diff --git a/assets/fpga-operator/fpga-operator-2.7.401.tgz b/assets/fpga-operator/fpga-operator-2.7.401.tgz new file mode 100644 index 000000000..b4f1bc3c3 Binary files /dev/null and b/assets/fpga-operator/fpga-operator-2.7.401.tgz differ diff --git a/charts/fpga-operator/fpga-operator/2.7.401/Chart.lock b/charts/fpga-operator/fpga-operator/2.7.401/Chart.lock new file mode 100644 index 000000000..b229fe136 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: node-feature-discovery + repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts + version: 0.10.0 +digest: sha256:828293429b90cc2aee21bb9d617e9c70644f2d1a31ace67d07ff6931d4dc4f94 +generated: "2022-01-14T11:44:16.302056581Z" diff --git a/charts/fpga-operator/fpga-operator/2.7.401/Chart.yaml b/charts/fpga-operator/fpga-operator/2.7.401/Chart.yaml new file mode 100644 index 000000000..2e9f91ed6 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/Chart.yaml @@ -0,0 +1,53 @@ +annotations: + artifacthub.io/images: | + - image: inaccel/coral:2.1 + name: coral + - image: inaccel/daemon:latest + name: daemon + - image: inaccel/driver:latest + name: driver + - image: inaccel/mkrt:latest + name: mkrt + - image: inaccel/monitor:2.1 + name: monitor + - image: inaccel/reef:latest + name: reef + - image: inaccel/vadd:latest + name: tests.vadd + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.inaccel.com + - name: Support + url: https://github.com/inaccel/helm/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: InAccel FPGA Operator + catalog.cattle.io/namespace: kube-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: inaccel + catalog.cattle.io/scope: downstream + category: Infrastructure +apiVersion: v2 +appVersion: "2.1" +dependencies: +- alias: fpga-discovery + condition: fpga-discovery.enabled + name: node-feature-discovery + repository: file://./charts/node-feature-discovery + version: 0.10.0 +description: Simplifying FPGA management in Kubernetes +home: https://inaccel.com +icon: https://en.gravatar.com/userimage/147236320/2a11cd2992b4521ec287587f03fae35c.png?size=1250 +keywords: +- fpga +- infrastructure +kubeVersion: '>= 1.18.0-0' +maintainers: +- email: info@inaccel.com + name: InAccel +name: fpga-operator +sources: +- https://docs.inaccel.com +- https://github.com/inaccel/helm +type: application +version: 2.7.401 diff --git a/charts/fpga-operator/fpga-operator/2.7.401/README.md b/charts/fpga-operator/fpga-operator/2.7.401/README.md new file mode 100644 index 000000000..945a31152 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/README.md @@ -0,0 +1,86 @@ +# InAccel FPGA Operator + +Simplifying FPGA management in Kubernetes + +## Installing the Chart + +To install the chart with the release name `my-fpga-operator`: + +```console +$ helm repo add inaccel https://setup.inaccel.com/helm +$ helm install my-fpga-operator inaccel/fpga-operator +``` + +These commands deploy InAccel FPGA Operator on the Kubernetes cluster in the +default configuration. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-fpga-operator` deployment: + +```console +$ helm uninstall my-fpga-operator +``` + +The command removes all the Kubernetes components associated with the chart and +deletes the release. + +## Parameters + +The following table lists the configurable parameters of the InAccel FPGA +Operator chart and their default values. + +| Parameter | Description | Default | +| ------------------------ | ------------------------------------------------------- | ------------------ | +| `coral.httpsProxy` | Sets HTTPS_PROXY environment variable in the container. | | +| `coral.image` | Container image name. | `inaccel/coral` | +| `coral.logLevel` | Sets LOG_LEVEL environment variable in the container. | `info` | +| `coral.port` | Number of port to expose on the host. | | +| `coral.pullPolicy` | Image pull policy. | `Always` | +| `coral.resources` | Compute resources required by this container. | | +| `coral.tag` | Release version. | *APP VERSION* | +| `daemon.debug` | Argument --debug to the entrypoint. | `false` | +| `daemon.image` | Container image name. | `inaccel/daemon` | +| `daemon.pullPolicy` | Image pull policy. | | +| `daemon.resources` | Compute resources required by this container. | | +| `daemon.tag` | Release version. | `latest` | +| `driver.enabled` | Indicates whether driver should be enabled. | `true` | +| `driver.image` | Container image name. | `inaccel/driver` | +| `driver.pullPolicy` | Image pull policy. | | +| `driver.tag` | Release version. | `latest` | +| `fpga-discovery.enabled` | Dependency condition. | `true` | +| `kubelet` | Directory path for managing kubelet files. | `/var/lib/kubelet` | +| `license` | String value of the secret license key. | | +| `mkrt.image` | Container image name. | `inaccel/mkrt` | +| `mkrt.pullPolicy` | Image pull policy. | | +| `mkrt.tag` | Release version. | `latest` | +| `monitor.image` | Container image name. | `inaccel/monitor` | +| `monitor.port` | Number of port to expose on the host. | | +| `monitor.pullPolicy` | Image pull policy. | `Always` | +| `monitor.resources` | Compute resources required by this container. | | +| `monitor.tag` | Release version. | *APP VERSION* | +| `reef.debug` | Argument --debug to the entrypoint. | `false` | +| `reef.image` | Container image name. | `inaccel/reef` | +| `reef.pullPolicy` | Image pull policy. | | +| `reef.resources` | Compute resources required by this container. | | +| `reef.tag` | Release version. | `latest` | +| `root.config` | Host-specific system configuration. | `/etc/inaccel` | +| `root.state` | Variable state information. | `/var/lib/inaccel` | +| `tests.vadd.image` | Container image name. | `inaccel/vadd` | +| `tests.vadd.platforms` | FPGA platforms to test. | | +| `tests.vadd.pullPolicy` | Image pull policy. | | +| `tests.vadd.tag` | Release version. | `latest` | + +Specify each parameter using the `--set key=value[,key=value]` argument to +`helm install`. + +Alternatively, a YAML file that specifies the values for the parameters can be +provided while installing the chart. For example, + +```console +$ helm install my-fpga-operator -f values.yaml inaccel/fpga-operator +``` + +> **Tip**: You can use the default `values.yaml` diff --git a/charts/fpga-operator/fpga-operator/2.7.401/app-readme.md b/charts/fpga-operator/fpga-operator/2.7.401/app-readme.md new file mode 100644 index 000000000..a8e24b3f9 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/app-readme.md @@ -0,0 +1,7 @@ +### Documentation + +For detailed usage instructions visit: [docs.inaccel.com](https://docs.inaccel.com) + +### Support + +For more product information contact: info@inaccel.com diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/.helmignore b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/Chart.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/Chart.yaml new file mode 100644 index 000000000..108384789 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v2 +appVersion: v0.10.0 +description: 'Detects hardware features available on each node in a Kubernetes cluster, + and advertises those features using node labels. ' +home: https://github.com/kubernetes-sigs/node-feature-discovery +keywords: +- feature-discovery +- feature-detection +- node-labels +name: node-feature-discovery +sources: +- https://github.com/kubernetes-sigs/node-feature-discovery +type: application +version: 0.10.0 diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/README.md b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/README.md new file mode 100644 index 000000000..064bd3459 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/README.md @@ -0,0 +1,10 @@ +# Node Feature Discovery + +Node Feature Discovery (NFD) is a Kubernetes add-on for detecting hardware +features and system configuration. Detected features are advertised as node +labels. NFD provides flexible configuration and extension points for a wide +range of vendor and application specific node labeling needs. + +See +[NFD documentation](https://kubernetes-sigs.github.io/node-feature-discovery/v0.10/get-started/deployment-and-usage.html#deployment-with-helm) +for deployment instructions. diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml new file mode 100644 index 000000000..cd9b48bf4 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/manifests/nodefeaturerule-crd.yaml @@ -0,0 +1,223 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: nodefeaturerules.nfd.k8s-sigs.io +spec: + group: nfd.k8s-sigs.io + names: + kind: NodeFeatureRule + listKind: NodeFeatureRuleList + plural: nodefeaturerules + singular: nodefeaturerule + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeFeatureRule resource specifies a configuration for feature-based + customization of node objects, such as node labeling. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NodeFeatureRuleSpec describes a NodeFeatureRule. + properties: + rules: + description: Rules is a list of node customization rules. + items: + description: Rule defines a rule for node customization such as + labeling. + properties: + labels: + additionalProperties: + type: string + description: Labels to create if the rule matches. + type: object + labelsTemplate: + description: LabelsTemplate specifies a template to expand for + dynamically generating multiple labels. Data (after template + expansion) must be keys with an optional value ([=]) + separated by newlines. + type: string + matchAny: + description: MatchAny specifies a list of matchers one of which + must match. + items: + description: MatchAnyElem specifies one sub-matcher of MatchAny. + properties: + matchFeatures: + description: MatchFeatures specifies a set of matcher + terms all of which must match. + items: + description: FeatureMatcherTerm defines requirements + against one feature set. All requirements (specified + as MatchExpressions) are evaluated against each element + in the feature set. + properties: + feature: + type: string + matchExpressions: + additionalProperties: + description: "MatchExpression specifies an expression + to evaluate against a set of input values. It + contains an operator that is applied when matching + the input and an array of values that the operator + evaluates the input against. \n NB: CreateMatchExpression + or MustCreateMatchExpression() should be used + for creating new instances. NB: Validate() + must be called if Op or Value fields are modified + or if a new instance is created from scratch + without using the helper functions." + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: Value is the list of values that + the operand evaluates the input against. + Value should be empty if the operator is + Exists, DoesNotExist, IsTrue or IsFalse. + Value should contain exactly one element + if the operator is Gt or Lt and exactly + two elements if the operator is GtLt. In + other cases Value should contain at least + one element. + items: + type: string + type: array + required: + - op + type: object + description: MatchExpressionSet contains a set of + MatchExpressions, each of which is evaluated against + a set of input values. + type: object + required: + - feature + - matchExpressions + type: object + type: array + required: + - matchFeatures + type: object + type: array + matchFeatures: + description: MatchFeatures specifies a set of matcher terms + all of which must match. + items: + description: FeatureMatcherTerm defines requirements against + one feature set. All requirements (specified as MatchExpressions) + are evaluated against each element in the feature set. + properties: + feature: + type: string + matchExpressions: + additionalProperties: + description: "MatchExpression specifies an expression + to evaluate against a set of input values. It contains + an operator that is applied when matching the input + and an array of values that the operator evaluates + the input against. \n NB: CreateMatchExpression or + MustCreateMatchExpression() should be used for creating + new instances. NB: Validate() must be called if Op + or Value fields are modified or if a new instance + is created from scratch without using the helper functions." + properties: + op: + description: Op is the operator to be applied. + enum: + - In + - NotIn + - InRegexp + - Exists + - DoesNotExist + - Gt + - Lt + - GtLt + - IsTrue + - IsFalse + type: string + value: + description: Value is the list of values that the + operand evaluates the input against. Value should + be empty if the operator is Exists, DoesNotExist, + IsTrue or IsFalse. Value should contain exactly + one element if the operator is Gt or Lt and exactly + two elements if the operator is GtLt. In other + cases Value should contain at least one element. + items: + type: string + type: array + required: + - op + type: object + description: MatchExpressionSet contains a set of MatchExpressions, + each of which is evaluated against a set of input values. + type: object + required: + - feature + - matchExpressions + type: object + type: array + name: + description: Name of the rule. + type: string + vars: + additionalProperties: + type: string + description: Vars is the variables to store if the rule matches. + Variables do not directly inflict any changes in the node + object. However, they can be referenced from other rules enabling + more complex rule hierarchies, without exposing intermediary + output values as labels. + type: object + varsTemplate: + description: VarsTemplate specifies a template to expand for + dynamically generating multiple variables. Data (after template + expansion) must be keys with an optional value ([=]) + separated by newlines. + type: string + required: + - name + type: object + type: array + required: + - rules + type: object + required: + - spec + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/_helpers.tpl b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/_helpers.tpl new file mode 100644 index 000000000..2d3ea4872 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "node-feature-discovery.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "node-feature-discovery.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "node-feature-discovery.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "node-feature-discovery.labels" -}} +helm.sh/chart: {{ include "node-feature-discovery.chart" . }} +{{ include "node-feature-discovery.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "node-feature-discovery.selectorLabels" -}} +app.kubernetes.io/name: {{ include "node-feature-discovery.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "node-feature-discovery.serviceAccountName" -}} +{{- if .Values.master.serviceAccount.create -}} + {{ default (include "node-feature-discovery.fullname" .) .Values.master.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.master.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account which topologyUpdater will use +*/}} +{{- define "node-feature-discovery.topologyUpdater.serviceAccountName" -}} +{{- if .Values.topologyUpdater.serviceAccount.create -}} + {{ default (printf "%s-topology-updater" (include "node-feature-discovery.fullname" .)) .Values.topologyUpdater.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.topologyUpdater.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-certs.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-certs.yaml new file mode 100644 index 000000000..9e3a31127 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-certs.yaml @@ -0,0 +1,64 @@ +{{- if .Values.tls.certManager }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nfd-master-cert +spec: + secretName: nfd-master-cert + subject: + organizations: + - node-feature-discovery + commonName: nfd-master + dnsNames: + # must match the service name + - {{ include "node-feature-discovery.fullname" . }}-master + # first one is configured for use by the worker; below are for completeness + - {{ include "node-feature-discovery.fullname" . }}-master.{{ $.Release.Namespace }}.svc + - {{ include "node-feature-discovery.fullname" . }}-master.