From cfeb75d66b1525805706c91480fb289193ccbda9 Mon Sep 17 00:00:00 2001 From: amaslennikov Date: Wed, 18 Oct 2023 10:02:47 +0300 Subject: [PATCH] Update docs Signed-off-by: amaslennikov --- deployment/network-operator/README.md | 253 ++++++++++++++------------ 1 file changed, 135 insertions(+), 118 deletions(-) diff --git a/deployment/network-operator/README.md b/deployment/network-operator/README.md index d4219dbbf..2b808de0a 100644 --- a/deployment/network-operator/README.md +++ b/deployment/network-operator/README.md @@ -101,34 +101,41 @@ $ kubectl -n network-operator get pods By default the network operator deploys [Node Feature Discovery (NFD)](https://github.com/kubernetes-sigs/node-feature-discovery) in order to perform node labeling in the cluster to allow proper scheduling of Network Operator resources. If the nodes -where already labeled by other means (either deployed from upstream or deployed within another deployment), it is possible to disable the deployment of NFD by setting -`nfd.enabled=false` chart parameter and make sure that the installed version is `v0.13.2` or newer and has NodeFeatureApi enabled. +where already labeled by other means (either deployed from upstream or deployed within another deployment), it is +possible to disable the deployment of NFD by setting +`nfd.enabled=false` chart parameter and make sure that the installed version is `v0.13.2` or newer and has +NodeFeatureApi enabled. ##### Deploy NFD from upstream with NodeFeatureApi enabled + ``` $ export NFD_NS=node-feature-discovery $ helm repo add nfd https://kubernetes-sigs.github.io/node-feature-discovery/charts $ helm repo update $ helm install nfd/node-feature-discovery --namespace $NFD_NS --create-namespace --generate-name --set enableNodeFeatureApi='true' ``` -For additional information , refer to the official [NVD deployment with Helm](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html) + +For additional information , refer to the +official [NVD deployment with Helm](https://kubernetes-sigs.github.io/node-feature-discovery/v0.13/deployment/helm.html) ##### Deploy Network Operator without Node Feature Discovery + ``` $ helm install --set nfd.enabled=false -n network-operator --create-namespace --wait network-operator mellanox/network-operator ``` ##### Currently the following NFD labels are used: -| Label | Where | -| ----- | ----- | +| Label | Where | +|-----------------------------------------------|---------------------------------------------------| | `feature.node.kubernetes.io/pci-15b3.present` | Nodes bearing Nvidia Mellanox Networking hardware | -| `nvidia.com/gpu.present` | Nodes bearing Nvidia GPU hardware | +| `nvidia.com/gpu.present` | Nodes bearing Nvidia GPU hardware | > __Note:__ The labels which Network Operator depends on may change between releases. > __Note:__ By default the operator is deployed without an instance of `NicClusterPolicy` and `MacvlanNetwork` -custom resources. The user is required to create it later with configuration matching the cluster or use chart parameters to deploy it together with the operator. +> custom resources. The user is required to create it later with configuration matching the cluster or use chart +> parameters to deploy it together with the operator. #### Deploy development version of Network Operator @@ -152,20 +159,27 @@ $ kubectl -n network-operator get pods #### Deploy Network Operator with Admission Controller The Admission Controller can be optionally included as part of the Network Operator installation process. -It has the capability to validate supported Custom Resource Definitions (CRDs), which currently include NicClusterPolicy and HostDeviceNetwork. -By default, the deployment of the admission controller is disabled. To enable it, you must set `operator.admissionController.enabled` to `true`. - +It has the capability to validate supported Custom Resource Definitions (CRDs), which currently include NicClusterPolicy +and HostDeviceNetwork. +By default, the deployment of the admission controller is disabled. To enable it, you must +set `operator.admissionController.enabled` to `true`. + Enabling the admission controller provides you with two options for managing certificates. -You can either utilize [cert-manager](https://cert-manager.io/docs/installation/) for generating a self-signed certificate automatically, or you can provide your own self-signed certificate. - -To use `cert-manager`, ensure that `operator.admissionController.useCertManager` is set to `true`. Additionally, make sure that you deploy cert-manager before initiating the Network Operator deployment. - -If you prefer not to use `cert-manager`, set `operator.admissionController.useCertManager` to `false`, and then provide your custom certificate and key using `operator.admissionController.certificate.tlsCrt` and `operator.admissionController.certificate.tlsKey`. +You can either utilize [cert-manager](https://cert-manager.io/docs/installation/) for generating a self-signed +certificate automatically, or you can provide your own self-signed certificate. + +To use `cert-manager`, ensure that `operator.admissionController.useCertManager` is set to `true`. Additionally, make +sure that you deploy cert-manager before initiating the Network Operator deployment. + +If you prefer not to use `cert-manager`, set `operator.admissionController.useCertManager` to `false`, and then provide +your custom certificate and key using `operator.admissionController.certificate.tlsCrt` +and `operator.admissionController.certificate.tlsKey`. > __NOTE__: When using your own certificate, the certificate must be valid for -webhook-service.< -> Release_Namespace>.svc, e.g. network-operator-webhook-service.network-operator.svc +> Release_Namespace>.svc, e.g. network-operator-webhook-service.network-operator.svc -> __NOTE__: When deploying network operator with admission controller using helm, you need to append `--wait` to helm install and helm upgrade commands +> __NOTE__: When deploying network operator with admission controller using helm, you need to append `--wait` to helm +> install and helm upgrade commands > ##### Generating self-signed certificate using OpenSSL @@ -208,12 +222,12 @@ Notes: ## Upgrade -> __NOTE__: Upgrade capabilities are limited now. Additional manual actions required when containerized OFED driver is used +> __NOTE__: Upgrade capabilities are limited now. Additional manual actions required when containerized OFED driver is +> used Before starting the upgrade to a specific release version, please, check release notes for this version to ensure that no additional actions are required. - ### Check available releases ``` @@ -226,7 +240,7 @@ helm search repo mellanox/network-operator -l The network-operator helm chart contains a hook(pre-install, pre-upgrade) that will automatically upgrade required CRDs in the cluster. -The hook is enabled by default. If you don't want to upgrade CRDs with helm automatically, +The hook is enabled by default. If you don't want to upgrade CRDs with helm automatically, you can disable auto upgrade by setting `upgradeCRDs: false` in the helm chart values. Then you can follow the guide below to download and apply CRDs for the concrete version of the network-operator. @@ -376,26 +390,27 @@ parameters. ### General parameters -| Name | Type | Default | Description | -|------------------------------------------------------|--------|------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `operator.admissionController.enabled` | bool | `False` | deploy with admission controller webhook | -| `operator.admissionController.useCertManager` | bool | `False` | use cert-manager for generating self-signed certificate | -| `operator.admissionController.certificate.tlsCrt` | string | `` | External certificate crt. Ignored if cert-manager is used. | -| `operator.admissionController.certificate.tlsKey` | string | `` | External certificate key. Ignored if cert-manager is used. | -| `nfd.enabled` | bool | `True` | deploy Node Feature Discovery | -| `nfd.deployNodeFeatureRules` | bool | `True` | deploy Node Feature Rules to label the nodes | -| `sriovNetworkOperator.enabled` | bool | `False` | deploy SR-IOV Network Operator | -| `upgradeCRDs` | bool | `True` | enable CRDs upgrade with helm pre-install and pre-upgrade hooks | -| `sriovNetworkOperator.configDaemonNodeSelectorExtra` | object | `{"node-role.kubernetes.io/worker": ""}` | Additional nodeSelector for sriov-network-operator config daemon. These values will be added in addition to default values managed by the network-operator. | -| `psp.enabled` | bool | `False` | deploy Pod Security Policy | -| `imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Network Operator image if it's not overrided | -| `operator.repository` | string | `nvcr.io/nvidia/cloud-native` | Network Operator image repository | -| `operator.image` | string | `network-operator` | Network Operator image name | -| `operator.tag` | string | `None` | Network Operator image tag, if `None`, then the Chart's `appVersion` will be used | -| `operator.