File templates.obscpio of Package sriov-network-operator-chart
07070100000000000081a400000000000000000000000168d2511d0000029f000000000000000000000000000000000000001400000000templates/NOTES.txtGet Network Operator deployed resources by running the following commands:
$ kubectl -n {{ .Release.Namespace }} get pods
For additional instructions on how to use SR-IOV network operator,
refer to: https://github.com/k8snetworkplumbingwg/sriov-network-operator
{{- if .Values.operator.enableAdmissionController }}
{{- if not .Values.cert_manager }}
Thank you for installing {{ .Chart.Name }}.
WARNING! Self signed certificates have been generated for webhooks.
These certificates have a one-year validity and will not be rotated
automatically. This should not be a production cluster. Please deploy
and use cert-manager for production clusters.
{{- end }}
{{- end }}07070100000001000081a400000000000000000000000168d2511d000009db000000000000000000000000000000000000001700000000templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "sriov-network-operator.name" -}}
{{- default "sriov-network-operator" .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "sriov-network-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default "sriov-network-operator" .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "sriov-network-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "sriov-network-operator.labels" -}}
helm.sh/chart: {{ include "sriov-network-operator.chart" . }}
{{ include "sriov-network-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "sriov-network-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "sriov-network-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "sriov-network-operator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "sriov-network-operator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{/*
Windows cluster will add default taint for linux nodes,
add below linux tolerations to workloads could be scheduled to those linux nodes
*/}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}07070100000002000081a400000000000000000000000168d2511d00000536000000000000000000000000000000000000001d00000000templates/_webhook-certs.tpl{{/*
Generate TLS certificates for webhooks.
Note: these 2 lines, that are repeated several times below, are a trick to
ensure the CA certs are generated only once:
$ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365)
$_ := set . "ca" $ca
Please, don't try to "simplify" them as without this trick, every generated
certificate would be signed by a different CA.
*/}}
{{- define "sriov_operator_ca_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- printf "%s" $ca.Cert | b64enc -}}
{{- end }}
{{- define "sriov_operator_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "operator-webhook-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
{{- define "sriov_resource_injector_cert" }}
{{- $ca := .ca | default (genCA "sriov-network-operator.k8s.cni.cncf.io" 365) -}}
{{- $_ := set . "ca" $ca -}}
{{- $cn := printf "network-resources-injector-service.%s.svc" .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil (list $cn) 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}
07070100000003000081a400000000000000000000000168d2511d00000b04000000000000000000000000000000000000001b00000000templates/certificate.yaml{{- if .Values.operator.admissionControllers.enabled }}
{{- if and (.Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.certManager.generateSelfSigned) }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
- operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: operator-webhook-selfsigned-issuer
secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: operator-webhook-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
namespace: {{ .Release.Namespace }}
spec:
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
- network-resources-injector-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: network-resources-injector-selfsigned-issuer
secretName: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: network-resources-injector-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
{{- else if and (not .Values.operator.admissionControllers.certificates.certManager.enabled) (.Values.operator.admissionControllers.certificates.custom.enabled) }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
namespace: {{ .Release.Namespace }}
type: Opaque
data:
ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.caCrt | b64enc | b64enc | quote }}
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsCrt | b64enc | quote }}
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.operator.tlsKey | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
namespace: {{ .Release.Namespace }}
type: Opaque
data:
ca.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.caCrt | b64enc | b64enc | quote }}
