From e59faa8d06d9a2e557b38ec80fdc939473fece05 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 14 Aug 2024 08:06:14 +0300 Subject: [PATCH 1/5] deployments: update NFD to v0.16.4 Signed-off-by: Mikko Ylinen --- INSTALL.md | 2 +- deployments/nfd/base/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index fc453db6f..66b9839f1 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -44,7 +44,7 @@ NOTE: cert-manager install takes a while to complete. ```bash helm install nfd nfd/node-feature-discovery \ - --namespace node-feature-discovery --create-namespace --version 0.15.1 + --namespace node-feature-discovery --create-namespace --version 0.16.4 ``` ### Installing operator diff --git a/deployments/nfd/base/kustomization.yaml b/deployments/nfd/base/kustomization.yaml index 94877a535..718da5c8d 100644 --- a/deployments/nfd/base/kustomization.yaml +++ b/deployments/nfd/base/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.15.4" +- "https://github.com/kubernetes-sigs/node-feature-discovery/deployment/overlays/default?ref=v0.16.4" configMapGenerator: - name: nfd-worker-conf behavior: replace From 3175eb6b2d1197d85a6dcf6455b43d7f02b6b316 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 14 Aug 2024 08:07:31 +0300 Subject: [PATCH 2/5] README: fix OpenSSF Scorecard link Signed-off-by: Mikko Ylinen --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0c6bfca64..4b47563a3 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![Build Status](https://github.com/intel/intel-device-plugins-for-kubernetes/actions/workflows/devel.yaml/badge.svg)](https://github.com/intel/intel-device-plugins-for-kubernetes/actions?query=workflow%3ADevel) [![Go Report Card](https://goreportcard.com/badge/github.com/intel/intel-device-plugins-for-kubernetes)](https://goreportcard.com/report/github.com/intel/intel-device-plugins-for-kubernetes) [![GoDoc](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin?status.svg)](https://godoc.org/github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/intel/intel-device-plugins-for-kubernetes) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes/badge)](https://api.securityscorecards.dev/projects/github.com/intel/intel-device-plugins-for-kubernetes) This repository contains a framework for developing plugins for the Kubernetes [device plugins framework](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/), From 7909f44d152801c18dfa6a3928bed5b29024a5e9 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 14 Aug 2024 08:07:53 +0300 Subject: [PATCH 3/5] ci: update kind and cert-manager versions Signed-off-by: Mikko Ylinen --- INSTALL.md | 2 +- Makefile | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 66b9839f1..4c9bd784f 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -34,7 +34,7 @@ helm install --wait \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ - --version v1.14.2 \ + --version v1.15.2 \ --set installCRDs=true ``` diff --git a/Makefile b/Makefile index b621784fe..77662a9c5 100644 --- a/Makefile +++ b/Makefile @@ -8,10 +8,10 @@ BUILDTAGS ?= "" BUILDER ?= "docker" EXTRA_BUILD_ARGS ?= "" -CERT_MANAGER_VERSION ?= v1.14.2 +CERT_MANAGER_VERSION ?= v1.15.2 CONTROLLER_GEN_VERSION ?= v0.14.0 GOLANGCI_LINT_VERSION ?= v1.57.2 -KIND_VERSION ?= v0.21.0 +KIND_VERSION ?= v0.23.0 GOLICENSES_VERSION ?= v1.6.0 # Default bundle image tag BUNDLE_IMG ?= intel-device-plugins-controller-bundle:$(TAG) @@ -75,7 +75,7 @@ test-with-kind: fixture intel-sgx-admissionwebhook intel-fpga-admissionwebhook i kind load docker-image $(REG)intel-sgx-admissionwebhook:$(TAG) kind load docker-image $(REG)intel-fpga-admissionwebhook:$(TAG) kind load docker-image $(REG)intel-deviceplugin-operator:$(TAG) - kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml + kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/${CERT_MANAGER_VERSION}/cert-manager.yaml # Test SGX Admission Webhook, FPGA Admission Webhook and Device Plugin Operator Manager's Webhook $(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "SGX Admission" $(GO) test -v ./test/e2e -args -kubeconfig ~/.kube/config -ginkgo.focus "FPGA Admission" From 49db09e5a11bb80b2e7765972e4bc7d3f47b20f1 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Wed, 14 Aug 2024 08:16:28 +0300 Subject: [PATCH 4/5] ci: use ubuntu-24.04 runners Github actions runner-images install buildah from the distro. 22.04 has an ancient version and is known not to work. Bump to the latest 24.04 runners and at the same time, drop the BUILDAH_RUNTIME override. Signed-off-by: Mikko Ylinen --- .github/workflows/lib-build.yaml | 2 +- .github/workflows/lib-codeql.yaml | 2 +- .github/workflows/lib-publish.yaml | 2 +- .github/workflows/lib-scorecard.yaml | 2 +- .github/workflows/lib-trivy.yaml | 8 ++++---- .github/workflows/lib-validate.yaml | 8 ++++---- .github/workflows/release.yaml | 2 +- build/docker/build-image.sh | 2 +- demo/build-image.sh | 2 +- 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/.github/workflows/lib-build.yaml b/.github/workflows/lib-build.yaml index 25f2c1dd4..c28c76644 100644 --- a/.github/workflows/lib-build.yaml +++ b/.github/workflows/lib-build.yaml @@ -9,7 +9,7 @@ permissions: jobs: image: name: Build image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: image: diff --git a/.github/workflows/lib-codeql.yaml b/.github/workflows/lib-codeql.yaml index b303f75d2..d8dd94c59 100644 --- a/.github/workflows/lib-codeql.yaml +++ b/.github/workflows/lib-codeql.yaml @@ -10,7 +10,7 @@ permissions: jobs: analyze: name: Analysis - runs-on: 'ubuntu-22.04' + runs-on: ubuntu-24.04 timeout-minutes: 360 permissions: diff --git a/.github/workflows/lib-publish.yaml b/.github/workflows/lib-publish.yaml index 383459682..b0de3dc29 100644 --- a/.github/workflows/lib-publish.yaml +++ b/.github/workflows/lib-publish.yaml @@ -15,7 +15,7 @@ permissions: jobs: image: name: Build image - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: fail-fast: false matrix: diff --git a/.github/workflows/lib-scorecard.yaml b/.github/workflows/lib-scorecard.yaml index a0e5e56e9..4c3f2e23d 100644 --- a/.github/workflows/lib-scorecard.yaml +++ b/.github/workflows/lib-scorecard.yaml @@ -9,7 +9,7 @@ permissions: jobs: analysis: name: Analysis - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: security-events: write diff --git a/.github/workflows/lib-trivy.yaml b/.github/workflows/lib-trivy.yaml index 9d5f0d618..80ac67b58 100644 --- a/.github/workflows/lib-trivy.yaml +++ b/.github/workflows/lib-trivy.yaml @@ -27,7 +27,7 @@ jobs: trivy-scan-deployments: name: Scan deployments if: ${{ inputs.deployments }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -45,7 +45,7 @@ jobs: trivy-scan-dockerfiles: name: Scan Dockerfiles if: ${{ inputs.dockerfiles }} - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 @@ -58,7 +58,7 @@ jobs: severity: CRITICAL,HIGH trivy-scan-licenses: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: Scan licenses steps: - name: Checkout @@ -75,7 +75,7 @@ jobs: trivy-scan-vulns: permissions: security-events: write - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: Scan vulnerabilities steps: - name: Checkout diff --git a/.github/workflows/lib-validate.yaml b/.github/workflows/lib-validate.yaml index 4dd85f06b..175b4af99 100644 --- a/.github/workflows/lib-validate.yaml +++ b/.github/workflows/lib-validate.yaml @@ -8,7 +8,7 @@ permissions: jobs: docs: name: Check docs are buildable - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Install dependencies run: | @@ -32,7 +32,7 @@ jobs: permissions: pull-requests: read # for golangci/golangci-lint-action to fetch pull requests name: lint - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -46,7 +46,7 @@ jobs: args: -v --timeout 5m build: name: Build and check device plugins - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 @@ -63,7 +63,7 @@ jobs: # run: bash <(curl -s https://codecov.io/bash) envtest: name: Test APIs using envtest - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 strategy: matrix: version: diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f1c4eb476..7728c31f1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ permissions: jobs: tag_fix: name: Prepare image tag - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 outputs: fixed_tag: ${{ steps.fix.outputs.tag }} env: diff --git a/build/docker/build-image.sh b/build/docker/build-image.sh index f13a9cf53..b77f5ca49 100755 --- a/build/docker/build-image.sh +++ b/build/docker/build-image.sh @@ -33,7 +33,7 @@ BUILD_ARGS="${BUILD_ARGS} --build-arg FINAL_BASE=gcr.io/distroless/static" if [ -z "${BUILDER}" -o "${BUILDER}" = 'docker' -o "${BUILDER}" = 'podman' ] ; then ${BUILDER} build --pull -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . elif [ "${BUILDER}" = 'buildah' ] ; then - BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . + buildah bud --pull-always -t ${IMG}:${TAG} ${BUILD_ARGS} -f ${DOCKERFILE} . else (>&2 echo "Unknown builder ${BUILDER}") exit 1 diff --git a/demo/build-image.sh b/demo/build-image.sh index 750152ba5..25008025d 100755 --- a/demo/build-image.sh +++ b/demo/build-image.sh @@ -20,7 +20,7 @@ TAG=${TAG:-devel} if [ -z "$BUILDER" -o "$BUILDER" = 'docker' -o "$BUILDER" = 'podman' ] ; then ${BUILDER} build --pull -t ${IMG}:${TAG} "$CWD/$DIR/" elif [ "$BUILDER" = 'buildah' ] ; then - BUILDAH_RUNTIME=runc buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/" + buildah bud --pull-always -t ${IMG}:${TAG} "$CWD/$DIR/" else (>&2 echo "Unknown builder $BUILDER") exit 1 From ff257cb2d2e3f343ab1e1317de23bb492bca7eb5 Mon Sep 17 00:00:00 2001 From: Mikko Ylinen Date: Thu, 15 Aug 2024 10:02:39 +0300 Subject: [PATCH 5/5] operator: move to controller-tools v0.16.1 Signed-off-by: Mikko Ylinen --- Makefile | 2 +- .../fpga.intel.com_acceleratorfunctions.yaml | 2 +- .../crd/bases/fpga.intel.com_fpgaregions.yaml | 2 +- ...viceplugin.intel.com_dlbdeviceplugins.yaml | 3 +- ...viceplugin.intel.com_dsadeviceplugins.yaml | 3 +- ...iceplugin.intel.com_fpgadeviceplugins.yaml | 3 +- ...viceplugin.intel.com_gpudeviceplugins.yaml | 7 +- ...viceplugin.intel.com_iaadeviceplugins.yaml | 3 +- ...viceplugin.intel.com_qatdeviceplugins.yaml | 7 +- ...viceplugin.intel.com_sgxdeviceplugins.yaml | 3 +- .../fpga.intel.com_acceleratorfunctions.yaml | 2 +- .../crd/bases/fpga.intel.com_fpgaregions.yaml | 2 +- deployments/operator/rbac/role.yaml | 162 ++---------------- 13 files changed, 26 insertions(+), 175 deletions(-) diff --git a/Makefile b/Makefile index 77662a9c5..27771989a 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ BUILDER ?