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling Network Operator image | -| `deployCR` | bool | `false` | Deploy `NicClusterPolicy` custom resource according to provided parameters | -| `nodeAffinity` | yaml | `` | Override the node affinity for various Daemonsets deployed by network operator, e.g. whereabouts, multus, cni-plugins. | -| `tolerations` | yaml | `` | Set additional tolerations for various Daemonsets deployed by network operator, e.g. whereabouts, multus, cni-plugins. | +| Name | Type | Default | Description | +|------------------------------------------------------|--------|------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `operator.admissionController.enabled` | bool | `False` | deploy with admission controller webhook | +| `operator.admissionController.useCertManager` | bool | `False` | use cert-manager for generating self-signed certificate | +| `operator.admissionController.certificate.tlsCrt` | string | `` | External certificate crt. Ignored if cert-manager is used. | +| `operator.admissionController.certificate.tlsKey` | string | `` | External certificate key. Ignored if cert-manager is used. | +| `nfd.enabled` | bool | `True` | deploy Node Feature Discovery | +| `nfd.deployNodeFeatureRules` | bool | `True` | deploy Node Feature Rules to label the nodes | +| `sriovNetworkOperator.enabled` | bool | `False` | deploy SR-IOV Network Operator | +| `upgradeCRDs` | bool | `True` | enable CRDs upgrade with helm pre-install and pre-upgrade hooks | +| `sriovNetworkOperator.configDaemonNodeSelectorExtra` | object | `{"node-role.kubernetes.io/worker": ""}` | Additional nodeSelector for sriov-network-operator config daemon. These values will be added in addition to default values managed by the network-operator. | +| `psp.enabled` | bool | `False` | deploy Pod Security Policy | +| `imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Network Operator image if it's not overrided | +| `operator.repository` | string | `nvcr.io/nvidia/cloud-native` | Network Operator image repository | +| `operator.image` | string | `network-operator` | Network Operator image name | +| `operator.tag` | string | `None` | Network Operator image tag, if `None`, then the Chart's `appVersion` will be used | +| `operator.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling Network Operator image | +| `operator.cniBinDirectory` | yaml | `/opt/cni/bin` | Directory, where CNI binaries will be deployed on the nodes. Setting for the sriov-network-operator is set with `sriov-network-operator.cniBinPath` parameter. Note, that CNI bin directory should be aligned with the CNI bin directory in container runtime. | +| `deployCR` | bool | `false` | Deploy `NicClusterPolicy` custom resource according to provided parameters | +| `nodeAffinity` | yaml | `` | Override the node affinity for various Daemonsets deployed by network operator, e.g. whereabouts, multus, cni-plugins. | +| `tolerations` | yaml | `` | Set additional tolerations for various Daemonsets deployed by network operator, e.g. whereabouts, multus, cni-plugins. | #### imagePullSecrets customization @@ -411,34 +426,34 @@ imagePullSecrets: #### Mellanox OFED driver -| Name | Type | Default | Description | -| ---- | ---- | ------- |---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `ofedDriver.deploy` | bool | `false` | deploy Mellanox OFED driver container | -| `ofedDriver.repository` | string | `mellanox` | Mellanox OFED driver image repository | -| `ofedDriver.image` | string | `mofed` | Mellanox OFED driver image name | -| `ofedDriver.version` | string | `5.9-0.5.6.0` | Mellanox OFED driver version | -| `ofedDriver.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Mellanox OFED driver image | -| `ofedDriver.env` | list | `[]` | An optional list of [environment variables](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) passed to the Mellanox OFED driver image | -| `ofedDriver.repoConfig.name` | string | `` | Private mirror repository configuration configMap name | -| `ofedDriver.certConfig.name` | string | `` | Custom TLS key/certificate configuration configMap name | -| `ofedDriver.terminationGracePeriodSeconds` | int | 300 | Mellanox OFED termination grace periods in seconds| -| `ofedDriver.startupProbe.initialDelaySeconds` | int | 10 | Mellanox OFED startup probe initial delay | -| `ofedDriver.startupProbe.periodSeconds` | int | 20 | Mellanox OFED startup probe interval | -| `ofedDriver.livenessProbe.initialDelaySeconds` | int | 30 | Mellanox OFED liveness probe initial delay | -| `ofedDriver.livenessProbe.periodSeconds` | int | 30 | Mellanox OFED liveness probe interval | -| `ofedDriver.readinessProbe.initialDelaySeconds` | int | 10 | Mellanox OFED readiness probe initial delay | -| `ofedDriver.readinessProbe.periodSeconds` | int | 30 | Mellanox OFED readiness probe interval | +| Name | Type | Default | Description | +|-------------------------------------------------|--------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `ofedDriver.deploy` | bool | `false` | deploy Mellanox OFED driver container | +| `ofedDriver.repository` | string | `mellanox` | Mellanox OFED driver image repository | +| `ofedDriver.image` | string | `mofed` | Mellanox OFED driver image name | +| `ofedDriver.version` | string | `5.9-0.5.6.0` | Mellanox OFED driver version | +| `ofedDriver.