diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml index 25f2c1dd4..c28c76644 100644 --- a/.github/workflows/lib-build.yaml +++ b/.github/workflows/lib-build.yaml @@ -9,7 +9,7 @@ permissions: jobs: image: name: Build image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: image: diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml index b303f75d2..d8dd94c59 100644 --- a/.github/workflows/lib-codeql.yaml +++ b/.github/workflows/lib-codeql.yaml @@ -10,7 +10,7 @@ permissions: jobs: analyze: name: Analysis - runs-on: 'ubuntu-22.04' + runs-on: ubuntu-24.04 timeout-minutes: 360 permissions: diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index 383459682..b0de3dc29 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -15,7 +15,7 @@ permissions: jobs: image: name: Build image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml index a0e5e56e9..4c3f2e23d 100644 --- a/.github/workflows/lib-scorecard.yaml +++ b/.github/workflows/lib-scorecard.yaml @@ -9,7 +9,7 @@ permissions: jobs: analysis: name: Analysis - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: security-events: write diff --git a/.github/workflows/lib-trivy.yaml b/.github/workflows/lib-trivy.yaml index 9d5f0d618..80ac67b58 100644 --- a/.github/workflows/lib-trivy.yaml +++ b/.github/workflows/lib-trivy.yaml @@ -27,7 +27,7 @@ jobs: trivy-scan-deployments: name: Scan deployments if: ${{ inputs.deployments }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -45,7 +45,7 @@ jobs: trivy-scan-dockerfiles: name: Scan Dockerfiles if: ${{ inputs.dockerfiles }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -58,7 +58,7 @@ jobs: severity: CRITICAL,HIGH trivy-scan-licenses: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: Scan licenses steps: - name: Checkout @@ -75,7 +75,7 @@ jobs: trivy-scan-vulns: permissions: security-events: write - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: Scan vulnerabilities steps: - name: Checkout diff --git a/.github/workflows/lib-validate.yaml b/.github/workflows/lib-validate.yaml index 4dd85f06b..175b4af99 100644 --- a/.github/workflows/lib-validate.yaml +++ b/.github/workflows/lib-validate.yaml @@ -8,7 +8,7 @@ permissions: jobs: docs: name: Check docs are buildable - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Install dependencies run: | @@ -32,7 +32,7 @@ jobs: permissions: pull-requests: read # for golangci/golangci-lint-action to fetch pull requests name: lint - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -46,7 +46,7 @@ jobs: args: -v --timeout 5m build: name: Build and check device plugins - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -63,7 +63,7 @@ jobs: # run: bash <(curl -s https://codecov.io/bash) envtest: name: Test APIs using envtest - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: version: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f1c4eb476..7728c31f1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ permissions: jobs: tag_fix: name: Prepare image tag - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: fixed_tag: ${{ steps.fix.outputs.tag }} env: diff --git a/INSTALL.md b/INSTALL.md index fc453db6f..4c9bd784f 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -34,7 +34,7 @@ helm install --wait \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ - --version v1.14.2 \ + --version v1.15.2 \ --set installCRDs=true ``` @@ -44,7 +44,7 @@ NOTE: cert-manager install takes a while to complete. ```bash helm install nfd nfd/node-feature-discovery \ - --namespace node-feature-discovery --create-namespace --version 0.15.1 + --namespace node-feature-discovery --create-namespace --version 0.16.4 ``` ### Installing operator diff --git a/Makefile b/Makefile index b621784fe..27771989a 100644 --- a/Makefile +++ b/Makefile @@ -8,10 +8,10 @@ BUILDTAGS ?= "" BUILDER ?= "docker" EXTRA_BUILD_ARGS ?= "" -CERT_MANAGER_VERSION ?= v1.14.2 -CONTROLLER_GEN_VERSION ?= v0.14.0 +CERT_MANAGER_VERSION ?= v1.15.2 +CONTROLLER_GEN_VERSION ?= v0.16.1 GOLANGCI_LINT_VERSION ?= v1.57.2 -KIND_VERSION ?= v0.21.0 +KIND_VERSION ?= v0.23.0 GOLICENSES_VERSION ?= v1.6.0 # Default bundle image tag BUNDLE_IMG ?= intel-device-plugins-controller-bundle:$(TAG) @@ -75,7 +75,7 @@ test-with-kind: fixture intel-sgx-admissionwebhook intel-fpga-admissionwebhook i kind load docker-image $(REG)intel-sgx-admissionwebhook:$(TAG) kind load docker-image $(REG)intel-fpga-admissionwebhook:$(TAG) kind load docker-image $(REG)intel-deviceplugin-operator:$(TAG) - kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml # Test SGX Admission Webhook, FPGA Admission Webhook and Device Plugin Operator Manager's Webhook $(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "SGX Admission" $(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "FPGA Admission" diff --git a/README.md b/README.md index 0c6bfca64..4b47563a3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://github.com/intel/intel-device-plugins-for-kubernetes/actions/workflows/devel.yaml/badge.svg)](https://github.com/intel/intel-device-plugins-for-kubernetes/actions?query=workflow%3ADevel) [![Go Report Card](https://goreportcard.com/badge/github.com/intel/intel-device-plugins-for-kubernetes)](https://goreportcard.com/report/github.com/intel/intel-device-plugins-for-kubernetes) [![GoDoc](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin?status.svg)](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/intel/intel-device-plugins-for-kubernetes) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes) This repository contains a framework for developing plugins for the Kubernetes [device plugins