From a2c066dc0d066e3350386b0f83f5ccb711c24ab9 Mon Sep 17 00:00:00 2001 From: Swati Sehgal Date: Thu, 26 Aug 2021 16:09:29 +0100 Subject: [PATCH] topologyupdater: manifests: topologyupdater deployment files - create an overlay for deployment of all components - create an overlay for just topologyupdater deployment (to be deployed in conjunction with the default overlay) - create a separate overlay for deployment of master and topologyupdater-job Signed-off-by: Swati Sehgal --- .../kustomization.yaml | 5 + .../noderesourcetopologies.yaml | 144 ++++++++++++++++++ .../rbac-topologyupdater/kustomization.yaml | 9 ++ .../topologyupdater-clusterrole.yaml | 18 +++ .../topologyupdater-clusterrolebinding.yaml | 12 ++ .../topologyupdater-serviceaccount.yaml | 4 + deployment/base/rbac/master-clusterrole.yaml | 9 ++ .../kustomization.yaml | 7 + .../topologyupdater-daemonset.yaml | 29 ++++ .../topologyupdater-job/kustomization.yaml | 7 + .../topologyupdater-job.yaml | 39 +++++ .../topology-updater/kustomization.yaml | 12 ++ .../topologyupdater-mounts.yaml | 21 +++ .../topologyupdater-securitycontext.yaml | 8 + .../kustomization.yaml | 20 +++ .../namespace.yaml | 4 + .../topologupdater-job/kustomization.yaml | 18 +++ .../topologupdater-job/namespace.yaml | 4 + .../topologyupdater/kustomization.yaml | 16 ++ .../overlays/topologyupdater/namespace.yaml | 4 + 20 files changed, 390 insertions(+) create mode 100644 deployment/base/noderesourcetopologies-crd/kustomization.yaml create mode 100644 deployment/base/noderesourcetopologies-crd/noderesourcetopologies.yaml create mode 100644 deployment/base/rbac-topologyupdater/kustomization.yaml create mode 100644 deployment/base/rbac-topologyupdater/topologyupdater-clusterrole.yaml create mode 100644 deployment/base/rbac-topologyupdater/topologyupdater-clusterrolebinding.yaml create mode 100644 deployment/base/rbac-topologyupdater/topologyupdater-serviceaccount.yaml create mode 100644 deployment/base/topologyupdater-daemonset/kustomization.yaml create mode 100644 deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml create mode 100644 deployment/base/topologyupdater-job/kustomization.yaml create mode 100644 deployment/base/topologyupdater-job/topologyupdater-job.yaml create mode 100644 deployment/components/topology-updater/kustomization.yaml create mode 100644 deployment/components/topology-updater/topologyupdater-mounts.yaml create mode 100644 deployment/components/topology-updater/topologyupdater-securitycontext.yaml create mode 100644 deployment/overlays/master-worker-topologyupdater/kustomization.yaml create mode 100644 deployment/overlays/master-worker-topologyupdater/namespace.yaml create mode 100644 deployment/overlays/topologupdater-job/kustomization.yaml create mode 100644 deployment/overlays/topologupdater-job/namespace.yaml create mode 100644 deployment/overlays/topologyupdater/kustomization.yaml create mode 100644 deployment/overlays/topologyupdater/namespace.yaml diff --git a/deployment/base/noderesourcetopologies-crd/kustomization.yaml b/deployment/base/noderesourcetopologies-crd/kustomization.yaml new file mode 100644 index 000000000..529ec5a9e --- /dev/null +++ b/deployment/base/noderesourcetopologies-crd/kustomization.yaml @@ -0,0 +1,5 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- noderesourcetopologies.yaml diff --git a/deployment/base/noderesourcetopologies-crd/noderesourcetopologies.yaml b/deployment/base/noderesourcetopologies-crd/noderesourcetopologies.yaml new file mode 100644 index 000000000..299c24db9 --- /dev/null +++ b/deployment/base/noderesourcetopologies-crd/noderesourcetopologies.yaml @@ -0,0 +1,144 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870 + controller-gen.kubebuilder.io/version: v0.6.0 + creationTimestamp: null + name: noderesourcetopologies.topology.node.k8s.io + namespace: "" +spec: + group: topology.node.k8s.io + names: + kind: NodeResourceTopology + listKind: NodeResourceTopologyList + plural: noderesourcetopologies + shortNames: + - node-res-topo + singular: noderesourcetopology + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - topologyPolicies + - zones + type: object + served: true + storage: true +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deployment/base/rbac-topologyupdater/kustomization.yaml b/deployment/base/rbac-topologyupdater/kustomization.yaml new file mode 100644 index 000000000..abcc4f6dd --- /dev/null +++ b/deployment/base/rbac-topologyupdater/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +resources: +- topologyupdater-serviceaccount.yaml +- topologyupdater-clusterrole.yaml +- topologyupdater-clusterrolebinding.yaml diff --git