{{ $.Release.Namespace }}.svc.cluster.local + # localhost needed for grpc_health_probe + - localhost + issuerRef: + name: nfd-ca-issuer + kind: Issuer + group: cert-manager.io + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nfd-worker-cert +spec: + secretName: nfd-worker-cert + subject: + organizations: + - node-feature-discovery + commonName: nfd-worker + dnsNames: + - {{ include "node-feature-discovery.fullname" . }}-worker.{{ $.Release.Namespace }}.svc.cluster.local + issuerRef: + name: nfd-ca-issuer + kind: Issuer + group: cert-manager.io + +{{- if .Values.topologyUpdater.enable }} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nfd-topology-updater-cert +spec: + secretName: nfd-topology-updater-cert + subject: + organizations: + - node-feature-discovery + commonName: nfd-topology-updater + dnsNames: + - {{ include "node-feature-discovery.fullname" . }}-topology-updater.{{ $.Release.Namespace }}.svc.cluster.local + issuerRef: + name: nfd-ca-issuer + kind: Issuer + group: cert-manager.io +{{- end }} + +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-issuer.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-issuer.yaml new file mode 100644 index 000000000..0401edd69 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/cert-manager-issuer.yaml @@ -0,0 +1,39 @@ +{{- if .Values.tls.certManager }} +# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers +# - Create a self signed issuer +# - Use this to create a CA cert +# - Use this to now create a CA issuer +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: nfd-ca-bootstrap +spec: + selfSigned: {} + +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: nfd-ca-cert +spec: + isCA: true + secretName: nfd-ca-cert + subject: + organizations: + - node-feature-discovery + commonName: nfd-ca-cert + issuerRef: + name: nfd-ca-bootstrap + kind: Issuer + group: cert-manager.io + +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: nfd-ca-issuer +spec: + ca: + secretName: nfd-ca-cert +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrole.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrole.yaml new file mode 100644 index 000000000..4647ab81a --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrole.yaml @@ -0,0 +1,63 @@ +{{- if .Values.master.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + # when using command line flag --resource-labels to create extended resources + # you will need to uncomment "- nodes/status" + # - nodes/status + verbs: + - get + - patch + - update + - list +- apiGroups: + - nfd.k8s-sigs.io + resources: + - nodefeaturerules + verbs: + - get + - list + - watch +{{- if .Values.topologyUpdater.enable }} +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - create + - get + - update +{{- end }} +{{- end }} + +--- +{{- if .Values.topologyUpdater.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrolebinding.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..3ba4337a9 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/clusterrolebinding.yaml @@ -0,0 +1,34 @@ +{{- if .Values.master.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} + +--- +{{- if .Values.topologyUpdater.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater +subjects: +- kind: ServiceAccount + name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + namespace: {{ $.Release.Namespace }} +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/master.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/master.yaml new file mode 100644 index 000000000..8a62d385a --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/master.yaml @@ -0,0 +1,112 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: master +spec: + replicas: {{ .Values.master.replicaCount }} + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: master + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: master + annotations: + {{- toYaml .Values.master.annotations | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "node-feature-discovery.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.master.podSecurityContext | nindent 8 }} + containers: + - name: master + securityContext: + {{- toYaml .Values.master.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + livenessProbe: + exec: + command: + - "/usr/bin/grpc_health_probe" + - "-addr=:8080" + {{- if .Values.tls.enable }} + - "-tls" + - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt" + - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key" + - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt" + {{- end }} + initialDelaySeconds: 10 + periodSeconds: 10 + readinessProbe: + exec: + command: + - "/usr/bin/grpc_health_probe" + - "-addr=:8080" + {{- if .Values.tls.enable }} + - "-tls" + - "-tls-ca-cert=/etc/kubernetes/node-feature-discovery/certs/ca.crt" + - "-tls-client-key=/etc/kubernetes/node-feature-discovery/certs/tls.key" + - "-tls-client-cert=/etc/kubernetes/node-feature-discovery/certs/tls.crt" + {{- end }} + initialDelaySeconds: 5 + periodSeconds: 10 + failureThreshold: 10 + ports: + - containerPort: 8080 + name: grpc + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - "nfd-master" + resources: + {{- toYaml .Values.master.resources | nindent 12 }} + args: + {{- if .Values.master.instance | empty | not }} + - "--instance={{ .Values.master.instance }}" + {{- end }} + {{- if .Values.master.extraLabelNs | empty | not }} + - "--extra-label-ns={{- join "," .Values.master.extraLabelNs }}" + {{- end }} + {{- if .Values.master.featureRulesController | kindIs "invalid" | not }} + - "-featurerules-controller={{ .Values.master.featureRulesController }}" + {{- else }} + ## By default, disable NodeFeatureRules controller for other than the default instances + - "-featurerules-controller={{ .Values.master.instance | empty }}" + {{- end }} + {{- if .Values.tls.enable }} + - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" + - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" + - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" + volumeMounts: + - name: nfd-master-cert + mountPath: "/etc/kubernetes/node-feature-discovery/certs" + readOnly: true + volumes: + - name: nfd-master-cert + secret: + secretName: nfd-master-cert + ## /TLS ## + {{- end }} + {{- with .Values.master.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nfd-worker-conf.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nfd-worker-conf.yaml new file mode 100644 index 000000000..93c8d86d0 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nfd-worker-conf.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker-conf + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} +data: + nfd-worker.conf: |- + {{- .Values.worker.config | toYaml | nindent 4 }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml new file mode 100644 index 000000000..f5d30850a --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/nodefeaturerule-crd.yaml @@ -0,0 +1,3 @@ +{{- if .Values.nodeFeatureRule.createCRD }} +{{ .Files.Get "manifests/nodefeaturerule-crd.yaml" }} +{{- end}} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/service.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/service.yaml new file mode 100644 index 000000000..97d0a5878 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-master + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: master +spec: + type: {{ .Values.master.service.type }} + ports: + - port: {{ .Values.master.service.port }} + targetPort: grpc + protocol: TCP + name: grpc + selector: + {{- include "node-feature-discovery.selectorLabels" . | nindent 4 }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/serviceaccount.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/serviceaccount.yaml new file mode 100644 index 000000000..f75143577 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/serviceaccount.yaml @@ -0,0 +1,26 @@ +{{- if .Values.master.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.serviceAccountName" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.master.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} + +--- +{{- if .Values.topologyUpdater.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + {{- with .Values.topologyUpdater.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater-crds.