Network Operator deployment support in vanilla K8S air gap environment #375
Conversation
|
/retest-nic_operator_kind |
There was a problem hiding this comment.
@e0ne should we have under docs/ a document about disconnected env covering these configurations ? or do you think its better to just have it in the official docs ? as its not regarded as a "common" flow
pkg/state/state_ofed.go
Outdated
| for filename := range cm.Data { | ||
| filenames = append(filenames, filename) | ||
| } | ||
| // sort so volume mounts are added to spec in deterministic order |
There was a problem hiding this comment.
can you extend this comment to explain why this is needed ?
| @@ -339,6 +339,8 @@ imagePullSecrets: | |||
| | `ofedDriver.version` | string | `5.5-1.0.3.2` | Mellanox OFED driver version | | |||
| | `ofedDriver.imagePullSecrets` | list | `[]` | An optional list of references to secrets to use for pulling any of the Mellanox OFED driver image | | |||
| | `ofedDriver.env` | list | `[]` | An optional list of [environment variables](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#envvar-v1-core) passed to the Mellanox OFED driver image | | |||
| | `ofedDriver.repoConfig.configMapName` | string | `` | Private mirror repository configuration configMap name | | |||
There was a problem hiding this comment.
i feel like these two should be named the same : either name or configMapName WDYT ?
need to align thoroughout the PR (helm, CRD, code)
There was a problem hiding this comment.
I think this is to align with NVIDIA gpu-operator, they have such names for parameters
There was a problem hiding this comment.
these two parameters are very similar, and should be named the same for consistency.
we do not have a strict requirement to have the same api as gpu operator. where we can improve / provide a more consistent api , i think we should.
There was a problem hiding this comment.
changed to 'name' in both places
There was a problem hiding this comment.
@e0ne please also change here in the README
pkg/state/state_ofed.go
Outdated
| @@ -295,7 +295,7 @@ func (s *stateOFED) getManifestObjects( | |||
| if err != nil { | |||
| return nil, fmt.Errorf("ERROR: failed to create ConfigMap VolumeMounts for custom repo config: %v", err) | |||
| } | |||
| volume := s.createConfigMapVolume(cr.Spec.OFEDDriver.CertConfig.Name, itemsToInclude) | |||
| volume := s.createConfigMapVolume(cr.Spec.OFEDDriver.RepoConfig.ConfigMapName, itemsToInclude) | |||
There was a problem hiding this comment.
this needs to be in previous commit
ATM this is not a defined use-case. in case driver container/node restarted, it would have new data (repo/creds) |
These options are broken at the moment and was never used. To pass environment variable to OFED driver you can use ofedDriver.env parameters. HTTP_PROXY/HTTPS_PROXY environment variabes are not confiurable for operator and nv-peer-mem pod anymore. Signed-off-by: Ivan Kolodiazhny <ikolodiazhny@nvidia.com>
| @@ -405,6 +412,12 @@ spec: | |||
| - initialDelaySeconds | |||
| - periodSeconds | |||
| type: object | |||
| repoConfig: | |||
| description: 'Optional: Custom repo configuration for OFED container' | |||
There was a problem hiding this comment.
nit: here you use OFED container and above you use driver container. pick one :)
| @@ -69,6 +81,10 @@ type OFEDDriverSpec struct { | |||
| Env []v1.EnvVar `json:"env,omitempty"` | |||
| // Ofed auto-upgrade settings | |||
| OfedUpgradePolicy *OfedUpgradePolicySpec `json:"upgradePolicy,omitempty"` | |||
| // Optional: Custom certificates configuration for driver container | |||
| CertConfig *DriverCertConfigSpec `json:"certConfig,omitempty"` | |||
There was a problem hiding this comment.
General question.
can this also be used for package manager related certificates (e.g when signing repo packages with custom gpg key)
i guess not, so if later on we will need to support it, then we can add RepoCertConfig.
i think the description here should be updated to explicitly state that these are SSL certificates
| @@ -55,6 +55,18 @@ type PodProbeSpec struct { | |||
| PeriodSeconds int `json:"periodSeconds"` | |||
| } | |||
|
|
|||
| // DriverCertConfigSpec defines custom certificates configuration for driver container | |||
| type DriverCertConfigSpec struct { | |||
There was a problem hiding this comment.
