diff --git a/build/cni/Dockerfile b/build/cni/Dockerfile new file mode 100644 index 000000000..240d82380 --- /dev/null +++ b/build/cni/Dockerfile @@ -0,0 +1,21 @@ +FROM golang:1.19 AS builder + +ARG GO_LDFLAGS +ARG TARGETARCH + +WORKDIR /code +COPY . . + +RUN CGO_ENABLED=0 GOOS=linux GOARCH=$TARGETARCH GO_LDFLAGS=$GO_LDFLAGS make WHAT=edgemesh-cni + + +FROM alpine:3.11 + +RUN apk update && apk --no-cache add iptables && apk --no-cache add dpkg + +COPY --from=builder /code/_output/local/bin/edgemesh-cni /usr/local/bin/edgemesh-cni + +# Copy cni cfg +COPY --from=builder /code/build/cni/init-cni /usr/local/init-cni + +ENTRYPOINT ["sh", "-c", "/usr/local/init-cni && echo 'CNI pre-install completed, exiting...' && exit 0"] \ No newline at end of file diff --git a/build/cni/init-cni.sh b/build/cni/init-cni.sh new file mode 100644 index 000000000..a491fe815 --- /dev/null +++ b/build/cni/init-cni.sh @@ -0,0 +1,35 @@ +#!/bin/sh + +# check if edgecore is installed +if pgrep "edgecore" >/dev/null; then + echo "Edgecore process is running. Continuing with the initialization steps." + + # copy cni to host + rm -f /opt/cni/bin/egdemesh-cni.old || true + ( [ -f "/opt/cni/bin/egdemesh-cni" ] && mv /usr/local/bin/edgemesh-cni /opt/cni/bin/egdemesh-cni.old ) || true + cp /usr/local/bin/edgemesh-cni /opt/cni/bin/egdemesh-cni + rm -f /opt/cni/bin/egdemesh-cni.old &>/dev/null || true + + # generate 10-edgemesh-cni.conflist under /etc/edgemesh/config/ + cat < /etc/edgemesh/config/10-edgemesh-cni.conflist +{ + "cniVersion": "0.0.1", + "name": "edgemesh", + "type": "edgemesh", + "delegate": { + "cniVersion": "0.0.1", + "type":"bridge", + "ipam": { + "type":"spiderpool" + } + } +} +EOF + + # cpoy it to /etc/cni/net.d + cp -f /etc/edgemesh/config/10-edgemesh-cni.conflist /etc/cni/net.d/ + +else + echo "Edgecore process is not running. Exiting." + exit 1 +fi \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/.relok8s-images.yaml b/build/helm/edgemesh/charts/spiderpool/.relok8s-images.yaml new file mode 100644 index 000000000..ac03c08d2 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/.relok8s-images.yaml @@ -0,0 +1,13 @@ +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.spiderpoolAgent.image.repository }}:{{ .spiderpool.spiderpoolAgent.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.spiderpoolController.image.repository }}:{{ .spiderpool.spiderpoolController.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.spiderpoolInit.image.repository }}:{{ .spiderpool.spiderpoolInit.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.multus.multusCNI.image.repository }}:{{ .spiderpool.multus.multusCNI.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.rdma.rdmaSharedDevicePlugin.image.repository }}:{{ .spiderpool.rdma.rdmaSharedDevicePlugin.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.plugins.image.repository }}:{{ .spiderpool.plugins.image.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.operator.repository }}:{{ .spiderpool.sriov.image.operator.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.sriovConfigDaemon.repository }}:{{ .spiderpool.sriov.image.sriovConfigDaemon.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.sriovCni.repository }}:{{ .spiderpool.sriov.image.sriovCni.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.ibSriovCni.repository }}:{{ .spiderpool.sriov.image.ibSriovCni.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.sriovDevicePlugin.repository }}:{{ .spiderpool.sriov.image.sriovDevicePlugin.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.resourcesInjector.repository }}:{{ .spiderpool.sriov.image.resourcesInjector.tag }}" +- "{{ .spiderpool.global.imageRegistryOverride }}/{{ .spiderpool.sriov.image.webhook.repository }}:{{ .spiderpool.sriov.image.webhook.tag }}" diff --git a/build/helm/edgemesh/charts/spiderpool/Chart.yaml b/build/helm/edgemesh/charts/spiderpool/Chart.yaml new file mode 100644 index 000000000..48268cc81 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v2 +appVersion: 0.9.0 +description: underlay CNI solution for kubernetes +home: https://spidernet-io.github.io/spiderpool +icon: https://raw.githubusercontent.com/spidernet-io/spiderpool/main/docs/images/spider.svg +keywords: + - spiderpool + - underlay + - networking + - ipam +kubeVersion: '>= 1.16.0-0' +maintainers: + - name: spidernet-io + url: https://github.com/spidernet-io +name: spiderpool +sources: + - https://github.com/spidernet-io/spiderpool +type: application +version: 0.9.0 +dependencies: + - name: spiderpool + version: "0.9.0" + repository: "https://spidernet-io.github.io/spiderpool" diff --git a/build/helm/edgemesh/charts/spiderpool/README.md b/build/helm/edgemesh/charts/spiderpool/README.md new file mode 100644 index 000000000..e8e594691 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/README.md @@ -0,0 +1,431 @@ +# spiderpool + +## Introduction + +The Spiderpool is an IP Address Management (IPAM) CNI plugin that assigns IP addresses for kubernetes clusters. + +Any Container Network Interface (CNI) plugin supporting third-party IPAM plugins can use the Spiderpool. + +## Why Spiderpool + +Most overlay CNIs, like +[Cilium](https://github.com/cilium/cilium) +and [Calico](https://github.com/projectcalico/calico), +have a good implementation of IPAM, so the Spiderpool is not intentionally designed for these cases, but maybe integrated with them. + +The Spiderpool is intentionally designed to use with underlay network, where administrators can accurately manage each IP. + +Currently, in the community, the IPAM plugins such as [whereabout](https://github.com/k8snetworkplumbingwg/whereabouts), [kube-ipam](https://github.com/cloudnativer/kube-ipam), +[static](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/static), +[dhcp](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/dhcp), and [host-local](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/host-local), +few of them could help solve complex underlay-network issues, so we decide to develop the Spiderpool. + +BTW, there are also some CNI plugins that could work on the underlay mode, such as [kube-ovn](https://github.com/kubeovn/kube-ovn) and [coil](https://github.com/cybozu-go/coil). +But the Spiderpool provides lots of different features, you could see [Features](#features) for details. + +## Features + +The Spiderpool provides a large number of different features as follows. + +* Based on CRD storage, all operation could be done with kubernetes API-server. + +* Support for assigning IP addresses with three options: IPv4-only, IPv6-only, and dual-stack. + +* Support for working on the clusters with three options: IPv4-only, IPv6-only, and dual-stack. + +* Support for creating multiple ippools. + Different namespaces and applications could monopolize or share an ippool. + +* An application could specify multiple backup ippool resources, in case that IP addresses in an ippool are out of use. Therefore, you neither need to scale up the IP resources in a fixed ippool, nor need to modify the application yaml to change a ippool. + +* Support to bind range of IP address only to an applications. No need to hard code an IP list in deployment yaml, which is not easy to modify. With Spiderpool, you only need to set the selector field of ippool and scale up or down the IP resource of an ippool dynamically. + +* Support Statefulset pod who will be always assigned same IP addresses. + +* Different pods in a single controller could get IP addresses from + different subnets for an application deployed in different subnets or zones. + +* Administrator could safely edit ippool resources, the Spiderpool will help validate the modification and prevent from data race. + +* Collect resources in real time, especially for solving IP leakage or slow collection, which may make new pod fail to assign IP addresses. + +* Support ranges of CNI plugin who supports third-party IPAM plugins. Especially, the Spiderpool could help much for CNI like [spiderflat](https://github.com/spidernet-io/spiderflat), + [macvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/macvlan), + [vlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/vlan), + [ipvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/ipvlan), + [sriov CNI](https://github.com/k8snetworkplumbingwg/sriov-cni), + [ovs CNI](https://github.com/k8snetworkplumbingwg/ovs-cni). + +* Especially support for [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni) case to assign IP for multiple interfaces. + +* Have a good performance for assigning and collecting IP. + +* Support to reserve IP who will not be assigned to any pod. + +* Included metrics for looking into IP usage and issues. + +* By CidrManager, it could automatically create new ippool for application who needs fixed IP address, and retrieve the ippool when application is deleted. That could reduce the administrator workload. + +* Support for both AMD64 and ARM64. + +## Install + +### Quick Start + +```shell +helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system +``` + +> NOTICE: +> +> (1). By default, SpiderPool automatically installs Multus, and if your cluster already has Multus installed, you can use "--set multus.multusCNI.install=false" disable installing Multus. +> +> (2). By default, spiderpool creates a corresponding Spidermultusconfig instance for the cluster default CNI (the first CNI configuration file under the /etc/cni/net.d path). If no CNI files are found, SpiderPool creates a Spidermultusconfig instance named default, and you need to manually update the CNI configuration of this instance after installation. +> +> (3). You can manually specify the default CNI of the cluster through "--set multus.multusCNI.defaultCniCRName=". you need to manually create this instance after installation. + +### Init default IPPool + +```shell +helm repo add spiderpool https://spidernet-io.github.io/spiderpool + +IPV4_SUBNET_YOU_EXPECT="172.18.40.0/24" +IPV4_IPRANGES_YOU_EXPECT="172.18.40.40-172.20.40.200" + +helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \ + --set clusterDefaultPool.installIPv4IPPool=true \ + --set clusterDefaultPool.ipv4Subnet=${IPV4_SUBNET_YOU_EXPECT} \ + --set clusterDefaultPool.ipv4IPRanges={${IPV4_IPRANGES_YOU_EXPECT}} +``` + +> NOTICE: +> +> (1) if default ippool is installed by helm, please add '--wait' parament in the helm command. Because, the spiderpool will install +> webhook for checking spiderippool CRs, if the spiderpool controller pod is not running, the default ippool will fail to apply and the helm install command fails +> Or else, you could create default ippool after helm installation. +> +> (2) spiderpool-controller pod is running as hostnetwork mode, and it needs take host port, +> it is set with podAntiAffinity to make sure that a node will only run a spiderpool-controller pod. +> so, if you set the replicas number of spiderpool-controller to be bigger than 2, make sure there is enough nodes + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------------- | --------------------------------------------------------------------------- | ------------------------------------ | +| `global.imageRegistryOverride` | Global image registry for all images, which is used for offline environment | `""` | +| `global.nameOverride` | instance name | `""` | +| `global.clusterDnsDomain` | cluster dns domain | `cluster.local` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `global.commonLabels` | Labels to add to all deployed objects | `{}` | +| `global.cniBinHostPath` | the host path of the IPAM plugin directory. | `/opt/cni/bin` | +| `global.cniConfHostPath` | the host path of the cni config directory | `/etc/cni/net.d` | +| `global.ipamUNIXSocketHostPath` | the host path of unix domain socket for ipam plugin | `/var/run/spidernet/spiderpool.sock` | +| `global.configName` | the configmap name | `spiderpool-conf` | +| `global.ciliumConfigMap` | the cilium's configMap, default is kube-system/cilium-config | `kube-system/cilium-config` | + +### ipam parameters + +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------- | ------ | +| `ipam.enableIPv4` | enable ipv4 | `true` | +| `ipam.enableIPv6` | enable ipv6 | `true` | +| `ipam.enableStatefulSet` | the network mode | `true` | +| `ipam.enableKubevirtStaticIP` | the feature to keep kubevirt vm pod static IP | `true` | +| `ipam.enableSpiderSubnet` | SpiderSubnet feature gate. | `true` | +| `ipam.subnetDefaultFlexibleIPNumber` | the default flexible IP number of SpiderSubnet feature auto-created IPPools | `1` | +| `ipam.gc.enabled` | enable retrieve IP in spiderippool CR | `true` | +| `ipam.gc.gcAll.intervalInSecond` | the gc all interval duration | `600` | +| `ipam.gc.GcDeletingTimeOutPod.enabled` | enable retrieve IP for the pod who times out of deleting graceful period | `true` | +| `ipam.gc.GcDeletingTimeOutPod.delay` | the gc delay seconds after the pod times out of deleting graceful period | `0` | + +### grafanaDashboard parameters + +| Name | Description | Value | +| ------------------------------ | ------------------------------------------------------------------------------------------------ | ------- | +| `grafanaDashboard.install` | install grafanaDashboard for spiderpool. This requires the grafana operator CRDs to be available | `false` | +| `grafanaDashboard.namespace` | the grafanaDashboard namespace. Default to the namespace of helm instance | `""` | +| `grafanaDashboard.annotations` | the additional annotations of spiderpool grafanaDashboard | `{}` | +| `grafanaDashboard.labels` | the additional label of spiderpool grafanaDashboard | `{}` | + +### coordinator parameters + +| Name | Description | Value | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `coordinator.enabled` | enable SpiderCoordinator | `true` | +| `coordinator.name` | the name of the default SpiderCoordinator CR | `default` | +| `coordinator.mode` | optional network mode, ["auto","underlay", "overlay", "disabled"] | `auto` | +| `coordinator.podCIDRType` | Pod CIDR type that should be collected, [ "auto", "cluster", "calico", "cilium", "none" ] | `auto` | +| `coordinator.detectGateway` | detect the reachability of the gateway | `false` | +| `coordinator.detectIPConflict` | detect IP address conflicts | `false` | +| `coordinator.tunePodRoutes` | tune Pod routes | `true` | +| `coordinator.hijackCIDR` | Additional subnets that need to be hijacked to the host forward, the default link-local range "169.254.0.0/16" is used for NodeLocal DNS | `["169.254.0.0/16"]` | + +### rdma parameters + +| Name | Description | Value | +| ----------------------------------------------------------------- | ------------------------------------------------------- | -------------------------------------- | +| `rdma.rdmaSharedDevicePlugin.install` | install rdma shared device plugin for macvlan cni | `false` | +| `rdma.rdmaSharedDevicePlugin.name` | the name of rdma shared device plugin | `spiderpool-rdma-shared-device-plugin` | +| `rdma.rdmaSharedDevicePlugin.image.registry` | the image registry of rdma shared device plugin | `ghcr.io` | +| `rdma.rdmaSharedDevicePlugin.image.repository` | the image repository of rdma shared device plugin | `mellanox/k8s-rdma-shared-dev-plugin` | +| `rdma.rdmaSharedDevicePlugin.image.pullPolicy` | the image pullPolicy of rdma shared device plugin | `IfNotPresent` | +| `rdma.rdmaSharedDevicePlugin.image.digest` | the image digest of rdma shared device plugin | `""` | +| `rdma.rdmaSharedDevicePlugin.image.tag` | the image tag of rdma shared device plugin | `latest` | +| `rdma.rdmaSharedDevicePlugin.image.imagePullSecrets` | the image imagePullSecrets of rdma shared device plugin | `[]` | +| `rdma.rdmaSharedDevicePlugin.podAnnotations` | the additional annotations | `{}` | +| `rdma.rdmaSharedDevicePlugin.podLabels` | the additional label | `{}` | +| `rdma.rdmaSharedDevicePlugin.resources.limits.cpu` | the cpu limit | `300m` | +| `rdma.rdmaSharedDevicePlugin.resources.limits.memory` | the memory limit | `300Mi` | +| `rdma.rdmaSharedDevicePlugin.resources.requests.cpu` | the cpu requests | `100m` | +| `rdma.rdmaSharedDevicePlugin.resources.requests.memory` | the memory requests | `50Mi` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.periodicUpdateInterval` | periodic Update Interval | `300` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.resourcePrefix` | resource prefix | `spidernet.io` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.resourceName` | resource Name | `hca_shared_devices` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.rdmaHcaMax` | rdma Hca Max | `500` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.vendors` | rdma device vendors, default to mellanox device | `15b3` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.deviceIDs` | rdma device IDs, default to mellanox device | `1017` | + +### multus parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | +| `multus.enableMultusConfig` | enable SpiderMultusConfig | `true` | +| `multus.multusCNI.install` | enable install multus-CNI | `true` | +| `multus.multusCNI.uninstall` | enable remove multus-CNI configuration and binary files on multus-ds pod shutdown. Enable this if you uninstall multus from your cluster. Disable this in the multus upgrade phase to prevent CNI configuration file from being removed, which may cause pods start failure | `false` | +| `multus.multusCNI.name` | the name of spiderpool multus | `spiderpool-multus` | +| `multus.multusCNI.image.registry` | the multus-CNI image registry | `ghcr.io` | +| `multus.multusCNI.image.repository` | the multus-CNI image repository | `k8snetworkplumbingwg/multus-cni` | +| `multus.multusCNI.image.pullPolicy` | the multus-CNI image pullPolicy | `IfNotPresent` | +| `multus.multusCNI.image.digest` | the multus-CNI image digest | `""` | +| `multus.multusCNI.image.tag` | the multus-CNI image tag | `v3.9.3` | +| `multus.multusCNI.image.imagePullSecrets` | the multus-CNI image imagePullSecrets | `[]` | +| `multus.multusCNI.defaultCniCRName` | if this value is empty, multus will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/, if no cni files found in /etc/cni/net.d, A Spidermultusconfig CR named default will be created, please update the related SpiderMultusConfig for default CNI after installation. The namespace of defaultCniCRName follows with the release namespace of spdierpool | `""` | +| `multus.multusCNI.securityContext.privileged` | the securityContext privileged of multus-CNI daemonset pod | `true` | +| `multus.multusCNI.extraEnv` | the additional environment variables of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.extraVolumes` | the additional volumes of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.extraVolumeMounts` | the additional hostPath mounts of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.log.logLevel` | the multus-CNI daemonset pod log level | `debug` | +| `multus.multusCNI.log.logFile` | the multus-CNI daemonset pod log file | `/var/log/multus.log` | + +### plugins parameters + +| Name | Description | Value | +| -------------------------------- | ---------------------------------------------------------- | -------------------------------------------- | +| `plugins.installCNI` | install all cni plugins to each node | `false` | +| `plugins.installRdmaCNI` | install rdma cni used to isolate rdma device for sriov cni | `true` | +| `plugins.installOvsCNI` | install ovs cni to each node | `true` | +| `plugins.installibSriovCNI` | install ib-sriov cni to each node | `true` | +| `plugins.installIpoibCNI` | install ipoib cni to each node | `true` | +| `plugins.image.registry` | the image registry of plugins | `ghcr.io` | +| `plugins.image.repository` | the image repository of plugins | `spidernet-io/spiderpool/spiderpool-plugins` | +| `plugins.image.pullPolicy` | the image pullPolicy of plugins | `IfNotPresent` | +| `plugins.image.digest` | the image digest of plugins | `""` | +| `plugins.image.tag` | the image tag of plugins | `v0.9.2` | +| `plugins.image.imagePullSecrets` | the image imagePullSecrets of plugins | `[]` | + +### clusterDefaultPool parameters + +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------- | ------------------- | +| `clusterDefaultPool.installIPv4IPPool` | install ipv4 spiderpool instance. It is required to set ipam.enableIPv4=true | `false` | +| `clusterDefaultPool.installIPv6IPPool` | install ipv6 spiderpool instance. It is required to set ipam.enableIPv6=true | `false` | +| `clusterDefaultPool.ipv4IPPoolName` | the name of ipv4 spiderpool instance | `default-v4-ippool` | +| `clusterDefaultPool.ipv6IPPoolName` | the name of ipv6 spiderpool instance | `default-v6-ippool` | +| `clusterDefaultPool.ipv4SubnetName` | the name of ipv4 spidersubnet instance | `default-v4-subnet` | +| `clusterDefaultPool.ipv6SubnetName` | the name of ipv6 spidersubnet instance | `default-v6-subnet` | +| `clusterDefaultPool.ipv4Subnet` | the subnet of ipv4 spiderpool instance | `""` | +| `clusterDefaultPool.ipv6Subnet` | the subnet of ipv6 spiderpool instance | `""` | +| `clusterDefaultPool.ipv4IPRanges` | the available IP of ipv4 spiderpool instance | `[]` | +| `clusterDefaultPool.ipv6IPRanges` | the available IP of ipv6 spiderpool instance | `[]` | +| `clusterDefaultPool.ipv4Gateway` | the gateway of ipv4 subnet | `""` | +| `clusterDefaultPool.ipv6Gateway` | the gateway of ipv6 subnet | `""` | + +### spiderpoolAgent parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ------------------------------------------ | +| `spiderpoolAgent.name` | the spiderpoolAgent name | `spiderpool-agent` | +| `spiderpoolAgent.binName` | the binName name of spiderpoolAgent | `/usr/bin/spiderpool-agent` | +| `spiderpoolAgent.image.registry` | the image registry of spiderpoolAgent | `ghcr.io` | +| `spiderpoolAgent.image.repository` | the image repository of spiderpoolAgent | `spidernet-io/spiderpool/spiderpool-agent` | +| `spiderpoolAgent.image.pullPolicy` | the image pullPolicy of spiderpoolAgent | `IfNotPresent` | +| `spiderpoolAgent.image.digest` | the image digest of spiderpoolAgent, which takes preference over tag | `""` | +| `spiderpoolAgent.image.tag` | the image tag of spiderpoolAgent, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolAgent.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolAgent | `[]` | +| `spiderpoolAgent.serviceAccount.create` | create the service account for the spiderpoolAgent | `true` | +| `spiderpoolAgent.serviceAccount.annotations` | the annotations of spiderpoolAgent service account | `{}` | +| `spiderpoolAgent.service.annotations` | the annotations for spiderpoolAgent service | `{}` | +| `spiderpoolAgent.service.type` | the type for spiderpoolAgent service | `ClusterIP` | +| `spiderpoolAgent.priorityClassName` | the priority Class Name for spiderpoolAgent | `system-node-critical` | +| `spiderpoolAgent.affinity` | the affinity of spiderpoolAgent | `{}` | +| `spiderpoolAgent.extraArgs` | the additional arguments of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraEnv` | the additional environment variables of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraVolumes` | the additional volumes of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraVolumeMounts` | the additional hostPath mounts of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.podAnnotations` | the additional annotations of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.podLabels` | the additional label of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.resources.limits.cpu` | the cpu limit of spiderpoolAgent pod | `1000m` | +| `spiderpoolAgent.resources.limits.memory` | the memory limit of spiderpoolAgent pod | `1024Mi` | +| `spiderpoolAgent.resources.requests.cpu` | the cpu requests of spiderpoolAgent pod | `100m` | +| `spiderpoolAgent.resources.requests.memory` | the memory requests of spiderpoolAgent pod | `128Mi` | +| `spiderpoolAgent.securityContext` | the security Context of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.httpPort` | the http Port for spiderpoolAgent, for health checking | `5710` | +| `spiderpoolAgent.healthChecking.startupProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `60` | +| `spiderpoolAgent.healthChecking.startupProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `2` | +| `spiderpoolAgent.healthChecking.livenessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `6` | +| `spiderpoolAgent.healthChecking.livenessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `10` | +| `spiderpoolAgent.healthChecking.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `3` | +| `spiderpoolAgent.healthChecking.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `10` | +| `spiderpoolAgent.prometheus.enabled` | enable spiderpool agent to collect metrics | `false` | +| `spiderpoolAgent.prometheus.enabledDebugMetric` | enable spiderpool agent to collect debug level metrics | `false` | +| `spiderpoolAgent.prometheus.port` | the metrics port of spiderpool agent | `5711` | +| `spiderpoolAgent.prometheus.serviceMonitor.install` | install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolAgent.prometheus.serviceMonitor.namespace` | the serviceMonitor namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolAgent.prometheus.serviceMonitor.annotations` | the additional annotations of spiderpoolAgent serviceMonitor | `{}` | +| `spiderpoolAgent.prometheus.serviceMonitor.labels` | the additional label of spiderpoolAgent serviceMonitor | `{}` | +| `spiderpoolAgent.prometheus.serviceMonitor.interval` | represents the interval of spiderpoolAgent serviceMonitor's scraping action | `10s` | +| `spiderpoolAgent.prometheus.prometheusRule.install` | install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolAgent.prometheus.prometheusRule.namespace` | the prometheusRule namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolAgent.prometheus.prometheusRule.annotations` | the additional annotations of spiderpoolAgent prometheusRule | `{}` | +| `spiderpoolAgent.prometheus.prometheusRule.labels` | the additional label of spiderpoolAgent prometheusRule | `{}` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationFailure` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationOverTime` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMHighAllocationDurations` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseFailure` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseOverTime` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.debug.logLevel` | the log level of spiderpool agent [debug, info, warn, error, fatal, panic] | `info` | +| `spiderpoolAgent.debug.gopsPort` | the gops port of spiderpool agent | `5712` | + +### spiderpoolController parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `spiderpoolController.name` | the spiderpoolController name | `spiderpool-controller` | +| `spiderpoolController.replicas` | the replicas number of spiderpoolController pod | `1` | +| `spiderpoolController.binName` | the binName name of spiderpoolController | `/usr/bin/spiderpool-controller` | +| `spiderpoolController.hostnetwork` | enable hostnetwork mode of spiderpoolController pod. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `spiderpoolController.image.registry` | the image registry of spiderpoolController | `ghcr.io` | +| `spiderpoolController.image.repository` | the image repository of spiderpoolController | `spidernet-io/spiderpool/spiderpool-controller` | +| `spiderpoolController.image.pullPolicy` | the image pullPolicy of spiderpoolController | `IfNotPresent` | +| `spiderpoolController.image.digest` | the image digest of spiderpoolController, which takes preference over tag | `""` | +| `spiderpoolController.image.tag` | the image tag of spiderpoolController, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolController.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolController | `[]` | +| `spiderpoolController.serviceAccount.create` | create the service account for the spiderpoolController | `true` | +| `spiderpoolController.serviceAccount.annotations` | the annotations of spiderpoolController service account | `{}` | +| `spiderpoolController.service.annotations` | the annotations for spiderpoolController service | `{}` | +| `spiderpoolController.service.type` | the type for spiderpoolController service | `ClusterIP` | +| `spiderpoolController.priorityClassName` | the priority Class Name for spiderpoolController | `system-node-critical` | +| `spiderpoolController.affinity` | the affinity of spiderpoolController | `{}` | +| `spiderpoolController.extraArgs` | the additional arguments of spiderpoolController container | `[]` | +| `spiderpoolController.extraEnv` | the additional environment variables of spiderpoolController container | `[]` | +| `spiderpoolController.extraVolumes` | the additional volumes of spiderpoolController container | `[]` | +| `spiderpoolController.extraVolumeMounts` | the additional hostPath mounts of spiderpoolController container | `[]` | +| `spiderpoolController.podAnnotations` | the additional annotations of spiderpoolController pod | `{}` | +| `spiderpoolController.podLabels` | the additional label of spiderpoolController pod | `{}` | +| `spiderpoolController.securityContext` | the security Context of spiderpoolController pod | `{}` | +| `spiderpoolController.resources.limits.cpu` | the cpu limit of spiderpoolController pod | `500m` | +| `spiderpoolController.resources.limits.memory` | the memory limit of spiderpoolController pod | `1024Mi` | +| `spiderpoolController.resources.requests.cpu` | the cpu requests of spiderpoolController pod | `100m` | +| `spiderpoolController.resources.requests.memory` | the memory requests of spiderpoolController pod | `128Mi` | +| `spiderpoolController.podDisruptionBudget.enabled` | enable podDisruptionBudget for spiderpoolController pod | `false` | +| `spiderpoolController.podDisruptionBudget.minAvailable` | minimum number/percentage of pods that should remain scheduled. | `1` | +| `spiderpoolController.httpPort` | the http Port for spiderpoolController, for health checking and http service | `5720` | +| `spiderpoolController.healthChecking.startupProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `30` | +| `spiderpoolController.healthChecking.startupProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `2` | +| `spiderpoolController.healthChecking.livenessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `6` | +| `spiderpoolController.healthChecking.livenessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `10` | +| `spiderpoolController.healthChecking.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `3` | +| `spiderpoolController.healthChecking.