R0913, # too-many-arguments + R0914, # too-many-locals + R0915, # too-many-statements + R0916, # too-many-boolean-expressions + R1702, # too-many-nested-blocks + R1703, # simplifiable-if-statement + R1704, # redefined-argument-from-local !!! + R1705, # no-else-return + R1707, # trailing-comma-tuple !!! + R1708, # stop-iteration-return !!! + R1710, # inconsistent-return-statements + R1711, # useless-return + R1714, # consider-using-in + R1717, # consider-using-dict-comprehension !!! + R1718, # consider-using-set-comprehension + R1719, # simplifiable-if-expression + R1720, # no-else-raise + R1721, # unnecessary-comprehension + R1722, # consider-using-sys-exit !!! + R1723, # no-else-break + R1724, # no-else-continue + R1725, # super-with-arguments + R1726, # simplifiable-condition !!! + R1728, # consider-using-generator + R1729, # use-a-generator + R1730, # consider-using-min-builtin !!! + R1731, # consider-using-max-builtin !!! + R1732, # consider-using-with + R1733, # unnecessary-dict-index-lookup !! + R1734, # use-list-literal + R1735, # use-dict-literal + # W codes are warnings + W0101, # unreachable + W0105, # pointless-string-statement + W0106, # expression-not-assigned + W0107, # unnecessary-pass + W0108, # unnecessary-lambda + W0109, # duplicate-key !!! + W0123, # eval-used + W0125, # using-constant-test !!! + W0133, # pointless-exception-statement !!! + W0143, # comparison-with-callable !!! + W0150, # lost-exception + W0201, # attribute-defined-outside-init + W0211, # bad-staticmethod-argument + W0212, # protected-access + W0221, # arguments-differ + W0223, # abstract-method + W0231, # super-init-not-called + W0235, # useless-super-delegation + W0237, # arguments-renamed !!! + W0311, # bad-indentation + W0402, # deprecated-module + W0404, # reimported + W0511, # fixme + W0602, # global-variable-not-assigned !!! + W0603, # global-statement + W0612, # unused-variable + W0613, # unused-argument + W0621, # redefined-outer-name + W0622, # redefined-builtin + W0631, # undefined-loop-variable + W0703, # broad-except (pylint 2.16 renamed to broad-except-caught) + W0706, # try-except-raise + W0707, # raise-missing-from + W0719, # broad-exception-raised + W1113, # keyword-arg-before-vararg + W1310, # format-string-without-interpolation !!! + W1401, # anomalous-backslash-in-string + W1406, # redundant-u-string-prefix + W1505, # deprecated-method + W1514, # unspecified-encoding + W3101, # missing-timeout + E0601, # used-before-assignment !!! + E0605, # invalid-all-format !!! + E1101, # no-member + E1111, # assignment-from-no-return + E1121, # too-many-function-args !!! + E1123, # unexpected-keyword-arg !!! + E1136, # unsubscriptable-object !!! + +[REPORTS] +# Set the output format. Available formats are text, parseable, colorized, msvs +# (visual studio) and html +output-format=text + +# Tells whether to display a full report or only the messages +reports=no + +# Python expression which should return a note less than 10 (10 is the highest +# note). You have access to the variables errors warning, statement which +# respectively contain the number of errors / warnings messages and the total +# number of statements analyzed. This is used by the global evaluation report +# (RP0004). +evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10) + + +[SIMILARITIES] +# Minimum lines number of a similarity. +min-similarity-lines=4 + +# Ignore comments when computing similarities. +ignore-comments=yes + +# Ignore docstrings when computing similarities. +ignore-docstrings=yes + + +[FORMAT] +# Maximum number of characters on a single line. +max-line-length=85 + +# Maximum number of lines in a module +max-module-lines=1000 + +# String used as indentation unit. This is usually 4 spaces or "\t" (1 tab). +indent-string=' ' + + +[TYPECHECK] +# Tells whether missing members accessed in mixin class should be ignored. A +# mixin class is detected if its name ends with "mixin" (case insensitive). +ignore-mixin-members=yes + +# List of module names for which member attributes should not be checked +# (useful for modules/projects where namespaces are manipulated during runtime +# and thus existing member attributes cannot be deduced by static analysis +ignored-modules=distutils,eventlet.green.subprocess,six,six.moves + +# List of classes names for which member attributes should not be checked +# (useful for classes with attributes dynamically set). +# pylint is confused by sqlalchemy Table, as well as sqlalchemy Enum types +# ie: (unprovisioned, identity) +# LookupDict in requests library confuses pylint +ignored-classes=SQLObject, optparse.Values, thread._local, _thread._local, + Table, unprovisioned, identity, LookupDict + +# List of members which are set dynamically and missed by pylint inference +# system, and so shouldn't trigger E0201 when accessed. Python regular +# expressions are accepted. +generated-members=REQUEST,acl_users,aq_parent + + +[BASIC] +# Regular expression which should only match correct module names +module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$ + +# Regular expression which should only match correct module level names +const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$ + +# Regular expression which should only match correct class names +class-rgx=[A-Z_][a-zA-Z0-9]+$ + +# Regular expression which should only match correct function names +function-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct method names +method-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct instance attribute names +attr-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct argument names +argument-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct variable names +variable-rgx=[a-z_][a-z0-9_]{2,30}$ + +# Regular expression which should only match correct list comprehension / +# generator expression variable names +inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$ + +# Good variable names which should always be accepted, separated by a comma +good-names=i,j,k,ex,Run,_ + +# Bad variable names which should always be refused, separated by a comma +bad-names=foo,bar,baz,toto,tutu,tata + +# Regular expression which should only match functions or classes name which do +# not require a docstring +no-docstring-rgx=__.*__ + + +[MISCELLANEOUS] +# List of note tags to take in consideration, separated by a comma. +notes=FIXME,XXX,TODO + + +[VARIABLES] +# Tells whether we should check for unused import in __init__ files. +init-import=no + +# A regular expression matching the beginning of the name of dummy variables +# (i.e. not used). +dummy-variables-rgx=_|dummy + +# List of additional names supposed to be defined in builtins. Remember that +# you should avoid to define new builtins when possible. +additional-builtins= + + +[IMPORTS] +# Deprecated modules which should not be used, separated by a comma +deprecated-modules=regsub,string,TERMIOS,Bastion,rexec + +# Create a graph of every (i.e. internal and external) dependencies in the +# given file (report RP0402 must not be disabled) +import-graph= + +# Create a graph of external dependencies in the given file (report RP0402 must +# not be disabled) +ext-import-graph= + +# Create a graph of internal dependencies in the given file (report RP0402 must +# not be disabled) +int-import-graph= + + +[DESIGN] +# Maximum number of arguments for function / method +max-args=5 + +# Argument names that match this expression will be ignored. Default to name +# with leading underscore +ignored-argument-names=_.* + +# Maximum number of locals for function / method body +max-locals=15 + +# Maximum number of return / yield for function / method body +max-returns=6 + +# Maximum number of branch for function / method body +max-branches=12 + +# Maximum number of statements in function / method body +max-statements=50 + +# Maximum number of parents for a class (see R0901). +max-parents=7 + +# Maximum number of attributes for a class (see R0902). +max-attributes=7 + +# Minimum number of public methods for a class (see R0903). +min-public-methods=2 + +# Maximum number of public methods for a class (see R0904). +max-public-methods=20 + + +[CLASSES] +# List of method names used to declare (i.e. assign) instance attributes. +defining-attr-methods=__init__,__new__,setUp + +# List of valid names for the first argument in a class method. +valid-classmethod-first-arg=cls + + +[EXCEPTIONS] +# Exceptions that will emit a warning when caught. +overgeneral-exceptions=builtins.BaseException,builtins.Exception diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/requirements.txt b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/requirements.txt new file mode 100644 index 0000000..8c5e6ca --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/requirements.txt @@ -0,0 +1,2 @@ +pbr>=2.0.0 +PyYAML>=3.10 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.cfg b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.cfg new file mode 100644 index 0000000..c2c4fe3 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.cfg @@ -0,0 +1,44 @@ +[metadata] +name = k8sapp-intel-ethernet-operator +summary = StarlingX sysinv extensions for intel ethernet operator +long_description = file: README.rst +long_description_content_type = text/x-rst +license = Apache 2.0 +author = StarlingX +author-email = starlingx-discuss@lists.starlingx.io +home-page = https://www.starlingx.io/ +classifier = + Environment :: OpenStack + Intended Audience :: Information Technology + Intended Audience :: System Administrators + License :: OSI Approved :: Apache Software License + Operating System :: POSIX :: Linux + Programming Language :: Python + Programming Language :: Python :: 2 + Programming Language :: Python :: 2.7 + Programming Language :: Python :: 3 + Programming Language :: Python :: 3.4 + Programming Language :: Python :: 3.5 + Programming Language :: Python :: 3.9 + +[files] +packages = + k8sapp_intel_ethernet_operator + +[global] +setup-hooks = + pbr.hooks.setup_hook + +[entry_points] +systemconfig.helm_applications = + intel-ethernet-operator = systemconfig.helm_plugins.intel_ethernet_operator + +systemconfig.helm_plugins.intel-ethernet-operator = + 001_intel-ethernet-operator = k8sapp_intel_ethernet_operator.helm.intel_ethernet_operator:IntelEthernetOperatorHelm + 002_sriov-network-operator = k8sapp_intel_ethernet_operator.helm.sriov_network_operator:SriovNetworkOperatorHelm + +systemconfig.app_lifecycle = + intel-ethernet-operator = k8sapp_intel_ethernet_operator.lifecycle.lifecycle_intel_ethernet_operator:IntelEthernetOperatorAppLifecycleOperator + +[wheel] +universal = 1 diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.py b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.py new file mode 100644 index 0000000..a12d4e3 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/setup.py @@ -0,0 +1,6 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +import setuptools + +setuptools.setup(setup_requires=["pbr>=2.0.0"], pbr=True) diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/test-requirements.txt b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/test-requirements.txt new file mode 100644 index 0000000..1191b51 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/test-requirements.txt @@ -0,0 +1,20 @@ +# The order of packages is significant, because pip processes them in the order +# of appearance. Changing the order has an impact on the overall integration +# process, which may cause wedges in the gate later. +hacking>=1.1.0,<=2.0.0 # Apache-2.0 +astroid +bandit<1.7.2;python_version>="3.0" +coverage>=3.6 +fixtures>=3.0.0 # Apache-2.0/BSD +mock>=2.0.0 # BSD +python-subunit>=0.0.18 +requests-mock>=0.6.0 # Apache-2.0 +sphinx +oslosphinx +oslotest>=3.2.0 # Apache-2.0 +stestr>=1.0.0 # Apache-2.0 +testrepository>=0.0.18 +testtools!=1.2.0,>=0.9.36 +isort<5;python_version>="3.0" +pylint +pycryptodomex \ No newline at end of file diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini new file mode 100644 index 0000000..e92e8fb --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/tox.ini @@ -0,0 +1,183 @@ +[tox] +envlist = flake8,py39,pylint +minversion = 1.6 +skipsdist = True + +# tox does not work if the path to the workdir is too long, so move it to /tmp +# tox 3.1.0 adds TOX_LIMITED_SHEBANG +toxworkdir = /tmp/{env:USER}_k8sapp_intel_ethernet_operatortox +stxdir = {toxinidir}/../../.. +distshare={toxworkdir}/.tox/distshare + +[testenv] +basepython = python3.9 +usedevelop = True + +# tox is silly... these need to be separated by a newline.... +allowlist_externals = bash + find + +install_command = pip install -v -v -v \ + -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \ + {opts} {packages} + +# Note the hash seed is set to 0 until can be tested with a +# random hash seed successfully. +setenv = VIRTUAL_ENV={envdir} + PYTHONHASHSEED=0 + PIP_RESOLVER_DEBUG=1 + PYTHONDONTWRITEBYTECODE=1 + OS_TEST_PATH=./k8sapp_intel_ethernet_operator/tests + LANG=en_US.UTF-8 + LANGUAGE=en_US:en + LC_ALL=C + EVENTS_YAML=./k8sapp_intel_ethernet_operator/tests/events_for_testing.yaml + SYSINV_TEST_ENV=True + TOX_WORK_DIR={toxworkdir} + PYLINTHOME={toxworkdir} + +deps = -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt + -e{[tox]stxdir}/config/tsconfig/tsconfig + -e{[tox]stxdir}/fault/fm-api/source + -e{[tox]stxdir}/fault/python-fmclient/fmclient + -e{[tox]stxdir}/config/controllerconfig/controllerconfig + -e{[tox]stxdir}/update/sw-patch/cgcs-patch + -e{[tox]stxdir}/utilities/utilities/platform-util/platform-util + -e{[tox]stxdir}/utilities/ceph/python-cephclient/python-cephclient + -e{[tox]stxdir}/config/sysinv/cgts-client/cgts-client + -e{[tox]stxdir}/config/sysinv/sysinv/sysinv + + +commands = + find . -type f -name "*.pyc" -delete + +[flake8] +# H series are hacking +# H101 is TODO +# H102 is apache license +# H104 file contains only comments (ie: license) +# H105 author tags +# H306 imports not in alphabetical order +# H401 docstring should not start with a space +# H403 multi line docstrings should end on a new line +# H404 multi line docstring should start without a leading new line +# H405 multi line docstring summary not separated with an empty line +# H701 Empty localization string +# H702 Formatting operation should be outside of localization method call +# H703 Multiple positional placeholders + +# B series are bugbear +# B006 Do not use mutable data structures for argument defaults. Needs to be FIXED. +# B007 Loop control variable not used within the loop body. +# B009 Do not call getattr with a constant attribute value +# B010 Do not call setattr with a constant attribute value +# B012 return/continue/break inside finally blocks cause exceptions to be silenced +# B014 Redundant exception types +# B301 Python 3 does not include `.iter*` methods on dictionaries. (this should be suppressed on a per line basis) + +# W series are warnings +# W503 line break before binary operator +# W504 line break after binary operator +# W605 invalid escape sequence + +# E series are pep8 +# E117 over-indented +# E126 continuation line over-indented for hanging indent +# E127 continuation line over-indented for visual indent +# E128 continuation line under-indented for visual indent +# E402 module level import not at top of file +# E741 ambiguous variable name + +ignore = H101,H102,H104,H105,H306,H401,H403,H404,H405,H701,H702,H703, + B006,B007,B009,B010,B012,B014,B301 + W503,W504,W605, + E117,E126,E127,E128,E402,E741 +exclude = build,dist,tools,.eggs +max-line-length=120 + +[testenv:flake8] +deps = -r{toxinidir}/test-requirements.txt +commands = + flake8 {posargs} . + +[testenv:py39] +commands = + stestr run {posargs} + stestr slowest + +[testenv:pep8] +# testenv:flake8 clone +deps = -r{toxinidir}/test-requirements.txt +commands = {[testenv:flake8]commands} + +[testenv:venv] +commands = {posargs} + +[bandit] +# The following bandit tests are being skipped: +# B101: Test for use of assert +# B103: Test for setting permissive file permissions +# B104: Test for binding to all interfaces +# B105: Test for use of hard-coded password strings +# B108: Test for insecure usage of tmp file/directory +# B110: Try, Except, Pass detected. +# B303: Use of insecure MD2, MD4, MD5, or SHA1 hash function. +# B307: Blacklisted call to eval. +# B310: Audit url open for permitted schemes +# B311: Standard pseudo-random generators are not suitable for security/cryptographic purposes +# B314: Blacklisted calls to xml.etree.ElementTree +# B318: Blacklisted calls to xml.dom.minidom +# B320: Blacklisted calls to lxml.etree +# B404: Import of subprocess module +# B405: import xml.etree +# B408: import xml.minidom +# B410: import lxml +# B506: Test for use of yaml load +# B602: Test for use of popen with shell equals true +# B603: Test for use of subprocess without shell equals true +# B604: Test for any function with shell equals true +# B605: Test for starting a process with a shell +# B607: Test for starting a process with a partial path +# B608: Possible SQL injection vector through string-based query +# +# Note: 'skips' entry cannot be split across multiple lines +# +skips = B101,B103,B104,B105,B108,B110,B303,B307,B310,B311,B314,B318,B320,B404,B405,B408,B410,B506,B602,B603,B604,B605,B607,B608 +exclude = tests + +[testenv:bandit] +deps = -r{toxinidir}/test-requirements.txt +commands = bandit --ini tox.ini -n 5 -r k8sapp_intel_ethernet_operator + +[testenv:pylint] +install_command = pip install -v -v -v \ + -c{env:UPPER_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} \ + {opts} {packages} +commands = + pylint {posargs} k8sapp_intel_ethernet_operator --rcfile=./pylint.rc + +[testenv:cover] +# not sure is passenv is still needed +passenv = CURL_CA_BUNDLE +deps = {[testenv]deps} +setenv = {[testenv]setenv} + PYTHON=coverage run --parallel-mode + +commands = + {[testenv]commands} + coverage erase + stestr run {posargs} + coverage combine + coverage html -d cover + coverage xml -o cover/coverage.xml + coverage report + +[testenv:pip-missing-reqs] +# do not install test-requirements as that will pollute the virtualenv for +# determining missing packages +# this also means that pip-missing-reqs must be installed separately, outside +# of the requirements.txt files +deps = pip_missing_reqs + -rrequirements.txt +commands=pip-missing-reqs -d --ignore-file=/k8sapp_intel_ethernet_operator/tests k8sapp_intel_ethernet_operator diff --git a/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/upper-constraints.txt b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/upper-constraints.txt new file mode 100644 index 0000000..9c30188 --- /dev/null +++ b/python3-k8sapp-intel-ethernet-operator/k8sapp_intel_ethernet_operator/upper-constraints.txt @@ -0,0 +1 @@ +# Override upstream constraints based on StarlingX load diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 0000000..c01ade2 --- /dev/null +++ b/requirements.txt @@ -0,0 +1 @@ +# Nothing diff --git a/sriov-network-operator-helm/debian/deb_folder/changelog b/sriov-network-operator-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..a9e8e63 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +sriov-network-operator-helm (1.2-0) unstable; urgency=medium + + * Initial release. + + -- Rafal Lal Mon, 14 Aug 2023 14:18:00 +0000 diff --git a/sriov-network-operator-helm/debian/deb_folder/control b/sriov-network-operator-helm/debian/deb_folder/control new file mode 100644 index 0000000..44b1a2a --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/control @@ -0,0 +1,15 @@ +Source: sriov-network-operator-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: sriov-network-operator-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Sriov Network Operator Helm Charts + This package contains helm charts for the Sriov Network Operator application. diff --git a/sriov-network-operator-helm/debian/deb_folder/copyright b/sriov-network-operator-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..0148afa --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: sriov-network-operator-helm +Source: https://opendev.org/starlingx/app-intel-ethernet-operator/ + +Files: * +Copyright: (c) 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/sriov-network-operator-helm/debian/deb_folder/patches/0001-sriov-network-operator-delete-existing-crd.patch b/sriov-network-operator-helm/debian/deb_folder/patches/0001-sriov-network-operator-delete-existing-crd.patch new file mode 100644 index 0000000..f897e80 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/patches/0001-sriov-network-operator-delete-existing-crd.patch @@ -0,0 +1,80 @@ +From dbe50139fe33e5337ce8d017e7f81d1f863e799f Mon Sep 17 00:00:00 2001 +From: Rafal Lal +Date: Fri, 25 Aug 2023 14:54:47 +0200 +Subject: [PATCH] sriov-network-operator: delete NetworkAttachmentDefinition CRD + +This patch deletes mentioned CRD, because the same exact version is +already installed in cluster by sriov-device-plugin, which is present on +StarlingX by default. + +Signed-off-by: Rafal Lal +--- + ...f.io_networkattachmentdefinitions_crd.yaml | 57 ------------------- + 1 file changed, 57 deletions(-) + delete mode 100644 deployment/sriov-network-operator/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml + +diff --git a/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml b/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml +deleted file mode 100644 +index 5916055f..00000000 +--- a/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml ++++ /dev/null +@@ -1,57 +0,0 @@ +-# Copyright 2020 NVIDIA +-# +-# Licensed under the Apache License, Version 2.0 (the "License"); +-# you may not use this file except in compliance with the License. +-# You may obtain a copy of the License at +-# +-# http://www.apache.org/licenses/LICENSE-2.0 +-# +-# Unless required by applicable law or agreed to in writing, software +-# distributed under the License is distributed on an "AS IS" BASIS, +-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-# See the License for the specific language governing permissions and +-# limitations under the License. +-apiVersion: apiextensions.k8s.io/v1 +-kind: CustomResourceDefinition +-metadata: +- name: network-attachment-definitions.k8s.cni.cncf.io +-spec: +- group: k8s.cni.cncf.io +- scope: Namespaced +- names: +- plural: network-attachment-definitions +- singular: network-attachment-definition +- kind: NetworkAttachmentDefinition +- shortNames: +- - net-attach-def +- versions: +- - name: v1 +- served: true +- storage: true +- schema: +- openAPIV3Schema: +- description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing +- Working Group to express the intent for attaching pods to one or more logical or physical +- networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' +- type: object +- properties: +- apiVersion: +- description: 'APIVersion defines the versioned schema of this represen +- tation of an object. Servers should convert recognized schemas to the +- latest internal value, and may reject unrecognized values. More info: +- https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' +- type: string +- kind: +- description: 'Kind is a string value representing the REST resource this +- object represents. Servers may infer this from the endpoint the client +- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' +- type: string +- metadata: +- type: object +- spec: +- description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' +- type: object +- properties: +- config: +- description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' +- type: string +-- +2.34.1 diff --git a/sriov-network-operator-helm/debian/deb_folder/patches/0002-sriov-network-operator-fix-pull-image-error.patch b/sriov-network-operator-helm/debian/deb_folder/patches/0002-sriov-network-operator-fix-pull-image-error.patch new file mode 100644 index 0000000..0cd4237 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/patches/0002-sriov-network-operator-fix-pull-image-error.patch @@ -0,0 +1,38 @@ +From e0b1258d97e60ffae29788af67158c82e5e039b8 Mon Sep 17 00:00:00 2001 +From: Rafal Lal +Date: Fri, 25 Aug 2023 15:09:58 +0200 +Subject: [PATCH] sriov-network-operator: fix pull image error + +This patch consists of adding imagePullSecrets with name +default-registry-key only in ServiceAccounts. +It's necessary because without it the system can't use the +images from the registry local. + +Signed-off-by: Rafal Lal +--- + templates/serviceaccount.yaml | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml +index fc0bb570..7ab5b465 100644 +--- a/templates/serviceaccount.yaml ++++ b/templates/serviceaccount.yaml +@@ -1,5 +1,7 @@ + apiVersion: v1 + kind: ServiceAccount ++imagePullSecrets: ++ - name: default-registry-key + metadata: + name: {{ include "sriov-network-operator.fullname" . }} + namespace: {{ .Release.Namespace }} +@@ -8,6 +10,8 @@ metadata: + --- + apiVersion: v1 + kind: ServiceAccount ++imagePullSecrets: ++ - name: default-registry-key + metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} +-- +2.34.1 \ No newline at end of file diff --git a/sriov-network-operator-helm/debian/deb_folder/patches/series b/sriov-network-operator-helm/debian/deb_folder/patches/series new file mode 100644 index 0000000..99f9364 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/patches/series @@ -0,0 +1,2 @@ +0001-sriov-network-operator-delete-existing-crd.patch +0002-sriov-network-operator-fix-pull-image-error.patch \ No newline at end of file diff --git a/sriov-network-operator-helm/debian/deb_folder/rules b/sriov-network-operator-helm/debian/deb_folder/rules new file mode 100644 index 0000000..dd1ffb8 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/rules @@ -0,0 +1,20 @@ +#!/usr/bin/make -f +export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export APP_FOLDER = $(ROOT)/usr/lib/helm + +%: + dh $@ + +override_dh_auto_build: + mkdir -p sriov-network-operator + mv Chart.yaml README.md crds templates values.yaml sriov-network-operator + make sriov-network-operator + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(APP_FOLDER) + install -p -D -m 755 sriov-network-operator*.tgz $(APP_FOLDER) + +override_dh_auto_test: \ No newline at end of file diff --git a/sriov-network-operator-helm/debian/deb_folder/source/format b/sriov-network-operator-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/sriov-network-operator-helm/debian/deb_folder/sriov-network-operator-helm.install b/sriov-network-operator-helm/debian/deb_folder/sriov-network-operator-helm.install new file mode 100644 index 0000000..8777963 --- /dev/null +++ b/sriov-network-operator-helm/debian/deb_folder/sriov-network-operator-helm.install @@ -0,0 +1 @@ +usr/lib/helm/* \ No newline at end of file diff --git a/sriov-network-operator-helm/debian/meta_data.yaml b/sriov-network-operator-helm/debian/meta_data.yaml new file mode 100644 index 0000000..e2a5e20 --- /dev/null +++ b/sriov-network-operator-helm/debian/meta_data.yaml @@ -0,0 +1,14 @@ +--- +debname: sriov-network-operator-helm +debver: 1.2-0 +dl_path: + name: sriov-network-operator-1.2.0.tar.gz + url: https://github.com/k8snetworkplumbingwg/sriov-network-operator/releases/download/v1.2.0/sriov-network-operator-1.2.0.tgz + sha256sum: 7aabe8eae545fb14288d05b6271326a2c2bfdec1e5e2d1250821baca83b37cc8 +src_files: + - sriov-network-operator-helm/files/Makefile +revision: + dist: $STX_DIST + GITREVCOUNT: + BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd + SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator/sriov-network-operator-helm \ No newline at end of file diff --git a/sriov-network-operator-helm/sriov-network-operator-helm/files/Makefile b/sriov-network-operator-helm/sriov-network-operator-helm/files/Makefile new file mode 100644 index 0000000..a970c5a --- /dev/null +++ b/sriov-network-operator-helm/sriov-network-operator-helm/files/Makefile @@ -0,0 +1,43 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2023 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -f *tgz */charts/*tgz */requirements.lock + rm -rf */charts */tmpcharts + +%: + @: diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/changelog