= "docker" EXTRA_BUILD_ARGS ?= "" CERT_MANAGER_VERSION ?= v1.15.2 -CONTROLLER_GEN_VERSION ?= v0.14.0 +CONTROLLER_GEN_VERSION ?= v0.16.1 GOLANGCI_LINT_VERSION ?= v1.57.2 KIND_VERSION ?= v0.23.0 GOLICENSES_VERSION ?= v1.6.0 diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index a0a0c8c50..b0bca116c 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: acceleratorfunctions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml index aed132f60..061863672 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgaregions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml index 17f86b04a..bfd11bfde 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dlbdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -133,7 +133,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml index 72a2fcf40..f964961fa 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: dsadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -143,7 +143,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml index f4b7d2a44..b4e6a99f2 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -140,7 +140,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml index 4bd69c601..4dd89c0f1 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: gpudeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -139,9 +139,7 @@ spec: type: array type: object status: - description: |- - GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. - TODO(rojkov): consider code deduplication with QatDevicePluginStatus. + description: GpuDevicePluginStatus defines the observed state of GpuDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -159,7 +157,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml index affa9b52f..beb5c64a7 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: iaadeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -142,7 +142,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml index a6c044d2b..a9cb80dc7 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: qatdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -155,9 +155,7 @@ spec: type: array type: object status: - description: |- - QatDevicePluginStatus defines the observed state of QatDevicePlugin. - TODO(rojkov): consider code deduplication with GpuDevicePluginStatus. + description: QatDevicePluginStatus defines the observed state of QatDevicePlugin. properties: controlledDaemonSet: description: ControlledDaemoSet references the DaemonSet controlled @@ -175,7 +173,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml index a6e12ae65..33823b089 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: sgxdeviceplugins.deviceplugin.intel.com spec: group: deviceplugin.intel.com @@ -144,7 +144,6 @@ spec: the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change in the future. type: string kind: description: |- diff --git a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index a0a0c8c50..b0bca116c 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: acceleratorfunctions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml index aed132f60..061863672 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: fpgaregions.fpga.intel.com spec: group: fpga.intel.com diff --git a/deployments/operator/rbac/role.yaml b/deployments/operator/rbac/role.yaml index b38b653c5..f1dfb8ac3 100644 --- a/deployments/operator/rbac/role.yaml +++ b/deployments/operator/rbac/role.yaml @@ -60,161 +60,11 @@ rules: - deviceplugin.intel.com resources: - dlbdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dlbdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - dsadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - dsadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - fpgadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - fpgadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - gpudeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - gpudeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - iaadeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - iaadeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - iaadeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - qatdeviceplugins - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/finalizers - verbs: - - update -- apiGroups: - - deviceplugin.intel.com - resources: - - qatdeviceplugins/status - verbs: - - get - - patch - - update -- apiGroups: - - deviceplugin.intel.com - resources: - sgxdeviceplugins verbs: - create @@ -227,12 +77,24 @@ rules: - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/finalizers + - dsadeviceplugins/finalizers + - fpgadeviceplugins/finalizers + - gpudeviceplugins/finalizers + - iaadeviceplugins/finalizers + - qatdeviceplugins/finalizers - sgxdeviceplugins/finalizers verbs: - update - apiGroups: - deviceplugin.intel.com resources: + - dlbdeviceplugins/status + - dsadeviceplugins/status + - fpgadeviceplugins/status + - gpudeviceplugins/status + - iaadeviceplugins/status + - qatdeviceplugins/status - sgxdeviceplugins/status verbs: - get