From 446ab6642f12db12515be9496ac69e0679ccbbcc Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 26 Jul 2023 14:02:43 +0300 Subject: [PATCH 1/6] Fix QAT kernel driver links Signed-off-by: Tuomas Katila --- cmd/qat_plugin/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/qat_plugin/README.md b/cmd/qat_plugin/README.md index 15875480e..9b65285b1 100644 --- a/cmd/qat_plugin/README.md +++ b/cmd/qat_plugin/README.md @@ -59,7 +59,7 @@ For more details on the `-dpdk-driver` choice, see > devices prior to Gen4 (`4xxx`). For more details on the available options to the `-kernel-vf-drivers` option, see the list of -vf drivers available in the [Linux Kernel](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat). +vf drivers available in the [Linux Kernel](https://github.com/torvalds/linux/tree/master/drivers/crypto/intel/qat). If the `-mode` parameter is set to `kernel`, no other parameter documented above are valid, except the `klog` logging related parameters. @@ -88,7 +88,7 @@ You will also need [appropriate hardware installed](#checking-for-hardware). The QAT plugin requires Linux Kernel VF QAT drivers to be available. These drivers are available via two methods. One of them must be installed and enabled: -- [Linux Kernel upstream drivers](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat) +- [Linux Kernel upstream drivers](https://github.com/torvalds/linux/tree/master/drivers/crypto/intel/qat) - [Intel QuickAssist Technology software for Linux][9] The demonstrations have their own requirements, listed in their own specific sections. From 8f047c3c065d9e988ecc8a2b93b71338b93f251a Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 26 Jul 2023 14:16:55 +0300 Subject: [PATCH 2/6] reconciler: fix incomplete log output Signed-off-by: Tuomas Katila --- pkg/controllers/reconciler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go index 61e7beab8..b9bcdfd97 100644 --- a/pkg/controllers/reconciler.go +++ b/pkg/controllers/reconciler.go @@ -230,7 +230,7 @@ func (r *reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu // Synchronize the DaemonSet with its owner. if r.controller.UpdateDaemonSet(devicePlugin, ds) { - log.Info("", cmp.Diff(ds0.Spec.Template.Spec, ds.Spec.Template.Spec, diff.IgnoreUnset())) + log.Info("daemonset difference", "diff", cmp.Diff(ds0.Spec.Template.Spec, ds.Spec.Template.Spec, diff.IgnoreUnset())) if err := r.Update(ctx, ds); err != nil { log.Error(err, "unable to update DaemonSet", "DaemonSet", ds) From d865a1b40251d478ba6a0b97f25b011252c601fa Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 2 Aug 2023 11:24:20 +0300 Subject: [PATCH 3/6] e2e/utils: Modify overlay customization Instead creating another overlay, copy the existing overlay and modify it. This helps with multi-level overlays with specific namespace selections. Co-authored-by: Mikko Ylinen Signed-off-by: Tuomas Katila --- test/e2e/utils/utils.go | 88 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 79 insertions(+), 9 deletions(-) diff --git a/test/e2e/utils/utils.go b/test/e2e/utils/utils.go index cb3479174..86f88e668 100644 --- a/test/e2e/utils/utils.go +++ b/test/e2e/utils/utils.go @@ -17,7 +17,7 @@ package utils import ( "context" - "fmt" + "io" "os" "path/filepath" "strings" @@ -25,6 +25,7 @@ import ( "github.com/onsi/gomega" "github.com/pkg/errors" + "gopkg.in/yaml.v2" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -118,17 +119,85 @@ func LocateRepoFile(repopath string) (string, error) { return "", errors.New("no file found, try to define PLUGINS_REPO_DIR pointing to the root of the repository") } -// CreateKustomizationOverlay creates an overlay with overridden namespace. -func CreateKustomizationOverlay(namespace, base, overlay string) error { - relPath := "" - for range strings.Split(overlay[1:], "/") { - relPath = relPath + "../" +func copyFiles(srcDir, dstDir string) error { + err := filepath.WalkDir(srcDir, func(path string, d os.DirEntry, err error) error { + if d.IsDir() || err != nil { + return nil + } + + n, err := os.ReadFile(path) + if err != nil && err != io.EOF || len(n) == 0 { + return err + } + + fn := filepath.Join(dstDir, filepath.Base(path)) + + if err := os.WriteFile(fn, n, 0600); err != nil { + return err + } + + return nil + }) + + return err +} + +// CreateKustomizationOverlay copies the base overlay, and changes the namespace +// and relative paths to resources. The deletion of the files is left for the caller. +func CreateKustomizationOverlay(namespace, kustomizeYamlFileDir, overlayDir string) error { + relPath, err := filepath.Rel(overlayDir, kustomizeYamlFileDir) + if err != nil { + return err + } + + // Copy all files under the kustomize path under the temp overlay path. + err = copyFiles(kustomizeYamlFileDir, overlayDir) + if err != nil { + return err + } + + kustomizationFile := filepath.Join(overlayDir, "kustomization.yaml") + + bytes, err := os.ReadFile(kustomizationFile) + if err != nil { + return err + } + + content := make(map[string]interface{}) + + err = yaml.Unmarshal(bytes, content) + if err != nil { + return err + } + + content["namespace"] = namespace + + resInterface := content["resources"].([]interface{}) + resources := make([]string, len(resInterface)) + + for i, v := range resInterface { + resources[i] = v.(string) } - relPath = relPath + base[1:] - content := fmt.Sprintf("namespace: %s\nresources:\n - %s", namespace, relPath) + // Add relative path for directories. Leave local (.yaml) files as they are. + for i, res := range resources { + if !strings.HasSuffix(res, ".yaml") { + resources[i] = relPath + "/" + res + } + } + + content["resources"] = resources - return os.WriteFile(overlay+"/kustomization.yaml", []byte(content), 0600) + bytes, err = yaml.Marshal(content) + if err != nil { + return err + } + + if err := os.WriteFile(kustomizationFile, bytes, 0600); err != nil { + return err + } + + return nil } // DeployWebhook deploys an admission webhook to a framework-specific namespace. @@ -145,6 +214,7 @@ func DeployWebhook(ctx context.Context, f *framework.Framework, kustomizationPat defer os.RemoveAll(tmpDir) + // The overlay files are deleted by the deferred RemoveAll call above. err = CreateKustomizationOverlay(f.Namespace.Name, filepath.Dir(kustomizationPath), tmpDir) if err != nil { framework.Failf("unable