Add sriov 104.0.0 chart

Update to the latest sriov chart and images: - suse-edge/charts#104 - suse-edge/charts#108 Issue: rancher/rke2#5089 Signed-off-by: Michael Fritch <[email protected]>
mgfritch · Apr 30, 2024 · d98b270 · d98b270
1 parent 5b9884b
commit d98b270
Show file tree

Hide file tree

Showing 10 changed files with 75 additions and 94 deletions.
diff --git a/packages/rancher-nfd/package.yaml b/packages/rancher-nfd/package.yaml
@@ -1,4 +1,4 @@
-url: https://github.com/kubernetes-sigs/node-feature-discovery/releases/download/v0.14.1/node-feature-discovery-chart-0.14.1.tgz
-version: 103.0.0
+url: https://github.com/kubernetes-sigs/node-feature-discovery/releases/download/v0.15.4/node-feature-discovery-chart-0.15.4.tgz
+version: 104.0.0
 # node-feature-discovery is only used as a dependency of sriov
 doNotRelease: true
diff --git a/packages/rancher-sriov/generated-changes/patch/Chart.yaml.patch b/packages/rancher-sriov/generated-changes/patch/Chart.yaml.patch
@@ -1,33 +1,29 @@
 --- charts-original/Chart.yaml
 +++ charts/Chart.yaml
-@@ -1,18 +1,29 @@
+@@ -1,3 +1,14 @@
 +annotations:
 +  catalog.cattle.io/auto-install: sriov-crd=match
 +  catalog.cattle.io/certified: rancher
 +  catalog.cattle.io/experimental: "true"
-+  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.28.0-0'
++  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.30.0-0'
 +  catalog.cattle.io/namespace: cattle-sriov-system
 +  catalog.cattle.io/os: linux
 +  catalog.cattle.io/permits-os: linux
-+  catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
++  catalog.cattle.io/rancher-version: '>= 2.9.0-0 < 2.10.0-0'
 +  catalog.cattle.io/release-name: sriov
 +  catalog.cattle.io/upstream-version: 1.2.0
  apiVersion: v2
--appVersion: 1.1.0
--dependencies:
--- condition: rancher-nfd.enabled
--  name: rancher-nfd
--  repository: file://./charts/rancher-nfd
--  version: 0.14.1
-+appVersion: 1.2.0
+ appVersion: 1.2.0
+ dependencies:
+@@ -8,11 +19,16 @@
  description: SR-IOV network operator configures and manages SR-IOV networks in the
    kubernetes cluster
  home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
 +icon: https://charts.rancher.io/assets/logos/sr-iov.svg
  keywords:
  - sriov
 +- Networking
- kubeVersion: '>= 1.16.0'
+ kubeVersion: '>= 1.16.0-0'
 -name: sriov-network-operator
 +maintainers:
 +- email: [email protected]

diff --git a/packages/rancher-sriov/generated-changes/patch/charts/rancher-nfd/Chart.yaml.patch b/packages/rancher-sriov/generated-changes/patch/charts/rancher-nfd/Chart.yaml.patch
@@ -0,0 +1,11 @@
+--- charts-original/charts/rancher-nfd/Chart.yaml
++++ charts/charts/rancher-nfd/Chart.yaml
+@@ -1,7 +1,7 @@
+ apiVersion: v2
+ appVersion: v0.15.4
+ description: 'Detects hardware features available on each node in a Kubernetes cluster,
+-  and advertises those features using node labels. '
++  and advertises those features using node labels'
+ home: https://github.com/kubernetes-sigs/node-feature-discovery
+ keywords:
+ - feature-discovery
diff --git a/packages/rancher-sriov/generated-changes/patch/charts/rancher-nfd/values.yaml.patch b/packages/rancher-sriov/generated-changes/patch/charts/rancher-nfd/values.yaml.patch
@@ -8,7 +8,7 @@
    pullPolicy: IfNotPresent
    # tag, if defined will use the given image tag, else Chart.AppVersion will be used
 -  # tag
-+  tag: v0.14.1-build20230926
++  tag: v0.15.4-build20240423
  imagePullSecrets: []
 