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Mellanox OFED driver image | +| `ofedDriver.env` | list | `[]` | An optional list of [environment variables](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) passed to the Mellanox OFED driver image | +| `ofedDriver.repoConfig.name` | string | `` | Private mirror repository configuration configMap name | +| `ofedDriver.certConfig.name` | string | `` | Custom TLS key/certificate configuration configMap name | +| `ofedDriver.terminationGracePeriodSeconds` | int | 300 | Mellanox OFED termination grace periods in seconds | +| `ofedDriver.startupProbe.initialDelaySeconds` | int | 10 | Mellanox OFED startup probe initial delay | +| `ofedDriver.startupProbe.periodSeconds` | int | 20 | Mellanox OFED startup probe interval | +| `ofedDriver.livenessProbe.initialDelaySeconds` | int | 30 | Mellanox OFED liveness probe initial delay | +| `ofedDriver.livenessProbe.periodSeconds` | int | 30 | Mellanox OFED liveness probe interval | +| `ofedDriver.readinessProbe.initialDelaySeconds` | int | 10 | Mellanox OFED readiness probe initial delay | +| `ofedDriver.readinessProbe.periodSeconds` | int | 30 | Mellanox OFED readiness probe interval | #### RDMA Device Plugin -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `rdmaSharedDevicePlugin.deploy` | bool | `true` | Deploy RDMA Shared device plugin | -| `rdmaSharedDevicePlugin.repository` | string | `nvcr.io/nvidia/cloud-native` | RDMA Shared device plugin image repository | -| `rdmaSharedDevicePlugin.image` | string | `k8s-rdma-shared-dev-plugin` | RDMA Shared device plugin image name | -| `rdmaSharedDevicePlugin.version` | string | `v1.3.2` | RDMA Shared device plugin version | -| `rdmaSharedDevicePlugin.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the RDMA Shared device plugin image | -| `rdmaSharedDevicePlugin.resources` | list | See below | RDMA Shared device plugin resources | +| Name | Type | Default | Description | +|-------------------------------------------|--------|-------------------------------|---------------------------------------------------------------------------------------------------------| +| `rdmaSharedDevicePlugin.deploy` | bool | `true` | Deploy RDMA Shared device plugin | +| `rdmaSharedDevicePlugin.repository` | string | `nvcr.io/nvidia/cloud-native` | RDMA Shared device plugin image repository | +| `rdmaSharedDevicePlugin.image` | string | `k8s-rdma-shared-dev-plugin` | RDMA Shared device plugin image name | +| `rdmaSharedDevicePlugin.version` | string | `v1.3.2` | RDMA Shared device plugin version | +| `rdmaSharedDevicePlugin.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the RDMA Shared device plugin image | +| `rdmaSharedDevicePlugin.resources` | list | See below | RDMA Shared device plugin resources | ##### RDMA Device Plugin Resource configurations @@ -463,14 +478,14 @@ resources: #### SR-IOV Network Device plugin -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `sriovDevicePlugin.deploy` | bool | `false` | Deploy SR-IOV Network device plugin | -| `sriovDevicePlugin.repository` | string | `ghcr.io/k8snetworkplumbingwg` | SR-IOV Network device plugin image repository | -| `sriovDevicePlugin.image` | string | `sriov-network-device-plugin` | SR-IOV Network device plugin image name | -| `sriovDevicePlugin.version` | string | `v3.5.1` | SR-IOV Network device plugin version | -| `sriovDevicePlugin.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the SR-IOV Network device plugin image | -| `sriovDevicePlugin.resources` | list | See below | SR-IOV Network device plugin resources | +| Name | Type | Default | Description | +|--------------------------------------|--------|--------------------------------|------------------------------------------------------------------------------------------------------------| +| `sriovDevicePlugin.deploy` | bool | `false` | Deploy SR-IOV Network device plugin | +| `sriovDevicePlugin.repository` | string | `ghcr.io/k8snetworkplumbingwg` | SR-IOV Network device plugin image repository | +| `sriovDevicePlugin.image` | string | `sriov-network-device-plugin` | SR-IOV Network device plugin image name | +| `sriovDevicePlugin.version` | string | `v3.5.1` | SR-IOV Network device plugin version | +| `sriovDevicePlugin.