a/deployment/base/rbac-topologyupdater/topologyupdater-clusterrole.yaml b/deployment/base/rbac-topologyupdater/topologyupdater-clusterrole.yaml new file mode 100644 index 000000000..35de71b10 --- /dev/null +++ b/deployment/base/rbac-topologyupdater/topologyupdater-clusterrole.yaml @@ -0,0 +1,18 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nfd-topology-updater +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list +- apiGroups: + - "" + resources: + - pods + verbs: + - get diff --git a/deployment/base/rbac-topologyupdater/topologyupdater-clusterrolebinding.yaml b/deployment/base/rbac-topologyupdater/topologyupdater-clusterrolebinding.yaml new file mode 100644 index 000000000..a10e72ad7 --- /dev/null +++ b/deployment/base/rbac-topologyupdater/topologyupdater-clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nfd-topology-updater +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nfd-topology-updater +subjects: +- kind: ServiceAccount + name: nfd-topology-updater + namespace: default diff --git a/deployment/base/rbac-topologyupdater/topologyupdater-serviceaccount.yaml b/deployment/base/rbac-topologyupdater/topologyupdater-serviceaccount.yaml new file mode 100644 index 000000000..751e8161f --- /dev/null +++ b/deployment/base/rbac-topologyupdater/topologyupdater-serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nfd-topology-updater diff --git a/deployment/base/rbac/master-clusterrole.yaml b/deployment/base/rbac/master-clusterrole.yaml index 8ae3250fe..ca63a4fc6 100644 --- a/deployment/base/rbac/master-clusterrole.yaml +++ b/deployment/base/rbac/master-clusterrole.yaml @@ -11,3 +11,12 @@ rules: - get - patch - update + - list +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - create + - get + - update diff --git a/deployment/base/topologyupdater-daemonset/kustomization.yaml b/deployment/base/topologyupdater-daemonset/kustomization.yaml new file mode 100644 index 000000000..b303ca640 --- /dev/null +++ b/deployment/base/topologyupdater-daemonset/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +resources: +- topologyupdater-daemonset.yaml diff --git a/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml b/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml new file mode 100644 index 000000000..f8197c9a1 --- /dev/null +++ b/deployment/base/topologyupdater-daemonset/topologyupdater-daemonset.yaml @@ -0,0 +1,29 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: nfd + name: nfd-topology-updater +spec: + selector: + matchLabels: + app: nfd-topology-updater + template: + metadata: + labels: + app: nfd-topology-updater + spec: + dnsPolicy: ClusterFirstWithHostNet + serviceAccount: nfd-topology-updater + containers: + - name: nfd-topology-updater + image: gcr.io/k8s-staging-nfd/node-feature-discovery:master + imagePullPolicy: Always + command: + - "nfd-topology-updater" + args: + - "--kubelet-config-file=/host-var/lib/kubelet/config.yaml" + - "--podresources-socket=/host-var/lib/kubelet/pod-resources/kubelet.sock" + - "--sleep-interval=3s" + - "--watch-namespace=*" + - "--server=nfd-master:8080" diff --git a/deployment/base/topologyupdater-job/kustomization.yaml b/deployment/base/topologyupdater-job/kustomization.yaml new file mode 100644 index 000000000..2cb5bbc13 --- /dev/null +++ b/deployment/base/topologyupdater-job/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +resources: +- topologyupdater-job.yaml diff --git a/deployment/base/topologyupdater-job/topologyupdater-job.yaml b/deployment/base/topologyupdater-job/topologyupdater-job.yaml new file mode 100644 index 000000000..19ecbf44e --- /dev/null +++ b/deployment/base/topologyupdater-job/topologyupdater-job.yaml @@ -0,0 +1,39 @@ +apiVersion: batch/v1 +kind: Job +metadata: + labels: + app: nfd + name: nfd-topology-updater +spec: + completions: NUM_NODES + parallelism: NUM_NODES + template: + metadata: + labels: + app: nfd-topology-updater + spec: + dnsPolicy: ClusterFirstWithHostNet + serviceAccount: nfd-topology-updater + restartPolicy: Never + affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: kubernetes.io/hostname + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - nfd-topology-updater + containers: + - name: nfd-topology-updater + image: gcr.io/k8s-staging-nfd/node-feature-discovery:master + imagePullPolicy: Always + command: + - "nfd-topology-updater" + args: + - "--kubelet-config-file=/host-var/lib/kubelet/config.yaml" + - "--podresources-socket=/host-var/lib/kubelet/pod-resources/kubelet.sock" + - "--sleep-interval=3s" + - "--watch-namespace=*" + - "--server=nfd-master:8080" diff --git a/deployment/components/topology-updater/kustomization.yaml