  nameOverride: ""
diff --git a/packages/rancher-sriov/generated-changes/patch/templates/clusterrole.yaml.patch b/packages/rancher-sriov/generated-changes/patch/templates/clusterrole.yaml.patch
@@ -1,9 +1,9 @@
 --- charts-original/templates/clusterrole.yaml
 +++ charts/templates/clusterrole.yaml
-@@ -55,3 +55,55 @@
-   - apiGroups: [""]
-     resources: ["pods/eviction"]
-     verbs: ["create"]
+@@ -58,3 +58,54 @@
+   - apiGroups: [ "config.openshift.io" ]
+     resources: [ "infrastructures" ]
+     verbs: [ "get", "list", "watch" ]
 +---
 +apiVersion: rbac.authorization.k8s.io/v1
 +kind: ClusterRole
@@ -55,4 +55,3 @@
 +  - "get"
 +  - "watch"
 +  - "list"
-+
diff --git a/packages/rancher-sriov/generated-changes/patch/templates/operator.yaml.patch b/packages/rancher-sriov/generated-changes/patch/templates/operator.yaml.patch
@@ -1,19 +1,9 @@
 --- charts-original/templates/operator.yaml
 +++ charts/templates/operator.yaml
-@@ -1,7 +1,22 @@
+@@ -1,7 +1,12 @@
 +{{- if not (.Capabilities.APIVersions.Has "k8s.cni.cncf.io/v1/NetworkAttachmentDefinition") -}}
 +{{- required "rke2-multus is required but not found" "" -}}
 +{{- end -}}
-+apiVersion: sriovnetwork.openshift.io/v1
-+kind: SriovOperatorConfig
-+metadata:
-+  name: default
-+  namespace: {{ .Release.Namespace }}
-+spec:
-+  # Add fields here
-+  enableInjector: {{ .Values.operator.enableAdmissionController }}
-+  enableOperatorWebhook: {{ .Values.operator.enableAdmissionController }}
-+  configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: "true"}
 +---
  apiVersion: apps/v1
  kind: Deployment
@@ -23,40 +13,16 @@
    labels:
    {{- include "sriov-network-operator.labels" . | nindent 4 }}
  spec:
-@@ -18,23 +33,19 @@
-       labels:
-         name: sriov-network-operator
-     spec:
--      {{- with .Values.operator.nodeSelector }}
--      nodeSelector:
--      {{- toYaml . | nindent 8 }}
--      {{- end }}
--      {{- with .Values.operator.affinity }}
--      affinity:
--        {{- toYaml . | nindent 8}}
--      {{- end }}
--      {{- with .Values.operator.tolerations }}
--      tolerations:
--      {{- toYaml . | nindent 8 }}
--      {{- end }}
-+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
-+{{- if .Values.operator.nodeSelector }}
-+{{ toYaml .Values.operator.nodeSelector | indent 8 }}
-+{{- end }}
-+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
-+{{- if .Values.operator.tolerations }}
-+{{ toYaml .Values.operator.tolerations | indent 8 }}
-+{{- end }}
-       serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
-       priorityClassName: "system-node-critical"
+@@ -40,7 +45,7 @@
+       {{- end }}
        containers:
          - name: {{ include "sriov-network-operator.fullname" . }}
 -          image: {{ .Values.images.operator }}
 +          image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
            command:
              - sriov-network-operator
-           imagePullPolicy: IfNotPresent
-@@ -48,19 +59,19 @@
+           resources:
+@@ -53,19 +58,19 @@
                  fieldRef:
                    fieldPath: metadata.namespace
              - name: SRIOV_CNI_IMAGE
@@ -81,14 +47,4 @@
 +              value: {{ include "system_default_registry" . }}{{ .Values.images.webhook.repository }}:{{ .Values.images.webhook.tag }}
              - name: RESOURCE_PREFIX
                value: {{ .Values.operator.resourcePrefix }}
-             - name: ENABLE_ADMISSION_CONTROLLER
-@@ -79,3 +90,9 @@
-               value: {{ .Values.operator.cniBinPath }}
-             - name: CLUSTER_TYPE
-               value: {{ .Values.operator.clusterType }}
-+            {{- if .Values.operator.enableAdmissionController }}
-+            {{- if not .Values.cert_manager }}
-+            - name: WEBHOOK_CA_BUNDLE
-+              value: "{{ include "sriov_operator_ca_cert" . }}"
-+            {{- end }}
-+            {{- end }}
+             - name: IMAGE_PULL_SECRETS
diff --git a/packages/rancher-sriov/generated-changes/patch/templates/sriovoperatorconfig.yaml.patch b/packages/rancher-sriov/generated-changes/patch/templates/sriovoperatorconfig.yaml.patch
@@ -0,0 +1,15 @@
+--- charts-original/templates/sriovoperatorconfig.yaml
++++ charts/templates/sriovoperatorconfig.yaml
+@@ -9,9 +9,9 @@
+   enableOperatorWebhook: {{ .Values.operator.admissionControllers.enabled }}
+   {{- with .Values.sriovOperatorConfig.configDaemonNodeSelector }}
+   configDaemonNodeSelector:
+-    {{- range $k, $v := .}}{{printf "%s: %s" $k $v | nindent 4 }}{{ end }}
++    {{- range $k, $v := .}}{{printf "%s: '%s'" $k $v | nindent 4 }}{{ end }}
+   {{- end }}
+   logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
+   disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
+   configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
+-{{ end }}
+\ No newline at end of file
++{{ end }}
diff --git a/packages/rancher-sriov/generated-changes/patch/values.yaml.patch b/packages/rancher-sriov/generated-changes/patch/values.yaml.patch
@@ -1,11 +1,6 @@
 --- charts-original/values.yaml
 +++ charts/values.yaml
-@@ -1,11 +1,11 @@
- operator:
-   tolerations:
--    - key: "node-role.kubernetes.io/master"
--      operator: "Exists"
--      effect: "NoSchedule"
+@@ -6,6 +6,9 @@
      - key: "node-role.kubernetes.io/control-plane"
        operator: "Exists"
        effect: "NoSchedule"
@@ -15,15 +10,28 @@
    nodeSelector: {}
    affinity:
      nodeAffinity:
-@@ -21,17 +21,44 @@
+@@ -24,7 +27,7 @@
                  values: [ "" ]
    nameOverride: ""
    fullnameOverride: ""
 -  resourcePrefix: "openshift.io"
 +  resourcePrefix: "rancher.io"
-   enableAdmissionController: false
    cniBinPath: "/opt/cni/bin"
    clusterType: "kubernetes"
+   admissionControllers:
+@@ -78,9 +81,9 @@
+
+ sriovOperatorConfig:
+   # deploy sriovOperatorConfig CR with the below values
+-  deploy: false
++  deploy: true
+   # node slectors for sriov-network-config-daemon
+-  configDaemonNodeSelector: {}
++  configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
+   # log level for both operator and sriov-network-config-daemon
+   logLevel: 2
+   # disable node draining when configuring SR-IOV, set to true in case of a single node
+@@ -91,12 +94,36 @@
 