tls.crt: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsCrt | b64enc | quote }}
tls.key: {{ .Values.operator.admissionControllers.certificates.custom.injector.tlsKey | b64enc | quote }}
{{- end }}
{{- end }}07070100000004000081a400000000000000000000000168d2511d00000475000000000000000000000000000000000000002000000000templates/certmanagercerts.yaml{{- if and (.Values.operator.enableAdmissionController) (.Values.cert_manager) -}}
{{- if not (.Capabilities.APIVersions.Has "cert-manager.io/v1") -}}
{{- required "cert-manager is required but not found" "" -}}
{{- end -}}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: sriov-network-operator-selfsigned-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
spec:
secretName: operator-webhook-service
dnsNames:
- operator-webhook-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: network-resources-injector-service
namespace: {{ .Release.Namespace }}
spec:
secretName: network-resources-injector-secret
dnsNames:
- network-resources-injector-service.{{ .Release.Namespace }}.svc
issuerRef:
name: sriov-network-operator-selfsigned-issuer
privateKey:
rotationPolicy: Always
{{- end -}}
07070100000005000081a400000000000000000000000168d2511d00000ac2000000000000000000000000000000000000001b00000000templates/clusterrole.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["*"]
- apiGroups: [""]
resources: ["pods/eviction"]
verbs: ["create"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["namespaces", "serviceaccounts"]
verbs: ["*"]
- apiGroups: ["k8s.cni.cncf.io"]
resources: ["network-attachment-definitions"]
verbs: ["*"]
- apiGroups: ["rbac.authorization.k8s.io"]
resources: [clusterroles, clusterrolebindings]
verbs: ["*"]
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["*"]
- apiGroups: ["sriovnetwork.openshift.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["machineconfiguration.openshift.io"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["config.openshift.io"]
resources: ["infrastructures"]
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sriov-network-config-daemon
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [ "config.openshift.io" ]
resources: [ "infrastructures" ]
verbs: [ "get", "list", "watch" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sriov-admin
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sriov-edit
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sriov-view
{{- if .Values.global.rbac.userRoles.aggregateToDefaultRoles }}
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- end }}
rules:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
verbs:
- "get"
- "watch"
- "list"07070100000006000081a400000000000000000000000168d2511d00000367000000000000000000000000000000000000002200000000templates/clusterrolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: {{ include "sriov-network-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: {{ include "sriov-network-operator.fullname" . }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: sriov-network-config-daemon
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: sriov-network-config-daemon
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
namespace: {{ .Release.Namespace }}
name: sriov-network-config-daemon07070100000007000081a400000000000000000000000168d2511d000008a4000000000000000000000000000000000000001900000000templates/configmap.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: supported-nic-ids
data:
Intel_i40e_XXV710: "8086 158a 154c"
Intel_i40e_25G_SFP28: "8086 158b 154c"
Intel_i40e_10G_X710_SFP: "8086 1572 154c"
Intel_ixgbe_10G_X550: "8086 1563 1565"
Intel_ixgbe_82576: "8086 10c9 10ca"
Intel_i40e_X710_X557_AT_10G: "8086 1589 154c"
Intel_i40e_10G_X710_BACKPLANE: "8086 1581 154c"
Intel_i40e_10G_X710_BASE_T: "8086 15ff 154c"
Intel_i40e_XXV710_N3000: "8086 0d58 154c"
Intel_i40e_40G_XL710_QSFP: "8086 1583 154c"
Intel_i40e_X550T: "8086 1563 1565"
Intel_i40e_X722: "8086 37d2 37cd"
Intel_i40e_X722_SFP: "8086 37d0 37cd"
Intel_i40e_X722_SFPP: "8086 37d3 37cd"
Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889"
Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889"
Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889"
Intel_ice_Columbiaville_E810-XXV_BACKPLANE: "8086 1599 1889"
Intel_ice_Columbiaville_E810: "8086 1591 1889"
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
Nvidia_mlx5_ConnectX-5_Ex: "15b3 1019 101a"
Nvidia_mlx5_ConnectX-6: "15b3 101b 101c"
Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e"
Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e"
Nvidia_mlx5_ConnectX-7: "15b3 1021 101e"
Nvidia_mlx5_ConnectX-8: "15b3 1023 101e"
Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e"
Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e"
Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc"
Broadcom_bnxt_BCM75508_2x100G: "14e4 1750 1806"
Qlogic_qede_QL45000_50G: "1077 1654 1664"
