Introduce per-vendor vsp yaml

Signed-off-by: Balazs Nemeth <[email protected]>

Author: bn222

config/rbac/role.yaml

@@ -22,39 +22,18 @@ rules:
   - persistentvolumeclaims
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
   - persistentvolumes
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
   - pods
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
@@ -79,13 +58,6 @@ rules:
   - services
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
@@ -125,9 +97,9 @@ rules:
   - update
   - watch
 - apiGroups:
-  - config.openshift.io
+  - apps
   resources:
-  - dataprocessingunits
+  - replicasets
   verbs:
   - create
   - delete
@@ -136,20 +108,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - config.openshift.io
-  resources:
-  - dataprocessingunits/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - config.openshift.io
-  resources:
-  - dataprocessingunits/status
-  verbs:
-  - get
-  - patch
-  - update
 - apiGroups:
   - config.openshift.io
   resources:

internal/controller/bindata/vsp/02.vsp_role.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.VspName}}
+  namespace: {{.Namespace}}
+  labels:
+    app: vsp
+    dpu-name: {{.DpuName}}
+spec:
+  nodeName: {{.NodeName}}
+  nodeSelector:
+    kubernetes.io/hostname: {{.NodeName}}
+  hostNetwork: true
+  hostPID: true
+  serviceAccountName: vsp-sa
+  terminationGracePeriodSeconds: 180
+  restartPolicy: Always
+  containers:
+  - name: vsp
+    image: {{.IntelVspImage}}
+    imagePullPolicy: {{.ImagePullPolicy}}
+    securityContext:
+      privileged: true
+      runAsUser: 0
+    command: ["/ipuplugin"]
+    args: ["-v=debug", "--p4rtName=vsp-p4-service.{{.Namespace}}.svc.cluster.local", "--p4Image={{.IntelVspP4Image}}"]
+    volumeMounts:
+    - mountPath: /host
+      mountPropagation: Bidirectional
+      name: host-root
+    - mountPath: /var/run/
+      name: vendor-plugin-sock
+    - mountPath: /opt/p4/p4-cp-nws/var
+      mountPropagation: Bidirectional
+      name: host-opt
+    - mountPath: /proc
+      mountPropagation: Bidirectional
+      name: host-proc
+  dnsPolicy: ClusterFirstWithHostNet
+  volumes:
+  - hostPath:
+      path: /proc
+      type: ""
+    name: host-proc
+  - hostPath:
+      path: /opt/p4/p4-cp-nws/var
+      type: ""
+    name: host-opt
+  - hostPath:
+      path: /var/run/
+      type: ""
+    name: vendor-plugin-sock
+  - hostPath:
+      path: /
+      type: ""
+    name: host-root

internal/controller/bindata/vsp/intel/99.vsp-pod.yaml

@@ -17,13 +17,13 @@ spec:
   restartPolicy: Always
   containers:
   - name: vsp
-    image: {{.VendorSpecificPluginImage}}
+    image: {{.MarvellVspImage}}
     imagePullPolicy: {{.ImagePullPolicy}}
     securityContext:
       privileged: true
       runAsUser: 0
-    command: {{.Command}}
-    args: {{.Args}}
+    command: ["/vsp-mrvl"]
+    args: []
     volumeMounts:
     - mountPath: /host
       mountPropagation: Bidirectional

internal/controller/bindata/vsp/99.vsp-pod.yaml renamed to internal/controller/bindata/vsp/marvell/99.vsp-pod.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.VspName}}
+  namespace: {{.Namespace}}
+  labels:
+    app: vsp
+    dpu-name: {{.DpuName}}
+spec:
+  nodeName: {{.NodeName}}
+  nodeSelector:
+    kubernetes.io/hostname: {{.NodeName}}
+  hostNetwork: true
+  hostPID: true
+  serviceAccountName: vsp-sa
+  terminationGracePeriodSeconds: 180
+  restartPolicy: Always
+  containers:
+  - name: vsp
+    image: {{.IntelNetSecVspImage}}
+    imagePullPolicy: {{.ImagePullPolicy}}
+    securityContext:
+      privileged: true
+      runAsUser: 0
+    command: ["/vsp-intel-netsec"]
+    args: []
+    volumeMounts:
+    - mountPath: /host
+      mountPropagation: Bidirectional
+      name: host-root
+    - mountPath: /var/run/
+      name: vendor-plugin-sock
+    - mountPath: /opt/p4/p4-cp-nws/var
+      mountPropagation: Bidirectional
+      name: host-opt
+    - mountPath: /proc
+      mountPropagation: Bidirectional
+      name: host-proc
+  dnsPolicy: ClusterFirstWithHostNet
+  volumes:
+  - hostPath:
+      path: /proc
+      type: ""
+    name: host-proc
+  - hostPath:
+      path: /opt/p4/p4-cp-nws/var
+      type: ""
+    name: host-opt
+  - hostPath:
+      path: /var/run/
+      type: ""
+    name: vendor-plugin-sock
+  - hostPath:
+      path: /
+      type: ""
+    name: host-root

internal/controller/bindata/vsp/netsec/99.vsp-pod.yaml

@@ -0,0 +1,55 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: vsp-role
+  namespace: {{.Namespace}}
+rules:
+- apiGroups:
+    - security.openshift.io
+  resourceNames:
+    - privileged
+  resources:
+    - securitycontextconstraints
+  verbs:
+    - use
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - pods/status
+  - serviceaccounts
+  - services
+  - configmaps
+  - secrets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - apps
+  resources:
+  - daemonsets
+  - deployments
+  - replicasets
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - roles
+  - rolebindings
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - delete

internal/controller/bindata/vsp/01.vsp_sa.yaml renamed to internal/controller/bindata/vsp/shared/01.vsp_sa.yaml

@@ -12,3 +12,6 @@ rules:
   - get
   - list
   - watch
+  - create
+  - update
+  - delete