b/deployment/components/topology-updater/kustomization.yaml new file mode 100644 index 000000000..7dc6baf1c --- /dev/null +++ b/deployment/components/topology-updater/kustomization.yaml @@ -0,0 +1,12 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component + +patches: +- path: topologyupdater-securitycontext.yaml + target: + labelSelector: app=nfd + name: nfd-topology-updater +- path: topologyupdater-mounts.yaml + target: + labelSelector: app=nfd + name: nfd-topology-updater diff --git a/deployment/components/topology-updater/topologyupdater-mounts.yaml b/deployment/components/topology-updater/topologyupdater-mounts.yaml new file mode 100644 index 000000000..c531284ca --- /dev/null +++ b/deployment/components/topology-updater/topologyupdater-mounts.yaml @@ -0,0 +1,21 @@ +- op: add + path: /spec/template/spec/volumes + value: + - name: host-sys + hostPath: + path: "/sys" + - name: kubelet-podresources-conf + hostPath: + path: /var/lib/kubelet/config.yaml + - name: kubelet-podresources-sock + hostPath: + path: /var/lib/kubelet/pod-resources/kubelet.sock +- op: add + path: /spec/template/spec/containers/0/volumeMounts + value: + - name: kubelet-podresources-conf + mountPath: /host-var/lib/kubelet/config.yaml + - name: kubelet-podresources-sock + mountPath: /host-var/lib/kubelet/pod-resources/kubelet.sock + - name: host-sys + mountPath: /host-sys diff --git a/deployment/components/topology-updater/topologyupdater-securitycontext.yaml b/deployment/components/topology-updater/topologyupdater-securitycontext.yaml new file mode 100644 index 000000000..037077af9 --- /dev/null +++ b/deployment/components/topology-updater/topologyupdater-securitycontext.yaml @@ -0,0 +1,8 @@ +- op: add + path: "/spec/template/spec/containers/0/securityContext" + value: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + readOnlyRootFilesystem: true + runAsUser: 0 diff --git a/deployment/overlays/master-worker-topologyupdater/kustomization.yaml b/deployment/overlays/master-worker-topologyupdater/kustomization.yaml new file mode 100644 index 000000000..48845d8b9 --- /dev/null +++ b/deployment/overlays/master-worker-topologyupdater/kustomization.yaml @@ -0,0 +1,20 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +bases: +- ../../base/rbac +- ../../base/rbac-topologyupdater +- ../../base/master +- ../../base/worker-daemonset +- ../../base/noderesourcetopologies-crd +- ../../base/topologyupdater-daemonset + +resources: +- namespace.yaml + +components: +- ../../components/worker-config +- ../../components/common +- ../../components/topology-updater diff --git a/deployment/overlays/master-worker-topologyupdater/namespace.yaml b/deployment/overlays/master-worker-topologyupdater/namespace.yaml new file mode 100644 index 000000000..8e54de2e3 --- /dev/null +++ b/deployment/overlays/master-worker-topologyupdater/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: node-feature-discovery diff --git a/deployment/overlays/topologupdater-job/kustomization.yaml b/deployment/overlays/topologupdater-job/kustomization.yaml new file mode 100644 index 000000000..3c23f82a6 --- /dev/null +++ b/deployment/overlays/topologupdater-job/kustomization.yaml @@ -0,0 +1,18 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +bases: +- ../../base/rbac +- ../../base/rbac-topologyupdater +- ../../base/master +- ../../base/noderesourcetopologies-crd +- ../../base/topologyupdater-job + +resources: +- namespace.yaml + +components: +- ../../components/common +- ../../components/topology-updater diff --git a/deployment/overlays/topologupdater-job/namespace.yaml b/deployment/overlays/topologupdater-job/namespace.yaml new file mode 100644 index 000000000..8e54de2e3 --- /dev/null +++ b/deployment/overlays/topologupdater-job/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: node-feature-discovery diff --git a/deployment/overlays/topologyupdater/kustomization.yaml b/deployment/overlays/topologyupdater/kustomization.yaml new file mode 100644 index 000000000..0bd1788e7 --- /dev/null +++ b/deployment/overlays/topologyupdater/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: node-feature-discovery + +bases: +- ../../base/rbac-topologyupdater +- ../../base/worker-daemonset +- ../../base/noderesourcetopologies-crd +- ../../base/topologyupdater-daemonset + +resources: +- namespace.yaml + +components: +- ../../components/topology-updater diff --git a/deployment/overlays/topologyupdater/namespace.yaml b/deployment/overlays/topologyupdater/namespace.yaml new file mode 100644 index 000000000..8e54de2e3 --- /dev/null +++ b/deployment/overlays/topologyupdater/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: node-feature-discovery