Round trip

bundle/manifests/dpu-operator.clusterserviceversion.yaml

@@ -410,15 +410,15 @@ spec:
                   value: quay.io/openshift/dpu-daemon:latest
                 - name: NRIWebhookImage
                   value: quay.io/openshift/dpu-network-resources-injector:latest
-                - name: IntelVspImage
+                - name: intel_ipu
                   value: quay.io/openshift/dpu-intel-ipu-vsp:latest
                 - name: IntelVspP4Image
                   value: quay.io/openshift/dpu-intel-ipu-p4sdk:latest
-                - name: MarvellVspImage
+                - name: marvell_dpu
                   value: quay.io/openshift/dpu-marvell-vsp:latest
                 - name: MarvellVspCpAgentImage
                   value: quay.io/openshift/dpu-marvell-cp-agent:latest
-                - name: IntelNetSecVspImage
+                - name: intel_netsec
                   value: quay.io/openshift/dpu-intel-netsec-vsp:latest
                 image: quay.io/openshift/dpu-operator:latest
                 livenessProbe:

cmd/main.go

@@ -108,6 +108,15 @@ func main() {
 		setupLog.Error(err, "unable to create controller", "controller", "ServiceFunctionChain")
 		os.Exit(1)
 	}
+
+	dpuReconciler := controller.NewDataProcessingUnitReconciler(mgr.GetClient(), mgr.GetScheme(), imageManager)
+	if value, ok := os.LookupEnv("IMAGE_PULL_POLICIES"); ok {
+		dpuReconciler = dpuReconciler.WithImagePullPolicy(value)
+	}
+	if err = dpuReconciler.SetupWithManager(mgr); err != nil {
+		setupLog.Error(err, "unable to create controller", "controller", "DataProcessingUnit")
+		os.Exit(1)
+	}
 	if os.Getenv("ENABLE_WEBHOOKS") != "false" {
 		if err = (&configv1.DpuOperatorConfig{}).SetupWebhookWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create webhook", "webhook", "DpuOperatorConfig")

config/dev/local-images-template.yaml

@@ -20,13 +20,13 @@ spec:
         env:
         - name: DpuOperatorDaemonImage
           value: {{ .RegistryURL }}/dpu-daemon:dev
-        - name: IntelVspImage
+        - name: intel_ipu
           value: {{ .RegistryURL }}/intel-vsp:dev
         - name: IntelVspP4Image
           value: {{ .RegistryURL }}/intel-vsp-p4:dev
-        - name: MarvellVspImage
+        - name: marvell_dpu
           value: {{ .RegistryURL }}/mrvl-vsp:dev
-        - name: IntelNetSecVspImage
+        - name: intel_netsec
           value: {{ .RegistryURL }}/intel-netsec-vsp:dev
         - name: IMAGE_PULL_POLICIES
           value: Always

config/manager/manager.yaml

@@ -80,19 +80,16 @@ spec:
           value: quay.io/openshift/dpu-daemon:latest
         - name: NRIWebhookImage
           value: quay.io/openshift/dpu-network-resources-injector:latest
-        - name: IntelVspImage
+        - name: intel_ipu
           value: quay.io/openshift/dpu-intel-ipu-vsp:latest
         - name: IntelVspP4Image
           value: quay.io/openshift/dpu-intel-ipu-p4sdk:latest
-        - name: MarvellVspImage
+        - name: marvell_dpu
           value: quay.io/openshift/dpu-marvell-vsp:latest
         - name: MarvellVspCpAgentImage
           value: quay.io/openshift/dpu-marvell-cp-agent:latest
-        - name: IntelNetSecVspImage
+        - name: intel_netsec
           value: quay.io/openshift/dpu-intel-netsec-vsp:latest
-        #TODO: We will need pointers to all supported VSP images so we can dynamically detect the correct vendor to support at runtime
-        # - name: IntelVspImage
-        #   value: quay.io/openshift/origin-intel-vsp-image:4.16
         image: quay.io/openshift/dpu-operator:latest
         name: manager
         securityContext:

config/rbac/role.yaml

@@ -22,26 +22,12 @@ rules:
   - persistentvolumeclaims
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
   - persistentvolumes
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - ""
   resources:
@@ -72,13 +58,6 @@ rules:
   - services
   verbs:
   - '*'
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
 - apiGroups:
   - admissionregistration.k8s.io
   resources:
@@ -117,6 +96,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - apps
+  resources:
+  - replicasets
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - config.openshift.io
   resources:
@@ -222,6 +213,7 @@ rules:
   - delete
   - get
   - list
+  - patch
   - update
   - watch
 - apiGroups:

internal/controller/bindata/daemon/02.daemon_role.yaml

@@ -28,37 +28,12 @@ rules:
 - apiGroups:
   - ""
   resources:
-  - serviceaccounts
   - pods
-  - services
   verbs:
-  - get
-  - list
-  - watch
   - create
   - delete
-  - update
-  - patch
-- apiGroups:
-  - rbac.authorization.k8s.io
-  resources:
-  - roles
-  - rolebindings
-  verbs:
   - get
   - list
-  - watch
-  - create
+  - patch
   - update
-  - delete
-- apiGroups:
-  - apps
-  resources:
-  - daemonsets
-  verbs:
-  - get
-  - list
   - watch
-  - create
-  - update
-  - delete