framework](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/), diff --git a/build/docker/build-image.sh b/build/docker/build-image.sh index f13a9cf53..b77f5ca49 100755 --- a/build/docker/build-image.sh +++ b/build/docker/build-image.sh @@ -33,7 +33,7 @@ BUILD_ARGS="${BUILD_ARGS} --build-arg FINAL_BASE=gcr.io/distroless/static" if [ -z "${BUILDER}" -o "${BUILDER}" = 'docker' -o "${BUILDER}" = 'podman' ] ; then ${BUILDER} build --pull -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . elif [ "${BUILDER}" = 'buildah' ] ; then - BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . + buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . else (>&2 echo "Unknown builder ${BUILDER}") exit 1 diff --git a/demo/build-image.sh b/demo/build-image.sh index 750152ba5..25008025d 100755 --- a/demo/build-image.sh +++ b/demo/build-image.sh @@ -20,7 +20,7 @@ TAG=${TAG:-devel} if [ -z "$BUILDER" -o "$BUILDER" = 'docker' -o "$BUILDER" = 'podman' ] ; then ${BUILDER} build --pull -t ${IMG}:${TAG} "$CWD/$DIR/" elif [ "$BUILDER" = 'buildah' ] ; then - BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/" + buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/" else (>&2 echo "Unknown builder $BUILDER") exit 1 diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index a0a0c8c50..b0bca116c 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: acceleratorfunctions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml index aed132f60..061863672 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgaregions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/nfd/base/kustomization.yaml b/deployments/nfd/base/kustomization.yaml index 94877a535..718da5c8d 100644 --- a/deployments/nfd/base/kustomization.yaml +++ b/deployments/nfd/base/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.15.4" +- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.16.4" configMapGenerator: - name: nfd-worker-conf behavior: replace diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml index 17f86b04a..bfd11bfde 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dlbdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -133,7 +133,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml index 72a2fcf40..f964961fa 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dsadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -143,7 +143,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml index f4b7d2a44..b4e6a99f2 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -140,7 +140,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml index 4bd69c601..4dd89c0f1 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: gpudeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -139,9 +139,7 @@ spec: type: array type: object status: - description: |- - GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. - TODO(rojkov): consider code deduplication with QatDevicePluginStatus. + description: GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -159,7 +157,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml index affa9b52f..beb5c64a7 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: iaadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -142,7 +142,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml index a6c044d2b..a9cb80dc7 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: qatdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -155,9 +155,7 @@ spec: type: array type: object status: - description: |- - QatDevicePluginStatus defines the observed state of QatDevicePlugin. - TODO(rojkov): consider code deduplication with GpuDevicePluginStatus. + description: QatDevicePluginStatus defines the observed state of QatDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -175,7 +173,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml index a6e12ae65..33823b089 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: sgxdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -144,7 +144,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index a0a0c8c50..b0bca116c 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: acceleratorfunctions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml index aed132f60..061863672 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgaregions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/operator/rbac/role.yaml b/deployments/operator/rbac/role.yaml index b38b653c5..f1dfb8ac3 100644 --- a/deployments/operator/rbac/role.yaml +++ b/deployments/operator/rbac/role.yaml @@ -60,161 +60,11 @@ rules: - deviceplugin.intel.com resources: - dlbdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - dsadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - fpgadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - gpudeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - iaadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - iaadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - iaadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - qatdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - sgxdeviceplugins verbs: - create @@ -227,12 +77,24 @@ rules: - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/finalizers + - dsadeviceplugins/finalizers + - fpgadeviceplugins/finalizers + - gpudeviceplugins/finalizers + - iaadeviceplugins/finalizers + - qatdeviceplugins/finalizers - sgxdeviceplugins/finalizers verbs: - update - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/status + - dsadeviceplugins/status + - fpgadeviceplugins/status + - gpudeviceplugins/status + - iaadeviceplugins/status + - qatdeviceplugins/status - sgxdeviceplugins/status verbs: - get