From cc32b3170a8cdba2b1114f5d28eed9b8628e09c8 Mon Sep 17 00:00:00 2001 From: Yury Kulazhenkov Date: Fri, 14 Jun 2024 10:29:56 +0300 Subject: [PATCH] Update nv-ipam to v0.2.0 This version contains support for static IPs and new CIDRPool API. Signed-off-by: Yury Kulazhenkov --- config/rbac/role.yaml | 17 ++ controllers/nicclusterpolicy_controller.go | 2 + .../network-operator/templates/role.yaml | 2 + deployment/network-operator/values.yaml | 2 +- ...lpha1_nicclusterpolicy_cr-nvidia-ipam.yaml | 2 +- hack/release.yaml | 2 +- .../005-nv-ipam.nvidia.com_cidrpools.yaml | 231 ++++++++++++++++++ .../005-nv-ipam.nvidia.com_ippools.yaml | 17 +- .../state-nv-ipam-cni/020-cluster-role.yaml | 3 + manifests/state-nv-ipam-cni/035-webhook.yaml | 20 ++ 10 files changed, 294 insertions(+), 4 deletions(-) create mode 100644 manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_cidrpools.yaml diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 1dab4611..f3b30aac 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -306,6 +306,23 @@ rules: - get - list - watch +- apiGroups: + - nv-ipam.nvidia.com + resources: + - cidrpools + verbs: + - create + - get + - list + - watch +- apiGroups: + - nv-ipam.nvidia.com + resources: + - cidrpools/status + verbs: + - get + - patch + - update - apiGroups: - nv-ipam.nvidia.com resources: diff --git a/controllers/nicclusterpolicy_controller.go b/controllers/nicclusterpolicy_controller.go index f11ceefa..21b3c699 100644 --- a/controllers/nicclusterpolicy_controller.go +++ b/controllers/nicclusterpolicy_controller.go @@ -83,6 +83,8 @@ type NicClusterPolicyReconciler struct { // +kubebuilder:rbac:groups=config.openshift.io,resources=proxies;clusterversions,verbs=get;list;watch // +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=ippools,verbs=get;list;watch;create; // +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=ippools/status,verbs=get;update;patch; +// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=cidrpools,verbs=get;list;watch;create; +// +kubebuilder:rbac:groups=nv-ipam.nvidia.com,resources=cidrpools/status,verbs=get;update;patch; // +kubebuilder:rbac:groups=cert-manager.io,resources=issuers;certificates,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete // +kubebuilder:rbac:groups=image.openshift.io,resources=imagestreams,verbs=get;list;watch diff --git a/deployment/network-operator/templates/role.yaml b/deployment/network-operator/templates/role.yaml index b46053b0..8e9adfa1 100644 --- a/deployment/network-operator/templates/role.yaml +++ b/deployment/network-operator/templates/role.yaml @@ -325,6 +325,7 @@ rules: - nv-ipam.nvidia.com resources: - ippools + - cidrpools verbs: - create - get @@ -334,6 +335,7 @@ rules: - nv-ipam.nvidia.com resources: - ippools/status + - cidrpools/status verbs: - get - patch diff --git a/deployment/network-operator/values.yaml b/deployment/network-operator/values.yaml index 3fc4f3c8..69327624 100644 --- a/deployment/network-operator/values.yaml +++ b/deployment/network-operator/values.yaml @@ -325,7 +325,7 @@ nvIpam: deploy: false image: nvidia-k8s-ipam repository: ghcr.io/mellanox - version: v0.1.2 + version: v0.2.0 enableWebhook: false # imagePullSecrets: [] # containerResources: diff --git a/example/crs/mellanox.com_v1alpha1_nicclusterpolicy_cr-nvidia-ipam.yaml b/example/crs/mellanox.com_v1alpha1_nicclusterpolicy_cr-nvidia-ipam.yaml index f518650a..4aed4cf2 100644 --- a/example/crs/mellanox.com_v1alpha1_nicclusterpolicy_cr-nvidia-ipam.yaml +++ b/example/crs/mellanox.com_v1alpha1_nicclusterpolicy_cr-nvidia-ipam.yaml @@ -69,5 +69,5 @@ spec: nvIpam: image: nvidia-k8s-ipam repository: ghcr.io/mellanox - version: v0.1.2 + version: v0.2.0 enableWebhook: false diff --git a/hack/release.yaml b/hack/release.yaml index f304c9e1..1ee8f65d 100644 --- a/hack/release.yaml +++ b/hack/release.yaml @@ -60,7 +60,7 @@ IpamPlugin: nvIpam: image: nvidia-k8s-ipam repository: ghcr.io/mellanox - version: v0.1.2 + version: v0.2.0 nicFeatureDiscovery: image: nic-feature-discovery repository: ghcr.io/mellanox diff --git a/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_cidrpools.yaml b/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_cidrpools.yaml new file mode 100644 index 00000000..18471c72 --- /dev/null +++ b/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_cidrpools.yaml @@ -0,0 +1,231 @@ +# 2024 NVIDIA CORPORATION & AFFILIATES +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.13.0 + name: cidrpools.nv-ipam.nvidia.com +spec: + group: nv-ipam.nvidia.com + names: + kind: CIDRPool + listKind: CIDRPoolList + plural: cidrpools + singular: cidrpool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.cidr + name: CIDR + type: string + - jsonPath: .spec.gatewayIndex + name: Gateway index + type: string + - jsonPath: .spec.perNodeNetworkPrefix + name: Per Node Network Prefix + type: integer + name: v1alpha1 + schema: + openAPIV3Schema: + description: CIDRPool contains configuration for CIDR pool + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CIDRPoolSpec contains configuration for CIDR pool + properties: + cidr: + description: pool CIDR block which will be split to smaller prefixes(size + is define in perNodeNetworkPrefix) and distributed between matching + nodes + type: string + exclusions: + description: contains reserved IP addresses that should not be allocated + by nv-ipam + items: + description: ExcludeRange contains range of IP addresses to exclude + from allocation startIP and endIP are part of the ExcludeRange + properties: + endIP: + type: string + startIP: + type: string + required: + - endIP + - startIP + type: object + type: array + gatewayIndex: + description: use IP with this index from the host prefix as a gateway, + skip gateway configuration if the value not set + type: integer + nodeSelector: + description: selector for nodes, if empty match all nodes + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms + are ORed. + items: + description: A null or empty node selector term matches no objects. + The requirements of them are ANDed. The TopologySelectorTerm + type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's + labels. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's + fields. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, + the values array must have a single element, which + will be interpreted as an integer. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + perNodeNetworkPrefix: + description: size of the network prefix for each host, the network + defined in "cidr" field will be split to multiple networks with + this size. + type: integer + staticAllocations: + description: static allocations for the pool + items: + description: CIDRPoolStaticAllocation contains static allocation + for a CIDR pool + properties: + gateway: + description: gateway for the node + type: string + nodeName: + description: name of the node for static allocation, can be + empty in case if the prefix should be preallocated without + assigning it for a specific node + type: string + prefix: + description: statically allocated prefix + type: string + required: + - prefix + type: object + type: array + required: + - cidr + - perNodeNetworkPrefix + type: object + status: + description: CIDRPoolStatus contains the IP prefixes allocated to nodes + properties: + allocations: + description: prefixes allocations for Nodes + items: + description: CIDRPoolAllocation contains prefix allocated for a + specific Node + properties: + gateway: + description: gateway for the node + type: string + nodeName: + description: name of the node which owns this allocation + type: string + prefix: + description: allocated prefix + type: string + required: + - nodeName + - prefix + type: object + type: array + required: + - allocations + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_ippools.yaml b/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_ippools.yaml index 30c14485..c13e68d4 100644 --- a/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_ippools.yaml +++ b/manifests/state-nv-ipam-cni/005-nv-ipam.nvidia.com_ippools.yaml @@ -57,6 +57,22 @@ spec: spec: description: IPPoolSpec contains configuration for IP pool properties: + exclusions: + description: contains reserved IP addresses that should not be allocated + by nv-ipam + items: + description: ExcludeRange contains range of IP addresses to exclude + from allocation startIP and endIP are part of the ExcludeRange + properties: + endIP: + type: string + startIP: + type: string + required: + - endIP + - startIP + type: object + type: array gateway: description: gateway for the pool type: string @@ -152,7 +168,6 @@ spec: description: subnet of the pool type: string required: - - gateway - perNodeBlockSize - subnet type: object diff --git a/manifests/state-nv-ipam-cni/020-cluster-role.yaml b/manifests/state-nv-ipam-cni/020-cluster-role.yaml index 099a80f5..34f7d933 100644 --- a/manifests/state-nv-ipam-cni/020-cluster-role.yaml +++ b/manifests/state-nv-ipam-cni/020-cluster-role.yaml @@ -29,6 +29,7 @@ rules: - nv-ipam.nvidia.com resources: - ippools + - cidrpools verbs: - get - list @@ -62,6 +63,7 @@ rules: - nv-ipam.nvidia.com resources: - ippools + - cidrpools verbs: - get - list @@ -71,6 +73,7 @@ rules: - nv-ipam.nvidia.com resources: - ippools/status + - cidrpools/status verbs: - get - update diff --git a/manifests/state-nv-ipam-cni/035-webhook.yaml b/manifests/state-nv-ipam-cni/035-webhook.yaml index 4f413339..1a47b9bd 100644 --- a/manifests/state-nv-ipam-cni/035-webhook.yaml +++ b/manifests/state-nv-ipam-cni/035-webhook.yaml @@ -43,4 +43,24 @@ webhooks: resources: - ippools sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: nv-ipam-webhook-service + namespace: {{ .RuntimeSpec.Namespace }} + path: /validate-nv-ipam-nvidia-com-v1alpha1-cidrpool + failurePolicy: Fail + name: validate-cidrpool.nv-ipam.nvidia.com + rules: + - apiGroups: + - nv-ipam.nvidia.com + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - cidrpools + sideEffects: None {{ end }}