internal/controller/bindata/daemon/99.daemonset.yaml

@@ -40,14 +40,6 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        - name: IntelVspImage
-          value: {{.IntelVspImage}}
-        - name: IntelVspP4Image
-          value: {{.IntelVspP4Image}}
-        - name: MarvellVspImage
-          value: {{.MarvellVspImage}}
-        - name: IntelNetSecVspImage
-          value: {{.IntelNetSecVspImage}}
         volumeMounts:
         - name: devicesock
           mountPath: /var/lib/kubelet/

internal/controller/bindata/vsp/intel-ipu/99.vsp-pod.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.VspName}}
+  namespace: {{.Namespace}}
+  labels:
+    app: vsp
+    dpu-name: {{.DpuName}}
+spec:
+  nodeName: {{.NodeName}}
+  nodeSelector:
+    kubernetes.io/hostname: {{.NodeName}}
+  hostNetwork: true
+  hostPID: true
+  serviceAccountName: vsp-sa
+  terminationGracePeriodSeconds: 180
+  restartPolicy: Always
+  containers:
+  - name: vsp
+    image: {{.intel_ipu}}
+    imagePullPolicy: {{.ImagePullPolicy}}
+    securityContext:
+      privileged: true
+      runAsUser: 0
+    command: ["/ipuplugin"]
+    args: ["-v=debug", "--p4rtName=vsp-p4-service.{{.Namespace}}.svc.cluster.local", "--p4Image={{.IntelVspP4Image}}"]
+    volumeMounts:
+    - mountPath: /host
+      mountPropagation: Bidirectional
+      name: host-root
+    - mountPath: /var/run/
+      name: vendor-plugin-sock
+    - mountPath: /opt/p4/p4-cp-nws/var
+      mountPropagation: Bidirectional
+      name: host-opt
+    - mountPath: /proc
+      mountPropagation: Bidirectional
+      name: host-proc
+  dnsPolicy: ClusterFirstWithHostNet
+  volumes:
+  - hostPath:
+      path: /proc
+      type: ""
+    name: host-proc
+  - hostPath:
+      path: /opt/p4/p4-cp-nws/var
+      type: ""
+    name: host-opt
+  - hostPath:
+      path: /var/run/
+      type: ""
+    name: vendor-plugin-sock
+  - hostPath:
+      path: /
+      type: ""
+    name: host-root

internal/controller/bindata/vsp/intel-netsec/99.vsp-pod.yaml

@@ -0,0 +1,49 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.VspName}}
+  namespace: {{.Namespace}}
+  labels:
+    app: vsp
+    dpu-name: {{.DpuName}}
+spec:
+  nodeName: {{.NodeName}}
+  nodeSelector:
+    kubernetes.io/hostname: {{.NodeName}}
+  hostNetwork: true
+  hostPID: true
+  serviceAccountName: vsp-sa
+  terminationGracePeriodSeconds: 180
+  restartPolicy: Always
+  containers:
+  - name: vsp
+    image: {{.intel_netsec}}
+    imagePullPolicy: {{.ImagePullPolicy}}
+    securityContext:
+      privileged: true
+      runAsUser: 0
+    command: ["/vsp-intel-netsec"]
+    args: []
+    volumeMounts:
+    - mountPath: /host
+      mountPropagation: Bidirectional
+      name: host-root
+    - mountPath: /var/run/
+      name: vendor-plugin-sock
+    - mountPath: /proc
+      mountPropagation: Bidirectional
+      name: host-proc
+  dnsPolicy: ClusterFirstWithHostNet
+  volumes:
+  - hostPath:
+      path: /proc
+      type: ""
+    name: host-proc
+  - hostPath:
+      path: /var/run/
+      type: ""
+    name: vendor-plugin-sock
+  - hostPath:
+      path: /
+      type: ""
+    name: host-root

internal/controller/bindata/vsp/marvell-dpu/99.vsp-pod.yaml

@@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{.VspName}}
+  namespace: {{.Namespace}}
+  labels:
+    app: vsp
+    dpu-name: {{.DpuName}}
+spec:
+  nodeName: {{.NodeName}}
+  nodeSelector:
+    kubernetes.io/hostname: {{.NodeName}}
+  hostNetwork: true
+  hostPID: true
+  serviceAccountName: vsp-sa
+  terminationGracePeriodSeconds: 180
+  restartPolicy: Always
+  containers:
+  - name: vsp
+    image: {{.marvell_dpu}}
+    imagePullPolicy: {{.ImagePullPolicy}}
+    securityContext:
+      privileged: true
+      runAsUser: 0
+    command: ["/vsp-mrvl"]
+    args: []
+    volumeMounts:
+    - mountPath: /host
+      mountPropagation: Bidirectional
+      name: host-root
+    - mountPath: /var/run/
+      name: vendor-plugin-sock
+    - mountPath: /opt/p4/p4-cp-nws/var
+      mountPropagation: Bidirectional
+      name: host-opt
+    - mountPath: /proc
+      mountPropagation: Bidirectional
+      name: host-proc
+  dnsPolicy: ClusterFirstWithHostNet
+  volumes:
+  - hostPath:
+      path: /proc
+      type: ""
+    name: host-proc
+  - hostPath:
+      path: /opt/p4/p4-cp-nws/var
+      type: ""
+    name: host-opt
+  - hostPath:
+      path: /var/run/
+      type: ""
+    name: vendor-plugin-sock
+  - hostPath:
+      path: /
+      type: ""
+    name: host-root