to kustomization overlay: %v", err) From ec2930b33198cb5f3259dcdb209f264297084994 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 2 Aug 2023 11:48:07 +0300 Subject: [PATCH 4/6] deployments: move from 'bases' to 'resources' Signed-off-by: Tuomas Katila --- deployments/dlb_plugin/kustomization.yaml | 2 +- .../overlays/dlb_initcontainer/kustomization.yaml | 2 +- deployments/dsa_plugin/kustomization.yaml | 2 +- .../overlays/dsa_initcontainer/kustomization.yaml | 2 +- .../fpga_admissionwebhook/base/kustomization.yaml | 2 +- .../default/kustomization.yaml | 15 +-------------- .../fpga_admissionwebhook/kustomization.yaml | 2 +- .../overlays/region/kustomization.yaml | 4 ++-- deployments/gpu_plugin/kustomization.yaml | 2 +- .../fractional_resources/kustomization.yaml | 3 +-- .../monitoring_shared-dev_nfd/kustomization.yaml | 2 +- .../overlays/nfd_labeled_nodes/kustomization.yaml | 2 +- deployments/iaa_plugin/kustomization.yaml | 2 +- .../overlays/iaa_initcontainer/kustomization.yaml | 2 +- deployments/nfd/base/kustomization.yaml | 2 +- deployments/nfd/kustomization.yaml | 2 +- deployments/nfd/overlays/gpu/kustomization.yaml | 2 +- deployments/operator/default/kustomization.yaml | 2 +- .../operator/device/dlb/kustomization.yaml | 2 +- .../operator/device/dsa/kustomization.yaml | 2 +- .../operator/device/fpga/kustomization.yaml | 2 +- .../operator/device/gpu/kustomization.yaml | 2 +- .../operator/device/qat/kustomization.yaml | 2 +- .../operator/device/sgx/kustomization.yaml | 2 +- deployments/operator/kustomization.yaml | 2 +- deployments/qat_dpdk_app/kustomization.yaml | 2 +- .../patches/compress-perf/kustomization.yaml | 2 +- .../patches/crypto-perf/kustomization.yaml | 2 +- .../patches/dpdk-test/kustomization.yaml | 2 +- .../test-compress1/kustomization.yaml | 2 +- .../test-crypto1-gen4/kustomization.yaml | 2 +- .../qat_dpdk_app/test-crypto1/kustomization.yaml | 2 +- deployments/qat_plugin/kustomization.yaml | 2 +- .../apparmor_unconfined/kustomization.yaml | 2 +- .../qat_plugin/overlays/debug/kustomization.yaml | 2 +- .../overlays/qat_initcontainer/kustomization.yaml | 2 +- .../sgx_admissionwebhook/base/kustomization.yaml | 2 +- .../default/kustomization.yaml | 4 +--- .../sgx_admissionwebhook/kustomization.yaml | 2 +- .../default-with-certmanager/kustomization.yaml | 12 +----------- deployments/sgx_aesmd/kustomization.yaml | 2 +- deployments/sgx_enclave_apps/kustomization.yaml | 2 +- .../sgx_ecdsa_aesmd_quote/kustomization.yaml | 6 +++--- .../sgx_ecdsa_inproc_quote/kustomization.yaml | 4 ++-- .../overlays/epc-nfd/kustomization.yaml | 2 +- .../overlays/epc-register/kustomization.yaml | 3 +-- deployments/vpu_plugin/kustomization.yaml | 6 ++++-- .../vpu_plugin/overlays/xlink/kustomization.yaml | 2 +- deployments/xpumanager_sidecar/kustomization.yaml | 2 +- 49 files changed, 56 insertions(+), 81 deletions(-) diff --git a/deployments/dlb_plugin/kustomization.yaml b/deployments/dlb_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/dlb_plugin/kustomization.yaml +++ b/deployments/dlb_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml b/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml index 1dd419027..3f14ba4dd 100644 --- a/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml +++ b/deployments/dlb_plugin/overlays/dlb_initcontainer/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: dlb_initcontainer.yaml diff --git a/deployments/dsa_plugin/kustomization.yaml b/deployments/dsa_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/dsa_plugin/kustomization.yaml +++ b/deployments/dsa_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml index ea3fd7b40..19772cfb5 100644 --- a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml +++ b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patchesStrategicMerge: - dsa_initcontainer.yaml diff --git a/deployments/fpga_admissionwebhook/base/kustomization.yaml b/deployments/fpga_admissionwebhook/base/kustomization.yaml index b600ca951..37de6ca08 100644 --- a/deployments/fpga_admissionwebhook/base/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/base/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../crd - ../rbac - ../manager diff --git a/deployments/fpga_admissionwebhook/default/kustomization.yaml b/deployments/fpga_admissionwebhook/default/kustomization.yaml index a821d2d58..a2308f9f2 100644 --- a/deployments/fpga_admissionwebhook/default/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/default/kustomization.yaml @@ -1,19 +1,6 @@ -# Adds namespace to all resources. namespace: intelfpgawebhook-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. namePrefix: intelfpgawebhook- -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../base - resources: +- ../base - namespace.yaml diff --git a/deployments/fpga_admissionwebhook/kustomization.yaml b/deployments/fpga_admissionwebhook/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/fpga_admissionwebhook/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/fpga_plugin/overlays/region/kustomization.yaml b/deployments/fpga_plugin/overlays/region/kustomization.yaml index 55ab43ba1..55b5f5443 100644 --- a/deployments/fpga_plugin/overlays/region/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/region/kustomization.yaml @@ -2,8 +2,8 @@ namespace: intelfpgaplugin-system namePrefix: intelfpgaplugin- resources: - - ../../base - - ../../../fpga_admissionwebhook/base +- ../../base +- ../../../fpga_admissionwebhook/base patchesStrategicMerge: - mode-region.yaml diff --git a/deployments/gpu_plugin/kustomization.yaml b/deployments/gpu_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/gpu_plugin/kustomization.yaml +++ b/deployments/gpu_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml index 85d0d920f..f1a58940a 100644 --- a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml @@ -1,6 +1,5 @@ -bases: - - ../../base resources: + - ../../base - gpu-manager-rolebinding.yaml - gpu-manager-role.yaml - gpu-manager-sa.yaml diff --git a/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml b/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml index 62fa1007b..9b17645ce 100644 --- a/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/monitoring_shared-dev_nfd/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: add-args.yaml diff --git