The two are essentially the same.
i.e they (*ConfigSpec) point to a configmap
maybe define single type: ConfigMapSpec
an use it as the type of both CertConfig and RepoConfig below
There was a problem hiding this comment.
or name it ConfigMapNameReference like in openshift :)
| @@ -405,6 +412,12 @@ spec: | |||
| - initialDelaySeconds | |||
| - periodSeconds | |||
| type: object | |||
| repoConfig: | |||
| description: 'Optional: Custom repo configuration for OFED container' | |||
There was a problem hiding this comment.
same comment as above , use either "OFED container" or "driver container"
pkg/state/state_ofed.go
Outdated
|
|
||
| err = s.mountAdditionalVolumesFromConfigMap(&additionalVolMounts, cr.Spec.OFEDDriver.RepoConfig.Name, destinationDir) | ||
| if err != nil { | ||
| return nil, fmt.Errorf("failed to custom repositories configuration: %v", err) |
There was a problem hiding this comment.
same comment as above
e0ne
force-pushed
the
proxy
branch
2 times, most recently
from
d012260
to
b201d8e
Compare
pkg/state/state_ofed.go
Outdated
| @@ -152,6 +239,22 @@ func (s *stateOFED) GetWatchSources() map[string]*source.Kind { | |||
| return wr | |||
| } | |||
|
|
|||
| func (s *stateOFED) mountAdditionalVolumesFromConfigMap( | |||
There was a problem hiding this comment.
nit: this method doesnt actually mount anything but rather generate volumes and volume mounts. also it mainly revolves around additionalVolumeMounts type so perhaps we should have a method in that struct.
suggestion:
define:
(am *additionalMounts) FromConfigMap(cm *v1.ConfigMap, destDir) error
which will populate additionalMounts from configmap.
then you just need to rename this method to handleAdditionalMounts which will get configmap and call am.FromConfigMap(....)
or this logic (Getting config map and populating additionalMount struct can be called directly from getManifestObjects
wdyt ?
There was a problem hiding this comment.
also please add docstring to added methods above :) if we go this route.
|
@e0ne PTAL |
pkg/state/state_ofed.go
Outdated
| func (a *additionalVolumeMounts) FromConfigMap(configMap *v1.ConfigMap, destDir string) error { | ||
| volumeMounts, itemsToInclude, err := a.createConfigMapVolumeMounts(configMap, destDir) | ||
| if err != nil { | ||
| return fmt.Errorf("ERROR: failed to create ConfigMap VolumeMounts for custom repo config: %v", err) |
There was a problem hiding this comment.
i think its clear its an error so no need for ERROR: prefix.
also error should not reference custom repo config but rather something generic like:
"failed to create Volume mounts from configmap. %v, err"
pkg/state/state_ofed.go
Outdated
| objKey := client.ObjectKey{Namespace: namespace, Name: configMapName} | ||
| err := s.client.Get(context.TODO(), objKey, configMap) | ||
| if err != nil { | ||
| return fmt.Errorf("ERROR: could not get ConfigMap %s from client: %v", configMapName, err) |
There was a problem hiding this comment.
nit: Drop ERROR: prefix the object returned here is an error
pkg/state/state_ofed.go
Outdated
|
|
||
| err = volMounts.FromConfigMap(configMap, destDir) | ||
| if err != nil { | ||
| return fmt.Errorf("ERROR: could not create volume mounts for ConfigMap: %s", configMapName) |
There was a problem hiding this comment.
nit: Drop ERROR: prefix the object returned here is an error
This patch adds certConfig and custom repo configuration options for OFED driver. Signed-off-by: Ivan Kolodiazhny <ikolodiazhny@nvidia.com>
|
LGTM, thanks @e0ne ! just need CI to pass and this can be merged |
No description provided.