diff --git a/cmd/qat_plugin/README.md b/cmd/qat_plugin/README.md index 15875480e..9b65285b1 100644 --- a/cmd/qat_plugin/README.md +++ b/cmd/qat_plugin/README.md @@ -59,7 +59,7 @@ For more details on the `-dpdk-driver` choice, see > devices prior to Gen4 (`4xxx`). For more details on the available options to the `-kernel-vf-drivers` option, see the list of -vf drivers available in the [Linux Kernel](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat). +vf drivers available in the [Linux Kernel](https://github.com/torvalds/linux/tree/master/drivers/crypto/intel/qat). If the `-mode` parameter is set to `kernel`, no other parameter documented above are valid, except the `klog` logging related parameters. @@ -88,7 +88,7 @@ You will also need [appropriate hardware installed](#checking-for-hardware). The QAT plugin requires Linux Kernel VF QAT drivers to be available. These drivers are available via two methods. One of them must be installed and enabled: -- [Linux Kernel upstream drivers](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat) +- [Linux Kernel upstream drivers](https://github.com/torvalds/linux/tree/master/drivers/crypto/intel/qat) - [Intel QuickAssist Technology software for Linux][9] The demonstrations have their own requirements, listed in their own specific sections. diff --git a/deployments/dlb_plugin/kustomization.yaml b/deployments/dlb_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/dlb_plugin/kustomization.yaml +++ b/deployments/dlb_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml b/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml index 1dd419027..3f14ba4dd 100644 --- a/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml +++ b/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: dlb_initcontainer.yaml diff --git a/deployments/dsa_plugin/kustomization.yaml b/deployments/dsa_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/dsa_plugin/kustomization.yaml +++ b/deployments/dsa_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml index ea3fd7b40..59d80d1f1 100644 --- a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml +++ b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ -bases: +resources: - ../../base -patchesStrategicMerge: -- dsa_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: dsa_initcontainer.yaml diff --git a/deployments/fpga_admissionwebhook/base/kustomization.yaml b/deployments/fpga_admissionwebhook/base/kustomization.yaml index b600ca951..7dd1f8373 100644 --- a/deployments/fpga_admissionwebhook/base/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/base/kustomization.yaml @@ -1,40 +1,96 @@ -bases: +resources: - ../crd - ../rbac - ../manager - ../webhook - ../certmanager -patchesStrategicMerge: # Enable webhook -- manager_webhook_patch.yaml # Enable certmanager integration -- webhookcainjection_patch.yaml -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: manager_webhook_patch.yaml +- path: webhookcainjection_patch.yaml +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml b/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml index 2e37b9ead..82add8f47 100644 --- a/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml +++ b/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml @@ -1,8 +1,8 @@ # This patch adds an annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/fpga_admissionwebhook/certmanager/certificate.yaml b/deployments/fpga_admissionwebhook/certmanager/certificate.yaml index 39e8ee4b0..1542f681c 100644 --- a/deployments/fpga_admissionwebhook/certmanager/certificate.yaml +++ b/deployments/fpga_admissionwebhook/certmanager/certificate.yaml @@ -14,10 +14,10 @@ metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/fpga_admissionwebhook/default/kustomization.yaml b/deployments/fpga_admissionwebhook/default/kustomization.yaml index a821d2d58..04e967901 100644 --- a/deployments/fpga_admissionwebhook/default/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/default/kustomization.yaml @@ -1,19 +1,90 @@ -# Adds namespace to all resources. namespace: intelfpgawebhook-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. namePrefix: intelfpgawebhook- -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../base - resources: +- ../base - namespace.