Red_Hat_Virtio_network_device: "1af4 1000 1000"
Red_Hat_Virtio_1_0_network_device: "1af4 1041 1041"
Marvell_OCTEON_TX2_CN96XX: "177d b200 b203"
Marvell_OCTEON_TX2_CN98XX: "177d b100 b103"
Marvell_OCTEON_Fusion_CNF95XX: "177d b600 b603"
Marvell_OCTEON10_CN10XXX: "177d b900 b903"
Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03"
{{- range .Values.supportedExtraNICs }}
{{ . }}
{{- end }}07070100000008000081a400000000000000000000000168d2511d0000008f000000000000000000000000000000000000001a00000000templates/extra-list.yaml{{- range .Values.extraDeploy }}
---
{{- if typeIs "string" . }}
{{- tpl . $ }}
{{- else }}
{{- tpl (. | toYaml) $ }}
{{- end }}
{{- end }}07070100000009000081a400000000000000000000000168d2511d000014db000000000000000000000000000000000000001800000000templates/operator.yaml{{- if not (.Capabilities.APIVersions.Has "k8s.cni.cncf.io/v1/NetworkAttachmentDefinition") -}}
{{- required "rke2-multus is required but not found" "" -}}
{{- end -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
name: sriov-network-operator
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 33%
template:
metadata:
annotations:
openshift.io/required-scc: restricted-v2
labels:
name: sriov-network-operator
spec:
{{- with .Values.operator.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.operator.affinity }}
affinity:
{{- toYaml . | nindent 8}}
{{- end }}
{{- with .Values.operator.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
priorityClassName: "system-node-critical"
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: {{ include "sriov-network-operator.fullname" . }}
image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
command:
- sriov-network-operator
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: WATCH_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: SRIOV_CNI_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.sriovCni.repository }}:{{ .Values.images.sriovCni.tag }}
- name: SRIOV_INFINIBAND_CNI_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.ibSriovCni.repository }}:{{ .Values.images.ibSriovCni.tag }}
- name: SRIOV_DEVICE_PLUGIN_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.sriovDevicePlugin.repository }}:{{ .Values.images.sriovDevicePlugin.tag }}
- name: NETWORK_RESOURCES_INJECTOR_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.resourcesInjector.repository }}:{{ .Values.images.resourcesInjector.tag }}
- name: OPERATOR_NAME
value: sriov-network-operator
- name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.sriovConfigDaemon.repository }}:{{ .Values.images.sriovConfigDaemon.tag }}
- name: SRIOV_NETWORK_WEBHOOK_IMAGE
value: {{ include "system_default_registry" . }}{{ .Values.images.webhook.repository }}:{{ .Values.images.webhook.tag }}
- name: RESOURCE_PREFIX
value: {{ .Values.operator.resourcePrefix }}
- name: IMAGE_PULL_SECRETS
value: {{ join "," .Values.imagePullSecrets }}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: RELEASE_VERSION
value: {{ .Release.AppVersion }}
- name: SRIOV_CNI_BIN_PATH
value: {{ .Values.operator.cniBinPath }}
- name: CLUSTER_TYPE
value: {{ .Values.operator.clusterType }}
- name: STALE_NODE_STATE_CLEANUP_DELAY_MINUTES
value: "{{ .Values.operator.staleNodeStateCleanupDelayMinutes }}"
{{- if .Values.operator.admissionControllers.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
{{- if .Values.operator.admissionControllers.certificates.certManager.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_CERT_MANAGER_ENABLED
value: {{ .Values.operator.admissionControllers.certificates.certManager.enabled | quote }}
{{- else }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_CA_CRT
valueFrom:
secretKeyRef:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}
key: ca.crt
- name: ADMISSION_CONTROLLERS_CERTIFICATES_INJECTOR_CA_CRT
valueFrom:
secretKeyRef:
name: {{ .Values.operator.admissionControllers.certificates.secretNames.injector }}
key: ca.crt
{{- end }}
{{- end }}0707010000000a000081a400000000000000000000000168d2511d000004f8000000000000000000000000000000000000002200000000templates/pre-delete-webooks.yaml# The following job will be used as Helm pre-delete hook. It executes a small go-client binary
# which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
# e.g. mutating/validating webhooks, within operator's recoinciling loop and
# preventing operator cluster object remainings while using helm uninstall
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "sriov-network-operator.fullname" . }}-pre-delete-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
spec:
template:
spec:
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: cleanup
image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
command:
- sriov-network-operator-config-cleanup
args:
- --namespace
- {{ .Release.Namespace }}
restartPolicy: Never
backoffLimit: 2