b/stx-intel-ethernet-operator-helm/debian/deb_folder/changelog new file mode 100644 index 0000000..67b1585 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/changelog @@ -0,0 +1,5 @@ +stx-intel-ethernet-operator-helm (1.0-1) unstable; urgency=medium + + * Initial release. + + -- Rafal Lal Mon, 14 Aug 2023 14:18:00 +0000 diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/control b/stx-intel-ethernet-operator-helm/debian/deb_folder/control new file mode 100644 index 0000000..f2e468f --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/control @@ -0,0 +1,19 @@ +Source: stx-intel-ethernet-operator-helm +Section: libs +Priority: optional +Maintainer: StarlingX Developers +Build-Depends: debhelper-compat (= 13), + helm, + procps, + python3-k8sapp-intel-ethernet-operator, + python3-k8sapp-intel-ethernet-operator-wheels, + sriov-network-operator-helm +Standards-Version: 4.5.1 +Homepage: https://www.starlingx.io + +Package: stx-intel-ethernet-operator-helm +Section: libs +Architecture: any +Depends: ${misc:Depends} +Description: StarlingX Intel Ethernet Operator Helm Charts + This package contains helm charts for the Intel Ethernet Operator application. diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/copyright b/stx-intel-ethernet-operator-helm/debian/deb_folder/copyright new file mode 100644 index 0000000..f4c33b9 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/copyright @@ -0,0 +1,41 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: stx-intel-ethernet-operator-helm +Source: https://opendev.org/starlingx/app-intel-ethernet-operator/ + +Files: * +Copyright: (c) 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: debian/* +Copyright: 2023 Intel Corporation +License: Apache-2 + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + . + https://www.apache.org/licenses/LICENSE-2.0 + . + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + . + On Debian-based systems the full text of the Apache version 2.0 license + can be found in `/usr/share/common-licenses/Apache-2.0'. diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/rules b/stx-intel-ethernet-operator-helm/debian/deb_folder/rules new file mode 100644 index 0000000..cd84026 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/rules @@ -0,0 +1,57 @@ +#!/usr/bin/make -f +# export DH_VERBOSE = 1 + +export ROOT = debian/tmp +export APP_FOLDER = $(ROOT)/usr/local/share/applications/helm + +export DEB_VERSION = $(shell dpkg-parsechangelog | egrep '^Version:' | cut -f 2 -d ' ') +export RELEASE = $(shell echo $(DEB_VERSION) | cut -f 1 -d '-') +export REVISION = $(shell echo $(DEB_VERSION) | cut -f 4 -d '.') + +export APP_NAME = intel-ethernet-operator +export APP_VERSION = $(RELEASE)-$(REVISION) +export APP_TARBALL_FLUXCD = $(APP_NAME)-$(APP_VERSION).tgz +export HELM_FOLDER = /usr/lib/helm +export HELM_REPO = stx-platform +export STAGING = staging + +%: + dh $@ + +override_dh_auto_build: + + # Create the helm-chart TGZ file. + cd helm-charts && make + + # Setup the staging directory. + mkdir -p $(STAGING) + cp files/metadata.yaml $(STAGING) + cp -Rv fluxcd-manifests $(STAGING) + mkdir -p $(STAGING)/charts + cp $(HELM_FOLDER)/*.tgz $(STAGING)/charts + cp helm-charts/*.tgz $(STAGING)/charts + + # Populate metadata. + sed -i 's/@APP_NAME@/$(APP_NAME)/g' $(STAGING)/metadata.yaml + sed -i 's/@APP_VERSION@/$(APP_VERSION)/g' $(STAGING)/metadata.yaml + sed -i 's/@HELM_REPO@/$(HELM_REPO)/g' $(STAGING)/metadata.yaml + + # Copy the plugins: installed in the buildroot + mkdir -p $(STAGING)/plugins + cp /plugins/*.whl $(STAGING)/plugins + + # Create the app package. + cd $(STAGING) && find . -type f ! -name '*.md5' -print0 | xargs -0 md5sum > checksum.md5 + tar cfz $(APP_TARBALL_FLUXCD) -C $(STAGING)/ . + + # Cleanup staging + rm -rf $(STAGING) + +override_dh_auto_install: + # Install the app tar file. + install -d -m 755 $(APP_FOLDER) + install -p -D -m 755 $(APP_TARBALL_FLUXCD) $(APP_FOLDER) + +override_dh_auto_test: + +override_dh_usrlocal: diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/source/format b/stx-intel-ethernet-operator-helm/debian/deb_folder/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/stx-intel-ethernet-operator-helm/debian/deb_folder/stx-intel-ethernet-operator-helm.install b/stx-intel-ethernet-operator-helm/debian/deb_folder/stx-intel-ethernet-operator-helm.install new file mode 100644 index 0000000..1b47c6e --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/deb_folder/stx-intel-ethernet-operator-helm.install @@ -0,0 +1 @@ +usr/local/share/applications/helm/* diff --git a/stx-intel-ethernet-operator-helm/debian/meta_data.yaml b/stx-intel-ethernet-operator-helm/debian/meta_data.yaml new file mode 100644 index 0000000..c441283 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/debian/meta_data.yaml @@ -0,0 +1,9 @@ +--- +debname: stx-intel-ethernet-operator-helm +debver: 1.0-1 +src_path: stx-intel-ethernet-operator-helm +revision: + dist: $STX_DIST + GITREVCOUNT: + BASE_SRCREV: 8a65e4b96d2b33ae05c56086ac0a5df3b187ebfd + SRC_DIR: ${MY_REPO}/stx/app-intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/files/metadata.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/files/metadata.yaml new file mode 100644 index 0000000..e3943c3 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/files/metadata.yaml @@ -0,0 +1,13 @@ +maintain_user_overrides: true + +app_name: @APP_NAME@ +app_version: @APP_VERSION@ +helm_repo: @HELM_REPO@ + +upgrades: + auto_update: true + +behavior: + evaluate_reapply: + after: + - node-feature-discovery diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/helmrepository.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/helmrepository.yaml new file mode 100644 index 0000000..47749d8 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/helmrepository.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: source.toolkit.fluxcd.io/v1beta1 +kind: HelmRepository +metadata: + name: stx-platform +spec: + url: http://192.168.206.1:8080/helm_charts/stx-platform + interval: 1m diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/kustomization.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/kustomization.yaml new file mode 100644 index 0000000..347a83a --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/kustomization.yaml @@ -0,0 +1,7 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - helmrepository.yaml diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/namespace.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/namespace.yaml new file mode 100644 index 0000000..1c57ad1 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/base/namespace.yaml @@ -0,0 +1,9 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: v1 +kind: Namespace +metadata: + labels: + control-plane: controller-manager + name: intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/helmrelease.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/helmrelease.yaml new file mode 100644 index 0000000..9568528 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/helmrelease.yaml @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: intel-ethernet-operator + labels: + chart_group: intel-ethernet-operator +spec: + releaseName: intel-ethernet-operator + chart: + spec: + chart: intel-ethernet-operator + version: 1.0.0 + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + valuesFrom: + - kind: Secret + name: intel-ethernet-operator-static-overrides + valuesKey: intel-ethernet-operator-static-overrides.yaml + - kind: Secret + name: intel-ethernet-operator-system-overrides + valuesKey: intel-ethernet-operator-system-overrides.yaml diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-static-overrides.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-static-overrides.yaml new file mode 100644 index 0000000..e5c1797 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-static-overrides.yaml @@ -0,0 +1,14 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +imagePullSecrets: [{ "name": "default-registry-key" }] + +images: + tags: + intel-ethernet-operator-labeler: docker.io/intel/intel-ethernet-operator-labeler:stx9.0-v2.0.0 + intel-ethernet-operator-daemon: docker.io/intel/intel-ethernet-operator-daemon:stx9.0-v2.0.0 + +manager: + image: + repository: docker.io/intel/intel-ethernet-operator-manager + tag: "stx9.0-v2.0.0" diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-system-overrides.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-system-overrides.yaml new file mode 100644 index 0000000..6b7f52b --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/intel-ethernet-operator-system-overrides.yaml @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/kustomization.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/kustomization.yaml new file mode 100644 index 0000000..a586fe9 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/intel-ethernet-operator/kustomization.yaml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: intel-ethernet-operator +resources: + - helmrelease.yaml +secretGenerator: + - name: intel-ethernet-operator-static-overrides + files: + - intel-ethernet-operator-static-overrides.yaml + - name: intel-ethernet-operator-system-overrides + files: + - intel-ethernet-operator-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/kustomization.