a/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml b/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml index a29f7bc2a..38178d290 100644 --- a/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/nfd_labeled_nodes/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patches: - path: add-nodeselector-intel-gpu.yaml diff --git a/deployments/iaa_plugin/kustomization.yaml b/deployments/iaa_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/iaa_plugin/kustomization.yaml +++ b/deployments/iaa_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml index 334446f71..d7453304d 100644 --- a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml +++ b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patchesStrategicMerge: - iaa_initcontainer.yaml diff --git a/deployments/nfd/base/kustomization.yaml b/deployments/nfd/base/kustomization.yaml index bcc3c245b..f7e78f25b 100644 --- a/deployments/nfd/base/kustomization.yaml +++ b/deployments/nfd/base/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: +resources: - "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.13.1" diff --git a/deployments/nfd/kustomization.yaml b/deployments/nfd/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/nfd/kustomization.yaml +++ b/deployments/nfd/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/nfd/overlays/gpu/kustomization.yaml b/deployments/nfd/overlays/gpu/kustomization.yaml index 3b2eac271..d5b3277ac 100644 --- a/deployments/nfd/overlays/gpu/kustomization.yaml +++ b/deployments/nfd/overlays/gpu/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -bases: +resources: - ../../base components: diff --git a/deployments/operator/default/kustomization.yaml b/deployments/operator/default/kustomization.yaml index 06c12f5b9..2003e5788 100644 --- a/deployments/operator/default/kustomization.yaml +++ b/deployments/operator/default/kustomization.yaml @@ -12,7 +12,7 @@ namePrefix: inteldeviceplugins- #commonLabels: # someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager diff --git a/deployments/operator/device/dlb/kustomization.yaml b/deployments/operator/device/dlb/kustomization.yaml index 7d33fdb24..638717199 100644 --- a/deployments/operator/device/dlb/kustomization.yaml +++ b/deployments/operator/device/dlb/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/device/dsa/kustomization.yaml b/deployments/operator/device/dsa/kustomization.yaml index 3a605359c..06a2c052b 100644 --- a/deployments/operator/device/dsa/kustomization.yaml +++ b/deployments/operator/device/dsa/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/device/fpga/kustomization.yaml b/deployments/operator/device/fpga/kustomization.yaml index cea26f2ac..e3a4ac163 100644 --- a/deployments/operator/device/fpga/kustomization.yaml +++ b/deployments/operator/device/fpga/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/device/gpu/kustomization.yaml b/deployments/operator/device/gpu/kustomization.yaml index 19793e950..a0387f29b 100644 --- a/deployments/operator/device/gpu/kustomization.yaml +++ b/deployments/operator/device/gpu/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/device/qat/kustomization.yaml b/deployments/operator/device/qat/kustomization.yaml index 74e100f9a..5a72eda28 100644 --- a/deployments/operator/device/qat/kustomization.yaml +++ b/deployments/operator/device/qat/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/device/sgx/kustomization.yaml b/deployments/operator/device/sgx/kustomization.yaml index c99b56ab4..4049bd882 100644 --- a/deployments/operator/device/sgx/kustomization.yaml +++ b/deployments/operator/device/sgx/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../default patchesStrategicMerge: diff --git a/deployments/operator/kustomization.yaml b/deployments/operator/kustomization.yaml index a3be32551..6d07e22fa 100644 --- a/deployments/operator/kustomization.yaml +++ b/deployments/operator/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - default - manager - webhook diff --git a/deployments/qat_dpdk_app/kustomization.yaml b/deployments/qat_dpdk_app/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/qat_dpdk_app/kustomization.yaml +++ b/deployments/qat_dpdk_app/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml index 1d12d4d8a..5a80736b2 100644 --- a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -compress-perf -bases: +resources: - ../dpdk-test/ patchesStrategicMerge: - volume_add_configmap.yaml diff --git a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml index a918bc04f..327d21b13 100644 --- a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -crypto-perf -bases: +resources: - ../dpdk-test/ patchesJson6902: - target: diff --git a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml index f1354b58b..c1a396609 100644 --- a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -test -bases: +resources: - ../../base/ patchesJson6902: - target: diff --git a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml index 0f40ea374..bf744795d 100644 --- a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -tc1 -bases: +resources: - ../patches/compress-perf patchesJson6902: - target: diff --git a/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml b/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml index 9cf4ba84e..b39c90b19 100644 --- a/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-crypto1-gen4/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -gen4 -bases: +resources: - ../test-crypto1 patches: - target: diff --git a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml index ea0f4e5d3..5b51cf92e 100644 --- a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -tc1 -bases: +resources: - ../patches/crypto-perf patchesJson6902: - target: diff --git a/deployments/qat_plugin/kustomization.yaml b/deployments/qat_plugin/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/qat_plugin/kustomization.yaml +++ b/deployments/qat_plugin/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml index 7dabd42f8..5f9e61d0f 100644 --- a/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml +++ b/deployments/qat_plugin/overlays/apparmor_unconfined/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base commonAnnotations: container.apparmor.security.beta.kubernetes.io/intel-qat-plugin: unconfined diff --git