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `10` | +| `spiderpoolController.webhookPort` | the http port for spiderpoolController webhook | `5722` | +| `spiderpoolController.prometheus.enabled` | enable spiderpool Controller to collect metrics | `false` | +| `spiderpoolController.prometheus.enabledDebugMetric` | enable spiderpool Controller to collect debug level metrics | `false` | +| `spiderpoolController.prometheus.port` | the metrics port of spiderpool Controller | `5721` | +| `spiderpoolController.prometheus.serviceMonitor.install` | install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolController.prometheus.serviceMonitor.namespace` | the serviceMonitor namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolController.prometheus.serviceMonitor.annotations` | the additional annotations of spiderpoolController serviceMonitor | `{}` | +| `spiderpoolController.prometheus.serviceMonitor.labels` | the additional label of spiderpoolController serviceMonitor | `{}` | +| `spiderpoolController.prometheus.serviceMonitor.interval` | represents the interval of spiderpoolController serviceMonitor's scraping action | `10s` | +| `spiderpoolController.prometheus.prometheusRule.install` | install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolController.prometheus.prometheusRule.namespace` | the prometheusRule namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolController.prometheus.prometheusRule.annotations` | the additional annotations of spiderpoolController prometheusRule | `{}` | +| `spiderpoolController.prometheus.prometheusRule.labels` | the additional label of spiderpoolController prometheusRule | `{}` | +| `spiderpoolController.prometheus.prometheusRule.enableWarningIPGCFailureCounts` | the additional rule of spiderpoolController prometheusRule | `true` | +| `spiderpoolController.debug.logLevel` | the log level of spiderpool Controller [debug, info, warn, error, fatal, panic] | `info` | +| `spiderpoolController.debug.gopsPort` | the gops port of spiderpool Controller | `5724` | +| `spiderpoolController.tls.method` | the method for generating TLS certificates. [ provided , certmanager , auto] | `auto` | +| `spiderpoolController.tls.secretName` | the secret name for storing TLS certificates | `spiderpool-controller-server-certs` | +| `spiderpoolController.tls.certmanager.certValidityDuration` | generated certificates validity duration in days for 'certmanager' method | `365` | +| `spiderpoolController.tls.certmanager.issuerName` | issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created. | `""` | +| `spiderpoolController.tls.certmanager.extraDnsNames` | extra DNS names added to certificate when it's auto generated | `[]` | +| `spiderpoolController.tls.certmanager.extraIPAddresses` | extra IP addresses added to certificate when it's auto generated | `[]` | +| `spiderpoolController.tls.provided.tlsCert` | encoded tls certificate for provided method | `""` | +| `spiderpoolController.tls.provided.tlsKey` | encoded tls key for provided method | `""` | +| `spiderpoolController.tls.provided.tlsCa` | encoded tls CA for provided method | `""` | +| `spiderpoolController.tls.auto.caExpiration` | ca expiration for auto method | `73000` | +| `spiderpoolController.tls.auto.certExpiration` | server cert expiration for auto method | `73000` | +| `spiderpoolController.tls.auto.extraIpAddresses` | extra IP addresses of server certificate for auto method | `[]` | +| `spiderpoolController.tls.auto.extraDnsNames` | extra DNS names of server cert for auto method | `[]` | + +### spiderpoolInit parameters + +| Name | Description | Value | +| ------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `spiderpoolInit.name` | the init job for installing default spiderippool | `spiderpool-init` | +| `spiderpoolInit.binName` | the binName name of spiderpoolInit | `/usr/bin/spiderpool-init` | +| `spiderpoolInit.hostnetwork` | enable hostnetwork mode of spiderpoolInit pod. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `spiderpoolInit.image.registry` | the image registry of spiderpoolInit | `ghcr.io` | +| `spiderpoolInit.image.repository` | the image repository of spiderpoolInit | `spidernet-io/spiderpool/spiderpool-controller` | +| `spiderpoolInit.image.pullPolicy` | the image pullPolicy of spiderpoolInit | `IfNotPresent` | +| `spiderpoolInit.image.digest` | the image digest of spiderpoolInit, which takes preference over tag | `""` | +| `spiderpoolInit.image.tag` | the image tag of spiderpoolInit, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolInit.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolInit | `[]` | +| `spiderpoolInit.priorityClassName` | the priority Class Name for spiderpoolInit | `system-node-critical` | +| `spiderpoolInit.affinity` | the affinity of spiderpoolInit | `{}` | +| `spiderpoolInit.extraArgs` | the additional arguments of spiderpoolInit container | `[]` | +| `spiderpoolInit.resources.limits.cpu` | the cpu limit of spiderpoolInit pod | `200m` | +| `spiderpoolInit.resources.limits.memory` | the memory limit of spiderpoolInit pod | `256Mi` | +| `spiderpoolInit.resources.requests.cpu` | the cpu requests of spiderpoolInit pod | `100m` | +| `spiderpoolInit.resources.requests.memory` | the memory requests of spiderpoolInit pod | `128Mi` | +| `spiderpoolInit.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpool-init health checking | `30` | +| `spiderpoolInit.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpool-init health checking | `10` | +| `spiderpoolInit.extraEnv` | the additional environment variables of spiderpoolInit container | `[]` | +| `spiderpoolInit.securityContext` | the security Context of spiderpoolInit pod | `{}` | +| `spiderpoolInit.podAnnotations` | the additional annotations of spiderpoolInit pod | `{}` | +| `spiderpoolInit.podLabels` | the additional label of spiderpoolInit pod | `{}` | +| `spiderpoolInit.serviceAccount.annotations` | the annotations of spiderpoolInit service account | `{}` | + +### sriov network operator parameters + +| Name | Description | Value | +| ------------------------------------------ | ----------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | +| `sriov.install` | install sriov network operator | `false` | +| `sriov.name` | the name of sriov network operator | `spiderpool-sriov-operator` | +| `sriov.affinity` | the affinity | `{}` | +| `sriov.hostnetwork` | enable hostnetwork mode. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `sriov.replicas` | the replicas number | `1` | +| `sriov.resourcePrefix` | the resource prefix | `spidernet.io` | +| `sriov.priorityClassName` | the priority Class Name | `system-node-critical` | +| `sriov.enableAdmissionController` | enable Admission Controller | `false` | +| `sriov.resources.limits.cpu` | the cpu limit | `300m` | +| `sriov.resources.limits.memory` | the memory limit | `300Mi` | +| `sriov.resources.requests.cpu` | the cpu requests | `100m` | +| `sriov.resources.requests.memory` | the memory requests | `128Mi` | +| `sriov.image.registry` | registry for all images | `ghcr.io` | +| `sriov.image.pullPolicy` | the image pullPolicy for all images | `IfNotPresent` | +| `sriov.image.imagePullSecrets` | the image imagePullSecrets for all images | `[]` | +| `sriov.image.operator.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator` | +| `sriov.image.operator.tag` | the image tag | `v1.2.0` | +| `sriov.image.sriovConfigDaemon.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator-config-daemon` | +| `sriov.image.sriovConfigDaemon.tag` | the image tag | `v1.2.0` | +| `sriov.image.sriovCni.repository` | the image repository | `k8snetworkplumbingwg/sriov-cni` | +| `sriov.image.sriovCni.tag` | the image tag | `v2.7.0` | +| `sriov.image.ibSriovCni.repository` | the image repository | `k8snetworkplumbingwg/ib-sriov-cni` | +| `sriov.image.ibSriovCni.tag` | the image tag | `v1.0.2` | +| `sriov.image.sriovDevicePlugin.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-device-plugin` | +| `sriov.image.sriovDevicePlugin.tag` | the image tag | `v3.5.1` | +| `sriov.image.resourcesInjector.repository` | the image repository | `k8snetworkplumbingwg/network-resources-injector` | +| `sriov.image.resourcesInjector.tag` | the image tag | `v1.5` | +| `sriov.image.webhook.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator-webhook` | +| `sriov.image.webhook.tag` | the image tag | `v1.2.0` | diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/.helmignore b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/Chart.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/Chart.yaml new file mode 100644 index 000000000..ea96c3f07 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/Chart.yaml @@ -0,0 +1,19 @@ +apiVersion: v2 +appVersion: 0.9.0 +description: underlay CNI solution for kubernetes +home: https://spidernet-io.github.io/spiderpool +icon: https://raw.githubusercontent.com/spidernet-io/spiderpool/main/docs/images/spider.svg +keywords: +- spiderpool +- underlay +- networking +- ipam +kubeVersion: '>= 1.16.0-0' +maintainers: +- name: spidernet-io + url: https://github.com/spidernet-io +name: spiderpool +sources: +- https://github.com/spidernet-io/spiderpool +type: application +version: 0.9.0 diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/LICENSE b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/LICENSE new file mode 100644 index 000000000..e773c58c5 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/LICENSE @@ -0,0 +1,202 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise compiles with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} Authors of spidernet-io + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/README.md b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/README.md new file mode 100644 index 000000000..e8e594691 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/README.md @@ -0,0 +1,431 @@ +# spiderpool + +## Introduction + +The Spiderpool is an IP Address Management (IPAM) CNI plugin that assigns IP addresses for kubernetes clusters. + +Any Container Network Interface (CNI) plugin supporting third-party IPAM plugins can use the Spiderpool. + +## Why Spiderpool + +Most overlay CNIs, like +[Cilium](https://github.com/cilium/cilium) +and [Calico](https://github.com/projectcalico/calico), +have a good implementation of IPAM, so the Spiderpool is not intentionally designed for these cases, but maybe integrated with them. + +The Spiderpool is intentionally designed to use with underlay network, where administrators can accurately manage each IP. + +Currently, in the community, the IPAM plugins such as [whereabout](https://github.com/k8snetworkplumbingwg/whereabouts), [kube-ipam](https://github.com/cloudnativer/kube-ipam), +[static](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/static), +[dhcp](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/dhcp), and [host-local](https://github.com/containernetworking/plugins/tree/main/plugins/ipam/host-local), +few of them could help solve complex underlay-network issues, so we decide to develop the Spiderpool. + +BTW, there are also some CNI plugins that could work on the underlay mode, such as [kube-ovn](https://github.com/kubeovn/kube-ovn) and [coil](https://github.com/cybozu-go/coil). +But the Spiderpool provides lots of different features, you could see [Features](#features) for details. + +## Features + +The Spiderpool provides a large number of different features as follows. + +* Based on CRD storage, all operation could be done with kubernetes API-server. + +* Support for assigning IP addresses with three options: IPv4-only, IPv6-only, and dual-stack. + +* Support for working on the clusters with three options: IPv4-only, IPv6-only, and dual-stack. + +* Support for creating multiple ippools. + Different namespaces and applications could monopolize or share an ippool. + +* An application could specify multiple backup ippool resources, in case that IP addresses in an ippool are out of use. Therefore, you neither need to scale up the IP resources in a fixed ippool, nor need to modify the application yaml to change a ippool. + +* Support to bind range of IP address only to an applications. No need to hard code an IP list in deployment yaml, which is not easy to modify. With Spiderpool, you only need to set the selector field of ippool and scale up or down the IP resource of an ippool dynamically. + +* Support Statefulset pod who will be always assigned same IP addresses. + +* Different pods in a single controller could get IP addresses from + different subnets for an application deployed in different subnets or zones. + +* Administrator could safely edit ippool resources, the Spiderpool will help validate the modification and prevent from data race. + +* Collect resources in real time, especially for solving IP leakage or slow collection, which may make new pod fail to assign IP addresses. + +* Support ranges of CNI plugin who supports third-party IPAM plugins. Especially, the Spiderpool could help much for CNI like [spiderflat](https://github.com/spidernet-io/spiderflat), + [macvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/macvlan), + [vlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/vlan), + [ipvlan CNI](https://github.com/containernetworking/plugins/tree/main/plugins/main/ipvlan), + [sriov CNI](https://github.com/k8snetworkplumbingwg/sriov-cni), + [ovs CNI](https://github.com/k8snetworkplumbingwg/ovs-cni). + +* Especially support for [Multus CNI](https://github.com/k8snetworkplumbingwg/multus-cni) case to assign IP for multiple interfaces. + +* Have a good performance for assigning and collecting IP. + +* Support to reserve IP who will not be assigned to any pod. + +* Included metrics for looking into IP usage and issues. + +* By CidrManager, it could automatically create new ippool for application who needs fixed IP address, and retrieve the ippool when application is deleted. That could reduce the administrator workload. + +* Support for both AMD64 and ARM64. + +## Install + +### Quick Start + +```shell +helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system +``` + +> NOTICE: +> +> (1). By default, SpiderPool automatically installs Multus, and if your cluster already has Multus installed, you can use "--set multus.multusCNI.install=false" disable installing Multus. +> +> (2). By default, spiderpool creates a corresponding Spidermultusconfig instance for the cluster default CNI (the first CNI configuration file under the /etc/cni/net.d path). If no CNI files are found, SpiderPool creates a Spidermultusconfig instance named default, and you need to manually update the CNI configuration of this instance after installation. +> +> (3). You can manually specify the default CNI of the cluster through "--set multus.multusCNI.defaultCniCRName=". you need to manually create this instance after installation. + +### Init default IPPool + +```shell +helm repo add spiderpool https://spidernet-io.github.io/spiderpool + +IPV4_SUBNET_YOU_EXPECT="172.18.40.0/24" +IPV4_IPRANGES_YOU_EXPECT="172.18.40.40-172.20.40.200" + +helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \ + --set clusterDefaultPool.installIPv4IPPool=true \ + --set clusterDefaultPool.ipv4Subnet=${IPV4_SUBNET_YOU_EXPECT} \ + --set clusterDefaultPool.ipv4IPRanges={${IPV4_IPRANGES_YOU_EXPECT}} +``` + +> NOTICE: +> +> (1) if default ippool is installed by helm, please add '--wait' parament in the helm command. Because, the spiderpool will install +> webhook for checking spiderippool CRs, if the spiderpool controller pod is not running, the default ippool will fail to apply and the helm install command fails +> Or else, you could create default ippool after helm installation. +> +> (2) spiderpool-controller pod is running as hostnetwork mode, and it needs take host port, +> it is set with podAntiAffinity to make sure that a node will only run a spiderpool-controller pod. +> so, if you set the replicas number of spiderpool-controller to be bigger than 2, make sure there is enough nodes + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------------- | --------------------------------------------------------------------------- | ------------------------------------ | +| `global.imageRegistryOverride` | Global image registry for all images, which is used for offline environment | `""` | +| `global.nameOverride` | instance name | `""` | +| `global.clusterDnsDomain` | cluster dns domain | `cluster.local` | +| `global.commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `global.commonLabels` | Labels to add to all deployed objects | `{}` | +| `global.cniBinHostPath` | the host path of the IPAM plugin directory. | `/opt/cni/bin` | +| `global.cniConfHostPath` | the host path of the cni config directory | `/etc/cni/net.d` | +| `global.ipamUNIXSocketHostPath` | the host path of unix domain socket for ipam plugin | `/var/run/spidernet/spiderpool.sock` | +| `global.configName` | the configmap name | `spiderpool-conf` | +| `global.ciliumConfigMap` | the cilium's configMap, default is kube-system/cilium-config | `kube-system/cilium-config` | + +### ipam parameters + +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------- | ------ | +| `ipam.enableIPv4` | enable ipv4 | `true` | +| `ipam.enableIPv6` | enable ipv6 | `true` | +| `ipam.enableStatefulSet` | the network mode | `true` | +| `ipam.enableKubevirtStaticIP` | the feature to keep kubevirt vm pod static IP | `true` | +| `ipam.enableSpiderSubnet` | SpiderSubnet feature gate. | `true` | +| `ipam.subnetDefaultFlexibleIPNumber` | the default flexible IP number of SpiderSubnet feature auto-created IPPools | `1` | +| `ipam.gc.enabled` | enable retrieve IP in spiderippool CR | `true` | +| `ipam.gc.gcAll.intervalInSecond` | the gc all interval duration | `600` | +| `ipam.gc.GcDeletingTimeOutPod.enabled` | enable retrieve IP for the pod who times out of deleting graceful period | `true` | +| `ipam.gc.GcDeletingTimeOutPod.delay` | the gc delay seconds after the pod times out of deleting graceful period | `0` | + +### grafanaDashboard parameters + +| Name | Description | Value | +| ------------------------------ | ------------------------------------------------------------------------------------------------ | ------- | +| `grafanaDashboard.install` | install grafanaDashboard for spiderpool. This requires the grafana operator CRDs to be available | `false` | +| `grafanaDashboard.namespace` | the grafanaDashboard namespace. Default to the namespace of helm instance | `""` | +| `grafanaDashboard.annotations` | the additional annotations of spiderpool grafanaDashboard | `{}` | +| `grafanaDashboard.labels` | the additional label of spiderpool grafanaDashboard | `{}` | + +### coordinator parameters + +| Name | Description | Value | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `coordinator.enabled` | enable SpiderCoordinator | `true` | +| `coordinator.name` | the name of the default SpiderCoordinator CR | `default` | +| `coordinator.mode` | optional network mode, ["auto","underlay", "overlay", "disabled"] | `auto` | +| `coordinator.podCIDRType` | Pod CIDR type that should be collected, [ "auto", "cluster", "calico", "cilium", "none" ] | `auto` | +| `coordinator.detectGateway` | detect the reachability of the gateway | `false` | +| `coordinator.detectIPConflict` | detect IP address conflicts | `false` | +| `coordinator.tunePodRoutes` | tune Pod routes | `true` | +| `coordinator.hijackCIDR` | Additional subnets that need to be hijacked to the host forward, the default link-local range "169.254.0.0/16" is used for NodeLocal DNS | `["169.254.0.0/16"]` | + +### rdma parameters + +| Name | Description | Value | +| ----------------------------------------------------------------- | ------------------------------------------------------- | -------------------------------------- | +| `rdma.rdmaSharedDevicePlugin.install` | install rdma shared device plugin for macvlan cni | `false` | +| `rdma.rdmaSharedDevicePlugin.name` | the name of rdma shared device plugin | `spiderpool-rdma-shared-device-plugin` | +| `rdma.rdmaSharedDevicePlugin.image.registry` | the image registry of rdma shared device plugin | `ghcr.io` | +| `rdma.rdmaSharedDevicePlugin.image.repository` | the image repository of rdma shared device plugin | `mellanox/k8s-rdma-shared-dev-plugin` | +| `rdma.rdmaSharedDevicePlugin.image.pullPolicy` | the image pullPolicy of rdma shared device plugin | `IfNotPresent` | +| `rdma.rdmaSharedDevicePlugin.image.digest` | the image digest of rdma shared device plugin | `""` | +| `rdma.rdmaSharedDevicePlugin.image.tag` | the image tag of rdma shared device plugin | `latest` | +| `rdma.rdmaSharedDevicePlugin.image.imagePullSecrets` | the image imagePullSecrets of rdma shared device plugin | `[]` | +| `rdma.rdmaSharedDevicePlugin.podAnnotations` | the additional annotations | `{}` | +| `rdma.rdmaSharedDevicePlugin.podLabels` | the additional label | `{}` | +| `rdma.rdmaSharedDevicePlugin.resources.limits.cpu` | the cpu limit | `300m` | +| `rdma.rdmaSharedDevicePlugin.resources.limits.memory` | the memory limit | `300Mi` | +| `rdma.rdmaSharedDevicePlugin.resources.requests.cpu` | the cpu requests | `100m` | +| `rdma.rdmaSharedDevicePlugin.resources.requests.memory` | the memory requests | `50Mi` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.periodicUpdateInterval` | periodic Update Interval | `300` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.resourcePrefix` | resource prefix | `spidernet.io` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.resourceName` | resource Name | `hca_shared_devices` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.rdmaHcaMax` | rdma Hca Max | `500` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.vendors` | rdma device vendors, default to mellanox device | `15b3` | +| `rdma.rdmaSharedDevicePlugin.deviceConfig.deviceIDs` | rdma device IDs, default to mellanox device | `1017` | + +### multus parameters + +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------- | +| `multus.enableMultusConfig` | enable SpiderMultusConfig | `true` | +| `multus.multusCNI.install` | enable install multus-CNI | `true` | +| `multus.multusCNI.uninstall` | enable remove multus-CNI configuration and binary files on multus-ds pod shutdown. Enable this if you uninstall multus from your cluster. Disable this in the multus upgrade phase to prevent CNI configuration file from being removed, which may cause pods start failure | `false` | +| `multus.multusCNI.name` | the name of spiderpool multus | `spiderpool-multus` | +| `multus.multusCNI.image.registry` | the multus-CNI image registry | `ghcr.io` | +| `multus.multusCNI.image.repository` | the multus-CNI image repository | `k8snetworkplumbingwg/multus-cni` | +| `multus.multusCNI.image.pullPolicy` | the multus-CNI image pullPolicy | `IfNotPresent` | +| `multus.multusCNI.image.digest` | the multus-CNI image digest | `""` | +| `multus.multusCNI.image.tag` | the multus-CNI image tag | `v3.9.3` | +| `multus.multusCNI.image.imagePullSecrets` | the multus-CNI image imagePullSecrets | `[]` | +| `multus.multusCNI.defaultCniCRName` | if this value is empty, multus will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/, if no cni files found in /etc/cni/net.d, A Spidermultusconfig CR named default will be created, please update the related SpiderMultusConfig for default CNI after installation. The namespace of defaultCniCRName follows with the release namespace of spdierpool | `""` | +| `multus.multusCNI.securityContext.privileged` | the securityContext privileged of multus-CNI daemonset pod | `true` | +| `multus.multusCNI.extraEnv` | the additional environment variables of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.extraVolumes` | the additional volumes of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.extraVolumeMounts` | the additional hostPath mounts of multus-CNI daemonset pod container | `[]` | +| `multus.multusCNI.log.logLevel` | the multus-CNI daemonset pod log level | `debug` | +| `multus.multusCNI.log.logFile` | the multus-CNI daemonset pod log file | `/var/log/multus.log` | + +### plugins parameters + +| Name | Description | Value | +| -------------------------------- | ---------------------------------------------------------- | -------------------------------------------- | +| `plugins.installCNI` | install all cni plugins to each node | `false` | +| `plugins.installRdmaCNI` | install rdma cni used to isolate rdma device for sriov cni | `true` | +| `plugins.installOvsCNI` | install ovs cni to each node | `true` | +| `plugins.installibSriovCNI` | install ib-sriov cni to each node | `true` | +| `plugins.installIpoibCNI` | install ipoib cni to each node | `true` | +| `plugins.image.registry` | the image registry of plugins | `ghcr.io` | +| `plugins.image.repository` | the image repository of plugins | `spidernet-io/spiderpool/spiderpool-plugins` | +| `plugins.image.pullPolicy` | the image pullPolicy of plugins | `IfNotPresent` | +| `plugins.image.digest` | the image digest of plugins | `""` | +| `plugins.image.tag` | the image tag of plugins | `v0.9.2` | +| `plugins.image.imagePullSecrets` | the image imagePullSecrets of plugins | `[]` | + +### clusterDefaultPool parameters + +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------- | ------------------- | +| `clusterDefaultPool.installIPv4IPPool` | install ipv4 spiderpool instance. It is required to set ipam.enableIPv4=true | `false` | +| `clusterDefaultPool.installIPv6IPPool` | install ipv6 spiderpool instance. It is required to set ipam.enableIPv6=true | `false` | +| `clusterDefaultPool.ipv4IPPoolName` | the name of ipv4 spiderpool instance | `default-v4-ippool` | +| `clusterDefaultPool.ipv6IPPoolName` | the name of ipv6 spiderpool instance | `default-v6-ippool` | +| `clusterDefaultPool.ipv4SubnetName` | the name of ipv4 spidersubnet instance | `default-v4-subnet` | +| `clusterDefaultPool.ipv6SubnetName` | the name of ipv6 spidersubnet instance | `default-v6-subnet` | +| `clusterDefaultPool.ipv4Subnet` | the subnet of ipv4 spiderpool instance | `""` | +| `clusterDefaultPool.ipv6Subnet` | the subnet of ipv6 spiderpool instance | `""` | +| `clusterDefaultPool.ipv4IPRanges` | the available IP of ipv4 spiderpool instance | `[]` | +| `clusterDefaultPool.ipv6IPRanges` | the available IP of ipv6 spiderpool instance | `[]` | +| `clusterDefaultPool.ipv4Gateway` | the gateway of ipv4 subnet | `""` | +| `clusterDefaultPool.ipv6Gateway` | the gateway of ipv6 subnet | `""` | + +### spiderpoolAgent parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ------------------------------------------ | +| `spiderpoolAgent.name` | the spiderpoolAgent name | `spiderpool-agent` | +| `spiderpoolAgent.binName` | the binName name of spiderpoolAgent | `/usr/bin/spiderpool-agent` | +| `spiderpoolAgent.image.registry` | the image registry of spiderpoolAgent | `ghcr.io` | +| `spiderpoolAgent.image.repository` | the image repository of spiderpoolAgent | `spidernet-io/spiderpool/spiderpool-agent` | +| `spiderpoolAgent.image.pullPolicy` | the image pullPolicy of spiderpoolAgent | `IfNotPresent` | +| `spiderpoolAgent.image.digest` | the image digest of spiderpoolAgent, which takes preference over tag | `""` | +| `spiderpoolAgent.image.tag` | the image tag of spiderpoolAgent, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolAgent.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolAgent | `[]` | +| `spiderpoolAgent.serviceAccount.create` | create the service account for the spiderpoolAgent | `true` | +| `spiderpoolAgent.serviceAccount.annotations` | the annotations of spiderpoolAgent service account | `{}` | +| `spiderpoolAgent.service.annotations` | the annotations for spiderpoolAgent service | `{}` | +| `spiderpoolAgent.service.type` | the type for spiderpoolAgent service | `ClusterIP` | +| `spiderpoolAgent.priorityClassName` | the priority Class Name for spiderpoolAgent | `system-node-critical` | +| `spiderpoolAgent.affinity` | the affinity of spiderpoolAgent | `{}` | +| `spiderpoolAgent.extraArgs` | the additional arguments of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraEnv` | the additional environment variables of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraVolumes` | the additional volumes of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.extraVolumeMounts` | the additional hostPath mounts of spiderpoolAgent container | `[]` | +| `spiderpoolAgent.podAnnotations` | the additional annotations of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.podLabels` | the additional label of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.resources.limits.cpu` | the cpu limit of spiderpoolAgent pod | `1000m` | +| `spiderpoolAgent.resources.limits.memory` | the memory limit of spiderpoolAgent pod | `1024Mi` | +| `spiderpoolAgent.resources.requests.cpu` | the cpu requests of spiderpoolAgent pod | `100m` | +| `spiderpoolAgent.resources.requests.memory` | the memory requests of spiderpoolAgent pod | `128Mi` | +| `spiderpoolAgent.securityContext` | the security Context of spiderpoolAgent pod | `{}` | +| `spiderpoolAgent.httpPort` | the http Port for spiderpoolAgent, for health checking | `5710` | +| `spiderpoolAgent.healthChecking.startupProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `60` | +| `spiderpoolAgent.healthChecking.startupProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `2` | +| `spiderpoolAgent.healthChecking.livenessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `6` | +| `spiderpoolAgent.healthChecking.livenessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `10` | +| `spiderpoolAgent.healthChecking.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolAgent health checking | `3` | +| `spiderpoolAgent.healthChecking.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolAgent health checking | `10` | +| `spiderpoolAgent.prometheus.enabled` | enable spiderpool agent to collect metrics | `false` | +| `spiderpoolAgent.prometheus.enabledDebugMetric` | enable spiderpool agent to collect debug level metrics | `false` | +| `spiderpoolAgent.prometheus.port` | the metrics port of spiderpool agent | `5711` | +| `spiderpoolAgent.prometheus.serviceMonitor.install` | install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolAgent.prometheus.serviceMonitor.namespace` | the serviceMonitor namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolAgent.prometheus.serviceMonitor.annotations` | the additional annotations of spiderpoolAgent serviceMonitor | `{}` | +| `spiderpoolAgent.prometheus.serviceMonitor.labels` | the additional label of spiderpoolAgent serviceMonitor | `{}` | +| `spiderpoolAgent.prometheus.serviceMonitor.interval` | represents the interval of spiderpoolAgent serviceMonitor's scraping action | `10s` | +| `spiderpoolAgent.prometheus.prometheusRule.install` | install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolAgent.prometheus.prometheusRule.namespace` | the prometheusRule namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolAgent.prometheus.prometheusRule.annotations` | the additional annotations of spiderpoolAgent prometheusRule | `{}` | +| `spiderpoolAgent.prometheus.prometheusRule.labels` | the additional label of spiderpoolAgent prometheusRule | `{}` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationFailure` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationOverTime` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMHighAllocationDurations` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseFailure` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseOverTime` | the additional rule of spiderpoolAgent prometheusRule | `true` | +| `spiderpoolAgent.debug.logLevel` | the log level of spiderpool agent [debug, info, warn, error, fatal, panic] | `info` | +| `spiderpoolAgent.debug.gopsPort` | the gops port of spiderpool agent | `5712` | + +### spiderpoolController parameters + +| Name | Description | Value | +| ------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `spiderpoolController.name` | the spiderpoolController name | `spiderpool-controller` | +| `spiderpoolController.replicas` | the replicas number of spiderpoolController pod | `1` | +| `spiderpoolController.binName` | the binName name of spiderpoolController | `/usr/bin/spiderpool-controller` | +| `spiderpoolController.hostnetwork` | enable hostnetwork mode of spiderpoolController pod. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `spiderpoolController.image.registry` | the image registry of spiderpoolController | `ghcr.io` | +| `spiderpoolController.image.repository` | the image repository of spiderpoolController | `spidernet-io/spiderpool/spiderpool-controller` | +| `spiderpoolController.image.pullPolicy` | the image pullPolicy of spiderpoolController | `IfNotPresent` | +| `spiderpoolController.image.digest` | the image digest of spiderpoolController, which takes preference over tag | `""` | +| `spiderpoolController.image.tag` | the image tag of spiderpoolController, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolController.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolController | `[]` | +| `spiderpoolController.serviceAccount.create` | create the service account for the spiderpoolController | `true` | +| `spiderpoolController.serviceAccount.annotations` | the annotations of spiderpoolController service account | `{}` | +| `spiderpoolController.service.annotations` | the annotations for spiderpoolController service | `{}` | +| `spiderpoolController.service.type` | the type for spiderpoolController service | `ClusterIP` | +| `spiderpoolController.priorityClassName` | the priority Class Name for spiderpoolController | `system-node-critical` | +| `spiderpoolController.affinity` | the affinity of spiderpoolController | `{}` | +| `spiderpoolController.extraArgs` | the additional arguments of spiderpoolController container | `[]` | +| `spiderpoolController.extraEnv` | the additional environment variables of spiderpoolController container | `[]` | +| `spiderpoolController.extraVolumes` | the additional volumes of spiderpoolController container | `[]` | +| `spiderpoolController.extraVolumeMounts` | the additional hostPath mounts of spiderpoolController container | `[]` | +| `spiderpoolController.podAnnotations` | the additional annotations of spiderpoolController pod | `{}` | +| `spiderpoolController.podLabels` | the additional label of spiderpoolController pod | `{}` | +| `spiderpoolController.securityContext` | the security Context of spiderpoolController pod | `{}` | +| `spiderpoolController.resources.limits.cpu` | the cpu limit of spiderpoolController pod | `500m` | +| `spiderpoolController.resources.limits.memory` | the memory limit of spiderpoolController pod | `1024Mi` | +| `spiderpoolController.resources.requests.cpu` | the cpu requests of spiderpoolController pod | `100m` | +| `spiderpoolController.resources.requests.memory` | the memory requests of spiderpoolController pod | `128Mi` | +| `spiderpoolController.podDisruptionBudget.enabled` | enable podDisruptionBudget for spiderpoolController pod | `false` | +| `spiderpoolController.podDisruptionBudget.minAvailable` | minimum number/percentage of pods that should remain scheduled. | `1` | +| `spiderpoolController.httpPort` | the http Port for spiderpoolController, for health checking and http service | `5720` | +| `spiderpoolController.healthChecking.startupProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `30` | +| `spiderpoolController.healthChecking.startupProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `2` | +| `spiderpoolController.healthChecking.livenessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `6` | +| `spiderpoolController.healthChecking.livenessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `10` | +| `spiderpoolController.healthChecking.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpoolController health checking | `3` | +| `spiderpoolController.healthChecking.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpoolController health checking | `10` | +| `spiderpoolController.webhookPort` | the http port for spiderpoolController webhook | `5722` | +| `spiderpoolController.prometheus.enabled` | enable spiderpool Controller to collect metrics | `false` | +| `spiderpoolController.prometheus.enabledDebugMetric` | enable spiderpool Controller to collect debug level metrics | `false` | +| `spiderpoolController.prometheus.port` | the metrics port of spiderpool Controller | `5721` | +| `spiderpoolController.prometheus.serviceMonitor.install` | install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolController.prometheus.serviceMonitor.namespace` | the serviceMonitor namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolController.prometheus.serviceMonitor.annotations` | the additional annotations of spiderpoolController serviceMonitor | `{}` | +| `spiderpoolController.prometheus.serviceMonitor.labels` | the additional label of spiderpoolController serviceMonitor | `{}` | +| `spiderpoolController.prometheus.serviceMonitor.interval` | represents the interval of spiderpoolController serviceMonitor's scraping action | `10s` | +| `spiderpoolController.prometheus.prometheusRule.install` | install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available | `false` | +| `spiderpoolController.prometheus.prometheusRule.namespace` | the prometheusRule namespace. Default to the namespace of helm instance | `""` | +| `spiderpoolController.prometheus.prometheusRule.annotations` | the additional annotations of spiderpoolController prometheusRule | `{}` | +| `spiderpoolController.prometheus.prometheusRule.labels` | the additional label of spiderpoolController prometheusRule | `{}` | +| `spiderpoolController.prometheus.prometheusRule.enableWarningIPGCFailureCounts` | the additional rule of spiderpoolController prometheusRule | `true` | +| `spiderpoolController.debug.logLevel` | the log level of spiderpool Controller [debug, info, warn, error, fatal, panic] | `info` | +| `spiderpoolController.debug.gopsPort` | the gops port of spiderpool Controller | `5724` | +| `spiderpoolController.tls.method` | the method for generating TLS certificates. [ provided , certmanager , auto] | `auto` | +| `spiderpoolController.tls.secretName` | the secret name for storing TLS certificates | `spiderpool-controller-server-certs` | +| `spiderpoolController.tls.certmanager.certValidityDuration` | generated certificates validity duration in days for 'certmanager' method | `365` | +| `spiderpoolController.tls.certmanager.issuerName` | issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created. | `""` | +| `spiderpoolController.tls.certmanager.extraDnsNames` | extra DNS names added to certificate when it's auto generated | `[]` | +| `spiderpoolController.tls.certmanager.extraIPAddresses` | extra IP addresses added to certificate when it's auto generated | `[]` | +| `spiderpoolController.tls.provided.tlsCert` | encoded tls certificate for provided method | `""` | +| `spiderpoolController.tls.provided.tlsKey` | encoded tls key for provided method | `""` | +| `spiderpoolController.tls.provided.tlsCa` | encoded tls CA for provided method | `""` | +| `spiderpoolController.tls.auto.caExpiration` | ca expiration for auto method | `73000` | +| `spiderpoolController.tls.auto.certExpiration` | server cert expiration for auto method | `73000` | +| `spiderpoolController.tls.auto.extraIpAddresses` | extra IP addresses of server certificate for auto method | `[]` | +| `spiderpoolController.tls.auto.extraDnsNames` | extra DNS names of server cert for auto method | `[]` | + +### spiderpoolInit parameters + +| Name | Description | Value | +| ------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `spiderpoolInit.name` | the init job for installing default spiderippool | `spiderpool-init` | +| `spiderpoolInit.binName` | the binName name of spiderpoolInit | `/usr/bin/spiderpool-init` | +| `spiderpoolInit.hostnetwork` | enable hostnetwork mode of spiderpoolInit pod. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `spiderpoolInit.image.registry` | the image registry of spiderpoolInit | `ghcr.io` | +| `spiderpoolInit.image.repository` | the image repository of spiderpoolInit | `spidernet-io/spiderpool/spiderpool-controller` | +| `spiderpoolInit.image.pullPolicy` | the image pullPolicy of spiderpoolInit | `IfNotPresent` | +| `spiderpoolInit.image.digest` | the image digest of spiderpoolInit, which takes preference over tag | `""` | +| `spiderpoolInit.image.tag` | the image tag of spiderpoolInit, overrides the image tag whose default is the chart appVersion. | `""` | +| `spiderpoolInit.image.imagePullSecrets` | the image imagePullSecrets of spiderpoolInit | `[]` | +| `spiderpoolInit.priorityClassName` | the priority Class Name for spiderpoolInit | `system-node-critical` | +| `spiderpoolInit.affinity` | the affinity of spiderpoolInit | `{}` | +| `spiderpoolInit.extraArgs` | the additional arguments of spiderpoolInit container | `[]` | +| `spiderpoolInit.resources.limits.cpu` | the cpu limit of spiderpoolInit pod | `200m` | +| `spiderpoolInit.resources.limits.memory` | the memory limit of spiderpoolInit pod | `256Mi` | +| `spiderpoolInit.resources.requests.cpu` | the cpu requests of spiderpoolInit pod | `100m` | +| `spiderpoolInit.resources.requests.memory` | the memory requests of spiderpoolInit pod | `128Mi` | +| `spiderpoolInit.readinessProbe.failureThreshold` | the failure threshold of startup probe for spiderpool-init health checking | `30` | +| `spiderpoolInit.readinessProbe.periodSeconds` | the period seconds of startup probe for spiderpool-init health checking | `10` | +| `spiderpoolInit.extraEnv` | the additional environment variables of spiderpoolInit container | `[]` | +| `spiderpoolInit.securityContext` | the security Context of spiderpoolInit pod | `{}` | +| `spiderpoolInit.podAnnotations` | the additional annotations of spiderpoolInit pod | `{}` | +| `spiderpoolInit.podLabels` | the additional label of spiderpoolInit pod | `{}` | +| `spiderpoolInit.serviceAccount.annotations` | the annotations of spiderpoolInit service account | `{}` | + +### sriov network operator parameters + +| Name | Description | Value | +| ------------------------------------------ | ----------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | +| `sriov.install` | install sriov network operator | `false` | +| `sriov.name` | the name of sriov network operator | `spiderpool-sriov-operator` | +| `sriov.affinity` | the affinity | `{}` | +| `sriov.hostnetwork` | enable hostnetwork mode. Notice, if no CNI available before spiderpool installation, must enable this | `true` | +| `sriov.replicas` | the replicas number | `1` | +| `sriov.resourcePrefix` | the resource prefix | `spidernet.io` | +| `sriov.priorityClassName` | the priority Class Name | `system-node-critical` | +| `sriov.enableAdmissionController` | enable Admission Controller | `false` | +| `sriov.resources.limits.cpu` | the cpu limit | `300m` | +| `sriov.resources.limits.memory` | the memory limit | `300Mi` | +| `sriov.resources.requests.cpu` | the cpu requests | `100m` | +| `sriov.resources.requests.memory` | the memory requests | `128Mi` | +| `sriov.image.registry` | registry for all images | `ghcr.io` | +| `sriov.image.pullPolicy` | the image pullPolicy for all images | `IfNotPresent` | +| `sriov.image.imagePullSecrets` | the image imagePullSecrets for all images | `[]` | +| `sriov.image.operator.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator` | +| `sriov.image.operator.tag` | the image tag | `v1.2.0` | +| `sriov.image.sriovConfigDaemon.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator-config-daemon` | +| `sriov.image.sriovConfigDaemon.tag` | the image tag | `v1.2.0` | +| `sriov.image.sriovCni.repository` | the image repository | `k8snetworkplumbingwg/sriov-cni` | +| `sriov.image.sriovCni.tag` | the image tag | `v2.7.0` | +| `sriov.image.ibSriovCni.repository` | the image repository | `k8snetworkplumbingwg/ib-sriov-cni` | +| `sriov.image.ibSriovCni.tag` | the image tag | `v1.0.2` | +| `sriov.image.sriovDevicePlugin.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-device-plugin` | +| `sriov.image.sriovDevicePlugin.tag` | the image tag | `v3.5.1` | +| `sriov.image.resourcesInjector.repository` | the image repository | `k8snetworkplumbingwg/network-resources-injector` | +| `sriov.image.resourcesInjector.tag` | the image tag | `v1.5` | +| `sriov.image.webhook.repository` | the image repository | `k8snetworkplumbingwg/sriov-network-operator-webhook` | +| `sriov.image.webhook.tag` | the image tag | `v1.2.0` | diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml new file mode 100644 index 000000000..8319ebae9 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/k8s.cni.cncf.io_networkattachmentdefinitions_crd.yaml @@ -0,0 +1,44 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: network-attachment-definitions.k8s.cni.cncf.io +spec: + group: k8s.cni.cncf.io + scope: Namespaced + names: + plural: network-attachment-definitions + singular: network-attachment-definition + kind: NetworkAttachmentDefinition + shortNames: + - net-attach-def + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing + Working Group to express the intent for attaching pods to one or more logical or physical + networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this represen + tation of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More info: + https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment' + type: object + properties: + config: + description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration' + type: string diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidercoordinators.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidercoordinators.yaml new file mode 100644 index 000000000..0aa53ae45 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidercoordinators.yaml @@ -0,0 +1,101 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spidercoordinators.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderCoordinator + listKind: SpiderCoordinatorList + plural: spidercoordinators + shortNames: + - scc + singular: spidercoordinator + scope: Cluster + versions: + - name: v2beta1 + schema: + openAPIV3Schema: + description: SpiderCoordinator is the Schema for the spidercoordinators API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CoordinationSpec defines the desired state of SpiderCoordinator. + properties: + detectGateway: + type: boolean + detectIPConflict: + type: boolean + hijackCIDR: + items: + type: string + type: array + hostRPFilter: + type: integer + hostRuleTable: + type: integer + mode: + enum: + - auto + - underlay + - overlay + - disabled + type: string + podCIDRType: + description: CoordinatorSpec is used by SpiderCoordinator and SpiderMultusConfig + in spidermultusconfig CRD , podCIDRType should not be required, + which could be merged from SpiderCoordinator CR but in SpiderCoordinator + CRD, podCIDRType should be required + enum: + - auto + - cluster + - calico + - cilium + - none + type: string + podDefaultRouteNIC: + type: string + podMACPrefix: + type: string + tunePodRoutes: + type: boolean + txQueueLen: + type: integer + type: object + status: + description: CoordinationStatus defines the observed state of SpiderCoordinator. + properties: + overlayPodCIDR: + items: + type: string + type: array + phase: + type: string + serviceCIDR: + items: + type: string + type: array + required: + - phase + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderendpoints.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderendpoints.yaml new file mode 100644 index 000000000..df5028edc --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderendpoints.yaml @@ -0,0 +1,130 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spiderendpoints.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderEndpoint + listKind: SpiderEndpointList + plural: spiderendpoints + shortNames: + - se + singular: spiderendpoint + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: interface + jsonPath: .status.current.ips[0].interface + name: INTERFACE + type: string + - description: ipv4Pool + jsonPath: .status.current.ips[0].ipv4Pool + name: IPV4POOL + type: string + - description: ipv4 + jsonPath: .status.current.ips[0].ipv4 + name: IPV4 + type: string + - description: ipv6Pool + jsonPath: .status.current.ips[0].ipv6Pool + name: IPV6POOL + type: string + - description: ipv6 + jsonPath: .status.current.ips[0].ipv6 + name: IPV6 + type: string + - description: node + jsonPath: .status.current.node + name: NODE + type: string + name: v2beta1 + schema: + openAPIV3Schema: + description: Spiderndpoint is the Schema for the spiderendpoints API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + description: WorkloadEndpointStatus defines the observed state of SpiderEndpoint. + properties: + current: + properties: + ips: + items: + properties: + cleanGateway: + type: boolean + interface: + type: string + ipv4: + type: string + ipv4Gateway: + type: string + ipv4Pool: + type: string + ipv6: + type: string + ipv6Gateway: + type: string + ipv6Pool: + type: string + routes: + items: + properties: + dst: + type: string + gw: + type: string + required: + - dst + - gw + type: object + type: array + vlan: + default: 0 + format: int64 + maximum: 4094 + minimum: 0 + type: integer + required: + - interface + type: object + type: array + node: + type: string + uid: + type: string + required: + - ips + - node + - uid + type: object + ownerControllerName: + type: string + ownerControllerType: + type: string + required: + - current + - ownerControllerName + - ownerControllerType + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderippools.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderippools.yaml new file mode 100644 index 000000000..cedcdd05f --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderippools.yaml @@ -0,0 +1,301 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spiderippools.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderIPPool + listKind: SpiderIPPoolList + plural: spiderippools + shortNames: + - sp + singular: spiderippool + scope: Cluster + versions: + - additionalPrinterColumns: + - description: ipVersion + jsonPath: .spec.ipVersion + name: VERSION + type: string + - description: subnet + jsonPath: .spec.subnet + name: SUBNET + type: string + - description: allocatedIPCount + jsonPath: .status.allocatedIPCount + name: ALLOCATED-IP-COUNT + type: integer + - description: totalIPCount + jsonPath: .status.totalIPCount + name: TOTAL-IP-COUNT + type: integer + - description: default + jsonPath: .spec.default + name: DEFAULT + type: boolean + - description: disable + jsonPath: .spec.disable + name: DISABLE + priority: 10 + type: boolean + - description: nodeName + jsonPath: .spec.nodeName + name: NodeName + priority: 10 + type: string + - description: multusName + jsonPath: .spec.multusName + name: MultusName + priority: 10 + type: string + - description: AppNamespace + jsonPath: .spec.podAffinity.matchLabels['ipam\.spidernet\.io/app\-namespace'] + name: APP-NAMESPACE + priority: 10 + type: string + name: v2beta1 + schema: + openAPIV3Schema: + description: SpiderIPPool is the Schema for the spiderippools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of SpiderIPPool. + properties: + default: + default: false + type: boolean + disable: + default: false + type: boolean + excludeIPs: + items: + type: string + type: array + gateway: + type: string + ipVersion: + enum: + - 4 + - 6 + format: int64 + type: integer + ips: + items: + type: string + type: array + multusName: + items: + type: string + type: array + namespaceAffinity: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceName: + items: + type: string + type: array + nodeAffinity: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + nodeName: + items: + type: string + type: array + podAffinity: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + routes: + items: + properties: + dst: + type: string + gw: + type: string + required: + - dst + - gw + type: object + type: array + subnet: + type: string + vlan: + description: 'DEPRECATED: Vlan is deprecated.' + format: int64 + maximum: 4094 + minimum: 0 + type: integer + required: + - subnet + type: object + status: + description: IPPoolStatus defines the observed state of SpiderIPPool. + properties: + allocatedIPCount: + format: int64 + minimum: 0 + type: integer + allocatedIPs: + type: string + totalIPCount: + format: int64 + minimum: 0 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidermultusconfigs.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidermultusconfigs.yaml new file mode 100644 index 000000000..51d4169f3 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidermultusconfigs.yaml @@ -0,0 +1,323 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spidermultusconfigs.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderMultusConfig + listKind: SpiderMultusConfigList + plural: spidermultusconfigs + shortNames: + - smc + singular: spidermultusconfig + scope: Namespaced + versions: + - name: v2beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the MultusCNIConfig + properties: + cniType: + default: custom + enum: + - macvlan + - ipvlan + - sriov + - ovs + - ib-sriov + - ipoib + - custom + type: string + coordinator: + description: CoordinationSpec defines the desired state of SpiderCoordinator. + properties: + detectGateway: + type: boolean + detectIPConflict: + type: boolean + hijackCIDR: + items: + type: string + type: array + hostRPFilter: + type: integer + hostRuleTable: + type: integer + mode: + enum: + - auto + - underlay + - overlay + - disabled + type: string + podCIDRType: + description: CoordinatorSpec is used by SpiderCoordinator and + SpiderMultusConfig in spidermultusconfig CRD , podCIDRType should + not be required, which could be merged from SpiderCoordinator + CR but in SpiderCoordinator CRD, podCIDRType should be required + enum: + - auto + - cluster + - calico + - cilium + - none + type: string + podDefaultRouteNIC: + type: string + podMACPrefix: + type: string + tunePodRoutes: + type: boolean + txQueueLen: + type: integer + type: object + customCNI: + description: OtherCniTypeConfig only used for CniType custom, valid + json format, can be empty + type: string + disableIPAM: + default: false + type: boolean + enableCoordinator: + default: true + description: if CniType was set to custom, we'll mutate this field + to be false + type: boolean + ibsriov: + properties: + ibKubernetesEnabled: + default: false + type: boolean + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + linkState: + default: enable + enum: + - auto + - enable + - disable + type: string + pkey: + type: string + rdmaIsolation: + default: true + type: boolean + resourceName: + type: string + required: + - resourceName + type: object + ipoib: + properties: + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + master: + type: string + type: object + ipvlan: + properties: + bond: + properties: + mode: + format: int32 + maximum: 6 + minimum: 0 + type: integer + name: + type: string + options: + type: string + required: + - mode + - name + type: object + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + master: + items: + type: string + type: array + vlanID: + format: int32 + maximum: 4094 + minimum: 0 + type: integer + required: + - master + type: object + macvlan: + properties: + bond: + properties: + mode: + format: int32 + maximum: 6 + minimum: 0 + type: integer + name: + type: string + options: + type: string + required: + - mode + - name + type: object + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + master: + items: + type: string + type: array + vlanID: + format: int32 + maximum: 4094 + minimum: 0 + type: integer + required: + - master + type: object + ovs: + properties: + bridge: + type: string + deviceID: + description: PCI address of a VF in valid sysfs format + type: string + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + trunk: + items: + properties: + id: + maximum: 4094 + minimum: 0 + type: integer + maxID: + maximum: 4094 + minimum: 0 + type: integer + minID: + maximum: 4094 + minimum: 0 + type: integer + type: object + type: array + vlan: + format: int32 + type: integer + required: + - bridge + type: object + sriov: + properties: + enableRdma: + default: false + type: boolean + ippools: + description: SpiderpoolPools could specify the IPAM spiderpool + CNI configuration default IPv4&IPv6 pools. + properties: + ipv4: + items: + type: string + type: array + ipv6: + items: + type: string + type: array + type: object + maxTxRateMbps: + minimum: 0 + type: integer + minTxRateMbps: + minimum: 0 + type: integer + resourceName: + type: string + vlanID: + format: int32 + maximum: 4094 + minimum: 0 + type: integer + required: + - resourceName + type: object + type: object + type: object + served: true + storage: true diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderreservedips.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderreservedips.yaml new file mode 100644 index 000000000..01ef3d08e --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spiderreservedips.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spiderreservedips.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderReservedIP + listKind: SpiderReservedIPList + plural: spiderreservedips + shortNames: + - sr + singular: spiderreservedip + scope: Cluster + versions: + - additionalPrinterColumns: + - description: ipVersion + jsonPath: .spec.ipVersion + name: VERSION + type: string + name: v2beta1 + schema: + openAPIV3Schema: + description: SpiderReservedIP is the Schema for the spiderreservedips API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReservedIPSpec defines the desired state of SpiderReservedIP. + properties: + ipVersion: + enum: + - 4 + - 6 + format: int64 + type: integer + ips: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidersubnets.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidersubnets.yaml new file mode 100644 index 000000000..3a367467b --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/spiderpool.spidernet.io_spidersubnets.yaml @@ -0,0 +1,115 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: (unknown) + name: spidersubnets.spiderpool.spidernet.io +spec: + group: spiderpool.spidernet.io + names: + categories: + - spiderpool + kind: SpiderSubnet + listKind: SpiderSubnetList + plural: spidersubnets + shortNames: + - ss + singular: spidersubnet + scope: Cluster + versions: + - additionalPrinterColumns: + - description: ipVersion + jsonPath: .spec.ipVersion + name: VERSION + type: string + - description: subnet + jsonPath: .spec.subnet + name: SUBNET + type: string + - description: allocatedIPCount + jsonPath: .status.allocatedIPCount + name: ALLOCATED-IP-COUNT + type: integer + - description: totalIPCount + jsonPath: .status.totalIPCount + name: TOTAL-IP-COUNT + type: integer + name: v2beta1 + schema: + openAPIV3Schema: + description: SpiderSubnet is the Schema for the spidersubnets API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SubnetSpec defines the desired state of SpiderSubnet. + properties: + excludeIPs: + items: + type: string + type: array + gateway: + type: string + ipVersion: + enum: + - 4 + - 6 + format: int64 + type: integer + ips: + items: + type: string + type: array + routes: + items: + properties: + dst: + type: string + gw: + type: string + required: + - dst + - gw + type: object + type: array + subnet: + type: string + vlan: + description: 'DEPRECATED: Vlan is deprecated.' + format: int64 + maximum: 4094 + minimum: 0 + type: integer + required: + - subnet + type: object + status: + description: SubnetStatus defines the observed state of SpiderSubnet. + properties: + allocatedIPCount: + format: int64 + minimum: 0 + type: integer + controlledIPPools: + type: string + totalIPCount: + format: int64 + minimum: 0 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml new file mode 100644 index 000000000..e44e19564 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovibnetworks.yaml @@ -0,0 +1,71 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovibnetworks.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovIBNetwork + listKind: SriovIBNetworkList + plural: sriovibnetworks + singular: sriovibnetwork + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovIBNetwork is the Schema for the sriovibnetworks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovIBNetworkSpec defines the desired state of SriovIBNetwork + properties: + capabilities: + description: 'Capabilities to be configured for this network. Capabilities + supported: (infinibandGUID), e.g. ''{"infinibandGUID": true}''' + type: string + ipam: + description: IPAM configuration to be used for this network. + type: string + linkState: + description: VF link state (enable|disable|auto) + enum: + - auto + - enable + - disable + type: string + metaPlugins: + description: MetaPluginsConfig configuration to be used in order to + chain metaplugins to the sriov interface returned by the operator. + type: string + networkNamespace: + description: Namespace of the NetworkAttachmentDefinition custom resource + type: string + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + required: + - resourceName + type: object + status: + description: SriovIBNetworkStatus defines the observed state of SriovIBNetwork + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml new file mode 100644 index 000000000..1b8db4db8 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml @@ -0,0 +1,138 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovnetworknodepolicies.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovNetworkNodePolicy + listKind: SriovNetworkNodePolicyList + plural: sriovnetworknodepolicies + singular: sriovnetworknodepolicy + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkNodePolicy is the Schema for the sriovnetworknodepolicies + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovNetworkNodePolicySpec defines the desired state of SriovNetworkNodePolicy + properties: + deviceType: + description: The driver type for configured VFs. Allowed value "netdevice", + "vfio-pci". Defaults to netdevice. + enum: + - netdevice + - vfio-pci + type: string + eSwitchMode: + description: NIC Device Mode. Allowed value "legacy","switchdev". + enum: + - legacy + - switchdev + type: string + excludeTopology: + description: Exclude device's NUMA node when advertising this resource + by SRIOV network device plugin. Default to false. + type: boolean + isRdma: + description: RDMA mode. Defaults to false. + type: boolean + linkType: + description: NIC Link Type. Allowed value "eth", "ETH", "ib", and + "IB". + enum: + - eth + - ETH + - ib + - IB + type: string + mtu: + description: MTU of VF + minimum: 1 + type: integer + needVhostNet: + description: mount vhost-net device. Defaults to false. + type: boolean + nicSelector: + description: NicSelector selects the NICs to be configured + properties: + deviceID: + description: The device hex code of SR-IoV device. Allowed value + "0d58", "1572", "158b", "1013", "1015", "1017", "101b". + type: string + netFilter: + description: Infrastructure Networking selection filter. Allowed + value "openstack/NetworkID:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + type: string + pfNames: + description: Name of SR-IoV PF. + items: + type: string + type: array + rootDevices: + description: PCI address of SR-IoV PF. + items: + type: string + type: array + vendor: + description: The vendor hex code of SR-IoV device. Allowed value + "8086", "15b3". + type: string + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector selects the nodes to be configured + type: object + numVfs: + description: Number of VFs for each PF + minimum: 0 + type: integer + priority: + description: Priority of the policy, higher priority policies can + override lower ones. + maximum: 99 + minimum: 0 + type: integer + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + vdpaType: + description: VDPA device type. Allowed value "virtio", "vhost" + enum: + - virtio + - vhost + type: string + required: + - nicSelector + - nodeSelector + - numVfs + - resourceName + type: object + status: + description: SriovNetworkNodePolicyStatus defines the observed state of + SriovNetworkNodePolicy + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml new file mode 100644 index 000000000..61ff0409a --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworknodestates.yaml @@ -0,0 +1,160 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovnetworknodestates.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovNetworkNodeState + listKind: SriovNetworkNodeStateList + plural: sriovnetworknodestates + singular: sriovnetworknodestate + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.syncStatus + name: Sync Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkNodeState is the Schema for the sriovnetworknodestates + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovNetworkNodeStateSpec defines the desired state of SriovNetworkNodeState + properties: + dpConfigVersion: + type: string + interfaces: + items: + properties: + eSwitchMode: + type: string + linkType: + type: string + mtu: + type: integer + name: + type: string + numVfs: + type: integer + pciAddress: + type: string + vfGroups: + items: + properties: + deviceType: + type: string + isRdma: + type: boolean + mtu: + type: integer + policyName: + type: string + resourceName: + type: string + vdpaType: + type: string + vfRange: + type: string + type: object + type: array + required: + - pciAddress + type: object + type: array + type: object + status: + description: SriovNetworkNodeStateStatus defines the observed state of + SriovNetworkNodeState + properties: + interfaces: + items: + properties: + Vfs: + items: + properties: + Vlan: + type: integer + assigned: + type: string + deviceID: + type: string + driver: + type: string + mac: + type: string + mtu: + type: integer + name: + type: string + pciAddress: + type: string + vendor: + type: string + vfID: + type: integer + required: + - pciAddress + - vfID + type: object + type: array + deviceID: + type: string + driver: + type: string + eSwitchMode: + type: string + linkSpeed: + type: string + linkType: + type: string + mac: + type: string + mtu: + type: integer + name: + type: string + netFilter: + type: string + numVfs: + type: integer + pciAddress: + type: string + totalvfs: + type: integer + vendor: + type: string + required: + - pciAddress + type: object + type: array + lastSyncError: + type: string + syncStatus: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml new file mode 100644 index 000000000..59d0e7b71 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml @@ -0,0 +1,58 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovnetworkpoolconfigs.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovNetworkPoolConfig + listKind: SriovNetworkPoolConfigList + plural: sriovnetworkpoolconfigs + singular: sriovnetworkpoolconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetworkPoolConfig is the Schema for the sriovnetworkpoolconfigs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovNetworkPoolConfigSpec defines the desired state of SriovNetworkPoolConfig + properties: + ovsHardwareOffloadConfig: + description: OvsHardwareOffloadConfig describes the OVS HWOL configuration + for selected Nodes + properties: + name: + description: 'Name is mandatory and must be unique. On Kubernetes: + Name is the name of OvsHardwareOffloadConfig On OpenShift: Name + is the name of MachineConfigPool to be enabled with OVS hardware + offload' + type: string + type: object + type: object + status: + description: SriovNetworkPoolConfigStatus defines the observed state of + SriovNetworkPoolConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworks.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworks.yaml new file mode 100644 index 000000000..7c03ad275 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovnetworks.yaml @@ -0,0 +1,103 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovnetworks.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovNetwork + listKind: SriovNetworkList + plural: sriovnetworks + singular: sriovnetwork + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovNetwork is the Schema for the sriovnetworks API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovNetworkSpec defines the desired state of SriovNetwork + properties: + capabilities: + description: 'Capabilities to be configured for this network. Capabilities + supported: (mac|ips), e.g. ''{"mac": true}''' + type: string + ipam: + description: IPAM configuration to be used for this network. + type: string + linkState: + description: VF link state (enable|disable|auto) + enum: + - auto + - enable + - disable + type: string + maxTxRate: + description: Maximum tx rate, in Mbps, for the VF. Defaults to 0 (no + rate limiting) + minimum: 0 + type: integer + metaPlugins: + description: MetaPluginsConfig configuration to be used in order to + chain metaplugins to the sriov interface returned by the operator. + type: string + minTxRate: + description: Minimum tx rate, in Mbps, for the VF. Defaults to 0 (no + rate limiting). min_tx_rate should be <= max_tx_rate. + minimum: 0 + type: integer + networkNamespace: + description: Namespace of the NetworkAttachmentDefinition custom resource + type: string + resourceName: + description: SRIOV Network device plugin endpoint resource name + type: string + spoofChk: + description: VF spoof check, (on|off) + enum: + - "on" + - "off" + type: string + trust: + description: VF trust mode (on|off) + enum: + - "on" + - "off" + type: string + vlan: + description: VLAN ID to assign for the VF. Defaults to 0. + maximum: 4096 + minimum: 0 + type: integer + vlanQoS: + description: VLAN QoS ID to assign for the VF. Defaults to 0. + maximum: 7 + minimum: 0 + type: integer + required: + - resourceName + type: object + status: + description: SriovNetworkStatus defines the observed state of SriovNetwork + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml new file mode 100644 index 000000000..fb1e76df6 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/crds/sriovnetwork.openshift.io_sriovoperatorconfigs.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + creationTimestamp: null + name: sriovoperatorconfigs.sriovnetwork.openshift.io +spec: + group: sriovnetwork.openshift.io + names: + kind: SriovOperatorConfig + listKind: SriovOperatorConfigList + plural: sriovoperatorconfigs + singular: sriovoperatorconfig + scope: Namespaced + versions: + - name: v1 + schema: + openAPIV3Schema: + description: SriovOperatorConfig is the Schema for the sriovoperatorconfigs + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SriovOperatorConfigSpec defines the desired state of SriovOperatorConfig + properties: + configDaemonNodeSelector: + additionalProperties: + type: string + description: NodeSelector selects the nodes to be configured + type: object + configurationMode: + description: 'Flag to enable the sriov-network-config-daemon to use + a systemd service to configure SR-IOV devices on boot Default mode: + daemon' + enum: + - daemon + - systemd + type: string + disableDrain: + description: Flag to disable nodes drain during debugging + type: boolean + enableInjector: + description: Flag to control whether the network resource injector + webhook shall be deployed + type: boolean + enableOperatorWebhook: + description: Flag to control whether the operator admission controller + webhook shall be deployed + type: boolean + enableOvsOffload: + description: Flag to enable OVS hardware offload. Set to 'true' to + provision switchdev-configuration.service and enable OpenvSwitch + hw-offload on nodes. + type: boolean + logLevel: + description: Flag to control the log verbose level of the operator. + Set to '0' to show only the basic logs. And set to '2' to show all + the available logs. + maximum: 2 + minimum: 0 + type: integer + type: object + status: + description: SriovOperatorConfigStatus defines the observed state of SriovOperatorConfig + properties: + injector: + description: Show the runtime status of the network resource injector + webhook + type: string + operatorWebhook: + description: Show the runtime status of the operator admission controller + webhook + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/NOTES.txt b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/NOTES.txt new file mode 100644 index 000000000..e69de29bb diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/_helpers.tpl b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/_helpers.tpl new file mode 100644 index 000000000..a5c639c44 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/_helpers.tpl @@ -0,0 +1,477 @@ +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "spiderpool.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Expand the name of spiderpool . +*/}} +{{- define "spiderpool.name" -}} +{{- default "spiderpool" .Values.global.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "spiderpool.spiderpoolController.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "spiderpool.spiderpoolController.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "spiderpool.spiderpoolInit.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "spiderpool.spiderpoolInit.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +spiderpoolAgent Common labels +*/}} +{{- define "spiderpool.spiderpoolAgent.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "spiderpool.spiderpoolAgent.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{/* +spiderpoolController Selector labels +*/}} +{{- define "spiderpool.spiderpoolController.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +spiderpoolAgent Selector labels +*/}} +{{- define "spiderpool.spiderpoolAgent.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +spiderpoolInit Selector labels +*/}} +{{- define "spiderpool.spiderpoolInit.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* vim: set filetype=mustache: */}} +{{/* +Renders a value that contains template. +Usage: +{{ include "tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} +*/}} +{{- define "tplvalues.render" -}} + {{- if typeIs "string" .value }} + {{- tpl .value .context }} + {{- else }} + {{- tpl (.value | toYaml) .context }} + {{- end }} +{{- end -}} + +{{/* +Return the appropriate apiVersion for poddisruptionbudget. +*/}} +{{- define "capabilities.policy.apiVersion" -}} +{{- if semverCompare "<1.21-0" .Capabilities.KubeVersion.Version -}} +{{- print "policy/v1beta1" -}} +{{- else -}} +{{- print "policy/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for deployment. +*/}} +{{- define "capabilities.deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.Version -}} +{{- print "extensions/v1beta1" -}} +{{- else -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for RBAC resources. +*/}} +{{- define "capabilities.rbac.apiVersion" -}} +{{- if semverCompare "<1.17-0" .Capabilities.KubeVersion.Version -}} +{{- print "rbac.authorization.k8s.io/v1beta1" -}} +{{- else -}} +{{- print "rbac.authorization.k8s.io/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +return the spiderpoolAgent image +*/}} +{{- define "spiderpool.spiderpoolAgent.image" -}} +{{- $registryName := .Values.spiderpoolAgent.image.registry -}} +{{- $repositoryName := .Values.spiderpoolAgent.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.spiderpoolAgent.image.digest }} + {{- print "@" .Values.spiderpoolAgent.image.digest -}} +{{- else if .Values.spiderpoolAgent.image.tag -}} + {{- printf ":%s" .Values.spiderpoolAgent.image.tag -}} +{{- else -}} + {{- printf ":v%s" .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +return the spiderpoolController image +*/}} +{{- define "spiderpool.spiderpoolController.image" -}} +{{- $registryName := .Values.spiderpoolController.image.registry -}} +{{- $repositoryName := .Values.spiderpoolController.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.spiderpoolController.image.digest }} + {{- print "@" .Values.spiderpoolController.image.digest -}} +{{- else if .Values.spiderpoolController.image.tag -}} + {{- printf ":%s" .Values.spiderpoolController.image.tag -}} +{{- else -}} + {{- printf ":v%s" .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +return the spiderpoolInit image +*/}} +{{- define "spiderpool.spiderpoolInit.image" -}} +{{- $registryName := .Values.spiderpoolInit.image.registry -}} +{{- $repositoryName := .Values.spiderpoolInit.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.spiderpoolInit.image.digest }} + {{- print "@" .Values.spiderpoolInit.image.digest -}} +{{- else if .Values.spiderpoolInit.image.tag -}} + {{- printf ":%s" .Values.spiderpoolInit.image.tag -}} +{{- else -}} + {{- printf ":v%s" .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +generate the CA cert +*/}} +{{- define "generate-ca-certs" }} + {{- $ca := genCA "spidernet.io" (.Values.spiderpoolController.tls.auto.caExpiration | int) -}} + {{- $_ := set . "ca" $ca -}} +{{- end }} + +#=================== multus ===================== + +{{/* +return the multus image +*/}} +{{- define "spiderpool.multus.image" -}} +{{- $registryName := .Values.multus.multusCNI.image.registry -}} +{{- $repositoryName := .Values.multus.multusCNI.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{- else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.multus.multusCNI.image.digest }} + {{- print "@" .Values.multus.multusCNI.image.digest -}} +{{- else if .Values.multus.multusCNI.image.tag -}} + {{- printf ":%s" .Values.multus.multusCNI.image.tag -}} +{{- end -}} +{{- end -}} + +{{/* +spiderpool multus Common labels +*/}} +{{- define "spiderpool.multus.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "spiderpool.multus.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +tier: node +app: multus +{{- end }} + +{{/* +spiderpool multus Selector labels +*/}} +{{- define "spiderpool.multus.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }} +name: multus +{{- end }} + +#=================== plugins ===================== + +{{/* +return the plugins image +*/}} +{{- define "plugins.image" -}} +{{- $registryName := .Values.plugins.image.registry -}} +{{- $repositoryName := .Values.plugins.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.plugins.image.digest }} + {{- print "@" .Values.plugins.image.digest -}} +{{- else if .Values.plugins.image.tag -}} + {{- printf ":%s" .Values.plugins.image.tag -}} +{{- else -}} + {{- printf ":v%s" .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +return the rdma shared device plugin +*/}} +{{- define "rdmashareddp.image" -}} +{{- $registryName := .Values.rdma.rdmaSharedDevicePlugin.image.registry -}} +{{- $repositoryName := .Values.rdma.rdmaSharedDevicePlugin.image.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.rdma.rdmaSharedDevicePlugin.image.digest }} + {{- print "@" .Values.rdma.rdmaSharedDevicePlugin.image.digest -}} +{{- else if .Values.rdma.rdmaSharedDevicePlugin.image.tag -}} + {{- printf ":%s" .Values.rdma.rdmaSharedDevicePlugin.image.tag -}} +{{- else -}} + {{- printf ":v%s" .Chart.AppVersion -}} +{{- end -}} +{{- end -}} + +{{/* +spiderpool rdma shared device plugin Common labels +*/}} +{{- define "spiderpool.rdmashareddp.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "spiderpool.rdmashareddp.selectorLabels" . }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +tier: node +app: rdma-shared-device=plugin +{{- end }} + +{{/* +spiderpool rdma shared device plugin Selector labels +*/}} +{{- define "spiderpool.rdmashareddp.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.rdma.rdmaSharedDevicePlugin.name | trunc 63 | trimSuffix "-" }} +name: multus +{{- end }} + +#=================== sriov ===================== + +{{/* +Common labels +*/}} +{{- define "sriov.operator.labels" -}} +helm.sh/chart: {{ include "spiderpool.chart" . }} +{{ include "sriov.operator.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + + +{{/* +Selector labels +*/}} +{{- define "sriov.operator.selectorLabels" -}} +app.kubernetes.io/name: {{ include "spiderpool.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/component: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +return the sriov network operator image +*/}} +{{- define "sriov.operator.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.operator.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.operator.tag -}} + {{- printf ":%s" .Values.sriov.image.operator.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + + +{{/* +return the sriov cni image +*/}} +{{- define "sriov.sriovCni.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.sriovCni.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.sriovCni.tag -}} + {{- printf ":%s" .Values.sriov.image.sriovCni.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + + +{{/* +return the sriov ibSriovCni image +*/}} +{{- define "sriov.ibSriovCni.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.ibSriovCni.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.ibSriovCni.tag -}} + {{- printf ":%s" .Values.sriov.image.ibSriovCni.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + +{{/* +return the sriov sriovDevicePlugin image +*/}} +{{- define "sriov.sriovDevicePlugin.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.sriovDevicePlugin.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.sriovDevicePlugin.tag -}} + {{- printf ":%s" .Values.sriov.image.sriovDevicePlugin.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + + +{{/* +return the sriov resourcesInjector image +*/}} +{{- define "sriov.resourcesInjector.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.resourcesInjector.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.resourcesInjector.tag -}} + {{- printf ":%s" .Values.sriov.image.resourcesInjector.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + +{{/* +return the sriov sriovConfigDaemon image +*/}} +{{- define "sriov.sriovConfigDaemon.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.sriovConfigDaemon.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.sriovConfigDaemon.tag -}} + {{- printf ":%s" .Values.sriov.image.sriovConfigDaemon.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + +{{/* +return the sriov webhook image +*/}} +{{- define "sriov.webhook.image" -}} +{{- $registryName := .Values.sriov.image.registry -}} +{{- $repositoryName := .Values.sriov.image.webhook.repository -}} +{{- if .Values.global.imageRegistryOverride }} + {{- printf "%s/%s" .Values.global.imageRegistryOverride $repositoryName -}} +{{ else if $registryName }} + {{- printf "%s/%s" $registryName $repositoryName -}} +{{- else -}} + {{- printf "%s" $repositoryName -}} +{{- end -}} +{{- if .Values.sriov.image.webhook.tag -}} + {{- printf ":%s" .Values.sriov.image.webhook.tag -}} +{{- else -}} + {{- printf ":%s" "latest" -}} +{{- end -}} +{{- end -}} + +#======================================== diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/configmap.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/configmap.yaml new file mode 100644 index 000000000..1b77a6c09 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/configmap.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.global.configName }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "spiderpool.spiderpoolController.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + conf.yml: | + ipamUnixSocketPath: {{ .Values.global.ipamUNIXSocketHostPath }} + enableIPv4: {{ .Values.ipam.enableIPv4 }} + enableIPv6: {{ .Values.ipam.enableIPv6 }} + enableStatefulSet: {{ .Values.ipam.enableStatefulSet }} + enableKubevirtStaticIP: {{ .Values.ipam.enableKubevirtStaticIP }} + enableSpiderSubnet: {{ .Values.ipam.enableSpiderSubnet }} + {{- if .Values.ipam.enableSpiderSubnet }} + clusterSubnetDefaultFlexibleIPNumber: {{ .Values.ipam.subnetDefaultFlexibleIPNumber }} + {{- else}} + clusterSubnetDefaultFlexibleIPNumber: 0 + {{- end }} +{{- if .Values.multus.multusCNI.install }} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "spiderpool.multus.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +data: + cni-conf.json: | + { + "cniVersion": "0.3.1", + "name": "multus-cni-network", + "type": "multus", + "confDir": "/etc/cni/net.d/" , + "logLevel": "{{ .Values.multus.multusCNI.log.logLevel }}", + "logFile": "{{ .Values.multus.multusCNI.log.logFile }}", + "capabilities": { + "portMappings": true, + "bandwidth": true + }, + "namespaceIsolation": false, + "clusterNetwork": "{{ .Values.multus.multusCNI.defaultCniCRName }}", + "defaultNetworks": [], + "multusNamespace": "{{ .Release.Namespace }}", + "systemNamespaces": [], + "kubeconfig": "/etc/cni/net.d/multus.d/multus.kubeconfig" + } +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/daemonset.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/daemonset.yaml new file mode 100644 index 000000000..95b658374 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/daemonset.yaml @@ -0,0 +1,297 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "spiderpool.spiderpoolAgent.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "spiderpool.spiderpoolAgent.selectorLabels" . | nindent 6 }} + {{- with .Values.spiderpoolAgent.updateStrategy }} + updateStrategy: + {{- toYaml . | trim | nindent 4 }} + {{- end }} + template: + metadata: + {{- if or .Values.spiderpoolAgent.podAnnotations .Values.global.commonAnnotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolAgent.podAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + labels: + {{- include "spiderpool.spiderpoolAgent.selectorLabels" . | nindent 8 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolAgent.podLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.podLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.spiderpoolAgent.image.imagePullSecrets }} + imagePullSecrets: + {{- with .Values.spiderpoolAgent.image.imagePullSecrets }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- end }} + serviceAccountName: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + priorityClassName: {{ default "system-node-critical" .Values.spiderpoolAgent.priorityClassName }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + restartPolicy: Always + {{- with .Values.spiderpoolAgent.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.spiderpoolAgent.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolAgent.affinity }} + affinity: + {{- include "tplvalues.render" (dict "value" .Values.spiderpoolAgent.affinity "context" $) | nindent 6 }} + {{- else }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + # Compatible with Kubernetes 1.12.x and 1.13.x + - matchExpressions: + - key: beta.kubernetes.io/os + operator: In + values: + - linux + {{- end }} + initContainers: + {{- if or .Values.plugins.installCNI .Values.plugins.installRdmaCNI .Values.plugins.installOvsCNI .Values.plugins.installibSriovCNI .Values.plugins.installIpoibCNI }} + - name: install-plugins + image: {{ include "plugins.image" . | quote }} + imagePullPolicy: {{ .Values.plugins.image.pullPolicy }} + env: + - name: INSTALL_CNI_PLUGINS + value: {{ .Values.plugins.installCNI | quote }} + - name: INSTALL_OVS_PLUGIN + value: {{ .Values.plugins.installOvsCNI | quote }} + - name: INSTALL_RDMA_PLUGIN + value: {{ .Values.plugins.installRdmaCNI | quote }} + - name: INSTALL_IB_SRIOV_PLUGIN + value: {{ .Values.plugins.installibSriovCNI | quote }} + - name: INSTALL_IPOIB_PLUGIN + value: {{ .Values.plugins.installIpoibCNI | quote }} + command: + - "/bin/sh" + - "entrypoint.sh" + securityContext: + privileged: true + volumeMounts: + - name: cni-bin-path + mountPath: /host/opt/cni/bin + {{- end }} + {{- if .Values.multus.multusCNI.install }} + - name: multus-cni + imagePullPolicy: {{ .Values.multus.multusCNI.image.pullPolicy }} + image: {{ include "spiderpool.multus.image" . | quote }} + command: + - "/bin/sh" + - "-c" + - | + ITEM="multus" + rm -f /host/opt/cni/bin/${ITEM}.old || true + ( [ -f "/host/opt/cni/bin/${ITEM}" ] && mv /host/opt/cni/bin/${ITEM} /host/opt/cni/bin/${ITEM}.old ) || true + cp /usr/src/multus-cni/bin/${ITEM} /host/opt/cni/bin/${ITEM} + rm -f /host/opt/cni/bin/${ITEM}.old &>/dev/null || true + sed -i 's/sleep infinity/echo \"exit...\"/g' entrypoint.sh + ./entrypoint.sh --multus-conf-file=/tmp/multus-conf/00-multus.conf \ + --cni-version=0.3.1 + securityContext: + privileged: true + volumeMounts: + - name: cni + mountPath: /host/etc/cni/net.d + - name: cni-bin-path + mountPath: /host/opt/cni/bin + mountPropagation: Bidirectional + - name: multus-cfg + mountPath: /tmp/multus-conf + {{- if .Values.multus.multusCNI.extraVolumes }} + {{- include "tplvalues.render" ( dict "value" .Values.multus.multusCNI.extraVolumeMounts "context" $ ) | nindent 12 }} + {{- end }} + {{- end }} + containers: + - name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + image: {{ include "spiderpool.spiderpoolAgent.image" . | quote }} + imagePullPolicy: {{ .Values.spiderpoolAgent.image.pullPolicy }} + command: + - {{ .Values.spiderpoolAgent.binName }} + args: + - daemon + - --config-path=/tmp/spiderpool/config-map/conf.yml + {{- with .Values.spiderpoolAgent.extraArgs }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolAgent.prometheus.enabled }} + ports: + - name: metrics + containerPort: {{ .Values.spiderpoolAgent.prometheus.port }} + protocol: TCP + {{- end }} + {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} + startupProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/startup + port: {{ .Values.spiderpoolAgent.httpPort }} + scheme: HTTP + failureThreshold: {{ .Values.spiderpoolAgent.healthChecking.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.spiderpoolAgent.healthChecking.startupProbe.periodSeconds }} + successThreshold: 1 + {{- end }} + livenessProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/liveness + port: {{ .Values.spiderpoolAgent.httpPort }} + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: {{ .Values.spiderpoolAgent.healthChecking.livenessProbe.periodSeconds }} + successThreshold: 1 + failureThreshold: {{ .Values.spiderpoolAgent.healthChecking.livenessProbe.failureThreshold }} + timeoutSeconds: 1 + readinessProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/readiness + port: {{ .Values.spiderpoolAgent.httpPort }} + scheme: HTTP + periodSeconds: {{ .Values.spiderpoolAgent.healthChecking.readinessProbe.periodSeconds }} + successThreshold: 1 + failureThreshold: {{ .Values.spiderpoolAgent.healthChecking.readinessProbe.failureThreshold }} + timeoutSeconds: 1 + {{- with .Values.spiderpoolAgent.resources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} + lifecycle: + postStart: + # Move an eventual old existing binary out of the way, we can't delete it as it might be in use right now + exec: + command: + - "/bin/sh" + - "-c" + - | + BIN_LIST="spiderpool coordinator ifacer" + for ITEM in ${BIN_LIST} ; do + rm -f /host/opt/cni/bin/${ITEM}.old || true + ( [ -f "/host/opt/cni/bin/${ITEM}" ] && mv /host/opt/cni/bin/${ITEM} /host/opt/cni/bin/${ITEM}.old ) || true + cp /usr/bin/${ITEM} /host/opt/cni/bin/${ITEM} + rm -f /host/opt/cni/bin/${ITEM}.old &>/dev/null || true + done + preStop: + exec: + command: + - "/bin/sh" + - "-c" + - | + {{- if .Values.multus.multusCNI.uninstall }} + rm -f /host/opt/cni/bin/multus || true + rm -rf /host/etc/cni/net.d/multus.d || true + rm -f /host/etc/cni/net.d/00-multus.conf || true + {{- end }} + {{ .Values.spiderpoolAgent.binName }} shutdown + env: + - name: SPIDERPOOL_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SPIDERPOOL_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SPIDERPOOL_LOG_LEVEL + value: {{ .Values.spiderpoolAgent.debug.logLevel | quote }} + - name: SPIDERPOOL_ENABLED_METRIC + value: {{ .Values.spiderpoolAgent.prometheus.enabled | quote }} + - name: SPIDERPOOL_ENABLED_DEBUG_METRIC + value: {{ .Values.spiderpoolAgent.prometheus.enabledDebugMetric | quote }} + - name: SPIDERPOOL_METRIC_HTTP_PORT + value: {{ .Values.spiderpoolAgent.prometheus.port | quote }} + - name: SPIDERPOOL_HEALTH_PORT + value: {{ .Values.spiderpoolAgent.httpPort | quote }} + - name: SPIDERPOOL_GOPS_LISTEN_PORT + value: {{ .Values.spiderpoolAgent.debug.gopsPort | quote }} + {{- if .Values.multus.multusCNI.defaultCniCRName }} + - name: MULTUS_CLUSTER_NETWORK + value: {{ .Release.Namespace }}/{{ .Values.multus.multusCNI.defaultCniCRName }} + {{ end }} + {{- with .Values.spiderpoolAgent.extraEnv }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.spiderpoolAgent.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: config-path + mountPath: /tmp/spiderpool/config-map + readOnly: true + - name: cni-bin-path + mountPath: /host{{ .Values.global.cniBinHostPath }} + - name: ipam-unix-socket-dir + mountPath: {{ dir .Values.global.ipamUNIXSocketHostPath }} + {{- if .Values.multus.multusCNI.uninstall }} + - name: cni + mountPath: /host/etc/cni/net.d + {{- end }} + {{- if .Values.spiderpoolAgent.extraVolumes }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.extraVolumeMounts "context" $ ) | nindent 8 }} + {{- end }} + volumes: + # To read the configuration from the config map + - name: config-path + configMap: + defaultMode: 0400 + name: {{ .Values.global.configName }} + - name: cni-bin-path + hostPath: + path: {{ .Values.global.cniBinHostPath }} + type: DirectoryOrCreate + # To create unix socket dir in the host + - name: ipam-unix-socket-dir + hostPath: + path: {{ dir .Values.global.ipamUNIXSocketHostPath }} + type: DirectoryOrCreate + # multus + {{- if .Values.multus.multusCNI.install }} + - name: cni + hostPath: + path: /etc/cni/net.d + - name: multus-cfg + configMap: + name: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" }} + items: + - key: cni-conf.json + path: 00-multus.conf + {{- end }} + {{- if .Values.spiderpoolAgent.extraVolumeMounts }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.extraVolumeMounts "context" $ ) | nindent 6 }} + {{- end }} + {{- if .Values.multus.multusCNI.extraVolumeMounts }} + {{- include "tplvalues.render" ( dict "value" .Values.multus.multusCNI.extraVolumeMounts "context" $ ) | nindent 8 }} + {{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/deployment.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/deployment.yaml new file mode 100644 index 000000000..777ec9a3a --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/deployment.yaml @@ -0,0 +1,226 @@ +apiVersion: {{ include "capabilities.deployment.apiVersion" . }} +kind: Deployment +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "spiderpool.spiderpoolController.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.spiderpoolController.replicas }} + selector: + matchLabels: + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- if or .Values.spiderpoolController.podAnnotations .Values.global.commonAnnotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolController.podAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- end }} + labels: + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 8 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolController.podLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.podLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- if .Values.spiderpoolController.image.imagePullSecrets }} + imagePullSecrets: + {{- with .Values.spiderpoolController.image.imagePullSecrets }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- end }} + serviceAccountName: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + priorityClassName: {{ default "system-node-critical" .Values.spiderpoolController.priorityClassName }} + {{- if .Values.spiderpoolController.hostnetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- else }} + hostNetwork: false + dnsPolicy: ClusterFirst + {{- end }} + restartPolicy: Always + {{- with .Values.spiderpoolController.