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/kustomization.yaml new file mode 100644 index 0000000..7bb162b --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/kustomization.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: intel-ethernet-operator +resources: + - base + - intel-ethernet-operator + - sriov-network-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/helmrelease.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/helmrelease.yaml new file mode 100644 index 0000000..798c4b2 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/helmrelease.yaml @@ -0,0 +1,33 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: "helm.toolkit.fluxcd.io/v2beta1" +kind: HelmRelease +metadata: + name: sriov-network-operator + labels: + chart_group: intel-ethernet-operator +spec: + releaseName: sriov-network-operator + chart: + spec: + chart: sriov-network-operator + version: 1.2.0 + sourceRef: + kind: HelmRepository + name: stx-platform + interval: 1m + timeout: 30m + test: + enable: false + install: + disableHooks: false + upgrade: + disableHooks: false + valuesFrom: + - kind: Secret + name: sriov-network-operator-static-overrides + valuesKey: sriov-network-operator-static-overrides.yaml + - kind: Secret + name: sriov-network-operator-system-overrides + valuesKey: sriov-network-operator-system-overrides.yaml diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/kustomization.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/kustomization.yaml new file mode 100644 index 0000000..4c90121 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/kustomization.yaml @@ -0,0 +1,17 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: intel-ethernet-operator +resources: + - helmrelease.yaml +secretGenerator: + - name: sriov-network-operator-static-overrides + files: + - sriov-network-operator-static-overrides.yaml + - name: sriov-network-operator-system-overrides + files: + - sriov-network-operator-system-overrides.yaml +generatorOptions: + disableNameSuffixHash: true \ No newline at end of file diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-static-overrides.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-static-overrides.yaml new file mode 100644 index 0000000..6b7f52b --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-static-overrides.yaml @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-system-overrides.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-system-overrides.yaml new file mode 100644 index 0000000..6b7f52b --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/fluxcd-manifests/sriov-network-operator/sriov-network-operator-system-overrides.yaml @@ -0,0 +1,2 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/Makefile b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/Makefile new file mode 100644 index 0000000..a970c5a --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/Makefile @@ -0,0 +1,43 @@ +# +# Copyright 2017 The Openstack-Helm Authors. +# +# Copyright (c) 2023 Intel Corporation +# +# SPDX-License-Identifier: Apache-2.0 +# +# It's necessary to set this because some environments don't link sh -> bash. +SHELL := /bin/bash +TASK := build + +EXCLUDES := doc tests tools logs tmp +CHARTS := $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.))) + +.PHONY: $(EXCLUDES) $(CHARTS) + +all: $(CHARTS) + +$(CHARTS): + @if [ -d $@ ]; then \ + echo; \ + echo "===== Processing [$@] chart ====="; \ + make $(TASK)-$@; \ + fi + +init-%: + if [ -f $*/Makefile ]; then make -C $*; fi + if [ -f $*/requirements.yaml ]; then helm dep up $*; fi + +lint-%: init-% + if [ -d $* ]; then helm lint $*; fi + +build-%: + if [ -d $* ]; then helm package $*; fi + +clean: + @echo "Clean all build artifacts" + rm -f */templates/_partials.tpl */templates/_globals.tpl + rm -f *tgz */charts/*tgz */requirements.lock + rm -rf */charts */tmpcharts + +%: + @: diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/.helmignore b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/Chart.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/Chart.yaml new file mode 100644 index 0000000..dee2839 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: intel-ethernet-operator +description: A Helm chart for Intel Ethernet Operator deployment +type: application +version: 1.0.0 +appVersion: "stx9.0-v2.0.0" diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/README.md b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/README.md new file mode 100644 index 0000000..0eff4f4 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/README.md @@ -0,0 +1,32 @@ +# Intel Ethernet Operator Helm Chart + +This Helm chart deploys the Intel Ethernet Operator on Kubernetes clusters. +Application images that are used here are prepared specifically for Starlingx, +difference from regular ones is addition of `initContainers` to fwddp and +manager pods which enable customized firmware search path on hosts they are +scheduled to run. + +## Source + +Charts are based on +. +Upstream deployment is based on OLM +[Operator Lifecycle Manager](). +Manifests used here are close representation of what can be found in +[config](). +Resources from that directory are organized into usual helm templates structure. +CRDs found here are located in +[apis]() +directory, in OLM deployment they are built from that directory into yamls. + +## Installation + +```bash +$ helm install intel-ethernet-operator intel-ethernet-operator +``` + +Will install application in intel-ethernet-operator namespace. Operator +dependencies are not included in this chart. Node Feature Discovery is +already integrated as StarlingX app and Sriov Network Operator is part +of app-intel-ethernet-operator, but is built as seperate package from +upstream source. diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/certificate.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/certificate.yaml new file mode 100644 index 0000000..1737a50 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/certificate.yaml @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: intel-ethernet-operator-serving-cert + namespace: intel-ethernet-operator +spec: + dnsNames: + - intel-ethernet-operator-webhook-service.intel-ethernet-operator.svc + - intel-ethernet-operator-webhook-service.intel-ethernet-operator.svc.cluster.local + issuerRef: + kind: Issuer + name: intel-ethernet-operator-selfsigned-issuer + secretName: webhook-server-cert + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: intel-ethernet-operator-selfsigned-issuer + namespace: intel-ethernet-operator +spec: + selfSigned: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role.yaml new file mode 100644 index 0000000..3a38317 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role.yaml @@ -0,0 +1,469 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +# permissions for end users to edit clusterflowconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-clusterflowconfig-editor-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs/status + verbs: + - get + +--- +# permissions for end users to view clusterflowconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-clusterflowconfig-viewer-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs + verbs: + - get + - list + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs/status + verbs: + - get + +--- +# permissions for end users to edit ethernetclusterconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-ethernetclusterconfig-editor-role +rules: + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs/status + verbs: + - get + +--- +# permissions for end users to view ethernetclusterconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-ethernetclusterconfig-viewer-role +rules: + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs + verbs: + - get + - list + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs/status + verbs: + - get + +--- +# permissions for end users to edit ethernetnodeconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-ethernetnodeconfig-editor-role +rules: + - apiGroups: + - ethernet.intel.com + resources: + - ethernetnodeconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetnodeconfigs/status + verbs: + - get + +--- +# permissions for end users to view ethernetnodeconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-ethernetnodeconfig-viewer-role +rules: + - apiGroups: + - ethernet.intel.com + resources: + - ethernetnodeconfigs + verbs: + - get + - list + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetnodeconfigs/status + verbs: + - get + +--- +# permissions for end users to edit flowconfignodeagentdeployments. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-flowconfignodeagentdeployment-editor-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments/status + verbs: + - get + +--- +# permissions for end users to view flowconfignodeagentdeployments. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-flowconfignodeagentdeployment-viewer-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments + verbs: + - get + - list + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments/status + verbs: + - get + +--- +# permissions for end users to edit nodeflowconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-nodeflowconfig-editor-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs/status + verbs: + - get + +--- +# permissions for end users to view nodeflowconfigs. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: intel-ethernet-operator-nodeflowconfig-viewer-role +rules: + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs + verbs: + - get + - list + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs/status + verbs: + - get + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: intel-ethernet-operator-manager-role +rules: + - apiGroups: + - "" + resources: + - configmaps + - namespaces + - serviceaccounts + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - delete + - get + - list + - watch + - apiGroups: + - apps + resources: + - daemonsets + - deployments + - deployments/finalizers + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - list + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs + - ethernetnodeconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs/finalizers + - ethernetnodeconfigs/finalizers + verbs: + - update + - apiGroups: + - ethernet.intel.com + resources: + - ethernetclusterconfigs/status + - ethernetnodeconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs/finalizers + verbs: + - update + - apiGroups: + - flowconfig.intel.com + resources: + - clusterflowconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments/finalizers + verbs: + - update + - apiGroups: + - flowconfig.intel.com + resources: + - flowconfignodeagentdeployments/status + verbs: + - get + - patch + - update + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs/finalizers + verbs: + - update + - apiGroups: + - flowconfig.intel.com + resources: + - nodeflowconfigs/status + verbs: + - get + - patch + - update + - apiGroups: + - flowconfig.intel.com + resources: + - nodes + verbs: + - get + - list + - update + - watch + - apiGroups: + - machineconfiguration.openshift.io + resources: + - machineconfigs + verbs: + - create + - get + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + - clusterroles + - rolebindings + - roles + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch + - bind + - escalate + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - list + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role_binding.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role_binding.yaml new file mode 100644 index 0000000..f795594 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/cluster_role_binding.yaml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: intel-ethernet-operator-manager-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: intel-ethernet-operator-manager-role +subjects: + - kind: ServiceAccount + name: intel-ethernet-operator-controller-manager + namespace: intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/config_map.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/config_map.yaml new file mode 100644 index 0000000..6d0fd98 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/config_map.yaml @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: v1 +data: + controller_manager_config.yaml: | + apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 + kind: ControllerManagerConfig + health: + healthProbeBindAddress: :8081 + metrics: + bindAddress: 127.0.0.1:8080 + webhook: + port: 9443 + leaderElection: + leaderElect: true + resourceName: 8ee6d2ed.intel.com +kind: ConfigMap +metadata: + name: intel-ethernet-operator-manager-config + namespace: intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/clusterflow_config.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/clusterflow_config.yaml new file mode 100644 index 0000000..b334009 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/clusterflow_config.yaml @@ -0,0 +1,174 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + name: clusterflowconfigs.flowconfig.intel.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: flowconfig.intel.com + names: + kind: ClusterFlowConfig + listKind: ClusterFlowConfigList + plural: clusterflowconfigs + singular: clusterflowconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterFlowConfig is the Schema for the clusterflowconfigs API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: ClusterFlowConfigSpec defines the desired state of ClusterFlowConfig + properties: + podSelector: + description: + This is a label selector which selects Pods. This field + follows standard label selector semantics; if present but empty, + it selects all pods. + properties: + matchExpressions: + description: + matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: + A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: + key is the label key that the selector applies + to. + type: string + operator: + description: + operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: + values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: + matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + rules: + description: Rules is a list of FlowCreate rules + items: + description: + ClusterFlowRules struct for flow rules creation and + validation + properties: + action: + items: + description: ClusterFlowAction defines flow actions + properties: + conf: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + attr: + description: FlowAttr defines Flow rule attributes + properties: + egress: + format: int32 + type: integer + group: + format: int32 + type: integer + ingress: + format: int32 + type: integer + priority: + format: int32 + type: integer + reserved: + format: int32 + type: integer + transfer: + format: int32 + type: integer + type: object + pattern: + items: + description: FlowItem defines flow pattern definition + properties: + last: + type: object + x-kubernetes-preserve-unknown-fields: true + mask: + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + type: object + type: array + type: object + status: + description: ClusterFlowConfigStatus defines the observed state of ClusterFlowConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_cluster_config.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_cluster_config.yaml new file mode 100644 index 0000000..4cf9115 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_cluster_config.yaml @@ -0,0 +1,131 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + name: ethernetclusterconfigs.ethernet.intel.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ethernet.intel.com + names: + kind: EthernetClusterConfig + listKind: EthernetClusterConfigList + plural: ethernetclusterconfigs + shortNames: + - ecc + singular: ethernetclusterconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: + EthernetClusterConfig is the Schema for the ethernetclusterconfigs + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: EthernetClusterConfigSpec defines the desired state of EthernetClusterConfig + properties: + deviceConfig: + description: + Contains configuration which will be applied to selected + devices + properties: + ddpChecksum: + description: SHA-1 checksum of .zip DDP package + pattern: ^[a-fA-F0-9]{40}$ + type: string + ddpURL: + description: Path to .zip DDP package to be applied + pattern: '[a-zA-Z0-9\.\-\/]+' + type: string + fwChecksum: + description: SHA-1 checksum of .tar.gz Firmware + pattern: ^[a-fA-F0-9]{40}$ + type: string + fwURL: + description: + Path to .tar.gz Firmware (NVMUpdate package) to be + applied + pattern: '[a-zA-Z0-9\.\-\/]+' + type: string + fwUpdateParam: + description: Additional arguments for NVMUpdate utility + type: string + type: object + deviceSelector: + description: + Selector for devices on nodes. If value is not set, then + configuration is applied to all CLV cards on selected nodes + properties: + deviceId: + description: + DeviceId of devices to be selected. If value is not + set, then CLV cards with any DeviceId are selected + type: string + pciAddress: + description: + PciAdress of devices to be selected. If value is + not set, then CLV cards with any PciAddress are selected + pattern: ^[a-fA-F0-9]{4}:[a-fA-F0-9]{2}:[01][a-fA-F0-9]\.[0-7]$ + type: string + vendorId: + description: + VendorId of devices to be selected. If value is not + set, then CLV cards with any VendorId are selected + type: string + type: object + nodeSelectors: + additionalProperties: + type: string + description: + Selector for nodes. If value is not set, then configuration + is applied to all nodes with CLV cards in cluster + type: object + priority: + description: + Higher priority policies can override lower ones. If + several ClusterConfigs have same Priority, then operator will apply + ClusterConfig with highest CreationTimestamp (newest one) + type: integer + required: + - deviceConfig + type: object + status: + description: + EthernetClusterConfigStatus defines the observed state of + EthernetClusterConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_node_config.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_node_config.yaml new file mode 100644 index 0000000..32e0d62 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/ethernet_node_config.yaml @@ -0,0 +1,255 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + name: ethernetnodeconfigs.ethernet.intel.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ethernet.intel.com + names: + kind: EthernetNodeConfig + listKind: EthernetNodeConfigList + plural: ethernetnodeconfigs + shortNames: + - enc + singular: ethernetnodeconfig + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.conditions[?(@.type=="Updated")].reason + name: Update + type: string + - jsonPath: .status.conditions[?