diff --git a/Makefile b/Makefile index b84918f62..d57be3121 100644 --- a/Makefile +++ b/Makefile @@ -47,6 +47,7 @@ IMAGE_NAME?=network-operator CONTROLLER_IMAGE=$(REGISTRY)/$(IMAGE_NAME) IMAGE_BUILD_OPTS?= BUNDLE_IMG?=network-operator-bundle:$(VERSION) +BUNDLE_OCP_VERSIONS=v4.14-v4.16 # BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) BUILD_ARCH= amd64 arm64 @@ -393,6 +394,8 @@ bundle: $(OPERATOR_SDK) $(KUSTOMIZE) manifests ## Generate bundle manifests and $(OPERATOR_SDK) generate kustomize manifests -q cd config/manager && $(KUSTOMIZE) edit set image controller=$(TAG) $(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS) + git checkout -- config/manager/kustomization.yaml + GO=$(GO) BUNDLE_OCP_VERSIONS=$(BUNDLE_OCP_VERSIONS) TAG=$(TAG) hack/scripts/ocp-bundle-postprocess.sh $(OPERATOR_SDK) bundle validate ./bundle .PHONY: bundle-build diff --git a/bundle.Dockerfile b/bundle.Dockerfile index 1d75164cd..305e4e355 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -5,8 +5,8 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=nvidia-network-operator -LABEL operators.operatorframework.io.bundle.channels.v1=23.10.0-1 -LABEL operators.operatorframework.io.bundle.channel.default.v1=23.10.0-1 +LABEL operators.operatorframework.io.bundle.channels.v1=v24.7,stable +LABEL operators.operatorframework.io.bundle.channel.default.v1=v24.7 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v3 diff --git a/bundle/manifests/mellanox.com_hostdevicenetworks.yaml b/bundle/manifests/mellanox.com_hostdevicenetworks.yaml index 068427e70..ae22f4f05 100644 --- a/bundle/manifests/mellanox.com_hostdevicenetworks.yaml +++ b/bundle/manifests/mellanox.com_hostdevicenetworks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 creationTimestamp: null name: hostdevicenetworks.mellanox.com spec: @@ -27,14 +27,19 @@ spec: description: HostDeviceNetwork is the Schema for the hostdevicenetworks API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,6 +65,11 @@ spec: description: AppliedState defines a finer-grained view of the observed state of NicClusterPolicy properties: + message: + description: |- + Message is a human readable message indicating details about why + the state is in this condition + type: string name: type: string state: diff --git a/bundle/manifests/mellanox.com_ipoibnetworks.yaml b/bundle/manifests/mellanox.com_ipoibnetworks.yaml index 38baf1177..89de3f957 100644 --- a/bundle/manifests/mellanox.com_ipoibnetworks.yaml +++ b/bundle/manifests/mellanox.com_ipoibnetworks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 creationTimestamp: null name: ipoibnetworks.mellanox.com spec: @@ -27,14 +27,19 @@ spec: description: IPoIBNetwork is the Schema for the ipoibnetworks API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/mellanox.com_macvlannetworks.yaml b/bundle/manifests/mellanox.com_macvlannetworks.yaml index 8f9efff25..d9e87d203 100644 --- a/bundle/manifests/mellanox.com_macvlannetworks.yaml +++ b/bundle/manifests/mellanox.com_macvlannetworks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 creationTimestamp: null name: macvlannetworks.mellanox.com spec: @@ -27,14 +27,19 @@ spec: description: MacvlanNetwork is the Schema for the macvlannetworks API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object diff --git a/bundle/manifests/mellanox.com_nicclusterpolicies.yaml b/bundle/manifests/mellanox.com_nicclusterpolicies.yaml index 897485559..6f4971fdf 100644 --- a/bundle/manifests/mellanox.com_nicclusterpolicies.yaml +++ b/bundle/manifests/mellanox.com_nicclusterpolicies.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.13.0 + controller-gen.kubebuilder.io/version: v0.14.0 creationTimestamp: null name: nicclusterpolicies.mellanox.com spec: @@ -27,20 +27,96 @@ spec: description: NicClusterPolicy is the Schema for the nicclusterpolicies API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object spec: description: NicClusterPolicySpec defines the desired state of NicClusterPolicy properties: + docaTelemetryService: + description: DOCATelemetryServiceSpec is the configuration for DOCA + Telemetry Service. + properties: + config: + description: |- + Config contains custom config for the DOCATelemetryService. + If set no default config will be deployed. + properties: + fromConfigMap: + description: |- + FromConfigMap sets the configMap the DOCATelemetryService gets its configuration from. The ConfigMap must be in + the same namespace as the NICClusterPolicy. + type: string + type: object + containerResources: + items: + description: ResourceRequirements describes the compute resource + requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + name: + description: Name of the container the requirements are + set for + type: string + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + type: object + required: + - name + type: object + type: array + image: + pattern: '[a-zA-Z0-9\-]+' + type: string + imagePullSecrets: + default: [] + items: + type: string + type: array + repository: + pattern: '[a-zA-Z0-9\.