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the SR-IOV Network device plugin image | +| `sriovDevicePlugin.resources` | list | See below | SR-IOV Network device plugin resources | ##### SR-IOV Network Device Plugin Resource configurations @@ -492,7 +507,8 @@ resources: drivers: [mlx5_ib] ``` -> __Note__: The parameter listed are non-exhaustive, for the full list of chart parameters refer to the file: `values.yaml` +> __Note__: The parameter listed are non-exhaustive, for the full list of chart parameters refer to the +> file: `values.yaml` #### IB-Kubernetes @@ -535,13 +551,14 @@ data: UFM_CERTIFICATE: "" ``` -> __Note__: InfiniBand Fabric manages a single pool of GUIDs. In order to use IB Kubernetes in different clusters, different GUID ranges must be specified to avoid collisions. +> __Note__: InfiniBand Fabric manages a single pool of GUIDs. In order to use IB Kubernetes in different clusters, +> different GUID ranges must be specified to avoid collisions. #### Secondary Network -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `secondaryNetwork.deploy` | bool | `true` | Deploy Secondary Network | +| Name | Type | Default | Description | +|---------------------------|------|---------|--------------------------| +| `secondaryNetwork.deploy` | bool | `true` | Deploy Secondary Network | Specifies components to deploy in order to facilitate a secondary network in Kubernetes. It consists of the following optionally deployed components: @@ -553,62 +570,62 @@ optionally deployed components: ##### CNI Plugin Secondary Network -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `cniPlugins.deploy` | bool | `true` | Deploy CNI Plugins Secondary Network | -| `cniPlugins.image` | string | `plugins` | CNI Plugins image name | -| `cniPlugins.repository` | string | `ghcr.io/k8snetworkplumbingwg` | CNI Plugins image repository | -| `cniPlugins.version` | string | `v0.8.7-amd64` | CNI Plugins image version | -| `cniPlugins.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the CNI Plugins image | +| Name | Type | Default | Description | +|-------------------------------|--------|--------------------------------|-------------------------------------------------------------------------------------------| +| `cniPlugins.deploy` | bool | `true` | Deploy CNI Plugins Secondary Network | +| `cniPlugins.image` | string | `plugins` | CNI Plugins image name | +| `cniPlugins.repository` | string | `ghcr.io/k8snetworkplumbingwg` | CNI Plugins image repository | +| `cniPlugins.version` | string | `v0.8.7-amd64` | CNI Plugins image version | +| `cniPlugins.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the CNI Plugins image | ##### Multus CNI Secondary Network -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `multus.deploy` | bool | `true` | Deploy Multus Secondary Network | -| `multus.image` | string | `multus-cni` | Multus image name | -| `multus.repository` | string | `ghcr.io/k8snetworkplumbingwg` | Multus image repository | -| `multus.version` | string | `v3.8` | Multus image version | -| `multus.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Multus image | -| `multus.config` | string | nil | Multus CNI config, if not specified or empty then config will be automatically generated from the CNI configuration file of the master plugin (the first file in lexicographical order in cni-conf-dir) | +| Name | Type | Default | Description | +|---------------------------|--------|--------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `multus.deploy` | bool | `true` | Deploy Multus Secondary Network | +| `multus.image` | string | `multus-cni` | Multus image name | +| `multus.repository` | string | `ghcr.io/k8snetworkplumbingwg` | Multus image repository | +| `multus.version` | string | `v3.8` | Multus image version | +| `multus.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Multus image | +| `multus.config` | string | nil | Multus CNI config, if not specified or empty then config will be automatically generated from the CNI configuration file of the master plugin (the first file in lexicographical order in cni-conf-dir) | ##### IPoIB CNI -| Name | Type | Default | Description | -| ---- | ---- | ------- | ----------- | -| `ipoib.deploy` | bool | `false` | Deploy IPoIB CNI | -| `ipoib.image` | string | `ipoib-cni` | IPoIB CNI image name | -| `ipoib.repository` | string | `nvcr.io/nvidia/cloud-native` | IPoIB CNI image repository | -| `ipoib.version` | string | `v1.1.0` | IPoIB CNI image version | -| `ipoib.