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.spiderpoolController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolController.affinity }} + affinity: + {{- include "tplvalues.render" (dict "value" .Values.spiderpoolController.affinity "context" $) | nindent 6 }} + {{- else }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 20 }} + {{- end }} + containers: + - name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + image: {{ include "spiderpool.spiderpoolController.image" . | quote }} + imagePullPolicy: {{ .Values.spiderpoolController.image.pullPolicy }} + command: + - {{ .Values.spiderpoolController.binName }} + args: + - daemon + - --config-path=/tmp/spiderpool/config-map/conf.yml + - --tls-server-cert=/etc/tls/tls.crt + - --tls-server-key=/etc/tls/tls.key + {{- with .Values.spiderpoolController.extraArgs }} + {{- toYaml . | trim | nindent 8 }} + {{- end }} + ports: + {{- if .Values.spiderpoolController.prometheus.enabled }} + - name: metrics + containerPort: {{ .Values.spiderpoolController.prometheus.port }} + protocol: TCP + {{- end }} + - name: http + containerPort: {{ .Values.spiderpoolController.httpPort }} + protocol: TCP + - name: webhook + containerPort: {{ .Values.spiderpoolController.webhookPort }} + protocol: TCP + {{- if semverCompare ">=1.20-0" .Capabilities.KubeVersion.Version }} + startupProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/startup + port: {{ .Values.spiderpoolController.httpPort }} + scheme: HTTP + failureThreshold: {{ .Values.spiderpoolController.healthChecking.startupProbe.failureThreshold }} + periodSeconds: {{ .Values.spiderpoolController.healthChecking.startupProbe.periodSeconds }} + successThreshold: 1 + {{- end }} + livenessProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/liveness + port: {{ .Values.spiderpoolController.httpPort }} + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: {{ .Values.spiderpoolController.healthChecking.livenessProbe.periodSeconds }} + successThreshold: 1 + failureThreshold: {{ .Values.spiderpoolController.healthChecking.livenessProbe.failureThreshold }} + timeoutSeconds: 1 + readinessProbe: + httpGet: + host: {{ .Values.ipam.enableIPv4 | ternary "127.0.0.1" "::1" | quote }} + path: /v1/runtime/readiness + port: {{ .Values.spiderpoolController.httpPort }} + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: {{ .Values.spiderpoolController.healthChecking.readinessProbe.periodSeconds }} + successThreshold: 1 + failureThreshold: {{ .Values.spiderpoolController.healthChecking.readinessProbe.failureThreshold }} + timeoutSeconds: 1 + {{- with .Values.spiderpoolController.resources }} + resources: + {{- toYaml . | trim | nindent 10 }} + {{- end }} + lifecycle: + preStop: + exec: + command: + - {{ .Values.spiderpoolController.binName }} + - shutdown + env: + - name: SPIDERPOOL_LOG_LEVEL + value: {{ .Values.spiderpoolController.debug.logLevel | quote }} + - name: SPIDERPOOL_ENABLED_METRIC + value: {{ .Values.spiderpoolController.prometheus.enabled | quote }} + - name: SPIDERPOOL_ENABLED_DEBUG_METRIC + value: {{ .Values.spiderpoolController.prometheus.enabledDebugMetric | quote }} + - name: SPIDERPOOL_METRIC_HTTP_PORT + value: {{ .Values.spiderpoolController.prometheus.port | quote }} + - name: SPIDERPOOL_GOPS_LISTEN_PORT + value: {{ .Values.spiderpoolController.debug.gopsPort | quote }} + - name: SPIDERPOOL_WEBHOOK_PORT + value: {{ .Values.spiderpoolController.webhookPort | quote }} + - name: SPIDERPOOL_HEALTH_PORT + value: {{ .Values.spiderpoolController.httpPort | quote }} + - name: SPIDERPOOL_GC_IP_ENABLED + value: {{ .Values.ipam.gc.enabled | quote }} + - name: SPIDERPOOL_GC_TERMINATING_POD_IP_ENABLED + value: {{ .Values.ipam.gc.GcDeletingTimeOutPod.enabled | quote }} + - name: SPIDERPOOL_GC_ADDITIONAL_GRACE_DELAY + value: {{ .Values.ipam.gc.GcDeletingTimeOutPod.delay | quote }} + - name: SPIDERPOOL_GC_DEFAULT_INTERVAL_DURATION + value: {{ .Values.ipam.gc.gcAll.intervalInSecond | quote }} + - name: SPIDERPOOL_MULTUS_CONFIG_ENABLED + value: {{ .Values.multus.enableMultusConfig | quote }} + - name: SPIDERPOOL_CNI_CONFIG_DIR + value: {{ .Values.global.cniConfHostPath | quote }} + - name: SPIDERPOOL_CILIUM_CONFIGMAP_NAMESPACE_NAME + value: {{ .Values.global.ciliumConfigMap | quote }} + - name: SPIDERPOOL_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SPIDERPOOL_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- with .Values.spiderpoolController.extraEnv }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.spiderpoolController.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + volumeMounts: + - name: config-path + mountPath: /tmp/spiderpool/config-map + readOnly: true + - name: cni-conf-dir + mountPath: {{ .Values.global.cniConfHostPath }} + readOnly: true + - name: tls + mountPath: /etc/tls + readOnly: true + {{- if .Values.spiderpoolController.extraVolumes }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.extraVolumeMounts "context" $ ) | nindent 8 }} + {{- end }} + volumes: + # To read the configuration from the config map + - name: config-path + configMap: + name: {{ .Values.global.configName }} + - name: cni-conf-dir + hostPath: + path: {{ .Values.global.cniConfHostPath }} + type: DirectoryOrCreate + - name: tls + projected: + defaultMode: 0400 + sources: + - secret: + name: {{ .Values.spiderpoolController.tls.secretName | trunc 63 | trimSuffix "-" }} + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + {{- if .Values.spiderpoolController.extraVolumeMounts }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.extraVolumeMounts "context" $ ) | nindent 6 }} + {{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/grafanaDashboard.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/grafanaDashboard.yaml new file mode 100644 index 000000000..451bff910 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/grafanaDashboard.yaml @@ -0,0 +1,766 @@ +{{- if .Values.grafanaDashboard.install -}} +apiVersion: integreatly.org/v1alpha1 +kind: GrafanaDashboard +metadata: + name: {{ default "spiderpool" .Values.global.nameOverride }} + namespace: {{ default .Release.Namespace .Values.grafanaDashboard.namespace }} + labels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.grafanaDashboard.labels }} + {{- include "tplvalues.render" ( dict "value" .Values.grafanaDashboard.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.grafanaDashboard.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.grafanaDashboard.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.grafanaDashboard.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + json: |- + { + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 1, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 6, + "panels": [], + "title": "Row title", + "type": "row" + }, + { + "datasource": { + "type": "prometheus" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "red", + "value": 85 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 18, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "9.1.6", + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_total_ippool_counts", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "total ippool counts", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus" + }, + "fieldConfig": { + "defaults": { + "mappings": [], + "thresholds": { + "mode": "percentage", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "orange", + "value": 70 + }, + { + "color": "red", + "value": 85 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 1 + }, + "id": 20, + "options": { + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "showThresholdLabels": false, + "showThresholdMarkers": true + }, + "pluginVersion": "9.1.6", + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_total_subnet_counts", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "total subnet counts", + "type": "gauge" + }, + { + "datasource": { + "type": "prometheus" + }, + "description": "spiderpool IPAM IP allocation status", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 25, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 10, + "x": 0, + "y": 8 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_counts_total", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_failure_counts_total", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "IP allocation counts", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "custom": { + "fillOpacity": 70, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 8, + "x": 10, + "y": 8 + }, + "id": 10, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "9.1.6", + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_average_duration_seconds", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_max_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_min_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "C" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_latest_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "D" + } + ], + "title": "ip allocation durations", + "type": "state-timeline" + }, + { + "datasource": { + "type": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 6, + "x": 18, + "y": 8 + }, + "id": 12, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "9.1.6", + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_allocation_duration_seconds_bucket", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "ip allocation duration distribution", + "type": "piechart" + }, + { + "datasource": { + "type": "prometheus" + }, + "description": "spiderpool IP release and IP GC status", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 25, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "normal" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 10, + "x": 0, + "y": 17 + }, + "id": 4, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_counts_total", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_failure_counts_total", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ip_gc_counts_total", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "C" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ip_gc_failure_counts_total", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "D" + } + ], + "title": "IP release&GC counts", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "custom": { + "fillOpacity": 70, + "lineWidth": 0, + "spanNulls": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 8, + "x": 10, + "y": 17 + }, + "id": 14, + "options": { + "alignValue": "left", + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "mergeValues": true, + "rowHeight": 0.9, + "showValue": "auto", + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "9.1.6", + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_average_duration_seconds", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_max_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_min_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "C" + }, + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_latest_duration_seconds", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "D" + } + ], + "title": "IP release durations", + "type": "state-timeline" + }, + { + "datasource": { + "type": "prometheus" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 6, + "x": 18, + "y": 17 + }, + "id": 16, + "options": { + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus" + }, + "editorMode": "builder", + "expr": "spiderpool_ipam_release_duration_seconds_bucket", + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "IP release duration distribution", + "type": "piechart" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "spiderpool", + "uid": "5FAGqFE4z", + "version": 3, + "weekStart": "" + } +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pdb.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pdb.yaml new file mode 100644 index 000000000..c6aac4eeb --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pdb.yaml @@ -0,0 +1,21 @@ +{{- if .Values.spiderpoolController.podDisruptionBudget.enabled }} +apiVersion: {{ include "capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + labels: + {{- include "spiderpool.spiderpoolController.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} +spec: + minAvailable: {{ .Values.spiderpoolController.podDisruptionBudget.minAvailable }} + selector: + matchLabels: + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pod.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pod.yaml new file mode 100644 index 000000000..01aced2ba --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/pod.yaml @@ -0,0 +1,178 @@ +{{- if or .Values.ipam.enableIPv4 .Values.ipam.enableIPv6 -}} +{{- if or .Values.clusterDefaultPool.installIPv4IPPool .Values.clusterDefaultPool.installIPv6IPPool .Values.coordinator.enabled -}} +apiVersion: v1 +kind: Pod +metadata: + name: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- include "spiderpool.spiderpoolInit.selectorLabels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolInit.podLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolInit.podLabels "context" $ ) | nindent 4 }} + {{- end }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolInit.podAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolInit.podAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.spiderpoolInit.image.imagePullSecrets }} + imagePullSecrets: + {{- with .Values.spiderpoolInit.image.imagePullSecrets }} + {{- toYaml . | trim | nindent 2 }} + {{- end }} + {{- end }} + serviceAccountName: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} + priorityClassName: {{ default "system-node-critical" .Values.spiderpoolInit.priorityClassName }} + {{- if .Values.spiderpoolInit.hostnetwork }} + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + {{- else }} + hostNetwork: false + dnsPolicy: ClusterFirst + {{- end }} + restartPolicy: Never + {{- with .Values.spiderpoolInit.tolerations }} + tolerations: + {{- toYaml . | nindent 2 }} + {{- end }} + {{- with .Values.spiderpoolInit.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolInit.affinity }} + affinity: + {{- include "tplvalues.render" (dict "value" .Values.spiderpoolInit.affinity "context" $) | nindent 2 }} + {{- end }} + containers: + - name: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} + image: {{ include "spiderpool.spiderpoolInit.image" . | quote }} + imagePullPolicy: {{ .Values.spiderpoolInit.image.pullPolicy }} + command: + - {{ .Values.spiderpoolInit.binName }} + {{- with .Values.spiderpoolInit.extraArgs }} + args: + {{- toYaml . | trim | nindent 4 }} + {{- end }} + readinessProbe: + exec: + command: + - cat + - "/etc/spiderpool/ready" + initialDelaySeconds: 15 + periodSeconds: {{ .Values.spiderpoolInit.readinessProbe.periodSeconds }} + successThreshold: 1 + failureThreshold: {{ .Values.spiderpoolInit.readinessProbe.failureThreshold }} + timeoutSeconds: 1 + {{- with .Values.spiderpoolInit.resources }} + resources: + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- with .Values.spiderpoolInit.securityContext }} + securityContext: + {{- toYaml . | nindent 4 }} + {{- end }} + env: + {{- with .Values.spiderpoolInit.extraEnv }} + {{- toYaml . | nindent 4 }} + {{- end }} + - name: SPIDERPOOL_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: SPIDERPOOL_CONTROLLER_NAME + value: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + - name: SPIDERPOOL_AGENT_NAME + value: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" | quote }} + {{- if .Values.coordinator.enabled }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_NAME + value: {{ .Values.coordinator.name | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_MODE + value: {{ .Values.coordinator.mode | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_POD_CIDR_TYPE + value: {{ .Values.coordinator.podCIDRType | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_DETECT_GATEWAY + value: {{ .Values.coordinator.detectGateway | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_DETECT_IP_CONFLICT + value: {{ .Values.coordinator.detectIPConflict | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_TUNE_POD_ROUTES + value: {{ .Values.coordinator.tunePodRoutes | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_COORDINATOR_HIJACK_CIDR + value: {{ toJson .Values.coordinator.hijackCIDR | quote }} + {{- end }} + {{- if and .Values.clusterDefaultPool.installIPv4IPPool .Values.ipam.enableIPv4 }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV4_IPPOOL_NAME + value: {{ .Values.clusterDefaultPool.ipv4IPPoolName | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV4_IPPOOL_SUBNET + value: {{ .Values.clusterDefaultPool.ipv4Subnet | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV4_IPPOOL_IPRANGES + value: {{ toJson .Values.clusterDefaultPool.ipv4IPRanges | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV4_IPPOOL_GATEWAY + value: {{ .Values.clusterDefaultPool.ipv4Gateway | quote }} + {{- if .Values.ipam.enableSpiderSubnet }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV4_SUBNET_NAME + value: {{ .Values.clusterDefaultPool.ipv4SubnetName | quote }} + {{- end }} + {{- end }} + {{- if and .Values.clusterDefaultPool.installIPv6IPPool .Values.ipam.enableIPv6 }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV6_IPPOOL_NAME + value: {{ .Values.clusterDefaultPool.ipv6IPPoolName | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV6_IPPOOL_SUBNET + value: {{ .Values.clusterDefaultPool.ipv6Subnet | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV6_IPPOOL_IPRANGES + value: {{ toJson .Values.clusterDefaultPool.ipv6IPRanges | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV6_IPPOOL_GATEWAY + value: {{ .Values.clusterDefaultPool.ipv6Gateway | quote }} + {{- if .Values.ipam.enableSpiderSubnet }} + - name: SPIDERPOOL_INIT_DEFAULT_IPV6_SUBNET_NAME + value: {{ .Values.clusterDefaultPool.ipv6SubnetName | quote }} + {{- end }} + {{- end }} + - name: SPIDERPOOL_INIT_ENABLE_MULTUS_CONFIG + value: {{ .Values.multus.enableMultusConfig | quote }} + - name: SPIDERPOOL_INIT_INSTALL_MULTUS + value: {{ .Values.multus.multusCNI.install | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_CNI_NAME + value: {{ .Values.multus.multusCNI.defaultCniCRName | quote }} + - name: SPIDERPOOL_INIT_DEFAULT_CNI_NAMESPACE + value: {{ .Release.Namespace | quote }} + - name: SPIDERPOOL_INIT_MULTUS_CONFIGMAP + value: {{ .Values.multus.multusCNI.name | trunc 63 | trimSuffix "-" | quote }} + {{- if eq .Values.multus.multusCNI.defaultCniCRName "" }} + - name: SPIDERPOOL_INIT_DEFAULT_CNI_DIR + value: {{ .Values.global.cniConfHostPath | quote }} + - name: SPIDERPOOL_INIT_READINESS_FILE + value: "/etc/spiderpool/ready" + volumeMounts: + - name: cni + mountPath: {{ .Values.global.cniConfHostPath }} + volumes: + - name: cni + hostPath: + path: {{ .Values.global.cniConfHostPath }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "spiderpool.spiderpoolInit.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolInit.serviceAccount.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolInit.serviceAccount.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolInit.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/prometheusrule.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/prometheusrule.yaml new file mode 100644 index 000000000..7333ea92f --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/prometheusrule.yaml @@ -0,0 +1,113 @@ +{{- if .Values.spiderpoolAgent.prometheus.prometheusRule.install -}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ default .Release.Namespace .Values.spiderpoolAgent.prometheus.prometheusRule.namespace }} + labels: + {{- if .Values.spiderpoolAgent.prometheus.prometheusRule.labels }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.prometheus.prometheusRule.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolAgent.prometheus.prometheusRule.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolAgent.prometheus.prometheusRule.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.prometheus.prometheusRule.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + groups: + {{- with .Values.spiderpoolAgent.prometheus.prometheusRule }} + - name: ipam + rules: + {{- if .enableWarningIPAMAllocationFailure }} + - alert: ipamAllocationFailure + annotations: + summary: the warning for ipam allocation failure counts increases rapidly + expr: | + rate(ipam_allocation_failure_counts[30m]) > 5 + for: 30m + labels: + severity: warning + {{- end }} + {{- if .enableWarningIPAMAllocationOverTime }} + - alert: ipamAllocationOverTime + annotations: + summary: the warning for ipam average allocation duration increases rapidly + expr: | + rate(ipam_allocation_average_duration_seconds[30m]) > 5 + for: 30m + labels: + severity: warning + {{- end }} + {{- if .enableWarningIPAMHighAllocationDurations }} + - alert: ipamHighAllocationDurations + annotations: + summary: ipam allocation durations are too high + expr: | + histogram_quantile(0.99, rate(ipam_allocation_duration_seconds[5m])) > 0.5 + for: 10m + labels: + severity: warning + {{- end }} + {{- if .enableWarningIPAMReleaseFailure }} + - alert: ipamReleaseFailure + annotations: + summary: the warning for ipam release failure counts increases rapidly + expr: | + rate(ipam_release_failure_counts[30m]) > 5 + for: 30m + labels: + severity: warning + {{- end }} + {{- if .enableWarningIPAMReleaseOverTime }} + - alert: ipamReleaseOverTime + annotations: + summary: the warning for ipam average release duration increases rapidly + expr: | + rate(ipam_release_average_duration_seconds[30m]) > 5 + for: 30m + labels: + severity: warning + {{- end }} + {{- end }} +{{- end }} +--- +{{- if .Values.spiderpoolController.prometheus.prometheusRule.install -}} +apiVersion: monitoring.coreos.com/v1 +kind: PrometheusRule +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ default .Release.Namespace .Values.spiderpoolController.prometheus.prometheusRule.namespace }} + labels: + {{- if .Values.spiderpoolController.prometheus.prometheusRule.labels }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.prometheus.prometheusRule.labels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolController.prometheus.prometheusRule.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolController.prometheus.prometheusRule.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.prometheus.prometheusRule.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + groups: + {{- with .Values.spiderpoolController.prometheus.prometheusRule}} + - name: gc + rules: + {{- if .enableWarningIPGCFailureCounts }} + - alert: ipGCFailureCounts + annotations: + summary: the warning for ip gc failure counts increases rapidly + expr: | + rate(ip_gc_failure_counts[30m]) > 5 + for: 30m + labels: + severity: warning + {{- end }} + {{- end }} +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/rdma-shared-dp/rdma-shared-dp.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/rdma-shared-dp/rdma-shared-dp.yaml new file mode 100644 index 000000000..52958e7df --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/rdma-shared-dp/rdma-shared-dp.yaml @@ -0,0 +1,113 @@ +{{- if .Values.rdma.rdmaSharedDevicePlugin.install -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.rdma.rdmaSharedDevicePlugin.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + config.json: | + { + "periodicUpdateInterval": {{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.periodicUpdateInterval }}, + "configList": [{ + "resourcePrefix": {{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.resourcePrefix | quote }}, + "resourceName": {{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.resourceName | quote }}, + "rdmaHcaMax": {{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.rdmaHcaMax }}, + "selectors": { + "vendors": [{{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.vendors | quote }}], + "deviceIDs": [{{ .Values.rdma.rdmaSharedDevicePlugin.deviceConfig.deviceIDs | quote }}] + } + }] + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ .Values.rdma.rdmaSharedDevicePlugin.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + labels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + {{- include "spiderpool.rdmashareddp.selectorLabels" . | nindent 6 }} + {{- with .Values.rdma.rdmaSharedDevicePlugin.updateStrategy }} + updateStrategy: + {{- toYaml . | trim | nindent 4 }} + {{- end }} + template: + metadata: + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.rdma.rdmaSharedDevicePlugin.podAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.rdma.rdmaSharedDevicePlugin.podAnnotations "context" $ ) | nindent 8 }} + {{- end }} + labels: + {{- include "spiderpool.rdmashareddp.selectorLabels" . | nindent 8 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + {{- if .Values.rdma.rdmaSharedDevicePlugin.podLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.rdma.rdmaSharedDevicePlugin.podLabels "context" $ ) | nindent 8 }} + {{- end }} + app: {{ .Values.rdma.rdmaSharedDevicePlugin.name | trunc 63 | trimSuffix "-" }} + spec: + hostNetwork: true + {{- with .Values.rdma.rdmaSharedDevicePlugin.tolerations }} + tolerations: + {{- toYaml . | nindent 6 }} + {{- end }} + priorityClassName: system-node-critical + containers: + - image: {{ include "rdmashareddp.image" . | quote }} + name: k8s-rdma-shared-dp-ds + imagePullPolicy: {{ .Values.rdma.rdmaSharedDevicePlugin.image.pullPolicy}} + securityContext: + privileged: true + {{- with .Values.rdma.rdmaSharedDevicePlugin.resources }} + resources: + {{- toYaml . | trim | nindent 12 }} + {{- end }} + volumeMounts: + - name: device-plugin + mountPath: /var/lib/kubelet/device-plugins + readOnly: false + - name: plugins-registry + mountPath: /var/lib/kubelet/plugins_registry + readOnly: false + - name: config + mountPath: /k8s-rdma-shared-dev-plugin + - name: devs + mountPath: /dev/ + volumes: + - name: device-plugin + hostPath: + path: /var/lib/kubelet/device-plugins + - name: plugins-registry + hostPath: + path: /var/lib/kubelet/plugins_registry + - name: config + configMap: + name: {{ .Values.rdma.rdmaSharedDevicePlugin.name | trunc 63 | trimSuffix "-" }} + items: + - key: config.json + path: config.json + - name: devs + hostPath: + path: /dev/ +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role.yaml new file mode 100644 index 000000000..3aea975e0 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role.yaml @@ -0,0 +1,196 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: spiderpool-admin +rules: +- apiGroups: + - "" + resources: + - configmaps + - endpoints + - namespaces + - nodes + - pods + - pods/status + verbs: + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - daemonsets + - deployments + - replicasets + - statefulsets + verbs: + - get + - list + - update + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - get + - list + - update + - watch +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - get + - update +- apiGroups: + - k8s.cni.cncf.io + resources: + - network-attachment-definitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstances + verbs: + - get + - list +- apiGroups: + - kubevirt.io + resources: + - virtualmachines + verbs: + - get + - list +- apiGroups: + - spiderpool.spidernet.io + resources: + - spidercoordinators + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spidercoordinators/status + verbs: + - get + - patch + - update +- apiGroups: + - spiderpool.spidernet.io + resources: + - spiderendpoints + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spiderippools + verbs: + - create + - delete + - deletecollection + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spiderippools/status + verbs: + - get + - patch + - update +- apiGroups: + - spiderpool.spidernet.io + resources: + - spidermultusconfigs + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spiderreservedips + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spidersubnets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - spiderpool.spidernet.io + resources: + - spidersubnets/status + verbs: + - get + - patch + - update diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role_binding.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role_binding.yaml new file mode 100644 index 000000000..f18317670 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/role_binding.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: spiderpool-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: spiderpool-admin +subjects: +- kind: ServiceAccount + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +- kind: ServiceAccount + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +{{- if or .Values.ipam.enableIPv4 .Values.ipam.enableIPv6 }} +{{- if or .Values.clusterDefaultPool.installIPv4IPPool .Values.clusterDefaultPool.installIPv6IPPool .Values.coordinator.enabled }} +- kind: ServiceAccount + name: {{ .Values.spiderpoolInit.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/service.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/service.yaml new file mode 100644 index 000000000..b8473fb4c --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/service.yaml @@ -0,0 +1,69 @@ +{{- if .Values.spiderpoolAgent.prometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolAgent.service.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolAgent.service.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- include "spiderpool.spiderpoolAgent.labels" . | nindent 4 }} +spec: + type: {{ .Values.spiderpoolAgent.service.type }} + ports: + - name: metrics + port: {{ .Values.spiderpoolAgent.prometheus.port }} + targetPort: metrics + protocol: TCP + selector: + {{- include "spiderpool.spiderpoolAgent.selectorLabels" . | nindent 4 }} +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace | quote }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolController.service.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolController.service.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.service.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- include "spiderpool.spiderpoolController.labels" . | nindent 4 }} +spec: + type: {{ .Values.spiderpoolController.service.type }} + ports: + {{- if .Values.spiderpoolController.prometheus.enabled }} + - name: metrics + port: {{ .Values.spiderpoolController.prometheus.port }} + targetPort: metrics + protocol: TCP + {{- end }} + - name: webhook + port: {{ .Values.spiderpoolController.webhookPort }} + targetPort: webhook + protocol: TCP + - name: http + port: {{ .Values.spiderpoolController.httpPort }} + targetPort: http + protocol: TCP + selector: + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 4 }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/serviceaccount.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/serviceaccount.yaml new file mode 100644 index 000000000..45ebf7e4f --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/serviceaccount.yaml @@ -0,0 +1,43 @@ +{{- if .Values.spiderpoolAgent.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "spiderpool.spiderpoolAgent.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolAgent.serviceAccount.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolAgent.serviceAccount.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} +--- +{{- if .Values.spiderpoolController.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "spiderpool.spiderpoolController.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolController.serviceAccount.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolController.serviceAccount.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.serviceAccount.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/servicemonitor.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/servicemonitor.yaml new file mode 100644 index 000000000..b56ce2ec3 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/servicemonitor.yaml @@ -0,0 +1,65 @@ +{{- if .Values.spiderpoolAgent.prometheus.serviceMonitor.install -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Values.spiderpoolAgent.name | trunc 63 | trimSuffix "-" }} + namespace: {{ default .Release.Namespace .Values.spiderpoolAgent.prometheus.serviceMonitor.namespace }} + labels: + {{- if or .Values.global.commonAnnotations .Values.spiderpoolAgent.prometheus.serviceMonitor.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolAgent.prometheus.serviceMonitor.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolAgent.prometheus.