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_admissionwebhook/kustomization.yaml b/deployments/fpga_admissionwebhook/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/fpga_admissionwebhook/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml b/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml index 66781c6cb..206316e54 100644 --- a/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml +++ b/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# the following config is for teaching kustomize where to look at when substituting vars. +# the following config is for teaching kustomize where to look at when substituting nameReference. # It requires kustomize v2.1.0 or newer to work properly. nameReference: - kind: Service @@ -7,12 +7,16 @@ nameReference: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name namespace: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations +- kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true diff --git a/deployments/fpga_plugin/overlays/af/kustomization.yaml b/deployments/fpga_plugin/overlays/af/kustomization.yaml index c45bea893..1a4f12463 100644 --- a/deployments/fpga_plugin/overlays/af/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/af/kustomization.yaml @@ -4,3 +4,87 @@ namePrefix: intelfpgaplugin- resources: - ../../base - ../../../fpga_admissionwebhook/base + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_plugin/overlays/region/kustomization.yaml b/deployments/fpga_plugin/overlays/region/kustomization.yaml index 55ab43ba1..ea792f853 100644 --- a/deployments/fpga_plugin/overlays/region/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/region/kustomization.yaml @@ -2,8 +2,93 @@ namespace: intelfpgaplugin-system namePrefix: intelfpgaplugin- resources: - - ../../base - - ../../../fpga_admissionwebhook/base +- ../../base +- ../../../fpga_admissionwebhook/base -patchesStrategicMerge: - - mode-region.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: mode-region.yaml + target: + kind: DaemonSet +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/gpu_plugin/kustomization.yaml b/deployments/gpu_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/gpu_plugin/kustomization.yaml +++ b/deployments/gpu_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml index 85d0d920f..6f0cf4107 100644 --- a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml @@ -1,12 +1,21 @@ -bases: - - ../../base resources: + - ../../base - gpu-manager-rolebinding.yaml - gpu-manager-role.yaml - gpu-manager-sa.yaml patches: - path: add-serviceaccount.yaml + target: + kind: DaemonSet - path: add-podresource-mount.yaml + target: + kind: DaemonSet - path: add-args.yaml + target: + kind: DaemonSet - path: add-nodeselector-intel-gpu.yaml + target: + kind: DaemonSet - path: add-kubelet-crt-mount.yaml + target: + kind: DaemonSet diff --git a/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml b/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml index 62fa1007b..9b17645ce 100644 --- a/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: add-args.yaml diff --git a/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml b/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml index a29f7bc2a..38178d290 100644 --- a/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: add-nodeselector-intel-gpu.yaml diff --git a/deployments/iaa_plugin/kustomization.yaml b/deployments/iaa_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/iaa_plugin/kustomization.yaml +++ b/deployments/iaa_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml index 334446f71..fe8c7776a 100644 --- a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml +++ b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ -bases: +resources: - ../../base -patchesStrategicMerge: -- iaa_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: iaa_initcontainer.yaml diff --git a/deployments/nfd/base/kustomization.yaml b/deployments/nfd/base/kustomization.yaml index bcc3c245b..f7e78f25b 100644 --- a/deployments/nfd/base/kustomization.yaml +++ b/deployments/nfd/base/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: +resources: - "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.13.1" diff --git a/deployments/nfd/components/gpu/kustomization.yaml b/deployments/nfd/components/gpu/kustomization.yaml index c4eee0c60..e34a925b7 100644 --- a/deployments/nfd/components/gpu/kustomization.yaml +++ b/deployments/nfd/components/gpu/kustomization.yaml @@ -1,16 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -patchesJson6902: -- target: +patches: +- path: master-args.yaml + target: group: apps - version: v1 kind: Deployment name: nfd-master - path: master-args.yaml -- target: - group: rbac.authorization.k8s.io version: v1 +- path: master-rbac.yaml + target: + group: rbac.authorization.k8s.io kind: ClusterRole name: nfd-master - path: master-rbac.yaml + version: v1 diff --git a/deployments/nfd/kustomization.yaml b/deployments/nfd/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/nfd/kustomization.yaml +++ b/deployments/nfd/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/nfd/overlays/gpu/kustomization.yaml b/deployments/nfd/overlays/gpu/kustomization.yaml index 3b2eac271..d5b3277ac 100644 --- a/deployments/nfd/overlays/gpu/kustomization.yaml +++ b/deployments/nfd/overlays/gpu/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: +resources: - ../../base components: diff --git a/deployments/operator/certmanager/certificate.yaml b/deployments/operator/certmanager/certificate.yaml index 39e8ee4b0..c16b54a7e 100644 --- a/deployments/operator/certmanager/certificate.yaml +++ b/deployments/operator/certmanager/certificate.yaml @@ -16,8 +16,8 @@ metadata: spec: # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/operator/certmanager/kustomizeconfig.yaml b/deployments/operator/certmanager/kustomizeconfig.yaml index e631f7773..87d212b8e 100644 --- a/deployments/operator/certmanager/kustomizeconfig.yaml +++ b/deployments/operator/certmanager/kustomizeconfig.yaml @@ -6,11 +6,3 @@ nameReference: - kind: Certificate group: cert-manager.io path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/deployments/operator/crd/kustomizeconfig.yaml b/deployments/operator/crd/kustomizeconfig.yaml index 6f83d9a94..f87d49429 100644 --- a/deployments/operator/crd/kustomizeconfig.yaml +++ b/deployments/operator/crd/kustomizeconfig.yaml @@ -12,6 +12,3 @@ namespace: group: apiextensions.k8s.io path: spec/conversion/webhookClientConfig/service/namespace create: false - -varReference: -- path: metadata/annotations diff --git a/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml index 1ea32f659..afae673e4 100644 --- a/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: fpgadeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml index 12a9031d3..394b586d7 100644 --- a/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: gpudeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml index db8ad86f0..fa0d626cd 100644 --- a/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: qatdeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/default/kustomization.yaml b/deployments/operator/default/kustomization.yaml index 06c12f5b9..bfa90dbe2 100644 --- a/deployments/operator/default/kustomization.yaml +++ b/deployments/operator/default/kustomization.yaml @@ -12,47 +12,110 @@ namePrefix: inteldeviceplugins- #commonLabels: # someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager - ../webhook - ../certmanager -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +- path: manager_auth_proxy_patch.yaml + target: + name: controller-manager # Enable webhook -- manager_webhook_patch.yaml +- path: manager_webhook_patch.yaml + target: + name: controller-manager # Enable certmanager integration -- webhookcainjection_patch.yaml +- path: webhookcainjection_patch_mutate.yaml + target: + name: mutating-webhook-configuration +- path: webhookcainjection_patch_validate.yaml + target: + name: validating-webhook-configuration -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/operator/default/webhookcainjection_patch.yaml b/deployments/operator/default/webhookcainjection_patch.yaml deleted file mode 100644 index 02ab515d4..000000000 --- a/deployments/operator/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/deployments/operator/default/webhookcainjection_patch_mutate.yaml b/deployments/operator/default/webhookcainjection_patch_mutate.yaml new file mode 100644 index 000000000..2988e309c --- /dev/null +++ b/deployments/operator/default/webhookcainjection_patch_mutate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/operator/default/webhookcainjection_patch_validate.yaml b/deployments/operator/default/webhookcainjection_patch_validate.yaml new file mode 100644 index 000000000..b6567d709 --- /dev/null +++ b/deployments/operator/default/webhookcainjection_patch_validate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/operator/device/dlb/kustomization.yaml b/deployments/operator/device/dlb/kustomization.yaml index 7d33fdb24..027f08d9f 100644 --- a/deployments/operator/device/dlb/kustomization.yaml +++ b/deployments/operator/device/dlb/kustomization.yaml @@ -1,5 +1,7 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - dlb.yaml +patches: +- path: dlb.