a/deployments/qat_plugin/overlays/debug/kustomization.yaml b/deployments/qat_plugin/overlays/debug/kustomization.yaml index 118fc9018..0a1fb4a6b 100644 --- a/deployments/qat_plugin/overlays/debug/kustomization.yaml +++ b/deployments/qat_plugin/overlays/debug/kustomization.yaml @@ -1,5 +1,5 @@ nameSuffix: -debug -bases: +resources: - ../../base patches: - path: add-args.yaml diff --git a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml index 57acc1dd8..c7db71576 100644 --- a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml +++ b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base patchesStrategicMerge: - qat_initcontainer.yaml diff --git a/deployments/sgx_admissionwebhook/base/kustomization.yaml b/deployments/sgx_admissionwebhook/base/kustomization.yaml index d379eebe8..439cb43b7 100644 --- a/deployments/sgx_admissionwebhook/base/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/base/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../manager - ../webhook diff --git a/deployments/sgx_admissionwebhook/default/kustomization.yaml b/deployments/sgx_admissionwebhook/default/kustomization.yaml index 962dd9e58..c9552de51 100644 --- a/deployments/sgx_admissionwebhook/default/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/default/kustomization.yaml @@ -1,5 +1,3 @@ -bases: -- ../base - resources: +- ../base - namespace.yaml diff --git a/deployments/sgx_admissionwebhook/kustomization.yaml b/deployments/sgx_admissionwebhook/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_admissionwebhook/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml index 4febb6e3d..52669456c 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml @@ -1,18 +1,8 @@ -# Adds namespace to all resources. namespace: intelsgxwebhook-system -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. namePrefix: intelsgxwebhook- -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: +resources: - ../../default - ../../certmanager diff --git a/deployments/sgx_aesmd/kustomization.yaml b/deployments/sgx_aesmd/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_aesmd/kustomization.yaml +++ b/deployments/sgx_aesmd/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_enclave_apps/kustomization.yaml b/deployments/sgx_enclave_apps/kustomization.yaml index f191f3aae..197c7292e 100644 --- a/deployments/sgx_enclave_apps/kustomization.yaml +++ b/deployments/sgx_enclave_apps/kustomization.yaml @@ -1,2 +1,2 @@ -bases: +resources: - base diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml index b46e1c769..e8fdb5d6d 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml @@ -1,8 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namePrefix: "ecdsa-quote-" -bases: - - ../../base +namePrefix: ecdsa-quote- +resources: +- ../../base commonAnnotations: sgx.intel.com/quote-provider: "aesmd" patchesJson6902: diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml index 858efc7eb..99399bcdc 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namePrefix: "inproc-" -bases: +namePrefix: inproc- +resources: - ../sgx_ecdsa_aesmd_quote commonAnnotations: sgx.intel.com/quote-provider: "intelsgx-demo-job-1" diff --git a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml index de7caa372..14ceef271 100644 --- a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml @@ -1,3 +1,3 @@ -bases: +resources: - ../../base - ../../../sgx_admissionwebhook/overlays/default-with-certmanager diff --git a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml index 8b76d7326..78dff0b6c 100644 --- a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml @@ -1,7 +1,6 @@ -bases: - - ../../base namespace: kube-system resources: + - ../../base - service-account.yaml - init-daemonset.yaml patches: diff --git a/deployments/vpu_plugin/kustomization.yaml b/deployments/vpu_plugin/kustomization.yaml index f191f3aae..8f3bd4d6d 100644 --- a/deployments/vpu_plugin/kustomization.yaml +++ b/deployments/vpu_plugin/kustomization.yaml @@ -1,2 +1,4 @@ -bases: - - base +resources: +- base +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization diff --git a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml index 477825bff..d9afe07b6 100644 --- a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml +++ b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml @@ -1,4 +1,4 @@ -bases: +resources: - ../../base/ patchesStrategicMerge: - add_command_args.yaml diff --git a/deployments/xpumanager_sidecar/kustomization.yaml b/deployments/xpumanager_sidecar/kustomization.yaml index 7e152fa90..ce47a1f80 100644 --- a/deployments/xpumanager_sidecar/kustomization.yaml +++ b/deployments/xpumanager_sidecar/kustomization.yaml @@ -1,5 +1,5 @@ -resources: # XeLink topology information is only available from >= 1.x.y release +resources: - https://raw.githubusercontent.com/intel/xpumanager/v1.2.0_golden/deployment/kubernetes/daemonset-intel-xpum.yaml namespace: monitoring patchesStrategicMerge: From cb04ca0deb77498073b8d0bbc9ae60bb5f1bafd6 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 2 Aug 2023 11:52:07 +0300 Subject: [PATCH 5/6] deployments: move from 'patchesStrategicMerge' to 'patches' Signed-off-by: Tuomas Katila --- .../dsa_initcontainer/kustomization.yaml | 6 ++++-- .../base/kustomization.yaml | 8 +++++--- .../overlays/region/kustomization.yaml | 8 ++++++-- .../fractional_resources/kustomization.yaml | 10 ++++++++++ .../iaa_initcontainer/kustomization.yaml | 6 ++++-- .../nfd/components/gpu/kustomization.yaml | 14 +++++++------- deployments/operator/default/kustomization.yaml | 17 +++++++++++++---- .../operator/device/dlb/kustomization.yaml | 6 ++++-- .../operator/device/dsa/kustomization.yaml | 6 ++++-- .../operator/device/fpga/kustomization.yaml | 7 +++++-- .../operator/device/gpu/kustomization.yaml | 6 ++++-- .../operator/device/qat/kustomization.yaml | 6 ++++-- .../operator/device/sgx/kustomization.yaml | 6 ++++-- .../operator/scorecard/kustomization.yaml | 9 +++++---- .../patches/compress-perf/kustomization.yaml | 12 +++++++----- .../patches/crypto-perf/kustomization.yaml | 10 ++++++---- .../patches/dpdk-test/kustomization.yaml | 10 ++++++---- .../test-compress1/kustomization.yaml | 10 ++++++---- .../test-crypto1/kustomization.yaml | 10 ++++++---- .../qat_initcontainer/kustomization.yaml | 6 ++++-- .../base/kustomization.yaml | 6 ++++-- .../default-with-certmanager/kustomization.yaml | 6 ++++-- .../sgx_ecdsa_aesmd_quote/kustomization.yaml | 10 +++++----- .../sgx_ecdsa_inproc_quote/kustomization.yaml | 12 ++++++------ .../overlays/epc-register/kustomization.yaml | 3 +++ .../overlays/xlink/kustomization.yaml | 13 +++++++------ .../xpumanager_sidecar/kustomization.yaml | 6 ++++-- 27 files changed, 147 insertions(+), 82 deletions(-) diff --git a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml index 19772cfb5..59d80d1f1 100644 --- a/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml +++ b/deployments/dsa_plugin/overlays/dsa_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ resources: - ../../base -patchesStrategicMerge: -- dsa_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: dsa_initcontainer.yaml diff --git a/deployments/fpga_admissionwebhook/base/kustomization.yaml b/deployments/fpga_admissionwebhook/base/kustomization.yaml index 37de6ca08..6f2ffe4b8 100644 --- a/deployments/fpga_admissionwebhook/base/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/base/kustomization.yaml @@ -5,12 +5,14 @@ resources: - ../webhook - ../certmanager -patchesStrategicMerge: # Enable webhook -- manager_webhook_patch.yaml # Enable certmanager integration -- webhookcainjection_patch.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: manager_webhook_patch.yaml +- path: webhookcainjection_patch.yaml vars: - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR objref: diff --git a/deployments/fpga_plugin/overlays/region/kustomization.yaml b/deployments/fpga_plugin/overlays/region/kustomization.yaml index 55b5f5443..4007093b1 100644 --- a/deployments/fpga_plugin/overlays/region/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/region/kustomization.yaml @@ -5,5 +5,9 @@ resources: - ../../base - ../../../fpga_admissionwebhook/base -patchesStrategicMerge: - - mode-region.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: mode-region.yaml + target: + kind: DaemonSet diff --git a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml index f1a58940a..6f0cf4107 100644 --- a/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml +++ b/deployments/gpu_plugin/overlays/fractional_resources/kustomization.yaml @@ -5,7 +5,17 @@ resources: - gpu-manager-sa.yaml patches: - path: add-serviceaccount.yaml + target: + kind: DaemonSet - path: add-podresource-mount.yaml + target: + kind: DaemonSet - path: add-args.yaml + target: + kind: DaemonSet - path: add-nodeselector-intel-gpu.yaml + target: + kind: DaemonSet - path: add-kubelet-crt-mount.yaml + target: + kind: DaemonSet diff --git a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml index d7453304d..fe8c7776a 100644 --- a/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml +++ b/deployments/iaa_plugin/overlays/iaa_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ resources: - ../../base -patchesStrategicMerge: -- iaa_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: iaa_initcontainer.yaml diff --git a/deployments/nfd/components/gpu/kustomization.yaml b/deployments/nfd/components/gpu/kustomization.yaml index c4eee0c60..e34a925b7 100644 --- a/deployments/nfd/components/gpu/kustomization.yaml +++ b/deployments/nfd/components/gpu/kustomization.yaml @@ -1,16 +1,16 @@ apiVersion: kustomize.config.k8s.io/v1alpha1 kind: Component -patchesJson6902: -- target: +patches: +- path: master-args.yaml + target: group: apps - version: v1 kind: Deployment name: nfd-master - path: master-args.yaml -- target: - group: rbac.authorization.k8s.io version: v1 +- path: master-rbac.yaml + target: + group: rbac.authorization.k8s.io kind: ClusterRole name: nfd-master - path: master-rbac.yaml + version: v1 diff --git a/deployments/operator/default/kustomization.yaml b/deployments/operator/default/kustomization.yaml index 2003e5788..4320a2815 100644 --- a/deployments/operator/default/kustomization.yaml +++ b/deployments/operator/default/kustomization.yaml @@ -19,15 +19,24 @@ resources: - ../webhook - ../certmanager -patchesStrategicMerge: +patches: # Protect the /metrics endpoint by putting it behind auth. # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml +- path: manager_auth_proxy_patch.yaml + target: + name: controller-manager # Enable webhook -- manager_webhook_patch.yaml +- path: manager_webhook_patch.yaml + target: + name: controller-manager # Enable certmanager integration -- webhookcainjection_patch.yaml +- path: webhookcainjection_patch_mutate.yaml + target: + name: mutating-webhook-configuration +- path: webhookcainjection_patch_validate.yaml + target: + name: validating-webhook-configuration vars: - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR diff --git a/deployments/operator/device/dlb/kustomization.yaml b/deployments/operator/device/dlb/kustomization.yaml index 638717199..027f08d9f 100644 --- a/deployments/operator/device/dlb/kustomization.yaml +++ b/deployments/operator/device/dlb/kustomization.yaml @@ -1,5 +1,7 @@ resources: - ../../default -patchesStrategicMerge: - - dlb.yaml +patches: +- path: dlb.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/dsa/kustomization.yaml b/deployments/operator/device/dsa/kustomization.yaml index 06a2c052b..77363340f 100644 --- a/deployments/operator/device/dsa/kustomization.yaml +++ b/deployments/operator/device/dsa/kustomization.yaml @@ -1,5 +1,7 @@ resources: - ../../default -patchesStrategicMerge: - - dsa.yaml +patches: +- path: dsa.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/fpga/kustomization.yaml b/deployments/operator/device/fpga/kustomization.yaml index e3a4ac163..855c5cbed 100644 --- a/deployments/operator/device/fpga/kustomization.yaml +++ b/deployments/operator/device/fpga/kustomization.yaml @@ -1,5 +1,8 @@ resources: - ../../default -patchesStrategicMerge: - - fpga.yaml +patches: +- path: fpga.yaml + target: + kind: Deployment + diff --git a/deployments/operator/device/gpu/kustomization.yaml b/deployments/operator/device/gpu/kustomization.yaml index a0387f29b..2544b44b6 100644 --- a/deployments/operator/device/gpu/kustomization.yaml +++ b/deployments/operator/device/gpu/kustomization.yaml @@ -1,5 +1,7 @@ resources: - ../../default -patchesStrategicMerge: - - gpu.yaml +patches: +- path: gpu.