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater-crds.yaml new file mode 100644 index 000000000..cf5daf27b --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater-crds.yaml @@ -0,0 +1,145 @@ +{{- if and .Values.topologyUpdater.enable .Values.topologyUpdater.createCRDs -}} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870 + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: noderesourcetopologies.topology.node.k8s.io +spec: + group: topology.node.k8s.io + names: + kind: NodeResourceTopology + listKind: NodeResourceTopologyList + plural: noderesourcetopologies + shortNames: + - node-res-topo + singular: noderesourcetopology + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - topologyPolicies + - zones + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater.yaml new file mode 100644 index 000000000..ffddc1903 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/topologyupdater.yaml @@ -0,0 +1,111 @@ +{{- if .Values.topologyUpdater.enable -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-topology-updater + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: topology-updater +spec: + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: topology-updater + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: topology-updater + annotations: + {{- toYaml .Values.topologyUpdater.annotations | nindent 8 }} + spec: + serviceAccountName: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }} + dnsPolicy: ClusterFirstWithHostNet + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.topologyUpdater.podSecurityContext | nindent 8 }} + containers: + - name: topology-updater + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: "{{ .Values.image.pullPolicy }}" + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + command: + - "nfd-topology-updater" + args: + - "--server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" + {{- if .Values.topologyUpdater.updateInterval | empty | not }} + - "--sleep-interval={{ .Values.topologyUpdater.updateInterval }}" + {{- else }} + - "--sleep-interval=3s" + {{- end }} + {{- if .Values.topologyUpdater.watchNamespace | empty | not }} + - "--watch-namespace={{ .Values.topologyUpdater.watchNamespace }}" + {{- else }} + - "--watch-namespace=*" + {{- end }} + {{- if .Values.tls.enable }} + - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" + - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" + - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" + {{- end }} + volumeMounts: + - name: kubelet-config + mountPath: /host-var/lib/kubelet/config.yaml + - name: kubelet-podresources-sock + mountPath: /host-var/lib/kubelet/pod-resources/kubelet.sock + - name: host-sys + mountPath: /host-sys + {{- if .Values.tls.enable }} + - name: nfd-topology-updater-cert + mountPath: "/etc/kubernetes/node-feature-discovery/certs" + readOnly: true + {{- end }} + + resources: + {{- toYaml .Values.topologyUpdater.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.topologyUpdater.securityContext | nindent 12 }} + volumes: + - name: host-sys + hostPath: + path: "/sys" + - name: kubelet-config + hostPath: + {{- if .Values.topologyUpdater.kubeletConfigPath | empty | not }} + path: {{ .Values.topologyUpdater.kubeletConfigPath }} + {{- else }} + path: /var/lib/kubelet/config.yaml + {{- end }} + - name: kubelet-podresources-sock + hostPath: + {{- if .Values.topologyUpdater.kubeletPodResourcesSockPath | empty | not }} + path: {{ .Values.topologyUpdater.kubeletPodResourcesSockPath }} + {{- else }} + path: /var/lib/kubelet/pod-resources/kubelet.sock + {{- end }} + {{- if .Values.tls.enable }} + - name: nfd-topology-updater-cert + secret: + secretName: nfd-topology-updater-cert + {{- end }} + + {{- with .Values.topologyUpdater.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologyUpdater.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.topologyUpdater.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/worker.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/worker.yaml new file mode 100644 index 000000000..40c6a1558 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/templates/worker.yaml @@ -0,0 +1,128 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ include "node-feature-discovery.fullname" . }}-worker + labels: + {{- include "node-feature-discovery.labels" . | nindent 4 }} + role: worker +spec: + selector: + matchLabels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 6 }} + role: worker + template: + metadata: + labels: + {{- include "node-feature-discovery.selectorLabels" . | nindent 8 }} + role: worker + annotations: + {{- toYaml .Values.worker.annotations | nindent 8 }} + spec: + dnsPolicy: ClusterFirstWithHostNet + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} + containers: + - name: worker + securityContext: + {{- toYaml .Values.worker.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + command: + - "nfd-worker" + args: + - "--server={{ include "node-feature-discovery.fullname" . }}-master:{{ .Values.master.service.port }}" +{{- if .Values.tls.enable }} + - "--ca-file=/etc/kubernetes/node-feature-discovery/certs/ca.crt" + - "--key-file=/etc/kubernetes/node-feature-discovery/certs/tls.key" + - "--cert-file=/etc/kubernetes/node-feature-discovery/certs/tls.crt" +{{- end }} + volumeMounts: + - name: host-boot + mountPath: "/host-boot" + readOnly: true + - name: host-os-release + mountPath: "/host-etc/os-release" + readOnly: true + - name: host-sys + mountPath: "/host-sys" + readOnly: true + - name: host-usr-lib + mountPath: "/host-usr/lib" + readOnly: true + {{- if .Values.worker.mountUsrSrc }} + - name: host-usr-src + mountPath: "/host-usr/src" + readOnly: true + {{- end }} + - name: source-d + mountPath: "/etc/kubernetes/node-feature-discovery/source.d/" + readOnly: true + - name: features-d + mountPath: "/etc/kubernetes/node-feature-discovery/features.d/" + readOnly: true + - name: nfd-worker-conf + mountPath: "/etc/kubernetes/node-feature-discovery" + readOnly: true +{{- if .Values.tls.enable }} + - name: nfd-worker-cert + mountPath: "/etc/kubernetes/node-feature-discovery/certs" + readOnly: true +{{- end }} + volumes: + - name: host-boot + hostPath: + path: "/boot" + - name: host-os-release + hostPath: + path: "/etc/os-release" + - name: host-sys + hostPath: + path: "/sys" + - name: host-usr-lib + hostPath: + path: "/usr/lib" + {{- if .Values.worker.mountUsrSrc }} + - name: host-usr-src + hostPath: + path: "/usr/src" + {{- end }} + - name: source-d + hostPath: + path: "/etc/kubernetes/node-feature-discovery/source.d/" + - name: features-d + hostPath: + path: "/etc/kubernetes/node-feature-discovery/features.d/" + - name: nfd-worker-conf + configMap: + name: {{ include "node-feature-discovery.fullname" . }}-worker-conf + items: + - key: nfd-worker.conf + path: nfd-worker.conf +{{- if .Values.tls.enable }} + - name: nfd-worker-cert + secret: + secretName: nfd-worker-cert +{{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/values.yaml b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/values.yaml new file mode 100644 index 000000000..f84924150 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/charts/node-feature-discovery/values.yaml @@ -0,0 +1,401 @@ +image: + repository: k8s.gcr.io/nfd/node-feature-discovery + # This should be set to 'IfNotPresent' for released version + pullPolicy: IfNotPresent + # tag, if defined will use the given image tag, else Chart.AppVersion will be used + # tag +imagePullSecrets: [] + +nameOverride: "" +fullnameOverride: "" + +nodeFeatureRule: + createCRD: true + +master: + instance: + extraLabelNs: [] + featureRulesController: null + + replicaCount: 1 + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + # runAsUser: 1000 + + serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + + rbac: + create: true + + service: + type: ClusterIP + port: 8080 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: + - key: "node-role.kubernetes.io/master" + operator: "Equal" + value: "" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/control-plane" + operator: "Equal" + value: "" + effect: "NoSchedule" + + annotations: {} + + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/master" + operator: In + values: [""] + - weight: 1 + preference: + matchExpressions: + - key: "node-role.kubernetes.io/control-plane" + operator: In + values: [""] + +worker: + config: ### + #core: + # labelWhiteList: + # noPublish: false + # sleepInterval: 60s + # featureSources: [all] + # labelSources: [all] + # klog: + # addDirHeader: false + # alsologtostderr: false + # logBacktraceAt: + # logtostderr: true + # skipHeaders: false + # stderrthreshold: 2 + # v: 0 + # vmodule: + ## NOTE: the following options are not dynamically run-time configurable + ## and require a nfd-worker restart to take effect after being changed + # logDir: + # logFile: + # logFileMaxSize: 1800 + # skipLogHeaders: false + #sources: + # cpu: + # cpuid: + ## NOTE: whitelist has priority over blacklist + # attributeBlacklist: + # - "BMI1" + # - "BMI2" + # - "CLMUL" + # - "CMOV" + # - "CX16" + # - "ERMS" + # - "F16C" + # - "HTT" + # - "LZCNT" + # - "MMX" + # - "MMXEXT" + # - "NX" + # - "POPCNT" + # - "RDRAND" + # - "RDSEED" + # - "RDTSCP" + # - "SGX" + # - "SSE" + # - "SSE2" + # - "SSE3" + # - "SSE4" + # - "SSE42" + # - "SSSE3" + # attributeWhitelist: + # kernel: + # kconfigFile: "/path/to/kconfig" + # configOpts: + # - "NO_HZ" + # - "X86" + # - "DMI" + # pci: + # deviceClassWhitelist: + # - "0200" + # - "03" + # - "12" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # - "subsystem_vendor" + # - "subsystem_device" + # usb: + # deviceClassWhitelist: + # - "0e" + # - "ef" + # - "fe" + # - "ff" + # deviceLabelFields: + # - "class" + # - "vendor" + # - "device" + # custom: + # # The following feature demonstrates the capabilities of the matchFeatures + # - name: "my custom rule" + # labels: + # my-ng-feature: "true" + # # matchFeatures implements a logical AND over all matcher terms in the + # # list (i.e. all of the terms, or per-feature matchers, must match) + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: + # AVX512F: {op: Exists} + # - feature: cpu.cstate + # matchExpressions: + # enabled: {op: IsTrue} + # - feature: cpu.pstate + # matchExpressions: + # no_turbo: {op: IsFalse} + # scaling_governor: {op: In, value: ["performance"]} + # - feature: cpu.rdt + # matchExpressions: + # RDTL3CA: {op: Exists} + # - feature: cpu.sst + # matchExpressions: + # bf.enabled: {op: IsTrue} + # - feature: cpu.topology + # matchExpressions: + # hardware_multithreading: {op: IsFalse} + # + # - feature: kernel.config + # matchExpressions: + # X86: {op: Exists} + # LSM: {op: InRegexp, value: ["apparmor"]} + # - feature: kernel.loadedmodule + # matchExpressions: + # e1000e: {op: Exists} + # - feature: kernel.selinux + # matchExpressions: + # enabled: {op: IsFalse} + # - feature: kernel.version + # matchExpressions: + # major: {op: In, value: ["5"]} + # minor: {op: Gt, value: ["10"]} + # + # - feature: storage.block + # matchExpressions: + # rotational: {op: In, value: ["0"]} + # dax: {op: In, value: ["0"]} + # + # - feature: network.device + # matchExpressions: + # operstate: {op: In, value: ["up"]} + # speed: {op: Gt, value: ["100"]} + # + # - feature: memory.numa + # matchExpressions: + # node_count: {op: Gt, value: ["2"]} + # - feature: memory.nv + # matchExpressions: + # devtype: {op: In, value: ["nd_dax"]} + # mode: {op: In, value: ["memory"]} + # + # - feature: system.osrelease + # matchExpressions: + # ID: {op: In, value: ["fedora", "centos"]} + # - feature: system.name + # matchExpressions: + # nodename: {op: InRegexp, value: ["^worker-X"]} + # + # - feature: local.label + # matchExpressions: + # custom-feature-knob: {op: Gt, value: ["100"]} + # + # # The following feature demonstrates the capabilities of the matchAny + # - name: "my matchAny rule" + # labels: + # my-ng-feature-2: "my-value" + # # matchAny implements a logical IF over all elements (sub-matchers) in + # # the list (i.e. at least one feature matcher must match) + # matchAny: + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-X: {op: Exists} + # - feature: pci.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["0200"]} + # - matchFeatures: + # - feature: kernel.loadedmodule + # matchExpressions: + # driver-module-Y: {op: Exists} + # - feature: usb.device + # matchExpressions: + # vendor: {op: In, value: ["8086"]} + # class: {op: In, value: ["02"]} + # + # # The following features demonstreate label templating capabilities + # - name: "my template rule" + # labelsTemplate: | + # {{ range .system.osrelease }}my-system-feature.{{ .Name }}={{ .Value }} + # {{ end }} + # matchFeatures: + # - feature: system.osrelease + # matchExpressions: + # ID: {op: InRegexp, value: ["^open.*"]} + # VERSION_ID.major: {op: In, value: ["13", "15"]} + # + # - name: "my template rule 2" + # labelsTemplate: | + # {{ range .pci.device }}my-pci-device.{{ .class }}-{{ .device }}=with-cpuid + # {{ end }} + # matchFeatures: + # - feature: pci.device + # matchExpressions: + # class: {op: InRegexp, value: ["^06"]} + # vendor: ["8086"] + # - feature: cpu.cpuid + # matchExpressions: + # AVX: {op: Exists} + # + # # The following examples demonstrate vars field and back-referencing + # # previous labels and vars + # - name: "my dummy kernel rule" + # labels: + # "my.kernel.feature": "true" + # matchFeatures: + # - feature: kernel.version + # matchExpressions: + # major: {op: Gt, value: ["2"]} + # + # - name: "my dummy rule with no labels" + # vars: + # "my.dummy.var": "1" + # matchFeatures: + # - feature: cpu.cpuid + # matchExpressions: {} + # + # - name: "my rule using backrefs" + # labels: + # "my.backref.feature": "true" + # matchFeatures: + # - feature: rule.matched + # matchExpressions: + # my.kernel.feature: {op: IsTrue} + # my.dummy.var: {op: Gt, value: ["0"]} + # +### + + podSecurityContext: {} + # fsGroup: 2000 + + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsNonRoot: true + # runAsUser: 1000 + + # Allow users to mount the hostPath /usr/src, useful for RHCOS on s390x + # Does not work on systems without /usr/src AND a read-only /usr, such as Talos + mountUsrSrc: false + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + + tolerations: [] + + annotations: {} + + affinity: {} + +topologyUpdater: + enable: false + createCRDs: false + + serviceAccount: + create: false + annotations: {} + name: + rbac: + create: false + + kubeletConfigPath: + kubeletPodResourcesSockPath: + updateInterval: 60s + watchNamespace: "*" + + podSecurityContext: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ "ALL" ] + readOnlyRootFilesystem: true + runAsUser: 0 + + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + + nodeSelector: {} + tolerations: [] + annotations: {} + affinity: {} + +# Optionally use encryption for worker <--> master comms +# TODO: verify hostname is not yet supported +# +# If you do not enable certManager (and have it installed) you will +# need to manually, or otherwise, provision the TLS certs as secrets +tls: + enable: false + certManager: false diff --git a/charts/fpga-operator/fpga-operator/2.7.401/questions.yaml b/charts/fpga-operator/fpga-operator/2.7.401/questions.yaml new file mode 100644 index 000000000..5a9a2b6d5 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/questions.yaml @@ -0,0 +1,208 @@ +questions: +- description: Sets HTTPS_PROXY environment variable in the container. + group: coral + label: httpsProxy + variable: coral.httpsProxy +- default: inaccel/coral + description: Container image name. + group: coral + label: image + required: true + variable: coral.image +- default: info + description: Sets LOG_LEVEL environment variable in the container. + group: coral + label: logLevel + options: + - all + - trace + - debug + - info + - warn + - error + - fatal + - 'off' + type: enum + variable: coral.logLevel +- description: Number of port to expose on the host. + group: coral + label: port + max: 65535 + min: 1 + type: int + variable: coral.port +- default: Always + description: Image pull policy. + group: coral + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: coral.pullPolicy +- description: Release version. + group: coral + label: tag + variable: coral.tag +- default: 