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/dsa/kustomization.yaml b/deployments/operator/device/dsa/kustomization.yaml index 3a605359c..77363340f 100644 --- a/deployments/operator/device/dsa/kustomization.yaml +++ b/deployments/operator/device/dsa/kustomization.yaml @@ -1,5 +1,7 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - dsa.yaml +patches: +- path: dsa.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/fpga/kustomization.yaml b/deployments/operator/device/fpga/kustomization.yaml index cea26f2ac..855c5cbed 100644 --- a/deployments/operator/device/fpga/kustomization.yaml +++ b/deployments/operator/device/fpga/kustomization.yaml @@ -1,5 +1,8 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - fpga.yaml +patches: +- path: fpga.yaml + target: + kind: Deployment + diff --git a/deployments/operator/device/gpu/kustomization.yaml b/deployments/operator/device/gpu/kustomization.yaml index 19793e950..2544b44b6 100644 --- a/deployments/operator/device/gpu/kustomization.yaml +++ b/deployments/operator/device/gpu/kustomization.yaml @@ -1,5 +1,7 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - gpu.yaml +patches: +- path: gpu.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/qat/kustomization.yaml b/deployments/operator/device/qat/kustomization.yaml index 74e100f9a..022152f8f 100644 --- a/deployments/operator/device/qat/kustomization.yaml +++ b/deployments/operator/device/qat/kustomization.yaml @@ -1,5 +1,7 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - qat.yaml +patches: +- path: qat.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/sgx/kustomization.yaml b/deployments/operator/device/sgx/kustomization.yaml index c99b56ab4..9b347a52b 100644 --- a/deployments/operator/device/sgx/kustomization.yaml +++ b/deployments/operator/device/sgx/kustomization.yaml @@ -1,5 +1,7 @@ -bases: +resources: - ../../default -patchesStrategicMerge: - - sgx.yaml +patches: +- path: sgx.yaml + target: + kind: Deployment diff --git a/deployments/operator/kustomization.yaml b/deployments/operator/kustomization.yaml index a3be32551..6d07e22fa 100644 --- a/deployments/operator/kustomization.yaml +++ b/deployments/operator/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - default - manager - webhook diff --git a/deployments/operator/scorecard/kustomization.yaml b/deployments/operator/scorecard/kustomization.yaml index d73509ee7..61ceb4d78 100644 --- a/deployments/operator/scorecard/kustomization.yaml +++ b/deployments/operator/scorecard/kustomization.yaml @@ -1,16 +1,17 @@ resources: - bases/config.yaml -patchesJson6902: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: - path: patches/basic.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config + version: v1alpha3 - path: patches/olm.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config -# +kubebuilder:scaffold:patchesJson6902 + version: v1alpha3 diff --git a/deployments/operator/webhook/kustomizeconfig.yaml b/deployments/operator/webhook/kustomizeconfig.yaml index 25e21e3c9..206316e54 100644 --- a/deployments/operator/webhook/kustomizeconfig.yaml +++ b/deployments/operator/webhook/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# the following config is for teaching kustomize where to look at when substituting vars. +# the following config is for teaching kustomize where to look at when substituting nameReference. # It requires kustomize v2.1.0 or newer to work properly. nameReference: - kind: Service @@ -20,6 +20,3 @@ namespace: group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations diff --git a/deployments/qat_dpdk_app/kustomization.yaml b/deployments/qat_dpdk_app/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/qat_dpdk_app/kustomization.yaml +++ b/deployments/qat_dpdk_app/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml index 1d12d4d8a..65f3cbf01 100644 --- a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml @@ -1,10 +1,12 @@ nameSuffix: -compress-perf -bases: +resources: - ../dpdk-test/ -patchesStrategicMerge: -- volume_add_configmap.yaml -- env_replace_testcmd.yaml configMapGenerator: -- name: test-data - files: +- files: - file.txt + name: test-data +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: volume_add_configmap.yaml +- path: env_replace_testcmd.yaml diff --git a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml index a918bc04f..9cea1553d 100644 --- a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -crypto-perf -bases: +resources: - ../dpdk-test/ -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: test.json + target: kind: Pod name: qat-dpdk - path: test.json + version: v1 diff --git a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml index f1354b58b..b868cdea3 100644 --- a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -test -bases: +resources: - ../../base/ -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: containers_patch_command_args.json + target: kind: Pod name: qat-dpdk - path: containers_patch_command_args.json + version: v1 diff --git a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml index 0f40ea374..689c1fd82 100644 --- a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -tc1 -bases: +resources: - ../patches/compress-perf -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: tc1.json + target: kind: Pod name: qat-dpdk - path: tc1.json + version: v1 diff --git a/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml b/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml index 9cf4ba84e..b39c90b19 100644 --- a/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -gen4 -bases: +resources: - ../test-crypto1 patches: - target: diff --git a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml index ea0f4e5d3..58546ab67 100644 --- a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -tc1 -bases: +resources: - ../patches/crypto-perf -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: tc1.json + target: kind: Pod name: qat-dpdk - path: tc1.json + version: v1 diff --git a/deployments/qat_plugin/kustomization.yaml b/deployments/qat_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/qat_plugin/kustomization.yaml +++ b/deployments/qat_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml index 7dabd42f8..5f9e61d0f 100644 --- a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml +++ b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base commonAnnotations: container.apparmor.security.beta.kubernetes.io/intel-qat-plugin: unconfined diff --git a/deployments/qat_plugin/overlays/debug/kustomization.yaml b/deployments/qat_plugin/overlays/debug/kustomization.yaml index 118fc9018..0a1fb4a6b 100644 --- a/deployments/qat_plugin/overlays/debug/kustomization.yaml +++ b/deployments/qat_plugin/overlays/debug/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -debug -bases: +resources: - ../../base patches: - path: add-args.yaml diff --git a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml index 57acc1dd8..171bcd671 100644 --- a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml +++ b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ -bases: +resources: - ../../base -patchesStrategicMerge: -- qat_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: qat_initcontainer.yaml diff --git a/deployments/sgx_admissionwebhook/base/kustomization.yaml b/deployments/sgx_admissionwebhook/base/kustomization.yaml index d379eebe8..a37dccf70 100644 --- a/deployments/sgx_admissionwebhook/base/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/base/kustomization.yaml @@ -1,7 +1,9 @@ -bases: +resources: - ../manager - ../webhook -patchesStrategicMerge: # Enable webhook -- manager_webhook_patch.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: manager_webhook_patch.yaml diff --git a/deployments/sgx_admissionwebhook/certmanager/certificate.yaml b/deployments/sgx_admissionwebhook/certmanager/certificate.yaml index 39e8ee4b0..1542f681c 100644 --- a/deployments/sgx_admissionwebhook/certmanager/certificate.yaml +++ b/deployments/sgx_admissionwebhook/certmanager/certificate.yaml @@ -14,10 +14,10 @@ metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml b/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml index e631f7773..87d212b8e 100644 --- a/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml +++ b/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml @@ -6,11 +6,3 @@ nameReference: - kind: Certificate group: cert-manager.io path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/deployments/sgx_admissionwebhook/default/kustomization.yaml b/deployments/sgx_admissionwebhook/default/kustomization.yaml index 962dd9e58..c9552de51 100644 --- a/deployments/sgx_admissionwebhook/default/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/default/kustomization.yaml @@ -1,5 +1,3 @@ -bases: -- ../base - resources: +- ../base - namespace.yaml diff --git a/deployments/sgx_admissionwebhook/kustomization.yaml b/deployments/sgx_admissionwebhook/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_admissionwebhook/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml index 4febb6e3d..ce6e677d8 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml @@ -1,49 +1,80 @@ -# Adds namespace to all resources. namespace: intelsgxwebhook-system -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. namePrefix: intelsgxwebhook- -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: +resources: - ../../default - ../../certmanager -patchesStrategicMerge: +patches: # Enable certmanager integration -- webhookcainjection_patch.yaml +- path: webhookcainjection_patch.yaml + target: + name: mutating-webhook-configuration + +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml index 2e37b9ead..82add8f47 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml @@ -1,8 +1,8 @@ # This patch adds an annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml b/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml index 66781c6cb..e2389b0f9 100644 --- a/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml +++ b/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml @@ -13,6 +13,3 @@ namespace: group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations diff --git a/deployments/sgx_aesmd/kustomization.yaml b/deployments/sgx_aesmd/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_aesmd/kustomization.yaml +++ b/deployments/sgx_aesmd/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_enclave_apps/kustomization.yaml b/deployments/sgx_enclave_apps/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_enclave_apps/kustomization.yaml +++ b/deployments/sgx_enclave_apps/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml index b46e1c769..b54765588 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml @@ -1,14 +1,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namePrefix: "ecdsa-quote-" -bases: - - ../../base +namePrefix: ecdsa-quote- +resources: +- ../../base commonAnnotations: - sgx.intel.com/quote-provider: "aesmd" -patchesJson6902: -- target: + sgx.intel.com/quote-provider: aesmd +patches: +- path: change_workingdir_and_command.json + target: group: batch - version: v1 kind: Job name: intelsgx-demo-job - path: change_workingdir_and_command.json + version: v1 diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml index 858efc7eb..2389e51dc 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml @@ -1,14 +1,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namePrefix: "inproc-" -bases: +namePrefix: inproc- +resources: - ../sgx_ecdsa_aesmd_quote commonAnnotations: - sgx.intel.com/quote-provider: "intelsgx-demo-job-1" + sgx.intel.com/quote-provider: intelsgx-demo-job-1 configMapGenerator: -- name: sgx-attestation-conf - files: +- files: - sgx_default_qcnl.conf -patchesStrategicMerge: -- add_hostnetwork.yaml -- add_sgx_default_qcnl_conf.yaml + name: sgx-attestation-conf +patches: +- path: add_hostnetwork.yaml +- path: add_sgx_default_qcnl_conf.yaml diff --git a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml index de7caa372..88c9a6f09 100644 --- a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml @@ -1,3 +1,87 @@ -bases: +resources: - ../../base - ../../../sgx_admissionwebhook/overlays/default-with-certmanager + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml index 8b76d7326..b10244aa1 100644 --- a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml @@ -1,8 +1,10 @@ -bases: - - ../../base namespace: kube-system resources: + - ../../base - service-account.yaml - init-daemonset.yaml patches: - path: add-node-selector.yaml + target: + kind: DaemonSet + diff --git a/deployments/vpu_plugin/kustomization.yaml b/deployments/vpu_plugin/kustomization.yaml index f191f3aae..8f3bd4d6d 100644 --- a/deployments/vpu_plugin/kustomization.yaml +++ b/deployments/vpu_plugin/kustomization.yaml @@ -1,2 +1,4 @@ -bases: - - base +resources: +- base +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml index 477825bff..b47c8e4c0 100644 --- a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml +++ b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml @@ -1,11 +1,12 @@ -bases: +resources: - ../../base/ -patchesStrategicMerge: -- add_command_args.yaml -patchesJson6902: -- target: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: volumes_patch.yaml + target: group: apps - version: v1 kind: DaemonSet name: intel-vpu-plugin - path: volumes_patch.yaml + version: v1 +- path: add_command_args.yaml diff --git a/deployments/xpumanager_sidecar/kustomization.yaml b/deployments/xpumanager_sidecar/kustomization.yaml index 7e152fa90..c4cf89af8 