\-\/]+' + type: string + version: + pattern: '[a-zA-Z0-9\.-]+' + type: string + required: + - image + - repository + - version + type: object ibKubernetes: description: IBKubernetesSpec describes configuration options for ib-kubernetes @@ -57,8 +133,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -71,11 +148,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -85,6 +162,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -129,8 +207,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -143,11 +222,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -157,6 +236,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -176,21 +256,20 @@ spec: rules. properties: preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the expressions. - The node that is most preferred is the one with the greatest - sum of weights, i.e. for each node that meets all of the scheduling - requirements (resource request, requiredDuringScheduling affinity - expressions, etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if the node matches - the corresponding matchExpressions; the node(s) with the highest - sum are the most preferred. + description: |- + The scheduler will prefer to schedule pods to nodes that satisfy + the affinity expressions specified by this field, but it may choose + a node that violates one or more of the expressions. The node that is + most preferred is the one with the greatest sum of weights, i.e. + for each node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, etc.), + compute a sum by iterating through the elements of this field and adding + "weight" to the sum if the node matches the corresponding matchExpressions; the + node(s) with the highest sum are the most preferred. items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). + description: |- + An empty preferred scheduling term matches all objects with implicit weight 0 + (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). properties: preference: description: A node selector term, associated with the corresponding @@ -200,28 +279,26 @@ spec: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -234,28 +311,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -277,47 +352,46 @@ spec: type: object type: array requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field - are not met at scheduling time, the pod will not be scheduled - onto the node. If the affinity requirements specified by this - field cease to be met at some point during pod execution (e.g. - due to an update), the system may or may not try to eventually - evict the pod from its node. + description: |- + If the affinity requirements specified by this field are not met at + scheduling time, the pod will not be scheduled onto the node. + If the affinity requirements specified by this field cease to be met + at some point during pod execution (e.g. due to an update), the system + may or may not try to eventually evict the pod from its node. properties: nodeSelectorTerms: description: Required. A list of node selector terms. The terms are ORed. items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The TopologySelectorTerm - type implements a subset of the NodeSelectorTerm. + description: |- + A null or empty node selector term matches no objects. The requirements of + them are ANDed. + The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. properties: matchExpressions: description: A list of node selector requirements by node's labels. items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -330,28 +404,26 @@ spec: description: A list of node selector requirements by node's fields. items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + description: |- + A node selector requirement is a selector that contains values, a key, and an operator + that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: - description: Represents a key's relationship to - a set of values. Valid operators are In, NotIn, - Exists, DoesNotExist. Gt, and Lt. + description: |- + Represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: - description: An array of string values. If the - operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. If the operator - is Gt or Lt, the values array must have a single - element, which will be interpreted as an integer. - This array is replaced during a strategic merge - patch. + description: |- + An array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator is Gt or Lt, the values + array must have a single element, which will be interpreted as an integer. + This array is replaced during a strategic merge patch. items: type: string type: array @@ -369,8 +441,10 @@ spec: x-kubernetes-map-type: atomic type: object nvIpam: - description: NVIPAMSpec describes configuration options for nv-ipam - 1. Image information for nv-ipam 2. Configuration for nv-ipam + description: |- + NVIPAMSpec describes configuration options for nv-ipam + 1. Image information for nv-ipam + 2. Configuration for nv-ipam properties: containerResources: items: @@ -384,8 +458,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -398,11 +473,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -415,6 +490,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -452,8 +528,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -466,11 +543,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -488,15 +565,16 @@ spec: C_IDENTIFIER. type: string value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". type: string valueFrom: description: Source for the environment variable's value. @@ -509,9 +587,10 @@ spec: description: The key to select. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its @@ -522,11 +601,9 @@ spec: type: object x-kubernetes-map-type: atomic fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. properties: apiVersion: description: Version of the schema the FieldPath @@ -541,10 +618,9 @@ spec: type: object x-kubernetes-map-type: atomic resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. properties: containerName: description: 'Container name: required for volumes, @@ -574,9 +650,10 @@ spec: be a valid secret key. type: string name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key @@ -591,10 +668,18 @@ spec: - name type: object type: array + forcePrecompiled: + default: false + description: |- + ForcePrecompiled specifies if only MOFED precompiled images are allowed + If set to false and precompiled image does not exists, MOFED drivers will be compiled on Nodes + If set to true and precompiled image does not exists, OFED state will be Error. + type: boolean image: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -643,8 +728,9 @@ spec: type: object terminationGracePeriodSeconds: default: 300 - description: TerminationGracePeriodSeconds specifies the length - of time in seconds to wait before killing the OFED pod on termination + description: |- + TerminationGracePeriodSeconds specifies the length of time in seconds + to wait before killing the OFED pod on termination format: int64 minimum: 0 type: integer @@ -653,8 +739,9 @@ spec: properties: autoUpgrade: default: false - description: AutoUpgrade is a global switch for automatic - upgrade feature if set to false all other options are ignored + description: |- + AutoUpgrade is a global switch for automatic upgrade feature + if set to false all other options are ignored type: boolean drain: description: DrainSpec describes configuration for node drain @@ -662,9 +749,9 @@ spec: properties: deleteEmptyDir: default: false - description: DeleteEmptyDir indicates if should continue - even if there are pods using emptyDir (local data that - will be deleted when the node is drained) + description: |- + DeleteEmptyDir indicates if should continue even if there are pods using emptyDir + (local data that will be deleted when the node is drained) type: boolean enable: default: true @@ -676,9 +763,10 @@ spec: description: Force indicates if force draining is allowed type: boolean podSelector: - description: 'PodSelector specifies a label selector to - filter pods on the node that need to be drained For - more details on label selectors, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + description: |- + PodSelector specifies a label selector to filter pods on the node that need to be drained + For more details on label selectors, see: + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors type: string timeoutSeconds: default: 300 @@ -690,9 +778,9 @@ spec: type: object maxParallelUpgrades: default: 1 - description: MaxParallelUpgrades indicates how many nodes - can be upgraded in parallel 0 means no limit, all nodes - will be upgraded in parallel + description: |- + MaxParallelUpgrades indicates how many nodes can be upgraded in parallel + 0 means no limit, all nodes will be upgraded in parallel minimum: 0 type: integer safeLoad: @@ -705,15 +793,16 @@ spec: for waiting on job completions properties: podSelector: - description: 'PodSelector specifies a label selector for - the pods to wait for completion For more details on - label selectors, see: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + description: |- + PodSelector specifies a label selector for the pods to wait for completion + For more details on label selectors, see: + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors type: string timeoutSeconds: default: 0 - description: TimeoutSecond specifies the length of time - in seconds to wait before giving up on pod termination, - zero means infinite + description: |- + TimeoutSecond specifies the length of time in seconds + to wait before giving up on pod termination, zero means infinite minimum: 0 type: integer type: object @@ -727,9 +816,10 @@ spec: - version type: object rdmaSharedDevicePlugin: - description: DevicePluginSpec describes configuration options for - device plugin 1. Image information for device plugin 2. Device plugin - configuration + description: |- + DevicePluginSpec describes configuration options for device plugin + 1. Image information for device plugin + 2. Device plugin configuration properties: config: type: string @@ -745,8 +835,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -759,11 +850,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -773,6 +864,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -808,8 +900,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements @@ -822,11 +915,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -836,6 +929,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -865,8 +959,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements @@ -879,11 +974,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -893,6 +988,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -922,8 +1018,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements @@ -936,11 +1033,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -950,6 +1047,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -981,8 +1079,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements @@ -995,11 +1094,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -1009,6 +1108,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -1025,9 +1125,10 @@ spec: type: object type: object sriovDevicePlugin: - description: DevicePluginSpec describes configuration options for - device plugin 1. Image information for device plugin 2. Device plugin - configuration + description: |- + DevicePluginSpec describes configuration options for device plugin + 1. Image information for device plugin + 2. Device plugin configuration properties: config: type: string @@ -1043,8 +1144,9 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Limits describes the maximum amount of compute resources allowed. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object name: description: Name of the container the requirements are @@ -1057,11 +1159,11 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, - otherwise to an implementation-defined value. Requests - cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + description: |- + Requests describes the minimum amount of compute resources required. + If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, + otherwise to an implementation-defined value. Requests cannot exceed Limits. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ type: object required: - name @@ -1071,6 +1173,7 @@ spec: pattern: '[a-zA-Z0-9\-]+' type: string imagePullSecrets: + default: [] items: type: string type: array @@ -1089,40 +1192,39 @@ spec: type: object tolerations: items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + description: |- + The pod this Toleration is attached to tolerates any taint that matches + the triple using the matching operator . properties: effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. + description: |- + Effect indicates the taint effect to match. Empty means match all taint effects. + When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. type: string key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match all - values and all keys. + description: |- + Key is the taint key that the toleration applies to. Empty means match all taint keys. + If the key is empty, operator must be Exists; this combination means to match all values and all keys. type: string operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to Equal. - Exists is equivalent to wildcard for value, so that a pod - can tolerate all taints of a particular category. + description: |- + Operator represents a key's relationship to the value. + Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod can + tolerate all taints of a particular category. type: string tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, it - is not set, which means tolerate the taint forever (do not - evict). Zero and negative values will be treated as 0 (evict - immediately) by the system. + description: |- + TolerationSeconds represents the period of time the toleration (which must be + of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, + it is not set, which means tolerate the taint forever (do not evict). Zero and + negative values will be treated as 0 (evict immediately) by the system. format: int64 type: integer value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + description: |- + Value is the taint value the toleration matches to. + If the operator is Exists, the value should be empty, otherwise just a regular string. type: string type: object type: array @@ -1136,6 +1238,11 @@ spec: description: AppliedState defines a finer-grained view of the observed state of NicClusterPolicy properties: + message: + description: |- + Message is a human readable message indicating details about why + the state is in this condition + type: string name: type: string state: diff --git a/bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml b/bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml index 72c9e79be..3d2fdd504 100644 --- a/bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml +++ b/bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml @@ -2,6 +2,7 @@ apiVersion: operators.coreos.com/v1alpha1 kind: ClusterServiceVersion metadata: annotations: + containerImage: nvcr.io/nvstaging/mellanox/network-operator@sha256:e97c74d1b4d13e2662d57996d969cbbbd0734b4a65bf9ae3d9a88ef4b504c6cb alm-examples: |- [ { @@ -76,27 +77,34 @@ metadata: }, "maxParallelUpgrades": 1 }, - "version": "24.01-0.1.7.0" + "version": "24.07-0.3.2.0-0" }, "rdmaSharedDevicePlugin": { "config": "{\n \"configList\": [\n {\n \"resourceName\": \"rdma_shared_device_a\",\n \"rdmaHcaMax\": 63,\n \"selectors\": {\n \"vendors\": [\"15b3\"]\n }\n }\n ]\n}\n", "image": "k8s-rdma-shared-dev-plugin", "repository": "ghcr.io/mellanox", - "version": "sha-fe7f371c7e1b8315bf900f71cd25cfc1251dc775" + "version": "v1.5.1" } } } ] capabilities: Basic Install - createdAt: "2024-01-17T13:39:15Z" + createdAt: "2024-07-16T08:53:11Z" description: Deploy and manage NVIDIA networking resources in Kubernetes + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "true" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" operatorframework.io/suggested-namespace: nvidia-network-operator operators.operatorframework.io/builder: operator-sdk-v1.33.0 operators.operatorframework.io/project_layout: go.kubebuilder.io/v3 provider: NVIDIA repository: https://github.com/Mellanox/network-operator/ support: NVIDIA - name: nvidia-network-operator.v23.10.0-1 + name: nvidia-network-operator.v24.7.0-beta.2 namespace: placeholder spec: apiservicedefinitions: {} @@ -309,6 +317,7 @@ spec: - events verbs: - create + - get - patch - update - apiGroups: @@ -437,6 +446,23 @@ spec: - get - list - watch + - apiGroups: + - nv-ipam.nvidia.com + resources: + - cidrpools + verbs: + - create + - get + - list + - watch + - apiGroups: + - nv-ipam.nvidia.com + resources: + - cidrpools/status + verbs: + - get + - patch + - update - apiGroups: - nv-ipam.nvidia.com resources: @@ -555,7 +581,7 @@ spec: value: "true" - name: OFED_INIT_CONTAINER_IMAGE value: ghcr.io/mellanox/network-operator-init-container:v0.0.2 - image: network-operator@sha256:e9cf9a438be8cfb7472998abef55f1ace964dae7f9043a697fabcae751eb96e3 + image: nvcr.io/nvstaging/mellanox/network-operator@sha256:e97c74d1b4d13e2662d57996d969cbbbd0734b4a65bf9ae3d9a88ef4b504c6cb imagePullPolicy: IfNotPresent livenessProbe: httpGet: @@ -652,7 +678,7 @@ spec: - networking links: - name: Network Operator Documentation - url: https://docs.nvidia.com/networking/display/kubernetes2410 + url: https://docs.nvidia.com/networking/software/cloud-orchestration/index.html - name: GitHub repository url: https://github.com/Mellanox/network-operator/ maintainers: @@ -662,7 +688,7 @@ spec: provider: name: NVIDIA url: https://github.com/Mellanox/network-operator/ - version: 23.10.0-1 + version: 24.7.0-beta.2 webhookdefinitions: - admissionReviewVersions: - v1 @@ -705,13 +731,31 @@ spec: type: ValidatingAdmissionWebhook webhookPath: /validate-mellanox-com-v1alpha1-nicclusterpolicy relatedImages: - - image: nvcr.io/nvidia/mellanox/mofed@sha256:ada9d1c4bf8eda0d6b76f2d3c0f67c9cd6862284f1312c6a6f142d5c217543b4 - name: mofed - - image: ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin@sha256:f717f9778f48665b7c592f2225df51b755a1fe048125e034a286c564ee10fd37 - name: sriov-network-device-plugin - - image: nvcr.io/nvidia/cloud-native/k8s-rdma-shared-dev-plugin@sha256:941ad9ff5013e9e7ad5abeb0ea9f79d45379cfae88a628d923f87d2259bdd132 - name: rdma-shared-device-plugin - - image: gcr.io/kubebuilder/kube-rbac-proxy@sha256:db06cc4c084dd0253134f156dddaaf53ef1c3fb3cc809e5d81711baa4029ea4c - name: kube-rbac-proxy - - image: nvcr.io/nvidia/cloud-native/network-operator@sha256:e9cf9a438be8cfb7472998abef55f1ace964dae7f9043a697fabcae751eb96e3 - name: network-operator + - name: nvidia-network-operator-init-container + image: ghcr.io/mellanox/network-operator-init-container@sha256:1699d23027ea30c9fa59575a914114bdfd5a87a359caf8c0a9b16d409ec0d068 + - name: rdma-Shared-device-plugin + image: ghcr.io/mellanox/k8s-rdma-shared-dev-plugin@sha256:8324c009c3d694fe7702af36305ede78b903d839190b1e4506e82362f9aa5c02 + - name: sriov-network-device-plugin + image: ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin@sha256:93e856dde88abb0aeb8e0b991e5f6d9f41884d8beea792f4d70cda06f18e783f + - name: ib-kubernetes + image: ghcr.io/mellanox/ib-kubernetes@sha256:b56bb88963dadaa2290a17cf0b57b86c55c09e7c075b7271c184959532555c91 + - name: ipoib-cni + image: ghcr.io/mellanox/ipoib-cni@sha256:81646c07e27ce1df2603050a75dd267f264685fdc64c285eca3925ae98ed5392 + - name: nv-ipam + image: ghcr.io/mellanox/nvidia-k8s-ipam@sha256:47e1bb84ac97f9af49f97b49c2de44b4ba82b890b487880edc5c9adf86a176f7 + - name: nic-feature-discovery + image: ghcr.io/mellanox/nic-feature-discovery@sha256:92dda9434519de39be0f94c80787766e3399e8b238d14839360aff4d6232a09b + - name: docs-telemetry-service + image: nvcr.io/nvidia/doca/doca_telemetry@sha256:866971717cb2683f2742d265c9793f93242f55b6e8bd9a0a88a558869f9b9cd7 + - name: doca-driver-0 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:d44f090cd5534a77ed005398438cbefe2789616d81a5651b3d089636d5bbfbae + - name: doca-driver-1 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:e3da5ce8d3328a7f20089cc5c792f98f2c9259646e9c5be81ef43d9aa08b0506 + - name: doca-driver-2 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:9b6a09db838926abbe4c4eb8cc040c3d6569657ea78dd1ed8fb34c8c5d133949 + - name: doca-driver-3 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:f2f8f18b7df76d3977ba5f59fdc61e2c3861a7c735e9f241f1fc11d62722e385 + - name: doca-driver-4 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:337ebb20593cb98fd80132db2d7cd16882e121082132019252e40190a64864e9 + - name: doca-driver-5 + image: nvcr.io/nvstaging/mellanox/doca-driver@sha256:bf1a597ad8895099cf92f4a800bf576e1b6f0e6d8232b5c47b057fba5130ee57 diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index a625a77d0..92a44250d 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -4,8 +4,8 @@ annotations: operators.operatorframework.io.bundle.manifests.v1: manifests/ operators.operatorframework.io.bundle.metadata.v1: metadata/ operators.operatorframework.io.bundle.package.v1: nvidia-network-operator - operators.operatorframework.io.bundle.channels.v1: 23.10.0-1 - operators.operatorframework.io.bundle.channel.default.v1: 23.10.0-1 + operators.operatorframework.io.bundle.channels.v1: v24.7,stable + operators.operatorframework.io.bundle.channel.default.v1: v24.7 operators.operatorframework.io.metrics.builder: operator-sdk-v1.33.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v3 @@ -13,3 +13,4 @@ annotations: # Annotations for testing. operators.operatorframework.io.test.mediatype.v1: scorecard+v1 operators.operatorframework.io.test.config.v1: tests/scorecard/ + com.redhat.openshift.versions: v4.14-v4.16 diff --git a/config/manifests/bases/nvidia-network-operator.clusterserviceversion.yaml b/config/manifests/bases/nvidia-network-operator.clusterserviceversion.yaml index b614a5ae5..cd0ac6f3a 100644 --- a/config/manifests/bases/nvidia-network-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/nvidia-network-operator.clusterserviceversion.yaml @@ -5,6 +5,13 @@ metadata: alm-examples: "" capabilities: Basic Install description: Deploy and manage NVIDIA networking resources in Kubernetes + features.operators.openshift.io/disconnected: "true" + features.operators.openshift.io/fips-compliant: "false" + features.operators.openshift.io/proxy-aware: "true" + features.operators.openshift.io/tls-profiles: "false" + features.operators.openshift.io/token-auth-aws: "false" + features.operators.openshift.io/token-auth-azure: "false" + features.operators.openshift.io/token-auth-gcp: "false" operatorframework.io/suggested-namespace: nvidia-network-operator provider: NVIDIA repository: https://github.com/Mellanox/network-operator/ @@ -65,7 +72,7 @@ spec: - networking links: - name: Network Operator Documentation - url: https://docs.nvidia.com/networking/display/kubernetes2410 + url: https://docs.nvidia.com/networking/software/cloud-orchestration/index.html - name: GitHub repository url: https://github.com/Mellanox/network-operator/ maintainers: @@ -75,11 +82,4 @@ spec: provider: name: NVIDIA url: https://github.com/Mellanox/network-operator/ - relatedImages: - - image: nvcr.io/nvidia/mellanox/mofed-5.6-1.0.3.3@sha256:0a5108443c64fc013984be500e7db3d89c04418446f0bbc3241ed6e1c449b773 - name: mofed - - image: ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin@sha256:16a53286fecdb1e587d3c4c042078974674c3e86c9e98d7dae282f6eb4ee2d8c - name: sriov-network-device-plugin - - image: nvcr.io/nvidia/cloud-native/k8s-rdma-shared-dev-plugin@sha256:941ad9ff5013e9e7ad5abeb0ea9f79d45379cfae88a628d923f87d2259bdd132 - name: rdma-shared-device-plugin version: 0.0.0 diff --git a/docs/operator-bundle.md b/docs/operator-bundle.md index 239238a02..bdde5faa2 100644 --- a/docs/operator-bundle.md +++ b/docs/operator-bundle.md @@ -9,8 +9,21 @@ The template for the CSV is located [here](config/manifests/bases/nvidia-network Build the bundle: +**Note**: +- `VERSION` should be a valid semantic version +- `DEFAULT_CHANNEL` should be in the following format: `vMAJOR.MINOR`, without the patch version +- `CHANNELS` should include the `DEFAULT_CHANNEL` value and `stable` seperated by a comma +- `TAG` should use SHA256 + +Here how to obtain the digest: + ```bash -DEFAULT_CHANNEL=v1.1.0 CHANNELS=v1.1.0 VERSION=1.1.0 TAG=nvcr.io/nvidia/cloud-native/network-operator@sha256:17afa53f1cf3733c8d0cd282c565975ed5de3124dfc2b7c485ad12c97e51c251 make bundle +skopeo inspect docker://nvcr.io/nvidia/cloud-native/network-operator:v1.1.0 | jq .Digest +"sha256:17afa53f1cf3733c8d0cd282c565975ed5de3124dfc2b7c485ad12c97e51c251" +``` + +```bash +DEFAULT_CHANNEL=v1.1 CHANNELS=v1.1,stable VERSION=1.1.0 TAG=nvcr.io/nvidia/cloud-native/network-operator@sha256:17afa53f1cf3733c8d0cd282c565975ed5de3124dfc2b7c485ad12c97e51c251 make bundle ``` Build the bundle image: @@ -25,16 +38,6 @@ Push the bundle image: BUNDLE_IMG=mellanox/network-operator-bundle-1.1.0 make bundle-push ``` -**NOTE** - -It is recommended to use sha256 instead of tag. -Here how to obtain the digest: - -```bash -skopeo inspect docker://nvcr.io/nvidia/cloud-native/network-operator:v1.1.0 | jq .Digest -"sha256:17afa53f1cf3733c8d0cd282c565975ed5de3124dfc2b7c485ad12c97e51c251" -``` - ## Deploying the operator The operator must be deployed to the nvidia-network-operator namespace. Create the namespace. diff --git a/hack/release.go b/hack/release.go index cf4ea26f9..13ee86ff3 100644 --- a/hack/release.go +++ b/hack/release.go @@ -23,36 +23,58 @@ import ( "log" "os" "path/filepath" + "reflect" + "sort" "strings" "text/template" "sigs.k8s.io/yaml" mellanoxv1alpha1 "github.com/Mellanox/network-operator/api/v1alpha1" + + "github.com/google/go-containerregistry/pkg/authn" + containerregistryname "github.com/google/go-containerregistry/pkg/name" + containerregistryv1 "github.com/google/go-containerregistry/pkg/v1" + "github.com/google/go-containerregistry/pkg/v1/remote" ) +// ReleaseImageSpec contains ImageSpec in addition with Image SHA256. +type ReleaseImageSpec struct { + // Shas is a list of SHA2256. A list is needed for DOCA drivers that have multiple images. + Shas []SHA256ImageRef + mellanoxv1alpha1.ImageSpec +} + +// SHA256ImageRef contains container image in sha256 format and a description. +type SHA256ImageRef struct { + // ImageRef is the image reference in "sha format" e.g repo/project/image-repo@sha256:abcdef + ImageRef string + // Name is a description of the image reference + Name string +} + // Release contains versions for operator release templates. type Release struct { - NetworkOperator *mellanoxv1alpha1.ImageSpec - NetworkOperatorInitContainer *mellanoxv1alpha1.ImageSpec - SriovNetworkOperator *mellanoxv1alpha1.ImageSpec - SriovNetworkOperatorWebhook *mellanoxv1alpha1.ImageSpec - SriovConfigDaemon *mellanoxv1alpha1.ImageSpec - SriovCni *mellanoxv1alpha1.ImageSpec - SriovIbCni *mellanoxv1alpha1.ImageSpec - Mofed *mellanoxv1alpha1.ImageSpec - RdmaSharedDevicePlugin *mellanoxv1alpha1.ImageSpec - SriovDevicePlugin *mellanoxv1alpha1.ImageSpec - IbKubernetes *mellanoxv1alpha1.ImageSpec - CniPlugins *mellanoxv1alpha1.ImageSpec - Multus *mellanoxv1alpha1.ImageSpec - Ipoib *mellanoxv1alpha1.ImageSpec - IpamPlugin *mellanoxv1alpha1.ImageSpec - NvIPAM *mellanoxv1alpha1.ImageSpec - NicFeatureDiscovery *mellanoxv1alpha1.ImageSpec - DOCATelemetryService *mellanoxv1alpha1.ImageSpec - OVSCni *mellanoxv1alpha1.ImageSpec - RDMACni *mellanoxv1alpha1.ImageSpec + NetworkOperator *ReleaseImageSpec + NetworkOperatorInitContainer *ReleaseImageSpec + SriovNetworkOperator *ReleaseImageSpec + SriovNetworkOperatorWebhook *ReleaseImageSpec + SriovConfigDaemon *ReleaseImageSpec + SriovCni *ReleaseImageSpec + SriovIbCni *ReleaseImageSpec + Mofed *ReleaseImageSpec + RdmaSharedDevicePlugin *ReleaseImageSpec + SriovDevicePlugin *ReleaseImageSpec + IbKubernetes *ReleaseImageSpec + CniPlugins *ReleaseImageSpec + Multus *ReleaseImageSpec + Ipoib *ReleaseImageSpec + IpamPlugin *ReleaseImageSpec + NvIPAM *ReleaseImageSpec + NicFeatureDiscovery *ReleaseImageSpec + DOCATelemetryService *ReleaseImageSpec + OVSCni *ReleaseImageSpec + RDMACni *ReleaseImageSpec } func readDefaults(releaseDefaults string) Release { @@ -76,7 +98,7 @@ func getEnviromnentVariableOrDefault(defaultValue, varName string) string { return defaultValue } -func initWithEnvVariale(name string, image *mellanoxv1alpha1.ImageSpec) { +func initWithEnvVariale(name string, image *ReleaseImageSpec) { envName := name + "_IMAGE" image.Image = getEnviromnentVariableOrDefault(image.Image, envName) envName = name + "_REPO" @@ -107,9 +129,13 @@ func main() { templateDir := flag.String("templateDir", ".", "Directory with templates to render") outputDir := flag.String("outputDir", ".", "Destination directory to render templates to") releaseDefaults := flag.String("releaseDefaults", "release.yaml", "Destination of the release defaults definition") + retrieveSha := flag.Bool("with-sha256", false, "retrieve SHA256 for container images references") flag.Parse() release := readDefaults(*releaseDefaults) readEnvironmentVariables(&release) + if *retrieveSha { + resolveImagesSha(&release) + } var files []string err := filepath.Walk(*templateDir, func(path string, info os.FileInfo, err error) error { // Error during traversal @@ -135,11 +161,17 @@ func main() { } for _, file := range files { - tmpl, err := template.ParseFiles(file) + tmpl, err := template.New(filepath.Base(file)).Funcs(template.FuncMap{ + "imageAsSha": func(obj interface{}) string { + imageSpec := obj.(*ReleaseImageSpec) + return imageSpec.Shas[0].ImageRef + }, + }).ParseFiles(file) if err != nil { fmt.Printf("Error: %v\n", err) return } + // Generate new file full path outputFile := filepath.Join(*outputDir, strings.Replace(filepath.Base(file), ".template", ".yaml", 1)) f, err := os.Create(filepath.Clean(outputFile)) @@ -154,3 +186,107 @@ func main() { } } } + +func resolveImagesSha(release *Release) { + nvcrToken := os.Getenv("NGC_CLI_API_KEY") + if nvcrToken == "" { + fmt.Printf("Error: NGC_CLI_API_KEY is unset") + return + } + auth := &authn.Basic{ + Username: "$oauthtoken", + Password: nvcrToken, + } + v := reflect.ValueOf(*release) + for i := 0; i < v.NumField(); i++ { + field := v.Field(i) + if !field.IsNil() { + releaseImageSpec := field.Interface().