'false' + description: Argument --debug to the entrypoint. + group: daemon + label: debug + required: true + type: boolean + variable: daemon.debug +- default: inaccel/daemon + description: Container image name. + group: daemon + label: image + required: true + variable: daemon.image +- description: Image pull policy. + group: daemon + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: daemon.pullPolicy +- default: latest + description: Release version. + group: daemon + label: tag + required: true + variable: daemon.tag +- default: 'true' + description: Indicates whether driver should be enabled. + group: driver + label: enabled + required: true + type: boolean + variable: driver.enabled +- default: inaccel/driver + description: Container image name. + group: driver + label: image + required: true + variable: driver.image +- description: Image pull policy. + group: driver + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: driver.pullPolicy +- default: latest + description: Release version. + group: driver + label: tag + required: true + variable: driver.tag +- default: 'true' + description: Dependency condition. + group: fpga-discovery + label: enabled + required: true + type: boolean + variable: fpga-discovery.enabled +- default: /var/lib/kubelet + description: Directory path for managing kubelet files. + group: kubelet + label: ' ' + required: true + variable: kubelet +- description: String value of the secret license key. + group: license + label: ' ' + variable: license +- default: inaccel/mkrt + description: Container image name. + group: mkrt + label: image + required: true + variable: mkrt.image +- description: Image pull policy. + group: mkrt + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: mkrt.pullPolicy +- default: latest + description: Release version. + group: mkrt + label: tag + required: true + variable: mkrt.tag +- default: inaccel/monitor + description: Container image name. + group: monitor + label: image + required: true + variable: monitor.image +- description: Number of port to expose on the host. + group: monitor + label: port + max: 65535 + min: 1 + type: int + variable: monitor.port +- default: Always + description: Image pull policy. + group: monitor + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: monitor.pullPolicy +- description: Release version. + group: monitor + label: tag + variable: monitor.tag +- default: 'false' + description: Argument --debug to the entrypoint. + group: reef + label: debug + required: true + type: boolean + variable: reef.debug +- default: inaccel/reef + description: Container image name. + group: reef + label: image + required: true + variable: reef.image +- description: Image pull policy. + group: reef + label: pullPolicy + options: + - Always + - IfNotPresent + - Never + type: enum + variable: reef.pullPolicy +- default: latest + description: Release version. + group: reef + label: tag + required: true + variable: reef.tag +- default: /etc/inaccel + description: Host-specific system configuration. + group: root + label: config + required: true + variable: root.config +- default: /var/lib/inaccel + description: Variable state information. + group: root + label: state + required: true + variable: root.state diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/NOTES.txt b/charts/fpga-operator/fpga-operator/2.7.401/templates/NOTES.txt new file mode 100644 index 000000000..25ed92fc6 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/NOTES.txt @@ -0,0 +1,3 @@ +{{ ( index $.Chart.Maintainers 0 ).Name }} [{{ include "chart" $ }}] {{ $.Release.Service }} chart +For detailed usage instructions visit: {{ index $.Chart.Sources 0 }} +For more product information contact: {{ ( index $.Chart.Maintainers 0 ).Email }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/_helpers.tpl b/charts/fpga-operator/fpga-operator/2.7.401/templates/_helpers.tpl new file mode 100644 index 000000000..468d12a8a --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/_helpers.tpl @@ -0,0 +1,28 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart" -}} +{{- printf "%s-%s" $.Chart.Name $.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "labels" -}} +helm.sh/chart: {{ include "chart" $ }} +{{ include "selectorLabels" $ }} +{{- if $.Chart.AppVersion }} +app.kubernetes.io/version: {{ $.Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ $.Release.Service }} +{{- end -}} + +{{/* +Selector labels +*/}} +{{- define "selectorLabels" -}} +app.kubernetes.io/name: {{ $.Chart.Name }} +app.kubernetes.io/instance: {{ $.Release.Name }} +{{- end -}} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role-binding.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role-binding.yaml new file mode 100644 index 000000000..919e035ef --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role-binding.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ $.Chart.Name }} +subjects: +- kind: ServiceAccount + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role.yaml new file mode 100644 index 000000000..a58a229d1 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/cluster-role.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} +rules: +- apiGroups: [""] + resources: ["nodes"] + verbs: ["patch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "update"] diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/csi-driver.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/csi-driver.yaml new file mode 100644 index 000000000..c72cdddfe --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/csi-driver.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: inaccel +spec: + attachRequired: false + volumeLifecycleModes: + - Ephemeral diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/daemon-set.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/daemon-set.yaml new file mode 100644 index 000000000..dd6767c8e --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/daemon-set.yaml @@ -0,0 +1,186 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} +spec: + selector: + matchLabels: + kind: DaemonSet + {{- include "selectorLabels" $ | nindent 6 }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: coral + labels: + kind: DaemonSet + {{- include "labels" $ | nindent 8 }} + spec: + containers: + - env: + {{- if $.Values.coral.httpsProxy }} + - name: HTTPS_PROXY + value: {{ $.Values.coral.httpsProxy }} + {{- end }} + {{- if $.Values.license }} + - name: LICENSE + valueFrom: + secretKeyRef: + key: license + name: {{ $.Chart.Name }} + {{- end }} + {{- if $.Values.coral.logLevel }} + - name: LOG_LEVEL + value: {{ $.Values.coral.logLevel }} + {{- end }} + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: {{ $.Values.coral.image }}:{{ default $.Chart.AppVersion $.Values.coral.tag }} + {{- if $.Values.coral.pullPolicy }} + imagePullPolicy: {{ $.Values.coral.pullPolicy }} + {{- end }} + name: coral + ports: + - containerPort: 55677 + {{- if $.Values.coral.port }} + hostPort: {{ $.Values.coral.port }} + {{- end }} + readinessProbe: + exec: + command: + - get + - coral + {{- if $.Values.coral.resources }} + resources: + {{- $.Values.coral.resources | toYaml | nindent 10 }} + {{- end }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /sys + name: sys + - mountPath: /var/lib/inaccel + mountPropagation: HostToContainer + name: state-root + - mountPath: /var/lib/kubelet/plugins_registry + name: kubelet + subPath: plugins_registry + - mountPath: /var/opt/inaccel/runtimes + name: data-root + readOnly: true + subPath: runtimes + - args: + - --debug={{ $.Values.daemon.debug }} + env: + - name: DOCKER + value: disabled + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: {{ $.Values.daemon.image }}:{{ $.Values.daemon.tag }} + {{- if $.Values.daemon.pullPolicy }} + imagePullPolicy: {{ $.Values.daemon.pullPolicy }} + {{- end }} + name: daemon + {{- if $.Values.daemon.resources }} + resources: + {{- $.Values.daemon.resources | toYaml | nindent 10 }} + {{- end }} + securityContext: + privileged: true + volumeMounts: + - mountPath: /var/lib/inaccel + mountPropagation: Bidirectional + name: state-root + - mountPath: /var/lib/kubelet/plugins_registry + name: kubelet + subPath: plugins_registry + - mountPath: {{ $.Values.kubelet }} + mountPropagation: Bidirectional + name: kubelet + - image: {{ $.Values.monitor.image }}:{{ default $.Chart.AppVersion $.Values.monitor.tag }} + {{- if $.Values.monitor.pullPolicy }} + imagePullPolicy: {{ $.Values.monitor.pullPolicy }} + {{- end }} + name: monitor + ports: + - containerPort: 19999 + {{- if $.Values.monitor.port }} + hostPort: {{ $.Values.monitor.port }} + {{- end }} + {{- if $.Values.monitor.resources }} + resources: + {{- $.Values.monitor.resources | toYaml | nindent 10 }} + {{- end }} + hostAliases: + - hostnames: + - coral + - daemon + - monitor + ip: 127.0.0.1 + hostPID: {{ $.Values.driver.enabled }} + initContainers: + {{- if $.Values.driver.enabled }} + - env: + - name: DRIVER_SYSROOT_DIR + value: /host + image: {{ $.Values.driver.image }}:{{ $.Values.driver.tag }} + {{- if $.Values.driver.pullPolicy }} + imagePullPolicy: {{ $.Values.driver.pullPolicy }} + {{- end }} + name: driver + securityContext: + privileged: true + volumeMounts: + - mountPath: /host + name: host + {{- end }} + - env: + - name: MKRT_CONFIG_PATH + value: {{ $.Values.root.config }}/runtimes + - name: MKRT_SYSROOT_DIR + value: /host + image: {{ $.Values.mkrt.image }}:{{ $.Values.mkrt.tag }} + {{- if $.Values.mkrt.pullPolicy }} + imagePullPolicy: {{ $.Values.mkrt.pullPolicy }} + {{- end }} + name: mkrt + volumeMounts: + - mountPath: /host + name: host + readOnly: true + - mountPath: /var/opt/inaccel/runtimes + name: data-root + subPath: runtimes + nodeSelector: + inaccel/fpga: enabled + priorityClassName: system-node-critical + serviceAccountName: {{ $.Chart.Name }} + volumes: + - emptyDir: {} + name: data-root + - hostPath: + path: / + name: host + - hostPath: + path: {{ $.Values.kubelet }} + name: kubelet + - hostPath: + path: /etc/localtime + name: localtime + - hostPath: + path: {{ $.Values.root.state }} + type: DirectoryOrCreate + name: state-root + - hostPath: + path: /sys + name: sys diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/deployment.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/deployment.yaml new file mode 100644 index 000000000..a91101371 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/deployment.yaml @@ -0,0 +1,61 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} +spec: + replicas: 1 + selector: + matchLabels: + kind: Deployment + {{- include "selectorLabels" $ | nindent 6 }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: reef + labels: + kind: Deployment + {{- include "labels" $ | nindent 8 }} + spec: + containers: + - args: + - --debug={{ $.Values.reef.debug }} + image: {{ $.Values.reef.image }}:{{ $.Values.reef.tag }} + {{- if $.Values.reef.pullPolicy }} + imagePullPolicy: {{ $.Values.reef.pullPolicy }} + {{- end }} + name: reef + {{- if $.Values.reef.resources }} + resources: + {{- $.Values.reef.resources | toYaml | nindent 10 }} + {{- end }} + volumeMounts: + - mountPath: /etc/inaccel + name: config-root + readOnly: true + hostAliases: + - hostnames: + - reef + ip: 127.0.0.1 + initContainers: + - args: + - init + env: + - name: MUTATING_WEBHOOK_CONFIGURATION_NAME + value: {{ $.Chart.Name }} + image: {{ $.Values.reef.image }}:{{ $.Values.reef.tag }} + {{- if $.Values.reef.pullPolicy }} + imagePullPolicy: {{ $.Values.reef.pullPolicy }} + {{- end }} + name: reef-init + volumeMounts: + - mountPath: /etc/inaccel + name: config-root + priorityClassName: system-cluster-critical + serviceAccountName: {{ $.Chart.Name }} + volumes: + - emptyDir: {} + name: config-root diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/mutating-webhook-configuration.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/mutating-webhook-configuration.yaml new file mode 100644 index 000000000..0028e67d1 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/mutating-webhook-configuration.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} +webhooks: +- admissionReviewVersions: ["v1"] + clientConfig: + service: + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} + name: reef.inaccel.com + objectSelector: + matchLabels: + inaccel/fpga: enabled + sideEffects: None diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/secret.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/secret.yaml new file mode 100644 index 000000000..117050d87 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/secret.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} +stringData: + {{- if $.Values.license }} + license: {{ $.Values.license }} + {{- end }} +type: Opaque diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/service-account.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/service-account.yaml new file mode 100644 index 000000000..8c34b4bdb --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/service-account.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/service.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/service.yaml new file mode 100644 index 000000000..eb644ae14 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }} + namespace: {{ $.Release.Namespace }} +spec: + ports: + - port: 443 + publishNotReadyAddresses: true + selector: + kind: Deployment + {{- include "selectorLabels" $ | nindent 4 }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/templates/tests/vadd.yaml b/charts/fpga-operator/fpga-operator/2.7.401/templates/tests/vadd.yaml new file mode 100644 index 000000000..acf3e6f8a --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/templates/tests/vadd.yaml @@ -0,0 +1,36 @@ +{{- range $index, $platform := $.Values.tests.vadd.platforms }} +{{- if and $platform.name $platform.vendor $platform.version }} +--- +apiVersion: v1 +kind: Pod +metadata: + annotations: + helm.sh/hook: test + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + inaccel/cli: | + {{- if $platform.labels }} + bitstream install https://store.inaccel.com/artifactory/bitstreams/{{ $platform.vendor }}/{{ $platform.name }}/{{ $platform.version }}/{{ join "_" $platform.labels }}/vector/1/1addition + {{- else }} + bitstream install https://store.inaccel.com/artifactory/bitstreams/{{ $platform.vendor }}/{{ $platform.name }}/{{ $platform.version }}/vector/1/1addition + {{- end }} + kubectl.kubernetes.io/default-container: vadd + labels: + inaccel/fpga: enabled + {{- include "labels" $ | nindent 4 }} + name: {{ $.Chart.Name }}-tests-vadd-{{ $index }} + namespace: {{ $.Release.Namespace }} +spec: + containers: + - image: {{ $.Values.tests.vadd.image }}:{{ $.Values.tests.vadd.tag }} + {{- if $.Values.tests.vadd.pullPolicy }} + imagePullPolicy: {{ $.Values.tests.vadd.pullPolicy }} + {{- end }} + name: vadd + resources: + limits: + {{ $platform.vendor }}/{{ $platform.name }}: 1 + nodeSelector: + {{ $platform.vendor }}/{{ $platform.name }}: {{ $platform.version }} + restartPolicy: Never +{{- end }} +{{- end }} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/values.schema.json b/charts/fpga-operator/fpga-operator/2.7.401/values.schema.json new file mode 100644 index 000000000..9db100402 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/values.schema.json @@ -0,0 +1,415 @@ +{ + "$schema": "http://json-schema.org/schema#", + "description": "Simplifying FPGA management in Kubernetes", + "properties": { + "coral": { + "form": true, + "properties": { + "httpsProxy": { + "description": "Sets HTTPS_PROXY environment variable in the container.", + "form": true, + "title": "httpsProxy", + "type": "string" + }, + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "logLevel": { + "description": "Sets LOG_LEVEL environment variable in the container.", + "enum": [ + "all", + "trace", + "debug", + "info", + "warn", + "error", + "fatal", + "off" + ], + "form": true, + "title": "logLevel", + "type": "string" + }, + "port": { + "description": "Number of port to expose on the host.", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0, + "form": true, + "multipleOf" : 1, + "title": "port", + "type": "integer" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "resources": { + "description": "Compute