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 6 }} + {{- end }} + {{- include "spiderpool.spiderpoolAgent.selectorLabels" . | nindent 6 }} + endpoints: + - interval: {{ .Values.spiderpoolAgent.prometheus.serviceMonitor.interval }} + path: /metrics + port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} +{{- end }} +--- +{{- if .Values.spiderpoolController.prometheus.serviceMonitor.install -}} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ default .Release.Namespace .Values.spiderpoolController.prometheus.serviceMonitor.namespace }} + {{- if or .Values.global.commonAnnotations .Values.spiderpoolController.prometheus.serviceMonitor.annotations }} + annotations: + {{- if .Values.global.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.spiderpoolController.prometheus.serviceMonitor.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.spiderpoolController.prometheus.serviceMonitor.annotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + endpoints: + - interval: {{ .Values.spiderpoolController.prometheus.serviceMonitor.interval }} + path: /metrics + port: metrics + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + selector: + matchLabels: + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 6 }} + {{- end }} + {{- include "spiderpool.spiderpoolController.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrole.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrole.yaml new file mode 100644 index 000000000..b523b0e3d --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrole.yaml @@ -0,0 +1,76 @@ +{{- if .Values.sriov.install -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["namespaces", "serviceaccounts"] + verbs: ["*"] + - apiGroups: ["k8s.cni.cncf.io"] + resources: ["network-attachment-definitions"] + verbs: ["*"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["*"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["*"] + - apiGroups: ["sriovnetwork.openshift.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["machineconfiguration.openshift.io"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["config.openshift.io"] + resources: ["infrastructures"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "list", "watch", "patch", "update"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["*"] + - apiGroups: ["apps"] + resources: ["daemonsets"] + verbs: ["get"] + - apiGroups: [""] + resources: ["pods/eviction"] + verbs: ["create"] + - apiGroups: [ "config.openshift.io" ] + resources: [ "infrastructures" ] + verbs: [ "get", "list", "watch" ] +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrolebinding.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrolebinding.yaml new file mode 100644 index 000000000..c8ee756e4 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/clusterrolebinding.yaml @@ -0,0 +1,45 @@ +{{- if .Values.sriov.install -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: ClusterRole + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sriov-network-config-daemon + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +roleRef: + kind: ClusterRole + name: sriov-network-config-daemon + apiGroup: rbac.authorization.k8s.io +subjects: + - kind: ServiceAccount + namespace: {{ .Release.Namespace }} + name: sriov-network-config-daemon +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/configmap.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/configmap.yaml new file mode 100644 index 000000000..424aadac4 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/configmap.yaml @@ -0,0 +1,49 @@ +{{- if .Values.sriov.install -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: supported-nic-ids + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +data: + Intel_i40e_XXV710: "8086 158a 154c" + Intel_i40e_25G_SFP28: "8086 158b 154c" + Intel_i40e_10G_X710_SFP: "8086 1572 154c" + Intel_ixgbe_10G_X550: "8086 1563 1565" + Intel_i40e_X710_X557_AT_10G: "8086 1589 154c" + Intel_i40e_10G_X710_BACKPLANE: "8086 1581 154c" + Intel_i40e_10G_X710_BASE_T: "8086 15ff 154c" + Intel_i40e_XXV710_N3000: "8086 0d58 154c" + Intel_i40e_40G_XL710_QSFP: "8086 1583 154c" + Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889" + Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889" + Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889" + Intel_ice_Columbiaville_E810: "8086 1591 1889" + Nvidia_mlx5_ConnectX-4: "15b3 1013 1014" + Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016" + Nvidia_mlx5_ConnectX-5: "15b3 1017 1018" + Nvidia_mlx5_ConnectX-5_Ex: "15b3 1019 101a" + Nvidia_mlx5_ConnectX-6: "15b3 101b 101c" + Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e" + Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e" + Nvidia_mlx5_ConnectX-7: "15b3 1021 101e" + Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e" + Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e" + Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc" + Broadcom_bnxt_BCM75508_2x100G: "14e4 1750 1806" + Qlogic_qede_QL45000_50G: "1077 1654 1664" + Red_Hat_Virtio_network_device: "1af4 1000 1000" + Marvell_OCTEON_TX2_CN96XX: "177d b200 b203" + Marvell_OCTEON_TX2_CN98XX: "177d b100 b103" + Marvell_OCTEON_Fusion_CNF95XX: "177d b600 b603" + Marvell_OCTEON10_CN10XXX: "177d b900 b903" + Marvell_OCTEON_Fusion_CNF105XX: "177d ba00 ba03" +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/operator.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/operator.yaml new file mode 100644 index 000000000..0093be1b4 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/operator.yaml @@ -0,0 +1,102 @@ +{{- if .Values.sriov.install -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.sriov.replicas }} + selector: + matchLabels: + {{- include "sriov.operator.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 33% + template: + metadata: + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 8 }} + {{- end }} + labels: + {{- include "sriov.operator.selectorLabels" . | nindent 8 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 8 }} + {{- end }} + spec: + {{- with .Values.sriov.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sriov.affinity }} + affinity: + {{- toYaml . | nindent 8}} + {{- end }} + {{- with .Values.sriov.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + priorityClassName: {{ default "system-node-critical" .Values.sriov.priorityClassName }} + {{- if .Values.sriov.image.imagePullSecrets }} + imagePullSecrets: + {{- with .Values.sriov.image.imagePullSecrets }} + {{- toYaml . | trim | nindent 6 }} + {{- end }} + {{- end }} + hostNetwork: {{ .Values.sriov.hostnetwork }} + containers: + - name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + image: {{ include "sriov.operator.image" . | quote }} + command: + - sriov-network-operator + {{- with .Values.sriov.resources }} + resources: + {{- toYaml . | trim | nindent 12 }} + {{- end }} + imagePullPolicy: {{ .Values.sriov.image.pullPolicy }} + env: + - name: WATCH_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SRIOV_CNI_IMAGE + value: {{ include "sriov.sriovCni.image" . | quote }} + - name: SRIOV_INFINIBAND_CNI_IMAGE + value: {{ include "sriov.ibSriovCni.image" . | quote }} + - name: SRIOV_DEVICE_PLUGIN_IMAGE + value: {{ include "sriov.sriovDevicePlugin.image" . | quote }} + - name: NETWORK_RESOURCES_INJECTOR_IMAGE + value: {{ include "sriov.resourcesInjector.image" . | quote }} + - name: SRIOV_NETWORK_CONFIG_DAEMON_IMAGE + value: {{ include "sriov.sriovConfigDaemon.image" . | quote }} + - name: SRIOV_NETWORK_WEBHOOK_IMAGE + value: {{ include "sriov.webhook.image" . | quote }} + - name: RESOURCE_PREFIX + value: {{ .Values.sriov.resourcePrefix }} + - name: OPERATOR_NAME + value: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + - name: ENABLE_ADMISSION_CONTROLLER + value: {{ .Values.sriov.enableAdmissionController | quote }} + - name: IMAGE_PULL_SECRETS + value: {{ .Values.sriov.image.pullPolicy | quote }} + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SRIOV_CNI_BIN_PATH + value: {{ .Values.global.cniBinHostPath }} + - name: CLUSTER_TYPE + value: kubernetes +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/role.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/role.yaml new file mode 100644 index 000000000..ede720604 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/role.yaml @@ -0,0 +1,148 @@ +{{- if .Values.sriov.install -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + creationTimestamp: null + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - pods + - services + - endpoints + - persistentvolumeclaims + - events + - configmaps + - secrets + verbs: + - '*' + - apiGroups: + - apps + resources: + - deployments + - daemonsets + - replicasets + - statefulsets + verbs: + - '*' + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + - apiGroups: + - apps + resourceNames: + - sriov-network-operator + resources: + - deployments/finalizers + verbs: + - update + - apiGroups: + - rbac.authorization.k8s.io + resources: + - serviceaccounts + - roles + - rolebindings + verbs: + - '*' + - apiGroups: + - config.openshift.io + resources: + - infrastructures + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - '*' + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - '*' + - apiGroups: + - sriovnetwork.openshift.io + resources: + - '*' + - sriovnetworknodestates + verbs: + - '*' + - apiGroups: + - security.openshift.io + resourceNames: + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - 'coordination.k8s.io' + resources: + - 'leases' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: operator-webhook-sa + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/rolebinding.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/rolebinding.yaml new file mode 100644 index 000000000..280a115a4 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/rolebinding.yaml @@ -0,0 +1,47 @@ +{{- if .Values.sriov.install -}} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + apiGroup: rbac.authorization.k8s.io +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +subjects: + - kind: ServiceAccount + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: sriov-network-config-daemon + apiGroup: rbac.authorization.k8s.io +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/serviceaccount.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/serviceaccount.yaml new file mode 100644 index 000000000..a7b2eebff --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/sriov-network-operator/serviceaccount.yaml @@ -0,0 +1,31 @@ +{{- if .Values.sriov.install -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.sriov.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sriov-network-config-daemon + namespace: {{ .Release.Namespace }} + labels: + {{- include "sriov.operator.labels" . | nindent 4 }} + {{- if .Values.global.commonLabels }} + {{- include "tplvalues.render" ( dict "value" .Values.global.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.global.commonAnnotations }} + annotations: + {{- include "tplvalues.render" ( dict "value" .Values.global.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/tls.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/tls.yaml new file mode 100644 index 000000000..2521f3b3c --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/templates/tls.yaml @@ -0,0 +1,352 @@ +{{- if (eq .Values.spiderpoolController.tls.method "auto") }} +{{- $_ := include "generate-ca-certs" . }} +{{- end }} +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + annotations: + {{- if (eq .Values.spiderpoolController.tls.method "certmanager") }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}-server-certs + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate-spiderpool-spidernet-io-v2beta1-spidersubnet + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidersubnet.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidersubnets + sideEffects: None +{{- if .Values.multus.enableMultusConfig }} +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate-spiderpool-spidernet-io-v2beta1-spidermultusconfig + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidermultusconfig.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidermultusconfigs + sideEffects: None +{{- end }} +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate-spiderpool-spidernet-io-v2beta1-spiderippool + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spiderippool.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spiderippools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate-spiderpool-spidernet-io-v2beta1-spiderreservedip + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spiderreservedip.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spiderreservedips + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate-spiderpool-spidernet-io-v2beta1-spidercoordinator + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidercoordinator.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidercoordinators + sideEffects: None +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + annotations: + {{- if (eq .Values.spiderpoolController.tls.method "certmanager") }} + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}-server-certs + {{- end }} +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /validate-spiderpool-spidernet-io-v2beta1-spidersubnet + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidersubnet.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidersubnets + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /validate-spiderpool-spidernet-io-v2beta1-spiderippool + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spiderippool.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spiderippools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /validate-spiderpool-spidernet-io-v2beta1-spiderreservedip + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spiderreservedip.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spiderreservedips + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /validate-spiderpool-spidernet-io-v2beta1-spidercoordinator + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidercoordinator.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidercoordinators + sideEffects: None +{{- if .Values.multus.enableMultusConfig }} +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /validate-spiderpool-spidernet-io-v2beta1-spidermultusconfig + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: spidermultusconfig.spiderpool.spidernet.io + rules: + - apiGroups: + - spiderpool.spidernet.io + apiVersions: + - v2beta1 + operations: + - CREATE + - UPDATE + resources: + - spidermultusconfigs + sideEffects: None +{{- end }} + +{{- if eq .Values.spiderpoolController.tls.method "certmanager" -}} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}-server-certs + namespace: {{ .Release.Namespace }} +spec: + issuerRef: + name: {{ .Values.spiderpoolController.tls.certmanager.issuerName | trunc 63 | trimSuffix "-" }} + secretName: {{ .Values.spiderpoolController.tls.secretName | trunc 63 | trimSuffix "-" }} + commonName: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc + dnsNames: + - {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + - {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }} + - {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc + - {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}.{{ .Release.Namespace }}.svc.{{ .Values.global.clusterDnsDomain }} + {{- range $dns := .Values.spiderpoolController.tls.certmanager.extraDnsNames }} + - {{ $dns | quote }} + {{- end }} + {{- if .Values.spiderpoolController.tls.certmanager.extraIPAddresses }} + ipAddresses: + {{- range $ip := .Values.spiderpoolController.tls.certmanager.extraIPAddresses }} + - {{ $ip | quote }} + {{- end }} + {{- end }} + duration: {{ printf "%dh" (mul .Values.spiderpoolController.tls.certmanager.certValidityDuration 24) }} +{{- end }} +{{- if (eq .Values.spiderpoolController.tls.method "provided") }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.spiderpoolController.tls.secretName | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +type: kubernetes.io/tls +data: + ca.crt: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + tls.crt: {{ .Values.spiderpoolController.tls.provided.tlsCert | required "missing spiderpoolController.tls.provided.tlsCert" }} + tls.key: {{ .Values.spiderpoolController.tls.provided.tlsKey | required "missing spiderpoolController.tls.provided.tlsKey" }} +{{- end }} +{{- if eq .Values.spiderpoolController.tls.method "auto" }} +--- +{{- $cn := printf "spidernet.io" }} +{{- $ip := .Values.spiderpoolController.tls.auto.extraIpAddresses }} +{{- $dns1 := printf "%s.%s" .Values.spiderpoolController.name .Release.Namespace }} +{{- $dns2 := printf "%s.%s.svc" .Values.spiderpoolController.name .Release.Namespace }} +{{- $dns3 := printf "%s.%s.svc.%s" .Values.spiderpoolController.name .Release.Namespace .Values.global.clusterDnsDomain }} +{{- $dns := prepend .Values.spiderpoolController.tls.auto.extraDnsNames $dns1 }} +{{- $dns = prepend $dns $dns2 }} +{{- $dns = prepend $dns $dns3 }} +{{- $dns = prepend $dns $cn }} +{{- $cert := genSignedCert $cn $ip $dns (.Values.spiderpoolController.tls.auto.certExpiration | int) .ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.spiderpoolController.tls.secretName | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} +type: kubernetes.io/tls +data: + ca.crt: {{ .ca.Cert | b64enc }} + tls.crt: {{ $cert.Cert | b64enc }} + tls.key: {{ $cert.Key | b64enc }} +{{- end }} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/values.yaml b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/values.yaml new file mode 100644 index 000000000..374afe374 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/charts/spiderpool/values.yaml @@ -0,0 +1,939 @@ +# Default values for spiderpool. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +## @section Global parameters +## +global: + ## @param global.imageRegistryOverride Global image registry for all images, which is used for offline environment + imageRegistryOverride: "" + + ## @param global.nameOverride instance name + ## default spiderpool + nameOverride: "" + + ## @param global.clusterDnsDomain cluster dns domain + clusterDnsDomain: "cluster.local" + + ## @param global.commonAnnotations Annotations to add to all deployed objects + commonAnnotations: {} + + ## @param global.commonLabels Labels to add to all deployed objects + commonLabels: {} + # label1: v1 + # labele: v2 + + ## @param global.cniBinHostPath the host path of the IPAM plugin directory. + cniBinHostPath: /opt/cni/bin + + ## @param global.cniConfHostPath the host path of the cni config directory + cniConfHostPath: /etc/cni/net.d + + ## @param global.ipamUNIXSocketHostPath the host path of unix domain socket for ipam plugin + ipamUNIXSocketHostPath: /var/run/spidernet/spiderpool.sock + + ## @param global.configName the configmap name + configName: "spiderpool-conf" + + ## @param global.ciliumConfigMap the cilium's configMap, default is kube-system/cilium-config + ciliumConfigMap: kube-system/cilium-config + +## @section ipam parameters +## +ipam: + ## @param ipam.enableIPv4 enable ipv4 + enableIPv4: true + + ## @param ipam.enableIPv6 enable ipv6 + enableIPv6: true + + ## @param ipam.enableStatefulSet the network mode + enableStatefulSet: true + + ## @param ipam.enableKubevirtStaticIP the feature to keep kubevirt vm pod static IP + enableKubevirtStaticIP: true + + ## @param ipam.enableSpiderSubnet SpiderSubnet feature gate. + enableSpiderSubnet: true + + ## @param ipam.subnetDefaultFlexibleIPNumber the default flexible IP number of SpiderSubnet feature auto-created IPPools + subnetDefaultFlexibleIPNumber: 1 + + gc: + ## @param ipam.gc.enabled enable retrieve IP in spiderippool CR + enabled: true + + gcAll: + ## @param ipam.gc.gcAll.intervalInSecond the gc all interval duration + intervalInSecond: 600 + + GcDeletingTimeOutPod: + ## @param ipam.gc.GcDeletingTimeOutPod.enabled enable retrieve IP for the pod who times out of deleting graceful period + enabled: true + + ## @param ipam.gc.GcDeletingTimeOutPod.delay the gc delay seconds after the pod times out of deleting graceful period + delay: 0 + +## @section grafanaDashboard parameters +## +grafanaDashboard: + ## @param grafanaDashboard.install install grafanaDashboard for spiderpool. This requires the grafana operator CRDs to be available + install: false + + ## @param grafanaDashboard.namespace the grafanaDashboard namespace. Default to the namespace of helm instance + namespace: "" + + ## @param grafanaDashboard.annotations the additional annotations of spiderpool grafanaDashboard + annotations: {} + + ## @param grafanaDashboard.labels the additional label of spiderpool grafanaDashboard + labels: {} + +## @section coordinator parameters +## +coordinator: + ## @param coordinator.enabled enable SpiderCoordinator + enabled: true + + ## @param coordinator.name the name of the default SpiderCoordinator CR + name: "default" + + ## @param coordinator.mode optional network mode, ["auto","underlay", "overlay", "disabled"] + mode: "auto" + + ## @param coordinator.podCIDRType Pod CIDR type that should be collected, [ "auto", "cluster", "calico", "cilium", "none" ] + podCIDRType: "auto" + + ## @param coordinator.detectGateway detect the reachability of the gateway + detectGateway: false + + ## @param coordinator.detectIPConflict detect IP address conflicts + detectIPConflict: false + + ## @param coordinator.tunePodRoutes tune Pod routes + tunePodRoutes: true + + ## @param coordinator.hijackCIDR Additional subnets that need to be hijacked to the host forward, the default link-local range "169.254.0.0/16" is used for NodeLocal DNS + hijackCIDR: ["169.254.0.0/16"] + +## @section rdma parameters +## +rdma: + rdmaSharedDevicePlugin: + ## @param rdma.rdmaSharedDevicePlugin.install install rdma shared device plugin for macvlan cni + install: false + + ## @param rdma.rdmaSharedDevicePlugin.name the name of rdma shared device plugin + name: "spiderpool-rdma-shared-device-plugin" + + image: + ## @param rdma.rdmaSharedDevicePlugin.image.registry the image registry of rdma shared device plugin + registry: ghcr.io + + ## @param rdma.rdmaSharedDevicePlugin.image.repository the image repository of rdma shared device plugin + repository: mellanox/k8s-rdma-shared-dev-plugin + + ## @param rdma.rdmaSharedDevicePlugin.image.pullPolicy the image pullPolicy of rdma shared device plugin + pullPolicy: IfNotPresent + + ## @param rdma.rdmaSharedDevicePlugin.image.digest the image digest of rdma shared device plugin + digest: "" + + ## @param rdma.rdmaSharedDevicePlugin.image.tag the image tag of rdma shared device plugin + tag: latest + + ## @param rdma.rdmaSharedDevicePlugin.image.imagePullSecrets the image imagePullSecrets of rdma shared device plugin + imagePullSecrets: [] + # - name: "image-pull-secret" + + ## @skip rdma.rdmaSharedDevicePlugin.updateStrategy.rollingUpdate.maxUnavailable + ## @skip rdma.rdmaSharedDevicePlugin.updateStrategy.type + updateStrategy: + rollingUpdate: + maxUnavailable: 2 + type: RollingUpdate + + ## @skip rdma.rdmaSharedDevicePlugin.tolerations + tolerations: + - operator: Exists + + ## @param rdma.rdmaSharedDevicePlugin.podAnnotations the additional annotations + podAnnotations: {} + + ## @param rdma.rdmaSharedDevicePlugin.podLabels the additional label + podLabels: {} + + resources: + limits: + ## @param rdma.rdmaSharedDevicePlugin.resources.limits.cpu the cpu limit + cpu: 300m + ## @param rdma.rdmaSharedDevicePlugin.resources.limits.memory the memory limit + memory: 300Mi + requests: + ## @param rdma.rdmaSharedDevicePlugin.resources.requests.cpu the cpu requests + cpu: 100m + ## @param rdma.rdmaSharedDevicePlugin.resources.requests.memory the memory requests + memory: 50Mi + + deviceConfig: + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.periodicUpdateInterval periodic Update Interval + periodicUpdateInterval: 300 + + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.resourcePrefix resource prefix + resourcePrefix: "spidernet.io" + + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.resourceName resource Name + resourceName: "hca_shared_devices" + + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.rdmaHcaMax rdma Hca Max + rdmaHcaMax: 500 + + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.vendors rdma device vendors, default to mellanox device + vendors: "15b3" + + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.deviceIDs rdma device IDs, default to mellanox device + deviceIDs: "1017" + +## @section multus parameters +## +multus: + ## @param multus.enableMultusConfig enable SpiderMultusConfig + enableMultusConfig: true + + multusCNI: + ## @param multus.multusCNI.install enable install multus-CNI + install: true + + ## @param multus.multusCNI.uninstall enable remove multus-CNI configuration and binary files on multus-ds pod shutdown. Enable this if you uninstall multus from your cluster. Disable this in the multus upgrade phase to prevent CNI configuration file from being removed, which may cause pods start failure + uninstall: false + + ## @param multus.multusCNI.name the name of spiderpool multus + name: "spiderpool-multus" + + image: + ## @param multus.multusCNI.image.registry the multus-CNI image registry + registry: ghcr.io + + ## @param multus.multusCNI.image.repository the multus-CNI image repository + repository: k8snetworkplumbingwg/multus-cni + + ## @param multus.multusCNI.image.pullPolicy the multus-CNI image pullPolicy + pullPolicy: IfNotPresent + + ## @param multus.multusCNI.image.digest the multus-CNI image digest + digest: "" + + ## @param multus.multusCNI.image.tag the multus-CNI image tag + tag: v3.9.3 + # tag: v4.0.2-thick + + ## @param multus.multusCNI.image.imagePullSecrets the multus-CNI image imagePullSecrets + imagePullSecrets: [] + # - name: "image-pull-secret" + + ## @param multus.multusCNI.defaultCniCRName if this value is empty, multus will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/, if no cni files found in /etc/cni/net.d, A Spidermultusconfig CR named default will be created, please update the related SpiderMultusConfig for default CNI after installation. The namespace of defaultCniCRName follows with the release namespace of spdierpool + defaultCniCRName: "" + + securityContext: + ## @param multus.multusCNI.securityContext.privileged the securityContext privileged of multus-CNI daemonset pod + privileged: true + + ## @param multus.multusCNI.extraEnv the additional environment variables of multus-CNI daemonset pod container + extraEnv: [] + + ## @param multus.multusCNI.extraVolumes the additional volumes of multus-CNI daemonset pod container + extraVolumes: [] + # - name: test-val + # mountPath: /host/tmp + + ## @param multus.multusCNI.extraVolumeMounts the additional hostPath mounts of multus-CNI daemonset pod container + extraVolumeMounts: [] + # - name: test-val + # mountPath: /tmp + + log: + ## @param multus.multusCNI.log.logLevel the multus-CNI daemonset pod log level + logLevel: "debug" + + ## @param multus.multusCNI.log.logFile the multus-CNI daemonset pod log file + logFile: "/var/log/multus.log" + +## @section plugins parameters +## +plugins: + ## @param plugins.installCNI install all cni plugins to each node + installCNI: false + + ## @param plugins.installRdmaCNI install rdma cni used to isolate rdma device for sriov cni + installRdmaCNI: true + + ## @param plugins.installOvsCNI install ovs cni to each node + installOvsCNI: true + + ## @param plugins.installibSriovCNI install ib-sriov cni to each node + installibSriovCNI: true + + ## @param plugins.installIpoibCNI install ipoib cni to each node + installIpoibCNI: true + + image: + ## @param plugins.image.registry the image registry of plugins + registry: ghcr.io + + ## @param plugins.image.repository the image repository of plugins + repository: spidernet-io/spiderpool/spiderpool-plugins + + ## @param plugins.image.pullPolicy the image pullPolicy of plugins + pullPolicy: IfNotPresent + + ## @param plugins.image.digest the image digest of plugins + digest: "" + + ## @param plugins.image.tag the image tag of plugins + tag: v0.9.2 + + ## @param plugins.image.imagePullSecrets the image imagePullSecrets of plugins + imagePullSecrets: [] + +## @section clusterDefaultPool parameters +## +clusterDefaultPool: + ## @param clusterDefaultPool.installIPv4IPPool install ipv4 spiderpool instance. It is required to set ipam.enableIPv4=true + installIPv4IPPool: false + + ## @param clusterDefaultPool.installIPv6IPPool install ipv6 spiderpool instance. It is required to set ipam.enableIPv6=true + installIPv6IPPool: false + + ## @param clusterDefaultPool.ipv4IPPoolName the name of ipv4 spiderpool instance + ipv4IPPoolName: "default-v4-ippool" + + ## @param clusterDefaultPool.ipv6IPPoolName the name of ipv6 spiderpool instance + ipv6IPPoolName: "default-v6-ippool" + + ## @param clusterDefaultPool.ipv4SubnetName the name of ipv4 spidersubnet instance + ipv4SubnetName: "default-v4-subnet" + + ## @param clusterDefaultPool.ipv6SubnetName the name of ipv6 spidersubnet instance + ipv6SubnetName: "default-v6-subnet" + + ## @param clusterDefaultPool.ipv4Subnet the subnet of ipv4 spiderpool instance + ipv4Subnet: "" + + ## @param clusterDefaultPool.ipv6Subnet the subnet of ipv6 spiderpool instance + ipv6Subnet: "" + + ## @param clusterDefaultPool.ipv4IPRanges the available IP of ipv4 spiderpool instance + ipv4IPRanges: [] + + ## @param clusterDefaultPool.ipv6IPRanges the available IP of ipv6 spiderpool instance + ipv6IPRanges: [] + + ## @param clusterDefaultPool.ipv4Gateway the gateway of ipv4 subnet + ipv4Gateway: "" + + ## @param clusterDefaultPool.ipv6Gateway the gateway of ipv6 subnet + ipv6Gateway: "" + +## @section spiderpoolAgent parameters +## +spiderpoolAgent: + ## @param spiderpoolAgent.name the spiderpoolAgent name + name: "spiderpool-agent" + + ## @param spiderpoolAgent.binName the binName name of spiderpoolAgent + binName: "/usr/bin/spiderpool-agent" + + image: + ## @param spiderpoolAgent.image.registry the image registry of spiderpoolAgent + registry: ghcr.io + + ## @param spiderpoolAgent.image.repository the image repository of spiderpoolAgent + repository: spidernet-io/spiderpool/spiderpool-agent + + ## @param spiderpoolAgent.image.pullPolicy the image pullPolicy of spiderpoolAgent + pullPolicy: IfNotPresent + + ## @param spiderpoolAgent.image.digest the image digest of spiderpoolAgent, which takes preference over tag + digest: "" + + ## @param spiderpoolAgent.image.tag the image tag of spiderpoolAgent, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + + ## @param spiderpoolAgent.image.imagePullSecrets the image imagePullSecrets of spiderpoolAgent + imagePullSecrets: [] + # - name: "image-pull-secret" + + ## @skip spiderpoolAgent.