diff --git a/Makefile b/Makefile index c1433742..f72ea09b 100644 --- a/Makefile +++ b/Makefile @@ -9,7 +9,7 @@ BUILDER ?= "docker" EXTRA_BUILD_ARGS ?= "" CERT_MANAGER_VERSION ?= v1.8.1 -CONTROLLER_GEN_VERSION ?= v0.8.0 +CONTROLLER_GEN_VERSION ?= v0.9.2 GOLANGCI_LINT_VERSION ?= v1.45.0 KIND_VERSION ?= v0.14.0 GOLICENSES_VERSION ?= v1.2.0 @@ -104,6 +104,9 @@ generate: $(CONTROLLER_GEN) webhook \ paths="./pkg/fpgacontroller/..." \ output:webhook:artifacts:config=deployments/fpga_admissionwebhook/webhook + $(CONTROLLER_GEN) webhook \ + paths="./pkg/webhooks/sgx/..." \ + output:webhook:artifacts:config=deployments/sgx_admissionwebhook/webhook $(CONTROLLER_GEN) rbac:roleName=gpu-manager-role paths="./cmd/gpu_plugin/..." output:dir=deployments/operator/rbac cp deployments/operator/rbac/role.yaml deployments/operator/rbac/gpu_manager_role.yaml $(CONTROLLER_GEN) rbac:roleName=manager-role paths="./pkg/..." output:dir=deployments/operator/rbac diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index 8e2a892b..47972089 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: acceleratorfunctions.fpga.intel.com spec: @@ -61,9 +61,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml index 4eb1acca..bbdacf76 100644 --- a/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: fpgaregions.fpga.intel.com spec: @@ -52,9 +52,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml index 3fc3189f..9d8ec8f1 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dlbdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: dlbdeviceplugins.deviceplugin.intel.com spec: @@ -104,6 +104,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -131,9 +132,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml index 4f37ce66..a53966af 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_dsadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: dsadeviceplugins.deviceplugin.intel.com spec: @@ -118,6 +118,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -145,9 +146,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml index 11d62acf..336b6e99 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: fpgadeviceplugins.deviceplugin.intel.com spec: @@ -115,6 +115,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -142,9 +143,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml index 62f01995..045a31d1 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: gpudeviceplugins.deviceplugin.intel.com spec: @@ -131,6 +131,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -158,9 +159,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml index e7e2f8d9..84aa0a27 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_iaadeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: iaadeviceplugins.deviceplugin.intel.com spec: @@ -117,6 +117,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -144,9 +145,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml index 12cc2a6b..8bf3668e 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: qatdeviceplugins.deviceplugin.intel.com spec: @@ -144,6 +144,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -171,9 +172,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml index 9de7b475..3ec342bf 100644 --- a/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml +++ b/deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: sgxdeviceplugins.deviceplugin.intel.com spec: @@ -118,6 +118,7 @@ spec: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string type: object + x-kubernetes-map-type: atomic desiredNumberScheduled: description: The total number of nodes that should be running the device plugin pod (including nodes correctly running the device @@ -145,9 +146,3 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml index 8e2a892b..47972089 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: acceleratorfunctions.fpga.intel.com spec: @@ -61,9 +61,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml index 4eb1acca..bbdacf76 100644 --- a/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml +++ b/deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.8.0 + controller-gen.kubebuilder.io/version: v0.9.2 creationTimestamp: null name: fpgaregions.fpga.intel.com spec: @@ -52,9 +52,3 @@ spec: type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/deployments/operator/rbac/role.yaml b/deployments/operator/rbac/role.yaml index 96090f36..14495bc9 100644 --- a/deployments/operator/rbac/role.yaml +++ b/deployments/operator/rbac/role.yaml @@ -247,9 +247,9 @@ rules: - watch - apiGroups: - security.openshift.io - resources: - - securitycontextconstraints resourceNames: - privileged + resources: + - securitycontextconstraints verbs: - use diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go index 8729dffa..564feaf0 100644 --- a/pkg/controllers/reconciler.go +++ b/pkg/controllers/reconciler.go @@ -74,6 +74,7 @@ func GetDevicePluginCount(pluginKind string) int { // +kubebuilder:rbac:groups=rbac.authorization.k8s.io,resources=clusterrolebindings,verbs=get;list;watch;create;delete // +kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=create +// +kubebuilder:rbac:groups=security.openshift.io,resources=securitycontextconstraints,resourceNames=privileged,verbs=use // +kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,resourceNames=d1c7b6d5.intel.com,verbs=get;update // ServiceAccountFactory provides functions for creating a service account and related objects