(*ReleaseImageSpec) + if strings.Contains(releaseImageSpec.Image, "doca-driver") { + digests, err := resolveDocaDriversShas(releaseImageSpec.Repository, releaseImageSpec.Image, + releaseImageSpec.Version, auth) + if err != nil { + fmt.Printf("Error: %v\n", err) + return + } + releaseImageSpec.Shas = make([]SHA256ImageRef, len(digests)) + for i, digest := range digests { + sha := fmt.Sprintf("%s/%s@%s", releaseImageSpec.Repository, releaseImageSpec.Image, digest) + releaseImageSpec.Shas[i] = SHA256ImageRef{ImageRef: sha, Name: fmt.Sprintf("doca-driver-%d", i)} + } + } else { + digest, err := resolveImageSha(releaseImageSpec.Repository, releaseImageSpec.Image, + releaseImageSpec.Version, auth) + if err != nil { + fmt.Printf("Error: %v\n", err) + return + } + releaseImageSpec.Shas = make([]SHA256ImageRef, 1) + sha := fmt.Sprintf("%s/%s@%s", releaseImageSpec.Repository, releaseImageSpec.Image, digest) + releaseImageSpec.Shas[0] = SHA256ImageRef{ImageRef: sha} + } + } + } +} + +func resolveImageSha(repo, image, tag string, auth *authn.Basic) (string, error) { + ref, err := containerregistryname.ParseReference(fmt.Sprintf("%s/%s:%s", repo, image, tag)) + if err != nil { + return "", err + } + var desc *remote.Descriptor + if strings.Contains(repo, "nvstaging") { + desc, err = remote.Get(ref, remote.WithAuth(auth)) + if err != nil { + return "", err + } + } else { + // Container registry might fail if providing unneeded auth + desc, err = remote.Get(ref) + if err != nil { + return "", err + } + } + digest, err := containerregistryv1.NewHash(desc.Descriptor.Digest.String()) + if err != nil { + return "", err + } + return digest.String(), nil +} + +func resolveDocaDriversShas(repoName, imageName, ver string, auth *authn.Basic) ([]string, error) { + shaArray := make([]string, 0) + image := fmt.Sprintf("%s/%s", repoName, imageName) + repo, err := containerregistryname.NewRepository(image) + if err != nil { + return shaArray, err + } + var tags []string + if strings.Contains(repoName, "nvstaging") { + tags, err = remote.List(repo, remote.WithAuth(auth)) + if err != nil { + return shaArray, err + } + } else { + // Container registry might fail if providing unneeded auth + tags, err = remote.List(repo) + if err != nil { + return shaArray, err + } + } + sort.Strings(tags) + shaSet := make(map[string]interface{}) + for _, tag := range tags { + if strings.Contains(tag, ver) && (strings.Contains(tag, "rhcos") || strings.Contains(tag, "rhel")) { + digest, err := resolveImageSha(repoName, imageName, tag, auth) + if err != nil { + return shaArray, err + } + if _, ok := shaSet[digest]; !ok { + shaArray = append(shaArray, digest) + shaSet[digest] = struct{}{} + } + } + } + return shaArray, nil +} diff --git a/hack/scripts/ocp-bundle-postprocess.sh b/hack/scripts/ocp-bundle-postprocess.sh new file mode 100755 index 000000000..affbe99bd --- /dev/null +++ b/hack/scripts/ocp-bundle-postprocess.sh @@ -0,0 +1,34 @@ +#!/bin/bash + +# 2024 NVIDIA CORPORATION & AFFILIATES +# +# Licensed under the Apache License, Version 2.0 (the License); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an AS IS BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o nounset +set -o pipefail +set -o errexit + +if [[ "${TRACE-0}" == "1" ]]; then + set -o xtrace +fi + +# Generate relatedImages +cd hack && $GO run release.go --with-sha256 --templateDir ./templates/related-images/ --outputDir . && cd .. +cat hack/related_images.yaml >> bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml +rm hack/related_images.yaml +# Add containerImage annotation +# Escape the tag annotation value for sed +ESCAPED_TAG=$(printf '%s\n' "$TAG" | sed -e 's/[]\/$*.^[]/\\&/g') +sed -i "0,/annotations:/s/annotations:/annotations:\n containerImage: $ESCAPED_TAG/" bundle/manifests/nvidia-network-operator.clusterserviceversion.yaml +# Add OpenShift versions in metadata/annotations.yaml +echo " com.redhat.openshift.versions: $BUNDLE_OCP_VERSIONS" >> bundle/metadata/annotations.yaml diff --git a/hack/templates/related-images/related_images.template b/hack/templates/related-images/related_images.template new file mode 100644 index 000000000..ff9cebccf --- /dev/null +++ b/hack/templates/related-images/related_images.template @@ -0,0 +1,21 @@ + relatedImages: + - name: nvidia-network-operator-init-container + image: {{ (imageAsSha .NetworkOperatorInitContainer) }} + - name: rdma-Shared-device-plugin + image: {{ (imageAsSha .RdmaSharedDevicePlugin) }} + - name: sriov-network-device-plugin + image: {{ (imageAsSha .SriovDevicePlugin) }} + - name: ib-kubernetes + image: {{ (imageAsSha .IbKubernetes) }} + - name: ipoib-cni + image: {{ (imageAsSha .Ipoib) }} + - name: nv-ipam + image: {{ (imageAsSha .NvIPAM) }} + - name: nic-feature-discovery + image: {{ (imageAsSha .NicFeatureDiscovery) }} + - name: docs-telemetry-service + image: {{ (imageAsSha .DOCATelemetryService) }} + {{- range .Mofed.Shas }} + - name: {{ .Name }} + image: {{ .ImageRef }} + {{- end }}