From 99a8cfb9bce2b4992e67f14326ca6fef1c8681e0 Mon Sep 17 00:00:00 2001 From: Fred Rolland Date: Mon, 27 Jan 2025 13:52:57 +0200 Subject: [PATCH] chore: update Maintenance operator to 0.2.0 Signed-off-by: Fred Rolland --- ...nvidia.com_maintenanceoperatorconfigs.yaml | 6 +- ...intenance.nvidia.com_nodemaintenances.yaml | 24 +++----- .../templates/deployment.yaml | 3 +- .../templates/role.yaml | 59 ++++++++----------- .../templates/webhook.yaml | 3 - .../maintenance-operator-chart/values.yaml | 2 +- deployment/network-operator/values.yaml | 2 +- hack/release.yaml | 2 +- 8 files changed, 40 insertions(+), 61 deletions(-) diff --git a/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_maintenanceoperatorconfigs.yaml b/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_maintenanceoperatorconfigs.yaml index 24a29d60..450d3515 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_maintenanceoperatorconfigs.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_maintenanceoperatorconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.5 name: maintenanceoperatorconfigs.maintenance.nvidia.com spec: group: maintenance.nvidia.com @@ -84,6 +84,10 @@ spec: new nodes will not be processed if the number of unavailable node will exceed this value x-kubernetes-int-or-string: true type: object + status: + type: object type: object served: true storage: true + subresources: + status: {} diff --git a/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_nodemaintenances.yaml b/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_nodemaintenances.yaml index 0a28c74b..b78e5840 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_nodemaintenances.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/crds/maintenance.nvidia.com_nodemaintenances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.5 name: nodemaintenances.maintenance.nvidia.com spec: group: maintenance.nvidia.com @@ -169,16 +169,8 @@ spec: description: Conditions represents observations of NodeMaintenance current state items: - description: "Condition contains details for one aspect of the current - state of this API Resource.\n---\nThis struct is intended for - direct use as an array at the field path .status.conditions. For - example,\n\n\n\ttype FooStatus struct{\n\t // Represents the - observations of a foo's current state.\n\t // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\"\n\t // - +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t - \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t - \ // other fields\n\t}" + description: Condition contains details for one aspect of the current + state of this API Resource. properties: lastTransitionTime: description: |- @@ -219,12 +211,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string @@ -279,6 +266,9 @@ spec: type: array type: object type: object + selectableFields: + - jsonPath: .spec.nodeName + - jsonPath: .spec.requestorID served: true storage: true subresources: diff --git a/deployment/network-operator/charts/maintenance-operator-chart/templates/deployment.yaml b/deployment/network-operator/charts/maintenance-operator-chart/templates/deployment.yaml index 13d61a56..8409210b 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/templates/deployment.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/templates/deployment.yaml @@ -4,7 +4,7 @@ metadata: name: {{ include "maintenance-operator.fullname" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/component: manager + app.kubernetes.io/component: maintenance-operator-controller-manager app.kubernetes.io/created-by: maintenance-operator app.kubernetes.io/part-of: maintenance-operator control-plane: {{ .Release.Name }}-controller-manager @@ -19,6 +19,7 @@ spec: metadata: labels: control-plane: {{ .Release.Name }}-controller-manager + app.kubernetes.io/component: maintenance-operator-controller-manager {{- include "maintenance-operator.selectorLabels" . | nindent 8 }} annotations: kubectl.kubernetes.io/default-container: manager diff --git a/deployment/network-operator/charts/maintenance-operator-chart/templates/role.yaml b/deployment/network-operator/charts/maintenance-operator-chart/templates/role.yaml index 1e303bd7..464e1a15 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/templates/role.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/templates/role.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -5,22 +6,6 @@ metadata: labels: {{- include "maintenance-operator.labels" . | nindent 4 }} rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- nonResourceURLs: - - /metrics - verbs: - - get - apiGroups: - "" resources: @@ -62,34 +47,43 @@ rules: - patch - update - apiGroups: - - maintenance.nvidia.com + - apps resources: - - maintenanceoperatorconfigs + - daemonsets verbs: - - create - - delete - get - list - - patch - - update - watch - apiGroups: - - maintenance.nvidia.com + - config.openshift.io resources: - - maintenanceoperatorconfigs/finalizers + - infrastructures verbs: - - update + - get + - list + - watch - apiGroups: - - maintenance.nvidia.com + - machineconfiguration.openshift.io resources: - - maintenanceoperatorconfigs/status + - machineconfigpools verbs: - get + - list - patch - update + - watch +- apiGroups: + - machineconfiguration.openshift.io + resources: + - machineconfigs + verbs: + - get + - list + - watch - apiGroups: - maintenance.nvidia.com resources: + - maintenanceoperatorconfigs - nodemaintenances verbs: - create @@ -102,26 +96,19 @@ rules: - apiGroups: - maintenance.nvidia.com resources: + - maintenanceoperatorconfigs/finalizers - nodemaintenances/finalizers verbs: - update - apiGroups: - maintenance.nvidia.com resources: + - maintenanceoperatorconfigs/status - nodemaintenances/status verbs: - get - patch - update -- apiGroups: - - apps - resources: - - daemonsets - verbs: - - get - - list - - watch - --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role diff --git a/deployment/network-operator/charts/maintenance-operator-chart/templates/webhook.yaml b/deployment/network-operator/charts/maintenance-operator-chart/templates/webhook.yaml index 6d22b6f0..5e904c68 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/templates/webhook.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/templates/webhook.yaml @@ -33,9 +33,6 @@ webhooks: name: '{{ include "maintenance-operator.fullname" . }}-webhook-service' namespace: {{ .Release.Namespace }} path: /validate-maintenance-nvidia-com-v1alpha1-nodemaintenance - {{- if not .Values.operator.admissionController.certificates.certManager.enable }} - caBundle: {{ .Values.operator.admissionController.certificates.custom.operator.tlsCrt | b64enc | quote }} - {{- end }} failurePolicy: Fail name: vnodemaintenance.kb.io rules: diff --git a/deployment/network-operator/charts/maintenance-operator-chart/values.yaml b/deployment/network-operator/charts/maintenance-operator-chart/values.yaml index f253186e..c3b14fa3 100644 --- a/deployment/network-operator/charts/maintenance-operator-chart/values.yaml +++ b/deployment/network-operator/charts/maintenance-operator-chart/values.yaml @@ -53,7 +53,7 @@ operator: certManager: # -- use cert-manager for certificates enable: true - # -- generate self-signed certificates with cert-manager + # -- generate self-signed certificiates with cert-manager generateSelfSigned: true custom: # -- enable custom certificates using secrets diff --git a/deployment/network-operator/values.yaml b/deployment/network-operator/values.yaml index 51bc35db..715f438e 100644 --- a/deployment/network-operator/values.yaml +++ b/deployment/network-operator/values.yaml @@ -191,7 +191,7 @@ maintenance-operator-chart: image: repository: ghcr.io/mellanox name: maintenance-operator - tag: v0.1.1 + tag: v0.2.0 admissionController: # -- enable admission controller of the operator enable: false diff --git a/hack/release.yaml b/hack/release.yaml index 02fc8d40..5ecd0b89 100644 --- a/hack/release.yaml +++ b/hack/release.yaml @@ -89,4 +89,4 @@ nicConfigurationConfigDaemon: maintenanceOperator: image: maintenance-operator repository: ghcr.io/mellanox - version: v0.1.1 + version: v0.2.0