(@.type=="Updated")].message + name: Message + type: string + name: v1 + schema: + openAPIV3Schema: + description: + EthernetNodeConfig is the Schema for the ethernetnodeconfigs + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: EthernetNodeConfigSpec defines the desired state of EthernetNodeConfig + properties: + config: + description: + Contains mapping of PciAddress to Configuration which + will be applied to device on particular PciAddress + items: + properties: + PCIAddress: + description: PciAddress of device + pattern: ^[a-fA-F0-9]{4}:[a-fA-F0-9]{2}:[01][a-fA-F0-9]\.[0-7]$ + type: string + deviceConfig: + description: Configuration which will be applied to this device + properties: + ddpChecksum: + description: SHA-1 checksum of .zip DDP package + pattern: ^[a-fA-F0-9]{40}$ + type: string + ddpURL: + description: Path to .zip DDP package to be applied + pattern: '[a-zA-Z0-9\.\-\/]+' + type: string + fwChecksum: + description: SHA-1 checksum of .tar.gz Firmware + pattern: ^[a-fA-F0-9]{40}$ + type: string + fwURL: + description: + Path to .tar.gz Firmware (NVMUpdate package) + to be applied + pattern: '[a-zA-Z0-9\.\-\/]+' + type: string + fwUpdateParam: + description: Additional arguments for NVMUpdate utility + type: string + type: object + required: + - PCIAddress + - deviceConfig + type: object + type: array + drainSkip: + description: + Skips drain process when true; default false. Should + be true if operator is running on SNO + type: boolean + type: object + status: + description: EthernetNodeConfigStatus defines the observed state of EthernetNodeConfig + properties: + conditions: + description: Provides information about device update status + items: + description: + "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: + lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: + message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: + observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: + reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: + type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + devices: + description: + Contains list of supported CLV cards and details about + them + items: + properties: + DDP: + description: DDPInfo contains information about loaded DDP profile + properties: + packageName: + type: string + trackId: + type: string + version: + type: string + required: + - packageName + - trackId + - version + type: object + PCIAddress: + description: PciAddress of card + type: string + deviceID: + description: DeviceId of card + type: string + driver: + description: Contains name of driver which is managing card + type: string + driverVersion: + description: Version of driver + type: string + firmware: + description: + FirmwareInfo contains information about MAC address + of card and loaded version of Firmware + properties: + MAC: + type: string + version: + type: string + required: + - MAC + - version + type: object + name: + description: Contains human-readable name of card + type: string + vendorID: + description: VendorId of card + type: string + required: + - DDP + - PCIAddress + - deviceID + - driver + - driverVersion + - firmware + - name + - vendorID + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/flowconfig_node_agent_deployment.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/flowconfig_node_agent_deployment.yaml new file mode 100644 index 0000000..eedb36e --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/flowconfig_node_agent_deployment.yaml @@ -0,0 +1,75 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + name: flowconfignodeagentdeployments.flowconfig.intel.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: flowconfig.intel.com + names: + kind: FlowConfigNodeAgentDeployment + listKind: FlowConfigNodeAgentDeploymentList + plural: flowconfignodeagentdeployments + singular: flowconfignodeagentdeployment + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: + FlowConfigNodeAgentDeployment is the Schema for the flowconfignodeagentdeployments + API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: + FlowConfigNodeAgentDeploymentSpec defines the desired state + of FlowConfigNodeAgentDeployment + properties: + DCFVfPoolName: + description: DCFVfPoolName is the name reference to CVL admin VF pool + type: string + NADAnnotation: + description: + NADAnnotation is the name reference to Network Attachement + Definition required by UFT container + type: string + type: object + status: + description: + FlowConfigNodeAgentDeploymentStatus defines the observed + state of FlowConfigNodeAgentDeployment + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/nodeflow_config.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/nodeflow_config.yaml new file mode 100644 index 0000000..37726ae --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/crds/nodeflow_config.yaml @@ -0,0 +1,204 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert + controller-gen.kubebuilder.io/version: v0.9.2 + name: nodeflowconfigs.flowconfig.intel.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: flowconfig.intel.com + names: + kind: NodeFlowConfig + listKind: NodeFlowConfigList + plural: nodeflowconfigs + singular: nodeflowconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: NodeFlowConfig is the Schema for the nodeflowconfigs API + properties: + apiVersion: + description: + "APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources" + type: string + kind: + description: + "Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds" + type: string + metadata: + type: object + spec: + description: NodeFlowConfigSpec defines the desired state of NodeFlowConfig + properties: + rules: + description: Rules is a list of FlowCreate rules + items: + description: FlowRules struct for flow rules creation and validation + properties: + action: + items: + description: FlowAction defines flow actions + properties: + conf: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + attr: + description: FlowAttr defines Flow rule attributes + properties: + egress: + format: int32 + type: integer + group: + format: int32 + type: integer + ingress: + format: int32 + type: integer + priority: + format: int32 + type: integer + reserved: + format: int32 + type: integer + transfer: + format: int32 + type: integer + type: object + pattern: + items: + description: FlowItem defines flow pattern definition + properties: + last: + type: object + x-kubernetes-preserve-unknown-fields: true + mask: + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + portId: + format: int32 + type: integer + type: object + type: array + type: object + status: + description: NodeFlowConfigStatus defines the observed state of NodeFlowConfig + properties: + portInfo: + items: + description: PortsInformation defines port information + properties: + portId: + format: int32 + type: integer + portMode: + type: string + portPci: + type: string + required: + - portId + type: object + type: array + rules: + description: Last applied rules + items: + description: FlowRules struct for flow rules creation and validation + properties: + action: + items: + description: FlowAction defines flow actions + properties: + conf: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + attr: + description: FlowAttr defines Flow rule attributes + properties: + egress: + format: int32 + type: integer + group: + format: int32 + type: integer + ingress: + format: int32 + type: integer + priority: + format: int32 + type: integer + reserved: + format: int32 + type: integer + transfer: + format: int32 + type: integer + type: object + pattern: + items: + description: FlowItem defines flow pattern definition + properties: + last: + type: object + x-kubernetes-preserve-unknown-fields: true + mask: + type: object + x-kubernetes-preserve-unknown-fields: true + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + type: + type: string + type: object + type: array + portId: + format: int32 + type: integer + type: object + type: array + syncMsg: + type: string + syncStatus: + type: string + required: + - portInfo + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/deployment.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/deployment.yaml new file mode 100644 index 0000000..1d44cd5 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/deployment.yaml @@ -0,0 +1,108 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: intel-ethernet-operator-controller-manager + namespace: intel-ethernet-operator + labels: + control-plane: controller-manager +spec: + selector: + matchLabels: + control-plane: controller-manager + replicas: 2 + template: + metadata: + labels: + control-plane: controller-manager + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + control-plane: controller-manager + initContainers: + - command: + - /bin/bash + args: + - -c + - echo -n /var/lib/firmware/ > /host/sys/module/firmware_class/parameters/path + name: alt-fw-search-path-enabler + image: docker.io/redhat/ubi9-micro:9.2-5 + resources: + limits: + cpu: 200m + memory: 400Mi + requests: + cpu: 200m + memory: 400Mi + securityContext: + privileged: true + runAsUser: 0 + readOnlyRootFilesystem: true + volumeMounts: + - name: firmware-class + mountPath: /host/sys/module/firmware_class/parameters + containers: + - command: + - /manager + args: + - --leader-elect + image: "{{ .Values.manager.image.repository}}:{{ .Values.manager.image.tag}}" + name: manager + securityContext: + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + capabilities: + drop: + - all + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 100m + memory: 200Mi + requests: + cpu: 100m + memory: 200Mi + env: + - name: ETHERNET_NODE_LABEL + value: "ethernet.intel.com/intel-ethernet-present" + - name: ETHERNET_NODE_LABELER_IMAGE + value: "{{ .Values.env.ETHERNET_NODE_LABELER_IMAGE }}" + - name: ETHERNET_DAEMON_IMAGE + value: "{{ .Values.env.ETHERNET_DAEMON_IMAGE }}" + - name: ETHERNET_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + - name: firmware-class + hostPath: + path: /sys/module/firmware_class/parameters + serviceAccountName: intel-ethernet-operator-controller-manager + terminationGracePeriodSeconds: 10 diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role.yaml new file mode 100644 index 0000000..72e8240 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role.yaml @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: intel-ethernet-operator-leader-election-role + namespace: intel-ethernet-operator +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role_binding.