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + + serviceAccount: + ## @param spiderpoolAgent.serviceAccount.create create the service account for the spiderpoolAgent + create: true + ## @param spiderpoolAgent.serviceAccount.annotations the annotations of spiderpoolAgent service account + annotations: {} + + ## @skip spiderpoolAgent.updateStrategy.rollingUpdate.maxUnavailable + ## @skip spiderpoolAgent.updateStrategy.type + updateStrategy: + rollingUpdate: + maxUnavailable: 2 + type: RollingUpdate + + service: + ## @param spiderpoolAgent.service.annotations the annotations for spiderpoolAgent service + annotations: {} + ## @param spiderpoolAgent.service.type the type for spiderpoolAgent service + type: ClusterIP + + ## @skip spiderpoolAgent.tolerations + tolerations: + - operator: Exists + + ## @param spiderpoolAgent.priorityClassName the priority Class Name for spiderpoolAgent + priorityClassName: "system-node-critical" + + ## @param spiderpoolAgent.affinity the affinity of spiderpoolAgent + affinity: {} + + ## @param spiderpoolAgent.extraArgs the additional arguments of spiderpoolAgent container + extraArgs: [] + + ## @param spiderpoolAgent.extraEnv the additional environment variables of spiderpoolAgent container + extraEnv: [] + + ## @param spiderpoolAgent.extraVolumes the additional volumes of spiderpoolAgent container + extraVolumes: [] + + ## @param spiderpoolAgent.extraVolumeMounts the additional hostPath mounts of spiderpoolAgent container + extraVolumeMounts: [] + + ## @param spiderpoolAgent.podAnnotations the additional annotations of spiderpoolAgent pod + podAnnotations: {} + + ## @param spiderpoolAgent.podLabels the additional label of spiderpoolAgent pod + podLabels: {} + + resources: + limits: + ## @param spiderpoolAgent.resources.limits.cpu the cpu limit of spiderpoolAgent pod + cpu: 1000m + ## @param spiderpoolAgent.resources.limits.memory the memory limit of spiderpoolAgent pod + memory: 1024Mi + requests: + ## @param spiderpoolAgent.resources.requests.cpu the cpu requests of spiderpoolAgent pod + cpu: 100m + ## @param spiderpoolAgent.resources.requests.memory the memory requests of spiderpoolAgent pod + memory: 128Mi + + ## @param spiderpoolAgent.securityContext the security Context of spiderpoolAgent pod + securityContext: {} + # runAsUser: 0 + + ## @param spiderpoolAgent.httpPort the http Port for spiderpoolAgent, for health checking + httpPort: 5710 + + healthChecking: + startupProbe: + ## @param spiderpoolAgent.healthChecking.startupProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 60 + ## @param spiderpoolAgent.healthChecking.startupProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 2 + + livenessProbe: + ## @param spiderpoolAgent.healthChecking.livenessProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 6 + ## @param spiderpoolAgent.healthChecking.livenessProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 10 + + readinessProbe: + ## @param spiderpoolAgent.healthChecking.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 3 + ## @param spiderpoolAgent.healthChecking.readinessProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 10 + + prometheus: + ## @param spiderpoolAgent.prometheus.enabled enable spiderpool agent to collect metrics + enabled: false + + ## @param spiderpoolAgent.prometheus.enabledDebugMetric enable spiderpool agent to collect debug level metrics + enabledDebugMetric: false + + ## @param spiderpoolAgent.prometheus.port the metrics port of spiderpool agent + port: 5711 + + serviceMonitor: + ## @param spiderpoolAgent.prometheus.serviceMonitor.install install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available + install: false + + ## @param spiderpoolAgent.prometheus.serviceMonitor.namespace the serviceMonitor namespace. Default to the namespace of helm instance + namespace: "" + + ## @param spiderpoolAgent.prometheus.serviceMonitor.annotations the additional annotations of spiderpoolAgent serviceMonitor + annotations: {} + + ## @param spiderpoolAgent.prometheus.serviceMonitor.labels the additional label of spiderpoolAgent serviceMonitor + labels: {} + + ## @param spiderpoolAgent.prometheus.serviceMonitor.interval represents the interval of spiderpoolAgent serviceMonitor's scraping action + interval: "10s" + + prometheusRule: + ## @param spiderpoolAgent.prometheus.prometheusRule.install install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available + install: false + + ## @param spiderpoolAgent.prometheus.prometheusRule.namespace the prometheusRule namespace. Default to the namespace of helm instance + namespace: "" + + ## @param spiderpoolAgent.prometheus.prometheusRule.annotations the additional annotations of spiderpoolAgent prometheusRule + annotations: {} + + ## @param spiderpoolAgent.prometheus.prometheusRule.labels the additional label of spiderpoolAgent prometheusRule + labels: {} + + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationFailure the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMAllocationFailure: true + + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationOverTime the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMAllocationOverTime: true + + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMHighAllocationDurations the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMHighAllocationDurations: true + + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseFailure the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMReleaseFailure: true + + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseOverTime the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMReleaseOverTime: true + + debug: + ## @param spiderpoolAgent.debug.logLevel the log level of spiderpool agent [debug, info, warn, error, fatal, panic] + logLevel: "info" + ## @param spiderpoolAgent.debug.gopsPort the gops port of spiderpool agent + gopsPort: 5712 + +## @section spiderpoolController parameters +## +spiderpoolController: + ## @param spiderpoolController.name the spiderpoolController name + name: "spiderpool-controller" + + ## @param spiderpoolController.replicas the replicas number of spiderpoolController pod + replicas: 1 + + ## @param spiderpoolController.binName the binName name of spiderpoolController + binName: "/usr/bin/spiderpool-controller" + + ## @param spiderpoolController.hostnetwork enable hostnetwork mode of spiderpoolController pod. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + + image: + ## @param spiderpoolController.image.registry the image registry of spiderpoolController + registry: ghcr.io + + ## @param spiderpoolController.image.repository the image repository of spiderpoolController + repository: spidernet-io/spiderpool/spiderpool-controller + + ## @param spiderpoolController.image.pullPolicy the image pullPolicy of spiderpoolController + pullPolicy: IfNotPresent + + ## @param spiderpoolController.image.digest the image digest of spiderpoolController, which takes preference over tag + digest: "" + + ## @param spiderpoolController.image.tag the image tag of spiderpoolController, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + + ## @param spiderpoolController.image.imagePullSecrets the image imagePullSecrets of spiderpoolController + imagePullSecrets: [] + # - name: "image-pull-secret" + + ## @skip spiderpoolController.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + + serviceAccount: + ## @param spiderpoolController.serviceAccount.create create the service account for the spiderpoolController + create: true + ## @param spiderpoolController.serviceAccount.annotations the annotations of spiderpoolController service account + annotations: {} + + service: + ## @param spiderpoolController.service.annotations the annotations for spiderpoolController service + annotations: {} + ## @param spiderpoolController.service.type the type for spiderpoolController service + type: ClusterIP + + ## @skip spiderpoolController.tolerations + tolerations: + - operator: Exists + + ## @param spiderpoolController.priorityClassName the priority Class Name for spiderpoolController + priorityClassName: "system-node-critical" + + ## @param spiderpoolController.affinity the affinity of spiderpoolController + affinity: {} + + ## @param spiderpoolController.extraArgs the additional arguments of spiderpoolController container + extraArgs: [] + + ## @param spiderpoolController.extraEnv the additional environment variables of spiderpoolController container + extraEnv: [] + + ## @param spiderpoolController.extraVolumes the additional volumes of spiderpoolController container + extraVolumes: [] + # - name: test-val + # mountPath: /host/tmp + + ## @param spiderpoolController.extraVolumeMounts the additional hostPath mounts of spiderpoolController container + extraVolumeMounts: [] + # - name: test-val + # mountPath: /tmp + + ## @param spiderpoolController.podAnnotations the additional annotations of spiderpoolController pod + podAnnotations: {} + # test: 100 + + ## @param spiderpoolController.podLabels the additional label of spiderpoolController pod + podLabels: {} + + ## @param spiderpoolController.securityContext the security Context of spiderpoolController pod + securityContext: {} + # runAsUser: 0 + + resources: + limits: + ## @param spiderpoolController.resources.limits.cpu the cpu limit of spiderpoolController pod + cpu: 500m + ## @param spiderpoolController.resources.limits.memory the memory limit of spiderpoolController pod + memory: 1024Mi + requests: + ## @param spiderpoolController.resources.requests.cpu the cpu requests of spiderpoolController pod + cpu: 100m + ## @param spiderpoolController.resources.requests.memory the memory requests of spiderpoolController pod + memory: 128Mi + + podDisruptionBudget: + ## @param spiderpoolController.podDisruptionBudget.enabled enable podDisruptionBudget for spiderpoolController pod + enabled: false + + ## @param spiderpoolController.podDisruptionBudget.minAvailable minimum number/percentage of pods that should remain scheduled. + minAvailable: 1 + + ## @param spiderpoolController.httpPort the http Port for spiderpoolController, for health checking and http service + httpPort: 5720 + + healthChecking: + startupProbe: + ## @param spiderpoolController.healthChecking.startupProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 30 + + ## @param spiderpoolController.healthChecking.startupProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 2 + + livenessProbe: + ## @param spiderpoolController.healthChecking.livenessProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 6 + + ## @param spiderpoolController.healthChecking.livenessProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 10 + + readinessProbe: + ## @param spiderpoolController.healthChecking.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 3 + + ## @param spiderpoolController.healthChecking.readinessProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 10 + + ## @param spiderpoolController.webhookPort the http port for spiderpoolController webhook + webhookPort: 5722 + + prometheus: + ## @param spiderpoolController.prometheus.enabled enable spiderpool Controller to collect metrics + enabled: false + + ## @param spiderpoolController.prometheus.enabledDebugMetric enable spiderpool Controller to collect debug level metrics + enabledDebugMetric: false + + ## @param spiderpoolController.prometheus.port the metrics port of spiderpool Controller + port: 5721 + + serviceMonitor: + ## @param spiderpoolController.prometheus.serviceMonitor.install install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available + install: false + + ## @param spiderpoolController.prometheus.serviceMonitor.namespace the serviceMonitor namespace. Default to the namespace of helm instance + namespace: "" + + ## @param spiderpoolController.prometheus.serviceMonitor.annotations the additional annotations of spiderpoolController serviceMonitor + annotations: {} + + ## @param spiderpoolController.prometheus.serviceMonitor.labels the additional label of spiderpoolController serviceMonitor + labels: {} + + ## @param spiderpoolController.prometheus.serviceMonitor.interval represents the interval of spiderpoolController serviceMonitor's scraping action + interval: "10s" + + prometheusRule: + ## @param spiderpoolController.prometheus.prometheusRule.install install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available + install: false + + ## @param spiderpoolController.prometheus.prometheusRule.namespace the prometheusRule namespace. Default to the namespace of helm instance + namespace: "" + + ## @param spiderpoolController.prometheus.prometheusRule.annotations the additional annotations of spiderpoolController prometheusRule + annotations: {} + + ## @param spiderpoolController.prometheus.prometheusRule.labels the additional label of spiderpoolController prometheusRule + labels: {} + + ## @param spiderpoolController.prometheus.prometheusRule.enableWarningIPGCFailureCounts the additional rule of spiderpoolController prometheusRule + enableWarningIPGCFailureCounts: true + + debug: + ## @param spiderpoolController.debug.logLevel the log level of spiderpool Controller [debug, info, warn, error, fatal, panic] + logLevel: "info" + + ## @param spiderpoolController.debug.gopsPort the gops port of spiderpool Controller + gopsPort: 5724 + + ## TLS configuration for webhook + tls: + ## @param spiderpoolController.tls.method the method for generating TLS certificates. [ provided , certmanager , auto] + ## - provided: provide all certificates by helm options + ## - certmanager: This method use cert-manager to generate & rotate certificates. + ## - auto: Auto generate cert. + method: auto + + ## @param spiderpoolController.tls.secretName the secret name for storing TLS certificates + secretName: "spiderpool-controller-server-certs" + + ## for certmanager method + certmanager: + ## @param spiderpoolController.tls.certmanager.certValidityDuration generated certificates validity duration in days for 'certmanager' method + certValidityDuration: 365 + + ## @param spiderpoolController.tls.certmanager.issuerName issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created. + issuerName: "" + + ## @param spiderpoolController.tls.certmanager.extraDnsNames extra DNS names added to certificate when it's auto generated + extraDnsNames: [] + + ## @param spiderpoolController.tls.certmanager.extraIPAddresses extra IP addresses added to certificate when it's auto generated + extraIPAddresses: [] + + ## for provided method + provided: + ## @param spiderpoolController.tls.provided.tlsCert encoded tls certificate for provided method + ## @param spiderpoolController.tls.provided.tlsKey encoded tls key for provided method + ## @param spiderpoolController.tls.provided.tlsCa encoded tls CA for provided method + tlsCert: "" + tlsKey: "" + tlsCa: "" + + ## for auto method + auto: + ## @param spiderpoolController.tls.auto.caExpiration ca expiration for auto method + # in day , default 200 years + caExpiration: '73000' + + ## @param spiderpoolController.tls.auto.certExpiration server cert expiration for auto method + # in day, default 200 years + certExpiration: '73000' + + ## @param spiderpoolController.tls.auto.extraIpAddresses extra IP addresses of server certificate for auto method + extraIpAddresses: [] + + ## @param spiderpoolController.tls.auto.extraDnsNames extra DNS names of server cert for auto method + extraDnsNames: [] + +## @section spiderpoolInit parameters +## +spiderpoolInit: + ## @param spiderpoolInit.name the init job for installing default spiderippool + name: "spiderpool-init" + + ## @param spiderpoolInit.binName the binName name of spiderpoolInit + binName: "/usr/bin/spiderpool-init" + + ## @param spiderpoolInit.hostnetwork enable hostnetwork mode of spiderpoolInit pod. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + + image: + ## @param spiderpoolInit.image.registry the image registry of spiderpoolInit + registry: ghcr.io + + ## @param spiderpoolInit.image.repository the image repository of spiderpoolInit + repository: spidernet-io/spiderpool/spiderpool-controller + + ## @param spiderpoolInit.image.pullPolicy the image pullPolicy of spiderpoolInit + pullPolicy: IfNotPresent + + ## @param spiderpoolInit.image.digest the image digest of spiderpoolInit, which takes preference over tag + digest: "" + + ## @param spiderpoolInit.image.tag the image tag of spiderpoolInit, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + + ## @param spiderpoolInit.image.imagePullSecrets the image imagePullSecrets of spiderpoolInit + imagePullSecrets: [] + # - name: "image-pull-secret" + + ## @param spiderpoolInit.priorityClassName the priority Class Name for spiderpoolInit + priorityClassName: "system-node-critical" + + ## @skip spiderpoolInit.tolerations + tolerations: + - operator: Exists + + ## @skip spiderpoolInit.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + + ## @param spiderpoolInit.affinity the affinity of spiderpoolInit + affinity: {} + + ## @param spiderpoolInit.extraArgs the additional arguments of spiderpoolInit container + extraArgs: [] + + resources: + limits: + ## @param spiderpoolInit.resources.limits.cpu the cpu limit of spiderpoolInit pod + cpu: 200m + ## @param spiderpoolInit.resources.limits.memory the memory limit of spiderpoolInit pod + memory: 256Mi + requests: + ## @param spiderpoolInit.resources.requests.cpu the cpu requests of spiderpoolInit pod + cpu: 100m + ## @param spiderpoolInit.resources.requests.memory the memory requests of spiderpoolInit pod + memory: 128Mi + + readinessProbe: + ## @param spiderpoolInit.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpool-init health checking + failureThreshold: 30 + + ## @param spiderpoolInit.readinessProbe.periodSeconds the period seconds of startup probe for spiderpool-init health checking + periodSeconds: 10 + + ## @param spiderpoolInit.extraEnv the additional environment variables of spiderpoolInit container + extraEnv: [] + + ## @param spiderpoolInit.securityContext the security Context of spiderpoolInit pod + securityContext: {} + # runAsUser: 0 + + ## @param spiderpoolInit.podAnnotations the additional annotations of spiderpoolInit pod + podAnnotations: {} + + ## @param spiderpoolInit.podLabels the additional label of spiderpoolInit pod + podLabels: {} + + serviceAccount: + ## @param spiderpoolInit.serviceAccount.annotations the annotations of spiderpoolInit service account + annotations: {} + +## @section sriov network operator parameters +## +sriov: + ## @param sriov.install install sriov network operator + install: false + + ## @param sriov.name the name of sriov network operator + name: "spiderpool-sriov-operator" + + ## @skip sriov.tolerations + tolerations: + - operator: Exists + + ## @skip sriov.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + + ## @param sriov.affinity the affinity + affinity: {} + + ## @param sriov.hostnetwork enable hostnetwork mode. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + + ## @param sriov.replicas the replicas number + replicas: 1 + + ## @param sriov.resourcePrefix the resource prefix + resourcePrefix: "spidernet.io" + + ## @param sriov.priorityClassName the priority Class Name + priorityClassName: "system-node-critical" + + ## @param sriov.enableAdmissionController enable Admission Controller + enableAdmissionController: false + + resources: + limits: + ## @param sriov.resources.limits.cpu the cpu limit + cpu: 300m + ## @param sriov.resources.limits.memory the memory limit + memory: 300Mi + requests: + ## @param sriov.resources.requests.cpu the cpu requests + cpu: 100m + ## @param sriov.resources.requests.memory the memory requests + memory: 128Mi + + image: + ## @param sriov.image.registry registry for all images + registry: ghcr.io + + ## @param sriov.image.pullPolicy the image pullPolicy for all images + pullPolicy: IfNotPresent + + ## @param sriov.image.imagePullSecrets the image imagePullSecrets for all images + imagePullSecrets: [] + # - name: "image-pull-secret" + + operator: + ## @param sriov.image.operator.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator + + ## @param sriov.image.operator.tag the image tag + tag: v1.2.0 + + sriovConfigDaemon: + ## @param sriov.image.sriovConfigDaemon.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator-config-daemon + + ## @param sriov.image.sriovConfigDaemon.tag the image tag + tag: v1.2.0 + + sriovCni: + ## @param sriov.image.sriovCni.repository the image repository + repository: k8snetworkplumbingwg/sriov-cni + + ## @param sriov.image.sriovCni.tag the image tag + tag: v2.7.0 + + ibSriovCni: + ## @param sriov.image.ibSriovCni.repository the image repository + repository: k8snetworkplumbingwg/ib-sriov-cni + + ## @param sriov.image.ibSriovCni.tag the image tag + tag: v1.0.2 + + sriovDevicePlugin: + ## @param sriov.image.sriovDevicePlugin.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-device-plugin + + ## @param sriov.image.sriovDevicePlugin.tag the image tag + tag: v3.5.1 + + resourcesInjector: + ## @param sriov.image.resourcesInjector.repository the image repository + repository: k8snetworkplumbingwg/network-resources-injector + + ## @param sriov.image.resourcesInjector.tag the image tag + tag: v1.5 + + webhook: + ## @param sriov.image.webhook.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator-webhook + + ## @param sriov.image.webhook.tag the image tag + tag: v1.2.0 diff --git a/build/helm/edgemesh/charts/spiderpool/values.schema.json b/build/helm/edgemesh/charts/spiderpool/values.schema.json new file mode 100644 index 000000000..2160ea406 --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/values.schema.json @@ -0,0 +1,439 @@ +{ + "$schema": "https://json-schema.org/draft-07/schema", + "type": "object", + "properties": { + "spiderpool": { + "title": "The spiderpool Schema", + "type": "object", + "properties": { + "global": { + "title": "Global Setting", + "type": "object", + "required": [ + "imageRegistryOverride" + ], + "properties": { + "imageRegistryOverride": { + "title": "global image Registry", + "type": "string", + "default": "ghcr.m.daocloud.io", + "examples": [ + "ghcr.m.daocloud.io" + ] + } + } + }, + "spiderpoolAgent": { + "title": "Spiderpool Agent Setting", + "description": "spiderpool agent is a daemonset", + "type": "object", + "properties": { + "image": { + "title": "Spiderpool Agent Image", + "type": "object", + "required": [ + "repository" + ], + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "spidernet-io/spiderpool/spiderpool-agent", + "examples": [ + "spidernet-io/spiderpool/spiderpool-agent" + ] + } + } + } + } + }, + "spiderpoolController": { + "title": "Spiderpool Controller Setting", + "description": "spiderpool controller is a deployment", + "type": "object", + "required": [ + "replicas" + ], + "properties": { + "replicas": { + "title": "replicas number", + "type": "integer", + "default": 1, + "minimum": 1, + "examples": [ + 1 + ] + }, + "image": { + "title": "Spiderpool Controller Image", + "type": "object", + "required": [ + "repository" + ], + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "spidernet-io/spiderpool/spiderpool-controller" + } + } + } + } + }, + "multus": { + "type": "object", + "title": "Multus Setting", + "properties": { + "multusCNI": { + "type": "object", + "required": [ + "install" + ], + "properties": { + "install": { + "type": "boolean", + "title": "Install Multus CNI", + "description": "If you already have multus installed, you can set it to false. Default to true", + "default": true, + "examples": [ + { + "install": true + } + ] + }, + "defaultCniCRName": { + "type": "string", + "title": "Default CNI Name", + "description": "The name of cluster default CNI name. Default is \"\", If this value is empty, spiderpool will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/" + }, + "image": { + "type": "object", + "title": "Multus Image", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/multus-cni" + } + } + } + } + } + } + }, + "sriov": { + "type": "object", + "title": "SriovCNI", + "properties": { + "install": { + "type": "boolean", + "title": "Install Sriov-CNI", + "description": "Install all SR-IOV components on-demand through the SRIOV operator." + }, + "image": { + "type": "object", + "properties": { + "operator": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/sriov-network-operator", + "examples": [ + "k8snetworkplumbingwg/sriov-network-operator" + ] + } + } + }, + "sriovCni": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/sriov-cni", + "examples": [ + "k8snetworkplumbingwg/sriov-cni" + ] + } + } + }, + "sriovDevicePlugin": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/sriov-network-device-plugin", + "examples": [ + "k8snetworkplumbingwg/sriov-network-device-plugin" + ] + } + } + }, + "sriovConfigDaemon": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/sriov-network-operator-config-daemon", + "examples": [ + "k8snetworkplumbingwg/sriov-network-operator-config-daemon" + ] + } + } + }, + "ibSriovCni": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/ib-sriov-cni", + "examples": [ + "k8snetworkplumbingwg/ib-sriov-cni" + ] + } + } + }, + "resourcesInjector": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/network-resources-injector", + "examples": [ + "k8snetworkplumbingwg/network-resources-injector" + ] + } + } + }, + "webhook": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "k8snetworkplumbingwg/sriov-network-operator-webhook", + "examples": [ + "k8snetworkplumbingwg/sriov-network-operator-webhook" + ] + } + } + } + } + } + } + }, + "rdma": { + "type": "object", + "properties": { + "rdmaSharedDevicePlugin": { + "type": "object", + "title": "RdmaSharedDevicePlugin", + "properties": { + "install": { + "type": "boolean", + "title": "Install RdmaSharedDevicePlugin", + "description": "RdmaSharedDevicePlugin can be used with macvlan for RDMA" + }, + "image": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "mellanox/k8s-rdma-shared-dev-plugin", + "examples": [ + "mellanox/k8s-rdma-shared-dev-plugin" + ] + } + } + }, + "deviceConfig": { + "type": "object", + "title": "RdmaSharedDevicePlugin Config", + "properties": { + "resourceName": { + "type": "string", + "default": "hca_shared_devices", + "description": "Endpoint resource name. Should not contain special characters, must be unique in the scope of the resource prefix.", + "examples": [ + "hca_shared_devices" + ] + }, + "vendors": { + "type": "string", + "default": "15b3", + "description": "Target device's vendor Hex code as string, Example: \"15b3\"." + }, + "deviceIDs": { + "type": "string", + "description": "A list of devices IDs to be selected. Examples: \"1017\".", + "default": "1017", + "examples": [ + "1017" + ] + } + } + } + } + } + } + }, + "plugins": { + "type": "object", + "title": "CNI-Plugins", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "title": "repository", + "type": "string", + "default": "spidernet-io/spiderpool/spiderpool-plugins", + "examples": [ + "spidernet-io/spiderpool/spiderpool-plugins" + ] + } + } + }, + "installCNI": { + "type": "boolean", + "title": "install CNI-Plugins", + "description": "install CNI-Plugins binary(macvlan, ipvlan, etc.) to each node. If you haven't installed it, you can set it to true. Default to false", + "default": false, + "examples": [ + false + ] + }, + "installRdmaCNI": { + "type": "boolean", + "title": "install RDMA-CNI", + "description": "install RDMA-CNI plugin binary to each node. If you haven't installed it, you can set it to true. Default to true", + "default": true, + "examples": [ + false + ] + } + } + }, + "ipam": { + "title": "IP Family Setting", + "type": "object", + "default": {}, + "required": [ + "enableIPv4", + "enableIPv6" + ], + "properties": { + "enableIPv4": { + "title": "enable IPv4", + "description": "enable IPAM IPv4 feature. Notice: required to create IPv4 ippool", + "type": "boolean", + "default": true, + "examples": [ + true + ] + }, + "enableIPv6": { + "title": "enable IPv6", + "description": "enable IPAM IPv6 feature. Notice: required to create IPv6 ippool", + "type": "boolean", + "default": false, + "examples": [ + true + ] + } + } + }, + "clusterDefaultPool": { + "title": "Cluster Default Ippool Installation", + "type": "object", + "default": {}, + "required": [ + "installIPv4IPPool", + "installIPv6IPPool" + ], + "properties": { + "installIPv4IPPool": { + "title": "install IPv4 ippool", + "description": "when 'enable IPv4', required to install IPv4 ippool", + "type": "boolean", + "default": false, + "examples": [ + false + ] + }, + "installIPv6IPPool": { + "title": "install IPv6 ippool", + "description": "when 'enable IPv6', required to install IPv6 ippool", + "type": "boolean", + "default": false, + "examples": [ + false + ] + }, + "ipv4Subnet": { + "title": "IPv4 ippool subnet", + "type": "string", + "default": "192.168.1.0/24", + "examples": [ + "192.168.1.0/24" + ] + }, + "ipv6Subnet": { + "title": "IPv6 ippool subnet", + "type": "string", + "default": "fd00::/64", + "examples": [ + "fd00::/64" + ] + }, + "ipv4Gateway": { + "title": "IPv4 ippool gateway", + "default": "192.168.1.1", + "type": "string" + }, + "ipv6Gateway": { + "title": "IPv6 ippool gateway", + "default": "fd00::1", + "type": "string" + }, + "ipv4IPRanges": { + "title": "IP Ranges for default IPv4 ippool", + "type": "array", + "description": "each item could be range format like '192.168.0.10-192.168.0.100', or comma format like '192.168.0.10,192.168.0.11,192.168.0.12'. Notice: all IP address must belong to ipv4Subnet", + "default": [], + "items": { + "type": "string" + }, + "examples": [ + [ + "192.168.1.10-192.168.1.200" + ] + ] + }, + "ipv6IPRanges": { + "title": "IP Ranges for default IPv6 ippool", + "type": "array", + "description": "each item could be range format like 'fd00::10-fd00::200', or comma format like 'fd00::10,fd00::20,fd00::30'. Notice: all IP address must belong to ipv6Subnet ", + "default": [], + "items": { + "type": "string" + }, + "examples": [ + [ + "fd00::10-fd00::200" + ] + ] + } + } + } + } + } + } +} \ No newline at end of file diff --git a/build/helm/edgemesh/charts/spiderpool/values.yaml b/build/helm/edgemesh/charts/spiderpool/values.yaml new file mode 100644 index 000000000..2a36a0f2e --- /dev/null +++ b/build/helm/edgemesh/charts/spiderpool/values.yaml @@ -0,0 +1,710 @@ +# child values +spiderpool: + # Default values for spiderpool. + # This is a YAML-formatted file. + # Declare variables to be passed into your templates. + + ## @section Global parameters + ## + global: + ## @param global.imageRegistryOverride Global image registry for all images, which is used for offline environment + imageRegistryOverride: "ghcr.m.daocloud.io" + ## @param global.nameOverride instance name + ## default spiderpool + nameOverride: "" + ## @param global.clusterDnsDomain cluster dns domain + clusterDnsDomain: "cluster.local" + ## @param global.commonAnnotations Annotations to add to all deployed objects + commonAnnotations: {} + ## @param global.commonLabels Labels to add to all deployed objects + commonLabels: {} + # label1: v1 + # labele: v2 + + ## @param global.cniBinHostPath the host path of the IPAM plugin directory. + cniBinHostPath: /opt/cni/bin + ## @param global.cniConfHostPath the host path of the cni config directory + cniConfHostPath: /etc/cni/net.d + ## @param global.ipamUNIXSocketHostPath the host path of unix domain socket for ipam plugin + ipamUNIXSocketHostPath: /var/run/spidernet/spiderpool.sock + ## @param global.configName the configmap name + configName: "spiderpool-conf" + ## @param global.ciliumConfigMap the cilium's configMap, default is kube-system/cilium-config + ciliumConfigMap: kube-system/cilium-config + ## @section ipam parameters + ## + ipam: + ## @param ipam.enableIPv4 enable ipv4 + enableIPv4: true + ## @param ipam.enableIPv6 enable ipv6 + enableIPv6: false + ## @param ipam.enableStatefulSet the network mode + enableStatefulSet: true + ## @param ipam.enableKubevirtStaticIP the feature to keep kubevirt vm pod static IP + enableKubevirtStaticIP: true + ## @param ipam.enableSpiderSubnet SpiderSubnet feature gate. + enableSpiderSubnet: true + ## @param ipam.subnetDefaultFlexibleIPNumber the default flexible IP number of SpiderSubnet feature auto-created IPPools + subnetDefaultFlexibleIPNumber: 1 + gc: + ## @param ipam.gc.enabled enable retrieve IP in spiderippool CR + enabled: true + gcAll: + ## @param ipam.gc.gcAll.intervalInSecond the gc all interval duration + intervalInSecond: 600 + GcDeletingTimeOutPod: + ## @param ipam.gc.GcDeletingTimeOutPod.enabled enable retrieve IP for the pod who times out of deleting graceful period + enabled: true + ## @param ipam.gc.GcDeletingTimeOutPod.delay the gc delay seconds after the pod times out of deleting graceful period + delay: 0 + ## @section grafanaDashboard parameters + ## + grafanaDashboard: + ## @param grafanaDashboard.install install grafanaDashboard for spiderpool. This requires the grafana operator CRDs to be available + install: false + ## @param grafanaDashboard.namespace the grafanaDashboard namespace. Default to the namespace of helm instance + namespace: "" + ## @param grafanaDashboard.annotations the additional annotations of spiderpool grafanaDashboard + annotations: {} + ## @param grafanaDashboard.labels the additional label of spiderpool grafanaDashboard + labels: {} + ## @section coordinator parameters + ## + coordinator: + ## @param coordinator.enabled enable SpiderCoordinator + enabled: true + ## @param coordinator.name the name of the default SpiderCoordinator CR + name: "default" + ## @param coordinator.mode optional network mode, ["auto","underlay", "overlay", "disabled"] + mode: "auto" + ## @param coordinator.podCIDRType Pod CIDR type that should be collected, [ "auto", "cluster", "calico", "cilium", "none" ] + podCIDRType: "auto" + ## @param coordinator.detectGateway detect the reachability of the gateway + detectGateway: true + ## @param coordinator.detectIPConflict detect IP address conflicts + detectIPConflict: true + ## @param coordinator.tunePodRoutes tune Pod routes + tunePodRoutes: true + ## @param coordinator.hijackCIDR Additional subnets that need to be hijacked to the host forward, the default link-local range "169.254.0.0/16" is used for NodeLocal DNS + hijackCIDR: ["169.254.0.0/16"] + ## @section rdma parameters + ## + rdma: + rdmaSharedDevicePlugin: + ## @param rdma.rdmaSharedDevicePlugin.install install rdma shared device plugin for macvlan cni + install: false + ## @param rdma.rdmaSharedDevicePlugin.name the name of rdma shared device plugin + name: "spiderpool-rdma-shared-device-plugin" + image: + ## @param rdma.rdmaSharedDevicePlugin.image.registry the image registry of rdma shared device plugin + registry: ghcr.m.daocloud.io + ## @param rdma.rdmaSharedDevicePlugin.image.repository the image repository of rdma shared device plugin + repository: mellanox/k8s-rdma-shared-dev-plugin + ## @param rdma.rdmaSharedDevicePlugin.image.pullPolicy the image pullPolicy of rdma shared device plugin + pullPolicy: IfNotPresent + ## @param rdma.rdmaSharedDevicePlugin.image.digest the image digest of rdma shared device plugin + digest: "" + ## @param rdma.rdmaSharedDevicePlugin.image.tag the image tag of rdma shared device plugin + tag: latest + ## @param rdma.rdmaSharedDevicePlugin.image.imagePullSecrets the image imagePullSecrets of rdma shared device plugin + imagePullSecrets: [] + # - name: "image-pull-secret" + ## @skip rdma.rdmaSharedDevicePlugin.updateStrategy.rollingUpdate.maxUnavailable + ## @skip rdma.rdmaSharedDevicePlugin.updateStrategy.type + updateStrategy: + rollingUpdate: + maxUnavailable: 2 + type: RollingUpdate + ## @skip rdma.rdmaSharedDevicePlugin.tolerations + tolerations: + - operator: Exists + ## @param rdma.rdmaSharedDevicePlugin.podAnnotations the additional annotations + podAnnotations: {} + ## @param rdma.rdmaSharedDevicePlugin.podLabels the additional label + podLabels: {} + resources: + limits: + ## @param rdma.rdmaSharedDevicePlugin.resources.limits.cpu the cpu limit + cpu: 300m + ## @param rdma.rdmaSharedDevicePlugin.resources.limits.memory the memory limit + memory: 300Mi + requests: + ## @param rdma.rdmaSharedDevicePlugin.resources.requests.cpu the cpu requests + cpu: 100m + ## @param rdma.rdmaSharedDevicePlugin.resources.requests.memory the memory requests + memory: 50Mi + deviceConfig: + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.periodicUpdateInterval periodic Update Interval + periodicUpdateInterval: 300 + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.resourcePrefix resource prefix + resourcePrefix: "spidernet.io" + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.resourceName resource Name + resourceName: "hca_shared_devices" + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.rdmaHcaMax rdma Hca Max + rdmaHcaMax: 500 + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.vendors rdma device vendors, default to mellanox device + vendors: "15b3" + ## @param rdma.rdmaSharedDevicePlugin.deviceConfig.deviceIDs rdma device IDs, default to mellanox device + deviceIDs: "1017" + ## @section multus parameters + ## + multus: + ## @param multus.enableMultusConfig enable SpiderMultusConfig + enableMultusConfig: true + multusCNI: + ## @param multus.multusCNI.install enable install multus-CNI + install: true + ## @param multus.multusCNI.uninstall enable remove multus-CNI configuration and binary files on multus-ds pod shutdown. Enable this if you uninstall multus from your cluster. Disable this in the multus upgrade phase to prevent CNI configuration file from being removed, which may cause pods start failure + uninstall: true + ## @param multus.multusCNI.name the name of spiderpool multus + name: "spiderpool-multus" + image: + ## @param multus.multusCNI.image.registry the multus-CNI image registry + registry: ghcr.m.daocloud.io + ## @param multus.multusCNI.image.repository the multus-CNI image repository + repository: k8snetworkplumbingwg/multus-cni + ## @param multus.multusCNI.image.pullPolicy the multus-CNI image pullPolicy + pullPolicy: IfNotPresent + ## @param multus.multusCNI.image.digest the multus-CNI image digest + digest: "" + ## @param multus.multusCNI.image.tag the multus-CNI image tag + tag: v3.9.3 + # tag: v4.0.2-thick + + ## @param multus.multusCNI.image.imagePullSecrets the multus-CNI image imagePullSecrets + imagePullSecrets: [] + # - name: "image-pull-secret" + ## @param multus.multusCNI.defaultCniCRName if this value is empty, multus will automatically get default CNI according to the existed CNI conf file in /etc/cni/net.d/, if no cni files found in /etc/cni/net.d, A Spidermultusconfig CR named default will be created, please update the related SpiderMultusConfig for default CNI after installation. The namespace of defaultCniCRName follows with the release namespace of spdierpool + defaultCniCRName: "" + securityContext: + ## @param multus.multusCNI.securityContext.privileged the securityContext privileged of multus-CNI daemonset pod + privileged: true + ## @param multus.multusCNI.extraEnv the additional environment variables of multus-CNI daemonset pod container + extraEnv: [] + ## @param multus.multusCNI.extraVolumes the additional volumes of multus-CNI daemonset pod container + extraVolumes: [] + # - name: test-val + # mountPath: /host/tmp + + ## @param multus.multusCNI.extraVolumeMounts the additional hostPath mounts of multus-CNI daemonset pod container + extraVolumeMounts: [] + # - name: test-val + # mountPath: /tmp + + log: + ## @param multus.multusCNI.log.logLevel the multus-CNI daemonset pod log level + logLevel: "debug" + ## @param multus.multusCNI.log.logFile the multus-CNI daemonset pod log file + logFile: "/var/log/multus.log" + ## @section plugins parameters + ## + plugins: + ## @param plugins.installCNI install all cni plugins to each node + installCNI: false + ## @param plugins.installRdmaCNI install rdma cni used to isolate rdma device for sriov cni + installRdmaCNI: true + ## @param plugins.installOvsCNI install ovs cni to each node + installOvsCNI: true + ## @param plugins.installibSriovCNI install ib-sriov cni to each node + installibSriovCNI: true + ## @param plugins.installIpoibCNI install ipoib cni to each node + installIpoibCNI: true + image: + ## @param plugins.image.registry the image registry of plugins + registry: ghcr.m.daocloud.io + ## @param plugins.image.repository the image repository of plugins + repository: spidernet-io/spiderpool/spiderpool-plugins + ## @param plugins.image.pullPolicy the image pullPolicy of plugins + pullPolicy: IfNotPresent + ## @param plugins.image.digest the image digest of plugins + digest: "" + ## @param plugins.image.tag the image tag of plugins + tag: v0.9.2 + ## @param plugins.image.imagePullSecrets the image imagePullSecrets of plugins + imagePullSecrets: [] + ## @section clusterDefaultPool parameters + ## + clusterDefaultPool: + ## @param clusterDefaultPool.installIPv4IPPool install ipv4 spiderpool instance. It is required to set ipam.enableIPv4=true + installIPv4IPPool: true + ## @param clusterDefaultPool.installIPv6IPPool install ipv6 spiderpool instance. It is required to set ipam.enableIPv6=true + installIPv6IPPool: false + ## @param clusterDefaultPool.ipv4IPPoolName the name of ipv4 spiderpool instance + ipv4IPPoolName: "default-v4-ippool" + ## @param clusterDefaultPool.ipv6IPPoolName the name of ipv6 spiderpool instance + ipv6IPPoolName: "default-v6-ippool" + ## @param clusterDefaultPool.ipv4SubnetName the name of ipv4 spidersubnet instance + ipv4SubnetName: "default-v4-subnet" + ## @param clusterDefaultPool.ipv6SubnetName the name of ipv6 spidersubnet instance + ipv6SubnetName: "default-v6-subnet" + ## @param clusterDefaultPool.ipv4Subnet the subnet of ipv4 spiderpool instance + ipv4Subnet: "192.168.0.0/16" + ## @param clusterDefaultPool.ipv6Subnet the subnet of ipv6 spiderpool instance + ipv6Subnet: "fd00::/112" + ## @param clusterDefaultPool.ipv4IPRanges the available IP of ipv4 spiderpool instance + ipv4IPRanges: + - 192.168.0.10-192.168.0.100 + ## @param clusterDefaultPool.ipv6IPRanges the available IP of ipv6 spiderpool instance + ipv6IPRanges: + - fd00::10-fd00::100 + ## @param clusterDefaultPool.ipv4Gateway the gateway of ipv4 subnet + ipv4Gateway: "192.168.0.1" + ## @param clusterDefaultPool.ipv6Gateway the gateway of ipv6 subnet + ipv6Gateway: "fd00::1" + ## @section spiderpoolAgent parameters + ## + spiderpoolAgent: + ## @param spiderpoolAgent.name the spiderpoolAgent name + name: "spiderpool-agent" + ## @param spiderpoolAgent.binName the binName name of spiderpoolAgent + binName: "/usr/bin/spiderpool-agent" + image: + ## @param spiderpoolAgent.image.registry the image registry of spiderpoolAgent + registry: ghcr.m.daocloud.io + ## @param spiderpoolAgent.image.repository the image repository of spiderpoolAgent + repository: spidernet-io/spiderpool/spiderpool-agent + ## @param spiderpoolAgent.image.pullPolicy the image pullPolicy of spiderpoolAgent + pullPolicy: IfNotPresent + ## @param spiderpoolAgent.image.digest the image digest of spiderpoolAgent, which takes preference over tag + digest: "" + ## @param spiderpoolAgent.image.tag the image tag of spiderpoolAgent, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + ## @param spiderpoolAgent.image.imagePullSecrets the image imagePullSecrets of spiderpoolAgent + imagePullSecrets: [] + # - name: "image-pull-secret" + ## @skip spiderpoolAgent.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + serviceAccount: + ## @param spiderpoolAgent.serviceAccount.create create the service account for the spiderpoolAgent + create: true + ## @param spiderpoolAgent.serviceAccount.annotations the annotations of spiderpoolAgent service account + annotations: {} + ## @skip spiderpoolAgent.updateStrategy.rollingUpdate.maxUnavailable + ## @skip spiderpoolAgent.updateStrategy.type + updateStrategy: + rollingUpdate: + maxUnavailable: 2 + type: RollingUpdate + service: + ## @param spiderpoolAgent.service.annotations the annotations for spiderpoolAgent service + annotations: {} + ## @param spiderpoolAgent.service.type the type for spiderpoolAgent service + type: ClusterIP + ## @skip spiderpoolAgent.tolerations + tolerations: + - operator: Exists + ## @param spiderpoolAgent.priorityClassName the priority Class Name for spiderpoolAgent + priorityClassName: "system-node-critical" + ## @param spiderpoolAgent.affinity the affinity of spiderpoolAgent + affinity: {} + ## @param spiderpoolAgent.extraArgs the additional arguments of spiderpoolAgent container + extraArgs: [] + ## @param spiderpoolAgent.extraEnv the additional environment variables of spiderpoolAgent container + extraEnv: [] + ## @param spiderpoolAgent.extraVolumes the additional volumes of spiderpoolAgent container + extraVolumes: [] + ## @param spiderpoolAgent.extraVolumeMounts the additional hostPath mounts of spiderpoolAgent container + extraVolumeMounts: [] + ## @param spiderpoolAgent.podAnnotations the additional annotations of spiderpoolAgent pod + podAnnotations: {} + ## @param spiderpoolAgent.podLabels the additional label of spiderpoolAgent pod + podLabels: {} + resources: + limits: + ## @param spiderpoolAgent.resources.limits.cpu the cpu limit of spiderpoolAgent pod + cpu: 1000m + ## @param spiderpoolAgent.resources.limits.memory the memory limit of spiderpoolAgent pod + memory: 1024Mi + requests: + ## @param spiderpoolAgent.resources.requests.cpu the cpu requests of spiderpoolAgent pod + cpu: 10m + ## @param spiderpoolAgent.resources.requests.memory the memory requests of spiderpoolAgent pod + memory: 32Mi + ## @param spiderpoolAgent.securityContext the security Context of spiderpoolAgent pod + securityContext: {} + # runAsUser: 0 + + ## @param spiderpoolAgent.httpPort the http Port for spiderpoolAgent, for health checking + httpPort: 5710 + healthChecking: + startupProbe: + ## @param spiderpoolAgent.healthChecking.startupProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 60 + ## @param spiderpoolAgent.healthChecking.startupProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 2 + livenessProbe: + ## @param spiderpoolAgent.healthChecking.livenessProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 6 + ## @param spiderpoolAgent.healthChecking.livenessProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 10 + readinessProbe: + ## @param spiderpoolAgent.healthChecking.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpoolAgent health checking + failureThreshold: 3 + ## @param spiderpoolAgent.healthChecking.readinessProbe.periodSeconds the period seconds of startup probe for spiderpoolAgent health checking + periodSeconds: 10 + prometheus: + ## @param spiderpoolAgent.prometheus.enabled enable spiderpool agent to collect metrics + enabled: false + ## @param spiderpoolAgent.prometheus.enabledDebugMetric enable spiderpool agent to collect debug level metrics + enabledDebugMetric: false + ## @param spiderpoolAgent.prometheus.port the metrics port of spiderpool agent + port: 5711 + serviceMonitor: + ## @param spiderpoolAgent.prometheus.serviceMonitor.install install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available + install: false + ## @param spiderpoolAgent.prometheus.serviceMonitor.namespace the serviceMonitor namespace. Default to the namespace of helm instance + namespace: "" + ## @param spiderpoolAgent.prometheus.serviceMonitor.annotations the additional annotations of spiderpoolAgent serviceMonitor + annotations: {} + ## @param spiderpoolAgent.prometheus.serviceMonitor.labels the additional label of spiderpoolAgent serviceMonitor + labels: {} + ## @param spiderpoolAgent.prometheus.serviceMonitor.interval represents the interval of spiderpoolAgent serviceMonitor's scraping action + interval: "10s" + prometheusRule: + ## @param spiderpoolAgent.prometheus.prometheusRule.install install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available + install: false + ## @param spiderpoolAgent.prometheus.prometheusRule.namespace the prometheusRule namespace. Default to the namespace of helm instance + namespace: "" + ## @param spiderpoolAgent.prometheus.prometheusRule.annotations the additional annotations of spiderpoolAgent prometheusRule + annotations: {} + ## @param spiderpoolAgent.prometheus.prometheusRule.labels the additional label of spiderpoolAgent prometheusRule + labels: {} + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationFailure the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMAllocationFailure: true + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMAllocationOverTime the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMAllocationOverTime: true + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMHighAllocationDurations the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMHighAllocationDurations: true + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseFailure the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMReleaseFailure: true + ## @param spiderpoolAgent.prometheus.prometheusRule.enableWarningIPAMReleaseOverTime the additional rule of spiderpoolAgent prometheusRule + enableWarningIPAMReleaseOverTime: true + debug: + ## @param spiderpoolAgent.debug.logLevel the log level of spiderpool agent [debug, info, warn, error, fatal, panic] + logLevel: "info" + ## @param spiderpoolAgent.debug.gopsPort the gops port of spiderpool agent + gopsPort: 5712 + ## @section spiderpoolController parameters + ## + spiderpoolController: + ## @param spiderpoolController.name the spiderpoolController name + name: "spiderpool-controller" + ## @param spiderpoolController.replicas the replicas number of spiderpoolController pod + replicas: 1 + ## @param spiderpoolController.binName the binName name of spiderpoolController + binName: "/usr/bin/spiderpool-controller" + ## @param spiderpoolController.hostnetwork enable hostnetwork mode of spiderpoolController pod. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + image: + ## @param spiderpoolController.image.registry the image registry of spiderpoolController + registry: ghcr.m.daocloud.io + ## @param spiderpoolController.image.repository the image repository of spiderpoolController + repository: spidernet-io/spiderpool/spiderpool-controller + ## @param spiderpoolController.image.pullPolicy the image pullPolicy of spiderpoolController + pullPolicy: IfNotPresent + ## @param spiderpoolController.image.digest the image digest of spiderpoolController, which takes preference over tag + digest: "" + ## @param spiderpoolController.image.tag the image tag of spiderpoolController, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + ## @param spiderpoolController.image.imagePullSecrets the image imagePullSecrets of spiderpoolController + imagePullSecrets: [] + # - name: "image-pull-secret" + ## @skip spiderpoolController.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + serviceAccount: + ## @param spiderpoolController.serviceAccount.create create the service account for the spiderpoolController + create: true + ## @param spiderpoolController.serviceAccount.annotations the annotations of spiderpoolController service account + annotations: {} + service: + ## @param spiderpoolController.service.annotations the annotations for spiderpoolController service + annotations: {} + ## @param spiderpoolController.service.type the type for spiderpoolController service + type: ClusterIP + ## @skip spiderpoolController.tolerations + tolerations: + - operator: Exists + effect: NoSchedule + ## @param spiderpoolController.priorityClassName the priority Class Name for spiderpoolController + priorityClassName: "system-node-critical" + ## @param spiderpoolController.affinity the affinity of spiderpoolController + affinity: {} + ## @param spiderpoolController.extraArgs the additional arguments of spiderpoolController container + extraArgs: [] + ## @param spiderpoolController.extraEnv the additional environment variables of spiderpoolController container + extraEnv: [] + ## @param spiderpoolController.extraVolumes the additional volumes of spiderpoolController container + extraVolumes: [] + # - name: test-val + # mountPath: /host/tmp + + ## @param spiderpoolController.extraVolumeMounts the additional hostPath mounts of spiderpoolController container + extraVolumeMounts: [] + # - name: test-val + # mountPath: /tmp + + ## @param spiderpoolController.podAnnotations the additional annotations of spiderpoolController pod + podAnnotations: {} + # test: 100 + + ## @param spiderpoolController.podLabels the additional label of spiderpoolController pod + podLabels: {} + ## @param spiderpoolController.securityContext the security Context of spiderpoolController pod + securityContext: {} + # runAsUser: 0 + + resources: + limits: + ## @param spiderpoolController.resources.limits.cpu the cpu limit of spiderpoolController pod + cpu: 500m + ## @param spiderpoolController.resources.limits.memory the memory limit of spiderpoolController pod + memory: 1024Mi + requests: + ## @param spiderpoolController.resources.requests.cpu the cpu requests of spiderpoolController pod + cpu: 10m + ## @param spiderpoolController.resources.requests.memory the memory requests of spiderpoolController pod + memory: 64Mi + podDisruptionBudget: + ## @param spiderpoolController.podDisruptionBudget.enabled enable podDisruptionBudget for spiderpoolController pod + enabled: false + ## @param spiderpoolController.podDisruptionBudget.minAvailable minimum number/percentage of pods that should remain scheduled. + minAvailable: 1 + ## @param spiderpoolController.httpPort the http Port for spiderpoolController, for health checking and http service + httpPort: 5720 + healthChecking: + startupProbe: + ## @param spiderpoolController.healthChecking.startupProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 30 + ## @param spiderpoolController.healthChecking.startupProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 2 + livenessProbe: + ## @param spiderpoolController.healthChecking.livenessProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 6 + ## @param spiderpoolController.healthChecking.livenessProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 10 + readinessProbe: + ## @param spiderpoolController.healthChecking.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpoolController health checking + failureThreshold: 3 + ## @param spiderpoolController.healthChecking.readinessProbe.periodSeconds the period seconds of startup probe for spiderpoolController health checking + periodSeconds: 10 + ## @param spiderpoolController.webhookPort the http port for spiderpoolController webhook + webhookPort: 5722 + prometheus: + ## @param spiderpoolController.prometheus.enabled enable spiderpool Controller to collect metrics + enabled: false + ## @param spiderpoolController.prometheus.enabledDebugMetric enable spiderpool Controller to collect debug level metrics + enabledDebugMetric: false + ## @param spiderpoolController.prometheus.port the metrics port of spiderpool Controller + port: 5721 + serviceMonitor: + ## @param spiderpoolController.prometheus.serviceMonitor.install install serviceMonitor for spiderpool agent. This requires the prometheus CRDs to be available + install: false + ## @param spiderpoolController.prometheus.serviceMonitor.namespace the serviceMonitor namespace. Default to the namespace of helm instance + namespace: "" + ## @param spiderpoolController.prometheus.serviceMonitor.annotations the additional annotations of spiderpoolController serviceMonitor + annotations: {} + ## @param spiderpoolController.prometheus.serviceMonitor.labels the additional label of spiderpoolController serviceMonitor + labels: {} + ## @param spiderpoolController.prometheus.serviceMonitor.interval represents the interval of spiderpoolController serviceMonitor's scraping action + interval: "10s" + prometheusRule: + ## @param spiderpoolController.prometheus.prometheusRule.install install prometheusRule for spiderpool agent. This requires the prometheus CRDs to be available + install: false + ## @param spiderpoolController.prometheus.prometheusRule.namespace the prometheusRule namespace. Default to the namespace of helm instance + namespace: "" + ## @param spiderpoolController.prometheus.prometheusRule.annotations the additional annotations of spiderpoolController prometheusRule + annotations: {} + ## @param spiderpoolController.prometheus.prometheusRule.labels the additional label of spiderpoolController prometheusRule + labels: {} + ## @param spiderpoolController.prometheus.prometheusRule.enableWarningIPGCFailureCounts the additional rule of spiderpoolController prometheusRule + enableWarningIPGCFailureCounts: true + debug: + ## @param spiderpoolController.debug.logLevel the log level of spiderpool Controller [debug, info, warn, error, fatal, panic] + logLevel: "info" + ## @param spiderpoolController.debug.gopsPort the gops port of spiderpool Controller + gopsPort: 5724 + ## TLS configuration for webhook + tls: + ## @param spiderpoolController.tls.method the method for generating TLS certificates. [ provided , certmanager , auto] + ## - provided: provide all certificates by helm options + ## - certmanager: This method use cert-manager to generate & rotate certificates. + ## - auto: Auto generate cert. + method: auto + ## @param spiderpoolController.tls.secretName the secret name for storing TLS certificates + secretName: "spiderpool-controller-server-certs" + ## for certmanager method + certmanager: + ## @param spiderpoolController.tls.certmanager.certValidityDuration generated certificates validity duration in days for 'certmanager' method + certValidityDuration: 365 + ## @param spiderpoolController.tls.certmanager.issuerName issuer name of cert manager 'certmanager'. If not specified, a CA issuer will be created. + issuerName: "" + ## @param spiderpoolController.tls.certmanager.extraDnsNames extra DNS names added to certificate when it's auto generated + extraDnsNames: [] + ## @param spiderpoolController.tls.certmanager.extraIPAddresses extra IP addresses added to certificate when it's auto generated + extraIPAddresses: [] + ## for provided method + provided: + ## @param spiderpoolController.tls.provided.tlsCert encoded tls certificate for provided method + ## @param spiderpoolController.tls.provided.tlsKey encoded tls key for provided method + ## @param spiderpoolController.tls.provided.tlsCa encoded tls CA for provided method + tlsCert: "" + tlsKey: "" + tlsCa: "" + ## for auto method + auto: + ## @param spiderpoolController.tls.auto.caExpiration ca expiration for auto method + # in day , default 200 years + caExpiration: '73000' + ## @param spiderpoolController.tls.auto.certExpiration server cert expiration for auto method + # in day, default 200 years + certExpiration: '73000' + ## @param spiderpoolController.tls.auto.extraIpAddresses extra IP addresses of server certificate for auto method + extraIpAddresses: [] + ## @param spiderpoolController.tls.auto.extraDnsNames extra DNS names of server cert for auto method + extraDnsNames: [] + ## @section spiderpoolInit parameters + ## + spiderpoolInit: + ## @param spiderpoolInit.name the init job for installing default spiderippool + name: "spiderpool-init" + ## @param spiderpoolInit.binName the binName name of spiderpoolInit + binName: "/usr/bin/spiderpool-init" + ## @param spiderpoolInit.hostnetwork enable hostnetwork mode of spiderpoolInit pod. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + image: + ## @param spiderpoolInit.image.registry the image registry of spiderpoolInit + registry: ghcr.m.daocloud.io + ## @param spiderpoolInit.image.repository the image repository of spiderpoolInit + repository: spidernet-io/spiderpool/spiderpool-controller + ## @param spiderpoolInit.image.pullPolicy the image pullPolicy of spiderpoolInit + pullPolicy: IfNotPresent + ## @param spiderpoolInit.image.digest the image digest of spiderpoolInit, which takes preference over tag + digest: "" + ## @param spiderpoolInit.image.tag the image tag of spiderpoolInit, overrides the image tag whose default is the chart appVersion. + tag: v0.9.0 + ## @param spiderpoolInit.image.imagePullSecrets the image imagePullSecrets of spiderpoolInit + imagePullSecrets: [] + # - name: "image-pull-secret" + ## @param spiderpoolInit.priorityClassName the priority Class Name for spiderpoolInit + priorityClassName: "system-node-critical" + ## @skip spiderpoolInit.tolerations + tolerations: + - operator: Exists + ## @skip spiderpoolInit.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + ## @param spiderpoolInit.affinity the affinity of spiderpoolInit + affinity: {} + ## @param spiderpoolInit.extraArgs the additional arguments of spiderpoolInit container + extraArgs: [] + resources: + limits: + ## @param spiderpoolInit.resources.limits.cpu the cpu limit of spiderpoolInit pod + cpu: 200m + ## @param spiderpoolInit.resources.limits.memory the memory limit of spiderpoolInit pod + memory: 256Mi + requests: + ## @param spiderpoolInit.resources.requests.cpu the cpu requests of spiderpoolInit pod + cpu: 10m + ## @param spiderpoolInit.resources.requests.memory the memory requests of spiderpoolInit pod + memory: 32Mi + readinessProbe: + ## @param spiderpoolInit.readinessProbe.failureThreshold the failure threshold of startup probe for spiderpool-init health checking + failureThreshold: 30 + ## @param spiderpoolInit.readinessProbe.periodSeconds the period seconds of startup probe for spiderpool-init health checking + periodSeconds: 10 + ## @param spiderpoolInit.extraEnv the additional environment variables of spiderpoolInit container + extraEnv: [] + ## @param spiderpoolInit.securityContext the security Context of spiderpoolInit pod + securityContext: {} + # runAsUser: 0 + + ## @param spiderpoolInit.podAnnotations the additional annotations of spiderpoolInit pod + podAnnotations: {} + ## @param spiderpoolInit.podLabels the additional label of spiderpoolInit pod + podLabels: {} + serviceAccount: + ## @param spiderpoolInit.serviceAccount.annotations the annotations of spiderpoolInit service account + annotations: {} + ## @section sriov network operator parameters + ## + sriov: + ## @param sriov.install install sriov network operator + install: false + ## @param sriov.name the name of sriov network operator + name: "spiderpool-sriov-operator" + ## @skip sriov.tolerations + tolerations: + - operator: Exists + ## @skip sriov.nodeSelector.kubernetes.io/os + nodeSelector: + kubernetes.io/os: linux + ## @param sriov.affinity the affinity + affinity: {} + ## @param sriov.hostnetwork enable hostnetwork mode. Notice, if no CNI available before spiderpool installation, must enable this + hostnetwork: true + ## @param sriov.replicas the replicas number + replicas: 1 + ## @param sriov.resourcePrefix the resource prefix + resourcePrefix: "spidernet.io" + ## @param sriov.priorityClassName the priority Class Name + priorityClassName: "system-node-critical" + ## @param sriov.enableAdmissionController enable Admission Controller + enableAdmissionController: false + resources: + limits: + ## @param sriov.resources.limits.cpu the cpu limit + cpu: 300m + ## @param sriov.resources.limits.memory the memory limit + memory: 300Mi + requests: + ## @param sriov.resources.requests.cpu the cpu requests + cpu: 100m + ## @param sriov.resources.requests.memory the memory requests + memory: 128Mi + image: + ## @param sriov.image.registry registry for all images + registry: ghcr.io + ## @param sriov.image.pullPolicy the image pullPolicy for all images + pullPolicy: IfNotPresent + ## @param sriov.image.imagePullSecrets the image imagePullSecrets for all images + imagePullSecrets: [] + # - name: "image-pull-secret" + + operator: + ## @param sriov.image.operator.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator + ## @param sriov.image.operator.tag the image tag + tag: v1.2.0 + sriovConfigDaemon: + ## @param sriov.image.sriovConfigDaemon.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator-config-daemon + ## @param sriov.image.sriovConfigDaemon.tag the image tag + tag: v1.2.0 + sriovCni: + ## @param sriov.image.sriovCni.repository the image repository + repository: k8snetworkplumbingwg/sriov-cni + ## @param sriov.image.sriovCni.tag the image tag + tag: v2.7.0 + ibSriovCni: + ## @param sriov.image.ibSriovCni.repository the image repository + repository: k8snetworkplumbingwg/ib-sriov-cni + ## @param sriov.image.ibSriovCni.tag the image tag + tag: v1.0.2 + sriovDevicePlugin: + ## @param sriov.image.sriovDevicePlugin.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-device-plugin + ## @param sriov.image.sriovDevicePlugin.tag the image tag + tag: v3.5.1 + resourcesInjector: + ## @param sriov.image.resourcesInjector.repository the image repository + repository: k8snetworkplumbingwg/network-resources-injector + ## @param sriov.image.resourcesInjector.tag the image tag + tag: v1.5 + webhook: + ## @param sriov.image.webhook.repository the image repository + repository: k8snetworkplumbingwg/sriov-network-operator-webhook + ## @param sriov.image.webhook.tag the image tag + tag: v1.2.0