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the IPoIB CNI image | +| Name | Type | Default | Description | +|--------------------------|--------|-------------------------------|-----------------------------------------------------------------------------------------| +| `ipoib.deploy` | bool | `false` | Deploy IPoIB CNI | +| `ipoib.image` | string | `ipoib-cni` | IPoIB CNI image name | +| `ipoib.repository` | string | `nvcr.io/nvidia/cloud-native` | IPoIB CNI image repository | +| `ipoib.version` | string | `v1.1.0` | IPoIB CNI image version | +| `ipoib.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the IPoIB CNI image | ##### IPAM CNI Plugin Secondary Network -| Name | Type | Default | Description | -| ----------------------------- | ------ |--------------------------------| ----------- | -| `ipamPlugin.deploy` | bool | `true` | Deploy IPAM CNI Plugin Secondary Network | -| `ipamPlugin.image` | string | `whereabouts` | IPAM CNI Plugin image name | -| `ipamPlugin.repository` | string | `ghcr.io/k8snetworkplumbingwg` | IPAM CNI Plugin image repository | -| `ipamPlugin.version` | string | `v0.5.4-amd64` | IPAM CNI Plugin image version | +| Name | Type | Default | Description | +|-------------------------------|--------|--------------------------------|-----------------------------------------------------------------------------------------------| +| `ipamPlugin.deploy` | bool | `true` | Deploy IPAM CNI Plugin Secondary Network | +| `ipamPlugin.image` | string | `whereabouts` | IPAM CNI Plugin image name | +| `ipamPlugin.repository` | string | `ghcr.io/k8snetworkplumbingwg` | IPAM CNI Plugin image repository | +| `ipamPlugin.version` | string | `v0.5.4-amd64` | IPAM CNI Plugin image version | | `ipamPlugin.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the IPAM CNI Plugin image | #### NVIDIA IPAM Plugin -| Name | Type | Default | Description | -| ------------------------- |--------|--------------------|-------------------------------------------------------------------------------------| -| `nvIpam.deploy` | bool | `false` | Deploy NVIDIA IPAM Plugin | -| `nvIpam.image` | string | `nvidia-k8s-ipam` | NVIDIA IPAM Plugin image name | -| `nvIpam.repository` | string | `ghcr.io/mellanox` | NVIDIA IPAM Plugin image repository | -| `nvIpam.version` | string | `v0.1.1` | NVIDIA IPAM Plugin image version | +| Name | Type | Default | Description | +|---------------------------|--------|--------------------|--------------------------------------------------------------------------------------| +| `nvIpam.deploy` | bool | `false` | Deploy NVIDIA IPAM Plugin | +| `nvIpam.image` | string | `nvidia-k8s-ipam` | NVIDIA IPAM Plugin image name | +| `nvIpam.repository` | string | `ghcr.io/mellanox` | NVIDIA IPAM Plugin image repository | +| `nvIpam.version` | string | `v0.1.1` | NVIDIA IPAM Plugin image version | | `nvIpam.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Plugin image | -| `nvIpam.config` | string | Deprecated | This field is ignored. Configuration is done by using IPPool CRD | -| `nvIpam.enableWebhook` | bool | `false` | Enable deployment of the validataion webhook for IPPool CRD | +| `nvIpam.config` | string | Deprecated | This field is ignored. Configuration is done by using IPPool CRD | +| `nvIpam.enableWebhook` | bool | `false` | Enable deployment of the validataion webhook for IPPool CRD | -> __Note__: Supported X.509 certificate management system should be available in the cluster to enable the validation webhook. -Currently supported systems are [certmanager](https://cert-manager.io/) and +> __Note__: Supported X.509 certificate management system should be available in the cluster to enable the validation +> webhook. +> Currently supported systems are [certmanager](https://cert-manager.io/) and [Openshift certificate management](https://docs.openshift.com/container-platform/4.13/security/certificates/service-serving-certificate.html) - #### NVIDIA NIC Feature Discovery [NVIDIA NIC Feature Discovery](https://github.com/Mellanox/nic-feature-discovery) @@ -616,7 +633,7 @@ leverages [Node Feature Discovery](https://kubernetes-sigs.github.io/node-featur to advertise NIC specific labels on K8s Node objects. | Name | Type | Default | Description | -| -------------------------------- | ------ | ----------------------- | --------------------------------------------- | +|----------------------------------|--------|-------------------------|-----------------------------------------------| | `nicFeatureDiscovery.deploy` | bool | `false` | Deploy NVIDIA NIC Feature Discovery | | `nicFeatureDiscovery.image` | string | `nic-feature-discovery` | NVIDIA NIC Feature Discovery image name | | `nicFeatureDiscovery.repository` | string | `ghcr.io/mellanox` | NVIDIA NIC Feature Discovery image repository |