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role_binding.yaml new file mode 100644 index 0000000..0cd38eb --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/role_binding.yaml @@ -0,0 +1,15 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: intel-ethernet-operator-leader-election-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: intel-ethernet-operator-leader-election-role +subjects: + - kind: ServiceAccount + name: intel-ethernet-operator-controller-manager + namespace: intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service.yaml new file mode 100644 index 0000000..82a8ecc --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service.yaml @@ -0,0 +1,30 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: v1 +kind: Service +metadata: + labels: + control-plane: controller-manager + name: intel-ethernet-operator-controller-manager-metrics-service + namespace: intel-ethernet-operator +spec: + ports: + - name: https + port: 8443 + targetPort: https + selector: + control-plane: controller-manager + +--- +apiVersion: v1 +kind: Service +metadata: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + control-plane: controller-manager diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service_account.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service_account.yaml new file mode 100644 index 0000000..7f05028 --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/service_account.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: v1 +kind: ServiceAccount +imagePullSecrets: + - name: default-registry-key +metadata: + name: intel-ethernet-operator-controller-manager + namespace: intel-ethernet-operator diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/validate_webhook.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/validate_webhook.yaml new file mode 100644 index 0000000..d83218a --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/templates/validate_webhook.yaml @@ -0,0 +1,51 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: intel-ethernet-operator-validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: intel-ethernet-operator/intel-ethernet-operator-serving-cert +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /validate-flowconfig-intel-com-v1-clusterflowconfig + failurePolicy: Fail + name: vclusterflowconfig.kb.io + rules: + - apiGroups: + - flowconfig.intel.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - clusterflowconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: intel-ethernet-operator-webhook-service + namespace: intel-ethernet-operator + path: /validate-flowconfig-intel-com-v1-nodeflowconfig + failurePolicy: Fail + name: vnodeflowconfig.kb.io + rules: + - apiGroups: + - flowconfig.intel.com + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - nodeflowconfigs + sideEffects: None diff --git a/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/values.yaml b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/values.yaml new file mode 100644 index 0000000..7f687fd --- /dev/null +++ b/stx-intel-ethernet-operator-helm/stx-intel-ethernet-operator-helm/helm-charts/intel-ethernet-operator/values.yaml @@ -0,0 +1,13 @@ +# Default values for intel-ethernet-operator. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +manager: + image: + repository: docker.io/intel/intel-ethernet-operator-manager + tag: "stx9.0-v2.0.0" + +env: + INTEL_ETHERNET_IMAGE_PULL_SECRET: "default-registry-key" + ETHERNET_NODE_LABELER_IMAGE: docker.io/intel/intel-ethernet-operator-labeler:stx9.0-v2.0.0 + ETHERNET_DAEMON_IMAGE: docker.io/intel/intel-ethernet-operator-daemon:stx9.0-v2.0.0 diff --git a/test-requirements.txt b/test-requirements.txt new file mode 100644 index 0000000..fa7c694 --- /dev/null +++ b/test-requirements.txt @@ -0,0 +1,3 @@ +# hacking pulls in flake8 +hacking>=1.1.0,<=2.0.0 # Apache-2.0 +bashate >= 0.2 diff --git a/tox.ini b/tox.ini new file mode 100644 index 0000000..031e6c8 --- /dev/null +++ b/tox.ini @@ -0,0 +1,55 @@ +[tox] +envlist = linters +minversion = 2.9 +skipsdist = True +sitepackages=False + +[testenv] +install_command = pip install -U \ + {opts} {packages} \ + -c{env:TOX_CONSTRAINTS_FILE:https://opendev.org/starlingx/root/raw/branch/master/build-tools/requirements/debian/upper-constraints.txt} + +setenv = + VIRTUAL_ENV={envdir} + OS_STDOUT_CAPTURE=1 + OS_STDERR_CAPTURE=1 + OS_DEBUG=1 + OS_LOG_CAPTURE=1 +deps = + -r{toxinidir}/requirements.txt + -r{toxinidir}/test-requirements.txt +allowlist_externals = + bash + +passenv = + XDG_CACHE_HOME + + +[testenv:bashate] +# Treat all E* codes as Errors rather than warnings using: -e 'E*' +commands = + bash -c "find {toxinidir} \ + -not \( -type d -name .?\* -prune \) \ + -type f \ + -not -name \*~ \ + -not -name \*.md \ + -name \*.sh \ + -print0 | xargs -r -n 1 -0 bashate -v \ + -e 'E*'" + +[testenv:linters] +commands = + {[testenv:bashate]commands} + +[testenv:flake8] +basepython = python3 +description = Dummy environment to allow flake8 to be run in subdir tox + +[testenv:pylint] +basepython = python3 +description = Dummy environment to allow pylint to be run in subdir tox + +[testenv:bandit] +basepython = python3 +description = Dummy environment to allow bandit to be run in subdir tox + diff --git a/uft-image/debian/build-uft-image.sh b/uft-image/debian/build-uft-image.sh new file mode 100644 index 0000000..68e8bd0 --- /dev/null +++ b/uft-image/debian/build-uft-image.sh @@ -0,0 +1,16 @@ +#!/bin/sh +# +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2023 Intel Corporation + +echo "=============== build script ================" +echo image: uft +echo image_tag: v22.07 + +docker build -t uft -f images/Dockerfile.uft . \ + --build-arg http_proxy="$http_proxy" \ + --build-arg https_proxy="$https_proxy" \ + --build-arg DPDK_TAG=v22.07 \ + --build-arg UFT_INSTALL_PATH=/usr/local/lib64 + +exit 0 diff --git a/uft-image/debian/uft.stable_docker_image b/uft-image/debian/uft.stable_docker_image new file mode 100644 index 0000000..06766a3 --- /dev/null +++ b/uft-image/debian/uft.stable_docker_image @@ -0,0 +1,7 @@ +BUILDER=script +LABEL=uft +SOURCE_REPO=https://github.com/intel/UFT.git +SOURCE_REF=43cdc7277897093f7e894bfc103e7ca1fe9edc8c +SOURCE_PATCHES="../files/uft-fix.patch" +COMMAND=bash +SCRIPT=build-uft-image.sh diff --git a/uft-image/files/uft-fix.patch b/uft-image/files/uft-fix.patch new file mode 100644 index 0000000..50d977b --- /dev/null +++ b/uft-image/files/uft-fix.patch @@ -0,0 +1,46 @@ +From acb157a47a145afc694eacdf16db75e16c81b0eb Mon Sep 17 00:00:00 2001 +From: Rafal Lal +Date: Fri, 25 Aug 2023 13:16:50 +0000 +Subject: [PATCH] uft-image: fix entrypoint.sh issue + +When using more recent versions of sriov-network-operator there is +an issue that cause failure during creation of UFT container. +Provided patch fixes that issue so there is no requirement to use +specific, older version of sriov-network-operator. + +This patch can be dropped once https://github.com/intel/UFT/pull/9 +is merged upstream. + +Signed-off-by: Rafal Lal +--- + images/entrypoint.sh | 14 ++++++++++---- + 1 file changed, 10 insertions(+), 4 deletions(-) + +diff --git a/images/entrypoint.sh b/images/entrypoint.sh +index 902d2fd..4883dcd 100755 +--- a/images/entrypoint.sh ++++ b/images/entrypoint.sh +@@ -13,11 +13,17 @@ + # See the License for the specific language governing permissions and + # limitations under the License. + #### +-# This script generate server config file dynamically from VF PCI address +-# given in Environment varible exported by device plugin in following +-# format: PCIDEVICE_INTEL_COM_INTEL_ENP24S0F0=0000:18:02.2 ++# This script generates a server config file dynamically from VF PCI address ++# provided by network device plugin. The environment variable is in the format: ++# PCIDEVICE_= ++# E.g - PCIDEVICE_INTEL_COM_INTEL_ENP24S0F0=0000:18:02.2 ++# ++# Device plugin also exposes a variable in the format of: ++# PCIDEVICE__INFO which contains additional information about ++# the allocated devices. Information in that variable is not needed by this script ++# and so it is ignored. + #### +-rawpci=$(env | grep PCIDEVICE_ | awk -F'=' '{ print $2 }') ++rawpci=$(env | grep -P 'PCIDEVICE_[A-Z0-9_]{1,}(?