resources required by this container.", + "title": "resources", + "type": "object" + }, + "tag": { + "default": "2.1", + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "daemon": { + "form": true, + "properties": { + "debug": { + "description": "Argument --debug to the entrypoint.", + "form": true, + "title": "debug", + "type": "boolean" + }, + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "resources": { + "description": "Compute resources required by this container.", + "title": "resources", + "type": "object" + }, + "tag": { + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "debug", + "image", + "tag" + ], + "type": "object" + }, + "driver": { + "form": true, + "properties": { + "enabled": { + "description": "Indicates whether driver should be enabled.", + "form": true, + "title": "enabled", + "type": "boolean" + }, + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "tag": { + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "enabled", + "image", + "tag" + ], + "type": "object" + }, + "fpga-discovery": { + "form": true, + "properties": { + "enabled": { + "description": "Dependency condition.", + "form": true, + "title": "enabled", + "type": "boolean" + } + }, + "required": [ + "enabled" + ], + "type": "object" + }, + "kubelet": { + "description": "Directory path for managing kubelet files.", + "form": true, + "title": "kubelet", + "type": "string" + }, + "license": { + "description": "String value of the secret license key.", + "form": true, + "title": "license", + "type": "string" + }, + "mkrt": { + "form": true, + "properties": { + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "tag": { + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "image", + "tag" + ], + "type": "object" + }, + "monitor": { + "form": true, + "properties": { + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "port": { + "description": "Number of port to expose on the host.", + "exclusiveMaximum": 65536, + "exclusiveMinimum": 0, + "form": true, + "multipleOf" : 1, + "title": "port", + "type": "integer" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "resources": { + "description": "Compute resources required by this container.", + "title": "resources", + "type": "object" + }, + "tag": { + "default": "2.1", + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "image" + ], + "type": "object" + }, + "reef": { + "form": true, + "properties": { + "debug": { + "description": "Argument --debug to the entrypoint.", + "form": true, + "title": "debug", + "type": "boolean" + }, + "image": { + "description": "Container image name.", + "form": true, + "title": "image", + "type": "string" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "form": true, + "title": "pullPolicy", + "type": "string" + }, + "resources": { + "description": "Compute resources required by this container.", + "title": "resources", + "type": "object" + }, + "tag": { + "description": "Release version.", + "form": true, + "title": "tag", + "type": "string" + } + }, + "required": [ + "debug", + "image", + "tag" + ], + "type": "object" + }, + "root": { + "form": true, + "properties": { + "config": { + "description": "Host-specific system configuration.", + "form": true, + "title": "config", + "type": "string" + }, + "state": { + "description": "Variable state information.", + "form": true, + "title": "state", + "type": "string" + } + }, + "required": [ + "config", + "state" + ], + "type": "object" + }, + "tests": { + "properties": { + "vadd": { + "properties": { + "image": { + "description": "Container image name.", + "title": "image", + "type": "string" + }, + "platforms": { + "description": "FPGA platforms to test.", + "items": { + "properties": { + "labels": { + "items": { + "type": "string" + }, + "type": "array" + }, + "name": { + "type": "string" + }, + "vendor": { + "type": "string" + }, + "version": { + "type": "string" + } + }, + "required": [ + "name", + "vendor", + "version" + ], + "type": "object" + }, + "title": "platforms", + "type": "array" + }, + "pullPolicy": { + "description": "Image pull policy.", + "enum": [ + "Always", + "IfNotPresent", + "Never" + ], + "title": "pullPolicy", + "type": "string" + }, + "tag": { + "description": "Release version.", + "title": "tag", + "type": "string" + } + }, + "required": [ + "image", + "tag" + ], + "type": "object" + } + }, + "required": [ + "vadd" + ], + "type": "object" + } + }, + "required": [ + "coral", + "daemon", + "driver", + "fpga-discovery", + "kubelet", + "mkrt", + "monitor", + "reef", + "root", + "tests" + ], + "title": "InAccel FPGA Operator", + "type": "object" +} diff --git a/charts/fpga-operator/fpga-operator/2.7.401/values.yaml b/charts/fpga-operator/fpga-operator/2.7.401/values.yaml new file mode 100644 index 000000000..e309922c9 --- /dev/null +++ b/charts/fpga-operator/fpga-operator/2.7.401/values.yaml @@ -0,0 +1,92 @@ +coral: + # httpsProxy: ... + image: inaccel/coral + logLevel: info + # port: ... + pullPolicy: Always + # resources: ... + # tag: ... + +daemon: + debug: false + image: inaccel/daemon + # pullPolicy: ... + # resources: ... + tag: latest + +driver: + enabled: true + image: inaccel/driver + # pullPolicy: ... + tag: latest + +fpga-discovery: + enabled: true + fullnameOverride: fpga-discovery + image: + tag: v0.10.0-minimal + master: + extraLabelNs: + - inaccel + instance: fpga-discovery + nodeFeatureRule: + createCRD: false + worker: + config: + core: + sources: + - custom + sources: + custom: + - matchOn: + # intel-fpga + - pciId: + device: ["09c4", "0b2b"] + vendor: ["8086"] + # xilinx-fpga + - pciId: + vendor: ["10ee"] + - pciId: + device: ["1042", "f010"] + vendor: ["1d0f"] + name: inaccel/fpga + value: enabled + +kubelet: /var/lib/kubelet + +# license: ... + +mkrt: + image: inaccel/mkrt + # pullPolicy: ... + tag: latest + +monitor: + image: inaccel/monitor + # port: ... + pullPolicy: Always + # resources: ... + # tag: ... + +reef: + debug: false + image: inaccel/reef + # pullPolicy: ... + # resources: ... + tag: latest + +root: + config: /etc/inaccel + state: /var/lib/inaccel + +tests: + vadd: + image: inaccel/vadd + # platforms: + # - labels: + # - ... + # name: ... + # vendor: ... + # version: ... + # pullPolicy: ... + tag: latest diff --git a/index.yaml b/index.yaml index 09ba9b7df..5e0bd356c 100755 --- a/index.yaml +++ b/index.yaml @@ -1196,6 +1196,63 @@ entries: - assets/federatorai/federatorai-4.5.100.tgz version: 4.5.100 fpga-operator: + - annotations: + artifacthub.io/images: | + - image: inaccel/coral:2.1 + name: coral + - image: inaccel/daemon:latest + name: daemon + - image: inaccel/driver:latest + name: driver + - image: inaccel/mkrt:latest + name: mkrt + - image: inaccel/monitor:2.1 + name: monitor + - image: inaccel/reef:latest + name: reef + - image: inaccel/vadd:latest + name: tests.vadd + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.inaccel.com + - name: Support + url: https://github.com/inaccel/helm/issues + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: InAccel FPGA Operator + catalog.cattle.io/namespace: kube-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: inaccel + catalog.cattle.io/scope: downstream + category: Infrastructure + apiVersion: v2 + appVersion: "2.1" + created: "2022-02-01T00:24:11.035427266+02:00" + dependencies: + - alias: fpga-discovery + condition: fpga-discovery.enabled + name: node-feature-discovery + repository: file://./charts/node-feature-discovery + version: 0.10.0 + description: Simplifying FPGA management in Kubernetes + digest: 2378a4bfbbbd1c89488e8d8a6c99ebd88474c7756e7c6d4a2974313086b8b5c0 + home: https://inaccel.com + icon: https://en.gravatar.com/userimage/147236320/2a11cd2992b4521ec287587f03fae35c.png?size=1250 + keywords: + - fpga + - infrastructure + kubeVersion: '>= 1.18.0-0' + maintainers: + - email: info@inaccel.com + name: InAccel + name: fpga-operator + sources: + - https://docs.inaccel.com + - https://github.com/inaccel/helm + type: application + urls: + - assets/fpga-operator/fpga-operator-2.7.401.tgz + version: 2.7.401 - annotations: artifacthub.io/license: Apache-2.0 artifacthub.io/links: |