100644 --- a/deployments/xpumanager_sidecar/kustomization.yaml +++ b/deployments/xpumanager_sidecar/kustomization.yaml @@ -1,6 +1,8 @@ -resources: # XeLink topology information is only available from >= 1.x.y release +resources: - https://raw.githubusercontent.com/intel/xpumanager/v1.2.0_golden/deployment/kubernetes/daemonset-intel-xpum.yaml namespace: monitoring -patchesStrategicMerge: -- kustom/kustom_xpumanager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: kustom/kustom_xpumanager.yaml diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go index 61e7beab8..b9bcdfd97 100644 --- a/pkg/controllers/reconciler.go +++ b/pkg/controllers/reconciler.go @@ -230,7 +230,7 @@ func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu // Synchronize the DaemonSet with its owner. if r.controller.UpdateDaemonSet(devicePlugin, ds) { - log.Info("", cmp.Diff(ds0.Spec.Template.Spec, ds.Spec.Template.Spec, diff.IgnoreUnset())) + log.Info("daemonset difference", "diff", cmp.Diff(ds0.Spec.Template.Spec, ds.Spec.Template.Spec, diff.IgnoreUnset())) if err := r.Update(ctx, ds); err != nil { log.Error(err, "unable to update DaemonSet", "DaemonSet", ds) diff --git a/test/e2e/utils/utils.go b/test/e2e/utils/utils.go index cb3479174..86f88e668 100644 --- a/test/e2e/utils/utils.go +++ b/test/e2e/utils/utils.go @@ -17,7 +17,7 @@ package utils import ( "context" - "fmt" + "io" "os" "path/filepath" "strings" @@ -25,6 +25,7 @@ import ( "github.com/onsi/gomega" "github.com/pkg/errors" + "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -118,17 +119,85 @@ func LocateRepoFile(repopath string) (string, error) { return "", errors.New("no file found, try to define PLUGINS_REPO_DIR pointing to the root of the repository") } -// CreateKustomizationOverlay creates an overlay with overridden namespace. -func CreateKustomizationOverlay(namespace, base, overlay string) error { - relPath := "" - for range strings.Split(overlay[1:], "/") { - relPath = relPath + "../" +func copyFiles(srcDir, dstDir string) error { + err := filepath.WalkDir(srcDir, func(path string, d os.DirEntry, err error) error { + if d.IsDir() || err != nil { + return nil + } + + n, err := os.ReadFile(path) + if err != nil && err != io.EOF || len(n) == 0 { + return err + } + + fn := filepath.Join(dstDir, filepath.Base(path)) + + if err := os.WriteFile(fn, n, 0600); err != nil { + return err + } + + return nil + }) + + return err +} + +// CreateKustomizationOverlay copies the base overlay, and changes the namespace +// and relative paths to resources. The deletion of the files is left for the caller. +func CreateKustomizationOverlay(namespace, kustomizeYamlFileDir, overlayDir string) error { + relPath, err := filepath.Rel(overlayDir, kustomizeYamlFileDir) + if err != nil { + return err + } + + // Copy all files under the kustomize path under the temp overlay path. + err = copyFiles(kustomizeYamlFileDir, overlayDir) + if err != nil { + return err + } + + kustomizationFile := filepath.Join(overlayDir, "kustomization.yaml") + + bytes, err := os.ReadFile(kustomizationFile) + if err != nil { + return err + } + + content := make(map[string]interface{}) + + err = yaml.Unmarshal(bytes, content) + if err != nil { + return err + } + + content["namespace"] = namespace + + resInterface := content["resources"].([]interface{}) + resources := make([]string, len(resInterface)) + + for i, v := range resInterface { + resources[i] = v.(string) } - relPath = relPath + base[1:] - content := fmt.Sprintf("namespace: %s\nresources:\n - %s", namespace, relPath) + // Add relative path for directories. Leave local (.yaml) files as they are. + for i, res := range resources { + if !strings.HasSuffix(res, ".yaml") { + resources[i] = relPath + "/" + res + } + } + + content["resources"] = resources - return os.WriteFile(overlay+"/kustomization.yaml", []byte(content), 0600) + bytes, err = yaml.Marshal(content) + if err != nil { + return err + } + + if err := os.WriteFile(kustomizationFile, bytes, 0600); err != nil { + return err + } + + return nil } // DeployWebhook deploys an admission webhook to a framework-specific namespace. @@ -145,6 +214,7 @@ func DeployWebhook(ctx context.Context, f *framework.Framework, kustomizationPat defer os.RemoveAll(tmpDir) + // The overlay files are deleted by the deferred RemoveAll call above. err = CreateKustomizationOverlay(f.Namespace.Name, filepath.Dir(kustomizationPath), tmpDir) if err != nil { framework.Failf("unable to kustomization overlay: %v", err)