0707010000000b000081a400000000000000000000000168d2511d000009e0000000000000000000000000000000000000001400000000templates/role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
creationTimestamp: null
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
- services
- endpoints
- persistentvolumeclaims
- events
- configmaps
- secrets
verbs:
- '*'
- apiGroups:
- apps
resources:
- deployments
- daemonsets
- replicasets
- statefulsets
verbs:
- '*'
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- create
- update
- delete
- apiGroups:
- apps
resourceNames:
- sriov-network-operator
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- serviceaccounts
- roles
- rolebindings
verbs:
- '*'
- apiGroups:
- config.openshift.io
resources:
- infrastructures
verbs:
- get
- list
- watch
- apiGroups:
- 'coordination.k8s.io'
resources:
- 'leases'
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- "get"
- "list"
- "watch"
- "delete"
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
- sriovnetworknodestates
verbs:
- '*'
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- update
- apiGroups:
- 'coordination.k8s.io'
resources:
- 'leases'
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: operator-webhook-sa
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get0707010000000c000081a400000000000000000000000168d2511d000004bb000000000000000000000000000000000000001b00000000templates/rolebinding.yamlkind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "sriov-network-operator.fullname" . }}
apiGroup: rbac.authorization.k8s.io
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: sriov-network-config-daemon
apiGroup: rbac.authorization.k8s.io
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: operator-webhook-sa
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
name: operator-webhook-sa
roleRef:
kind: Role
name: operator-webhook-sa
apiGroup: rbac.authorization.k8s.io0707010000000d000081a400000000000000000000000168d2511d0000020f000000000000000000000000000000000000001700000000templates/secrets.yaml{{- if not .Values.cert_manager -}}
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: operator-webhook-service
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_operator_cert" . | nindent 2 }}
{{- end }}
---
{{- if .Values.operator.enableAdmissionController }}
apiVersion: v1
kind: Secret
metadata:
name: network-resources-injector-secret
namespace: {{ .Release.Namespace }}
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}
0707010000000e000081a400000000000000000000000168d2511d0000019b000000000000000000000000000000000000001e00000000templates/serviceaccount.yamlapiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "sriov-network-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: sriov-network-config-daemon
namespace: {{ .Release.Namespace }}
labels:
{{- include "sriov-network-operator.labels" . | nindent 4 }}0707010000000f000081a400000000000000000000000168d2511d0000036a000000000000000000000000000000000000002300000000templates/sriovoperatorconfig.yaml{{ if .Values.sriovOperatorConfig.deploy }}
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovOperatorConfig
metadata:
name: default
namespace: {{ .Release.Namespace }}
spec:
enableInjector: {{ .Values.operator.admissionControllers.enabled }}
enableOperatorWebhook: {{ .Values.operator.admissionControllers.enabled }}
{{- with .Values.sriovOperatorConfig.configDaemonNodeSelector }}
configDaemonNodeSelector:
{{- range $k, $v := .}}{{printf "%s: \"%s\"" $k $v | nindent 4 }}{{ end }}
{{- end }}
logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
{{- with .Values.sriovOperatorConfig.featureGates }}
featureGates:
{{- range $k, $v := .}}{{printf "%s: %t" $k $v | nindent 4 }}{{ end }}
{{- end }}
{{ end }}07070100000010000081a400000000000000000000000168d2511d00000406000000000000000000000000000000000000002400000000templates/validate-install-crd.yaml#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
# {{- $found := dict -}}
# {{- set $found "sriovnetwork.openshift.io/v1/OVSNetwork" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovIBNetwork" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovNetworkNodePolicy" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovNetworkNodeState" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovNetworkPoolConfig" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovNetwork" false -}}
# {{- set $found "sriovnetwork.openshift.io/v1/SriovOperatorConfig" false -}}
# {{- range .Capabilities.APIVersions -}}
# {{- if hasKey $found (toString .) -}}
# {{- set $found (toString .) true -}}
# {{- end -}}
# {{- end -}}
# {{- range $_, $exists := $found -}}
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}07070100000011000041ed00000000000000000000000168d2511d00000000000000000000000000000000000000000000000a00000000templates07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