  # Image URIs for sriov-network-operator components
  images:
@@ -36,31 +44,27 @@
 -  webhook: ghcr.io/k8snetworkplumbingwg/sriov-network-operator-webhook
 +  operator:
 +    repository: rancher/hardened-sriov-network-operator
-+    tag: v1.2.0-build20230912
++    tag: v1.2.0-build20240327
 +  sriovConfigDaemon:
 +    repository: rancher/hardened-sriov-network-config-daemon
-+    tag: v1.2.0-build20230912
++    tag: v1.2.0-build20240327
 +  sriovCni:
 +    repository: rancher/hardened-sriov-cni
-+    tag: v2.6.3-build20230913
++    tag: v2.7.0-build20240327
 +  ibSriovCni: 
 +    repository: rancher/hardened-ib-sriov-cni
-+    tag: v1.0.2-build20230911
++    tag: v1.0.3-build20240327
 +  sriovDevicePlugin: 
 +    repository: rancher/hardened-sriov-network-device-plugin
-+    tag: v3.5.1-build20230911
++    tag: v3.6.2-build20240327
 +  resourcesInjector: 
 +    repository: rancher/hardened-sriov-network-resources-injector
-+    tag: v1.5-build20230911
++    tag: v1.5-build20240327
 +  webhook:
 +    repository: rancher/hardened-sriov-network-webhook
-+    tag: v1.2.0-build20230912
-+
-+# cert_manager enables integration with cert-manager to generate
-+# certificates for the operator webhooks. Otherwise the chart will
-+# generate ad-hoc certificates with no automated renewal at expiration,
-+# not recommended for production clusters.
-+cert_manager: false
++    tag: v1.2.0-build20240327
+
+ imagePullSecrets: []
 +
 +global:
 +  cattle:

diff --git a/packages/rancher-sriov/package.yaml b/packages/rancher-sriov/package.yaml
@@ -1,7 +1,7 @@
 url: https://github.com/k8snetworkplumbingwg/sriov-network-operator.git
 subdirectory: deployment/sriov-network-operator
-commit: bcab8844d807ee1db558533248273ccd492874bb # the commit points to the tag v1.2.0
-version: 103.0.0
+commit: f2ca88418036a7836ea2c0bd1f648a47774997c4 # March 2024
+version: 104.0.0
 additionalCharts:
   - workingDir: charts-crd
     crdOptions:

diff --git a/packages/rancher-sriov/templates/crd-template/Chart.yaml b/packages/rancher-sriov/templates/crd-template/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
-version: 103.0.0
-description: Installs the CRDs for rke2-sriov.
+description: Installs the CRDs for the SR-IOV operator
 name: sriov-crd
 type: application
+version: 104.0.0
 annotations:
   catalog.cattle.io/experimental: "true"
   catalog.cattle.io/release-name: sriov-crd