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/qat/kustomization.yaml b/deployments/operator/device/qat/kustomization.yaml index 5a72eda28..022152f8f 100644 --- a/deployments/operator/device/qat/kustomization.yaml +++ b/deployments/operator/device/qat/kustomization.yaml @@ -1,5 +1,7 @@ resources: - ../../default -patchesStrategicMerge: - - qat.yaml +patches: +- path: qat.yaml + target: + kind: Deployment diff --git a/deployments/operator/device/sgx/kustomization.yaml b/deployments/operator/device/sgx/kustomization.yaml index 4049bd882..9b347a52b 100644 --- a/deployments/operator/device/sgx/kustomization.yaml +++ b/deployments/operator/device/sgx/kustomization.yaml @@ -1,5 +1,7 @@ resources: - ../../default -patchesStrategicMerge: - - sgx.yaml +patches: +- path: sgx.yaml + target: + kind: Deployment diff --git a/deployments/operator/scorecard/kustomization.yaml b/deployments/operator/scorecard/kustomization.yaml index d73509ee7..61ceb4d78 100644 --- a/deployments/operator/scorecard/kustomization.yaml +++ b/deployments/operator/scorecard/kustomization.yaml @@ -1,16 +1,17 @@ resources: - bases/config.yaml -patchesJson6902: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: - path: patches/basic.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config + version: v1alpha3 - path: patches/olm.config.yaml target: group: scorecard.operatorframework.io - version: v1alpha3 kind: Configuration name: config -# +kubebuilder:scaffold:patchesJson6902 + version: v1alpha3 diff --git a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml index 5a80736b2..65f3cbf01 100644 --- a/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/compress-perf/kustomization.yaml @@ -1,10 +1,12 @@ nameSuffix: -compress-perf resources: - ../dpdk-test/ -patchesStrategicMerge: -- volume_add_configmap.yaml -- env_replace_testcmd.yaml configMapGenerator: -- name: test-data - files: +- files: - file.txt + name: test-data +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: volume_add_configmap.yaml +- path: env_replace_testcmd.yaml diff --git a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml index 327d21b13..9cea1553d 100644 --- a/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/crypto-perf/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -crypto-perf resources: - ../dpdk-test/ -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: test.json + target: kind: Pod name: qat-dpdk - path: test.json + version: v1 diff --git a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml index c1a396609..b868cdea3 100644 --- a/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml +++ b/deployments/qat_dpdk_app/patches/dpdk-test/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -test resources: - ../../base/ -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: containers_patch_command_args.json + target: kind: Pod name: qat-dpdk - path: containers_patch_command_args.json + version: v1 diff --git a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml index bf744795d..689c1fd82 100644 --- a/deployments/qat_dpdk_app/test-compress1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-compress1/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -tc1 resources: - ../patches/compress-perf -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: tc1.json + target: kind: Pod name: qat-dpdk - path: tc1.json + version: v1 diff --git a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml index 5b51cf92e..58546ab67 100644 --- a/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml +++ b/deployments/qat_dpdk_app/test-crypto1/kustomization.yaml @@ -1,9 +1,11 @@ nameSuffix: -tc1 resources: - ../patches/crypto-perf -patchesJson6902: -- target: - version: v1 +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: tc1.json + target: kind: Pod name: qat-dpdk - path: tc1.json + version: v1 diff --git a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml index c7db71576..171bcd671 100644 --- a/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml +++ b/deployments/qat_plugin/overlays/qat_initcontainer/kustomization.yaml @@ -1,4 +1,6 @@ resources: - ../../base -patchesStrategicMerge: -- qat_initcontainer.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: qat_initcontainer.yaml diff --git a/deployments/sgx_admissionwebhook/base/kustomization.yaml b/deployments/sgx_admissionwebhook/base/kustomization.yaml index 439cb43b7..a37dccf70 100644 --- a/deployments/sgx_admissionwebhook/base/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/base/kustomization.yaml @@ -2,6 +2,8 @@ resources: - ../manager - ../webhook -patchesStrategicMerge: # Enable webhook -- manager_webhook_patch.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: manager_webhook_patch.yaml diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml index 52669456c..0e36f5913 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml @@ -6,9 +6,11 @@ resources: - ../../default - ../../certmanager -patchesStrategicMerge: +patches: # Enable certmanager integration -- webhookcainjection_patch.yaml +- path: webhookcainjection_patch.yaml + target: + name: mutating-webhook-configuration vars: - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml index e8fdb5d6d..b54765588 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_aesmd_quote/kustomization.yaml @@ -4,11 +4,11 @@ namePrefix: ecdsa-quote- resources: - ../../base commonAnnotations: - sgx.intel.com/quote-provider: "aesmd" -patchesJson6902: -- target: + sgx.intel.com/quote-provider: aesmd +patches: +- path: change_workingdir_and_command.json + target: group: batch - version: v1 kind: Job name: intelsgx-demo-job - path: change_workingdir_and_command.json + version: v1 diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml index 99399bcdc..2389e51dc 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/kustomization.yaml @@ -4,11 +4,11 @@ namePrefix: inproc- resources: - ../sgx_ecdsa_aesmd_quote commonAnnotations: - sgx.intel.com/quote-provider: "intelsgx-demo-job-1" + sgx.intel.com/quote-provider: intelsgx-demo-job-1 configMapGenerator: -- name: sgx-attestation-conf - files: +- files: - sgx_default_qcnl.conf -patchesStrategicMerge: -- add_hostnetwork.yaml -- add_sgx_default_qcnl_conf.yaml + name: sgx-attestation-conf +patches: +- path: add_hostnetwork.yaml +- path: add_sgx_default_qcnl_conf.yaml diff --git a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml index 78dff0b6c..b10244aa1 100644 --- a/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-register/kustomization.yaml @@ -5,3 +5,6 @@ resources: - init-daemonset.yaml patches: - path: add-node-selector.yaml + target: + kind: DaemonSet + diff --git a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml index d9afe07b6..b47c8e4c0 100644 --- a/deployments/vpu_plugin/overlays/xlink/kustomization.yaml +++ b/deployments/vpu_plugin/overlays/xlink/kustomization.yaml @@ -1,11 +1,12 @@ resources: - ../../base/ -patchesStrategicMerge: -- add_command_args.yaml -patchesJson6902: -- target: +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: volumes_patch.yaml + target: group: apps - version: v1 kind: DaemonSet name: intel-vpu-plugin - path: volumes_patch.yaml + version: v1 +- path: add_command_args.yaml diff --git a/deployments/xpumanager_sidecar/kustomization.yaml b/deployments/xpumanager_sidecar/kustomization.yaml index ce47a1f80..c4cf89af8 100644 --- a/deployments/xpumanager_sidecar/kustomization.yaml +++ b/deployments/xpumanager_sidecar/kustomization.yaml @@ -2,5 +2,7 @@ resources: - https://raw.githubusercontent.com/intel/xpumanager/v1.2.0_golden/deployment/kubernetes/daemonset-intel-xpum.yaml namespace: monitoring -patchesStrategicMerge: -- kustom/kustom_xpumanager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +patches: +- path: kustom/kustom_xpumanager.yaml From e92b752d75ea8a74aef6e9721090219d87693124 Mon Sep 17 00:00:00 2001 From: Tuomas Katila Date: Wed, 2 Aug 2023 11:54:04 +0300 Subject: [PATCH 6/6] deployments: move from 'vars' to 'replacements' Signed-off-by: Tuomas Katila --- .../base/kustomization.yaml | 108 +++++++++++++----- .../base/webhookcainjection_patch.yaml | 4 +- .../certmanager/certificate.yaml | 6 +- .../default/kustomization.yaml | 84 ++++++++++++++ .../webhook/kustomizeconfig.yaml | 12 +- .../overlays/af/kustomization.yaml | 84 ++++++++++++++ .../overlays/region/kustomization.yaml | 81 +++++++++++++ .../operator/certmanager/certificate.yaml | 4 +- .../operator/certmanager/kustomizeconfig.yaml | 8 -- deployments/operator/crd/kustomizeconfig.yaml | 3 - .../cainjection_in_fpgadeviceplugins.yaml | 2 +- .../cainjection_in_gpudeviceplugins.yaml | 2 +- .../cainjection_in_qatdeviceplugins.yaml | 2 +- .../operator/default/kustomization.yaml | 108 +++++++++++++----- .../default/webhookcainjection_patch.yaml | 15 --- .../webhookcainjection_patch_mutate.yaml | 6 + .../webhookcainjection_patch_validate.yaml | 6 + .../operator/webhook/kustomizeconfig.yaml | 5 +- .../certmanager/certificate.yaml | 6 +- .../certmanager/kustomizeconfig.yaml | 8 -- .../kustomization.yaml | 93 ++++++++++----- .../webhookcainjection_patch.yaml | 4 +- .../webhook/kustomizeconfig.yaml | 3 - .../overlays/epc-nfd/kustomization.yaml | 84 ++++++++++++++ 24 files changed, 597 insertions(+), 141 deletions(-) delete mode 100644 deployments/operator/default/webhookcainjection_patch.yaml create mode 100644 deployments/operator/default/webhookcainjection_patch_mutate.yaml create mode 100644 deployments/operator/default/webhookcainjection_patch_validate.yaml diff --git a/deployments/fpga_admissionwebhook/base/kustomization.yaml b/deployments/fpga_admissionwebhook/base/kustomization.yaml index 6f2ffe4b8..7dd1f8373 100644 --- a/deployments/fpga_admissionwebhook/base/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/base/kustomization.yaml @@ -13,30 +13,84 @@ kind: Kustomization patches: - path: manager_webhook_patch.yaml - path: webhookcainjection_patch.yaml -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml b/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml index 2e37b9ead..82add8f47 100644 --- a/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml +++ b/deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml @@ -1,8 +1,8 @@ # This patch adds an annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/fpga_admissionwebhook/certmanager/certificate.yaml b/deployments/fpga_admissionwebhook/certmanager/certificate.yaml index 39e8ee4b0..1542f681c 100644 --- a/deployments/fpga_admissionwebhook/certmanager/certificate.yaml +++ b/deployments/fpga_admissionwebhook/certmanager/certificate.yaml @@ -14,10 +14,10 @@ metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/fpga_admissionwebhook/default/kustomization.yaml b/deployments/fpga_admissionwebhook/default/kustomization.yaml index a2308f9f2..04e967901 100644 --- a/deployments/fpga_admissionwebhook/default/kustomization.yaml +++ b/deployments/fpga_admissionwebhook/default/kustomization.yaml @@ -4,3 +4,87 @@ namePrefix: intelfpgawebhook- resources: - ../base - namespace.yaml + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml b/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml index 66781c6cb..206316e54 100644 --- a/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml +++ b/deployments/fpga_admissionwebhook/webhook/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# the following config is for teaching kustomize where to look at when substituting vars. +# the following config is for teaching kustomize where to look at when substituting nameReference. # It requires kustomize v2.1.0 or newer to work properly. nameReference: - kind: Service @@ -7,12 +7,16 @@ nameReference: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io path: webhooks/clientConfig/service/name + - kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/name namespace: - kind: MutatingWebhookConfiguration group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations +- kind: ValidatingWebhookConfiguration + group: admissionregistration.k8s.io + path: webhooks/clientConfig/service/namespace + create: true diff --git a/deployments/fpga_plugin/overlays/af/kustomization.yaml b/deployments/fpga_plugin/overlays/af/kustomization.yaml index c45bea893..1a4f12463 100644 --- a/deployments/fpga_plugin/overlays/af/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/af/kustomization.yaml @@ -4,3 +4,87 @@ namePrefix: intelfpgaplugin- resources: - ../../base - ../../../fpga_admissionwebhook/base + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/fpga_plugin/overlays/region/kustomization.yaml b/deployments/fpga_plugin/overlays/region/kustomization.yaml index 4007093b1..ea792f853 100644 --- a/deployments/fpga_plugin/overlays/region/kustomization.yaml +++ b/deployments/fpga_plugin/overlays/region/kustomization.yaml @@ -11,3 +11,84 @@ patches: - path: mode-region.yaml target: kind: DaemonSet +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/operator/certmanager/certificate.yaml b/deployments/operator/certmanager/certificate.yaml index 39e8ee4b0..c16b54a7e 100644 --- a/deployments/operator/certmanager/certificate.yaml +++ b/deployments/operator/certmanager/certificate.yaml @@ -16,8 +16,8 @@ metadata: spec: # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/operator/certmanager/kustomizeconfig.yaml b/deployments/operator/certmanager/kustomizeconfig.yaml index e631f7773..87d212b8e 100644 --- a/deployments/operator/certmanager/kustomizeconfig.yaml +++ b/deployments/operator/certmanager/kustomizeconfig.yaml @@ -6,11 +6,3 @@ nameReference: - kind: Certificate group: cert-manager.io path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/deployments/operator/crd/kustomizeconfig.yaml b/deployments/operator/crd/kustomizeconfig.yaml index 6f83d9a94..f87d49429 100644 --- a/deployments/operator/crd/kustomizeconfig.yaml +++ b/deployments/operator/crd/kustomizeconfig.yaml @@ -12,6 +12,3 @@ namespace: group: apiextensions.k8s.io path: spec/conversion/webhookClientConfig/service/namespace create: false - -varReference: -- path: metadata/annotations diff --git a/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml index 1ea32f659..afae673e4 100644 --- a/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_fpgadeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: fpgadeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml index 12a9031d3..394b586d7 100644 --- a/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_gpudeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: gpudeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml b/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml index db8ad86f0..fa0d626cd 100644 --- a/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml +++ b/deployments/operator/crd/patches/cainjection_in_qatdeviceplugins.yaml @@ -4,5 +4,5 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: qatdeviceplugins.deviceplugin.intel.com diff --git a/deployments/operator/default/kustomization.yaml b/deployments/operator/default/kustomization.yaml index 4320a2815..bfa90dbe2 100644 --- a/deployments/operator/default/kustomization.yaml +++ b/deployments/operator/default/kustomization.yaml @@ -38,30 +38,84 @@ patches: target: name: validating-webhook-configuration -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/deployments/operator/default/webhookcainjection_patch.yaml b/deployments/operator/default/webhookcainjection_patch.yaml deleted file mode 100644 index 02ab515d4..000000000 --- a/deployments/operator/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: validating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/deployments/operator/default/webhookcainjection_patch_mutate.yaml b/deployments/operator/default/webhookcainjection_patch_mutate.yaml new file mode 100644 index 000000000..2988e309c --- /dev/null +++ b/deployments/operator/default/webhookcainjection_patch_mutate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/operator/default/webhookcainjection_patch_validate.yaml b/deployments/operator/default/webhookcainjection_patch_validate.yaml new file mode 100644 index 000000000..b6567d709 --- /dev/null +++ b/deployments/operator/default/webhookcainjection_patch_validate.yaml @@ -0,0 +1,6 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/operator/webhook/kustomizeconfig.yaml b/deployments/operator/webhook/kustomizeconfig.yaml index 25e21e3c9..206316e54 100644 --- a/deployments/operator/webhook/kustomizeconfig.yaml +++ b/deployments/operator/webhook/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# the following config is for teaching kustomize where to look at when substituting vars. +# the following config is for teaching kustomize where to look at when substituting nameReference. # It requires kustomize v2.1.0 or newer to work properly. nameReference: - kind: Service @@ -20,6 +20,3 @@ namespace: group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations diff --git a/deployments/sgx_admissionwebhook/certmanager/certificate.yaml b/deployments/sgx_admissionwebhook/certmanager/certificate.yaml index 39e8ee4b0..1542f681c 100644 --- a/deployments/sgx_admissionwebhook/certmanager/certificate.yaml +++ b/deployments/sgx_admissionwebhook/certmanager/certificate.yaml @@ -14,10 +14,10 @@ metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml b/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml index e631f7773..87d212b8e 100644 --- a/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml +++ b/deployments/sgx_admissionwebhook/certmanager/kustomizeconfig.yaml @@ -6,11 +6,3 @@ nameReference: - kind: Certificate group: cert-manager.io path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml index 0e36f5913..ce6e677d8 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/kustomization.yaml @@ -12,30 +12,69 @@ patches: target: name: mutating-webhook-configuration -vars: -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true + diff --git a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml index 2e37b9ead..82add8f47 100644 --- a/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml +++ b/deployments/sgx_admissionwebhook/overlays/default-with-certmanager/webhookcainjection_patch.yaml @@ -1,8 +1,8 @@ # This patch adds an annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize. apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml b/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml index 66781c6cb..e2389b0f9 100644 --- a/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml +++ b/deployments/sgx_admissionwebhook/webhook/kustomizeconfig.yaml @@ -13,6 +13,3 @@ namespace: group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations diff --git a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml index 14ceef271..88c9a6f09 100644 --- a/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml +++ b/deployments/sgx_plugin/overlays/epc-nfd/kustomization.yaml @@ -1,3 +1,87 @@ resources: - ../../base - ../../../sgx_admissionwebhook/overlays/default-with-certmanager + +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true