feat: add NIC Configuration Operator as a NCP state (Mellanox#1373)

Author: almaslennikov

api/v1alpha1/nicclusterpolicy_types.go

@@ -288,6 +288,43 @@ type DOCATelemetryServiceSpec struct {
 	Config *DOCATelemetryServiceConfig `json:"config"`
 }
 
+// NicFirmwareStorageSpec contains configuration for the NIC firmware storage
+type NicFirmwareStorageSpec struct {
+	// Create specifies whether to create a new PVC or use an existing one
+	// +kubebuilder:default:=true
+	Create bool `json:"create,omitempty"`
+	// PVCName is the name of the PVC to mount as NIC Firmware storage. Default value: "nic-fw-storage-pvc"
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
+	// +kubebuilder:default:="nic-fw-storage-pvc"
+	PVCName string `json:"pvcName,omitempty"`
+	// StorageClassName is the name of a storage class to be used to store NIC FW binaries during NIC FW upgrade.
+	// If not provided, the cluster-default storage class will be used
+	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:MaxLength=63
+	// +kubebuilder:validation:Pattern=`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`
+	StorageClassName string `json:"storageClassName,omitempty"`
+	// storage size for the NIC Configuration Operator to request. Default value: 1Gi
+	// +kubebuilder:validation:Pattern=`^(\d+)(Ei|Pi|Ti|Gi|Mi|Ki)$`
+	// +kubebuilder:default:="1Gi"
+	AvailableStorageSize string `json:"availableStorageSize,omitempty"`
+}
+
+// NicConfigurationOperatorSpec is the configuration for NIC Configuration Operator
+type NicConfigurationOperatorSpec struct {
+	// Image information for nic-configuration-operator
+	Operator *ImageSpec `json:"operator"`
+	// Image information for nic-configuration-daemon
+	ConfigurationDaemon *ImageSpec `json:"configurationDaemon"`
+	// NicFirmwareStorage contains configuration for the NIC firmware storage
+	NicFirmwareStorage *NicFirmwareStorageSpec `json:"nicFirmwareStorage,omitempty"`
+	// LogLevel sets the verbosity level of the logs. info|debug
+	// +kubebuilder:validation:Enum={"info", "debug"}
+	// +kubebuilder:default:="info"
+	LogLevel string `json:"logLevel,omitempty"`
+}
+
 // NicClusterPolicySpec defines the desired state of NicClusterPolicy
 type NicClusterPolicySpec struct {
 	// OFEDDriver is a specialized driver for NVIDIA NICs which can replace the inbox driver that comes with an OS.
@@ -325,6 +362,10 @@ type NicClusterPolicySpec struct {
 	// DOCATelemetryService exposes telemetry from NVIDIA networking components to prometheus.
 	// See: https://docs.nvidia.com/doca/sdk/nvidia+doca+telemetry+service+guide/index.html
 	DOCATelemetryService *DOCATelemetryServiceSpec `json:"docaTelemetryService,omitempty"`
+	//nolint:lll
+	// NicConfigurationOperator provides Kubernetes CRD API to allow FW configuration on NVIDIA NICs in a coordinated manner
+	// See: https://github.com/Mellanox/nic-configuration-operator
+	NicConfigurationOperator *NicConfigurationOperatorSpec `json:"nicConfigurationOperator,omitempty"`
 	// NodeAffinity rules to inject to the DaemonSets objects that are managed by the operator
 	NodeAffinity *v1.NodeAffinity `json:"nodeAffinity,omitempty"`
 	// Tolerations to inject to the DaemonSets objects that are managed by the operator

api/v1alpha1/zz_generated.deepcopy.go

@@ -216,6 +216,186 @@ spec:
                 - ufmSecret
                 - version
                 type: object
+              nicConfigurationOperator:
+                description: |-
+                  NicConfigurationOperator provides Kubernetes CRD API to allow FW configuration on NVIDIA NICs in a coordinated manner
+                  See: https://github.com/Mellanox/nic-configuration-operator
+                properties:
+                  configurationDaemon:
+                    description: Image information for nic-configuration-daemon
+                    properties:
+                      containerResources:
+                        description: ResourceRequirements describes the compute resource
+                          requirements
+                        items:
+                          description: ResourceRequirements describes the compute
+                            resource requirements.
+                          properties:
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Limits describes the maximum amount of compute resources allowed.
+                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                              type: object
+                            name:
+                              description: Name of the container the requirements
+                                are set for
+                              type: string
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Requests describes the minimum amount of compute resources required.
+                                If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      image:
+                        description: Name of the image
+                        pattern: '[a-zA-Z0-9\-]+'
+                        type: string
+                      imagePullSecrets:
+                        default: []
+                        description: |-
+                          ImagePullSecrets is an optional list of references to secrets in the same
+                          namespace to use for pulling the image
+                        items:
+                          type: string
+                        type: array
+                      repository:
+                        description: Address of the registry that stores the image
+                        pattern: '[a-zA-Z0-9\.\-\/]+'
+                        type: string
+                      version:
+                        description: Version of the image to use
+                        type: string
+                    required:
+                    - image
+                    - repository
+                    - version
+                    type: object
+                  logLevel:
+                    default: info
+                    description: LogLevel sets the verbosity level of the logs. info|debug
+                    enum:
+                    - info
+                    - debug
+                    type: string
+                  nicFirmwareStorage:
+                    description: NicFirmwareStorage contains configuration for the
+                      NIC firmware storage
+                    properties:
+                      availableStorageSize:
+                        default: 1Gi
+                        description: 'storage size for the NIC Configuration Operator
+                          to request. Default value: 1Gi'
+                        pattern: ^(\d+)(Ei|Pi|Ti|Gi|Mi|Ki)$
+                        type: string
+                      create:
+                        default: true
+                        description: Create specifies whether to create a new PVC
+                          or use an existing one
+                        type: boolean
+                      pvcName:
+                        default: nic-fw-storage-pvc
+                        description: 'PVCName is the name of the PVC to mount as NIC
+                          Firmware storage. Default value: "nic-fw-storage-pvc"'
+                        maxLength: 63
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                        type: string
+                      storageClassName:
+                        description: |-
+                          StorageClassName is the name of a storage class to be used to store NIC FW binaries during NIC FW upgrade.
+                          If not provided, the cluster-default storage class will be used
+                        maxLength: 63
+                        minLength: 1
+                        pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                        type: string
+                    type: object
+                  operator:
+                    description: Image information for nic-configuration-operator
+                    properties:
+                      containerResources:
+                        description: ResourceRequirements describes the compute resource
+                          requirements
+                        items:
+                          description: ResourceRequirements describes the compute
+                            resource requirements.
+                          properties:
+                            limits:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Limits describes the maximum amount of compute resources allowed.
+                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                              type: object
+                            name:
+                              description: Name of the container the requirements
+                                are set for
+                              type: string
+                            requests:
+                              additionalProperties:
+                                anyOf:
+                                - type: integer
+                                - type: string
+                                pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                                x-kubernetes-int-or-string: true
+                              description: |-
+                                Requests describes the minimum amount of compute resources required.
+                                If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,
+                                otherwise to an implementation-defined value. Requests cannot exceed Limits.
+                                More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+                              type: object
+                          required:
+                          - name
+                          type: object
+                        type: array
+                      image:
+                        description: Name of the image
+                        pattern: '[a-zA-Z0-9\-]+'
+                        type: string
+                      imagePullSecrets:
+                        default: []
+                        description: |-
+                          ImagePullSecrets is an optional list of references to secrets in the same
+                          namespace to use for pulling the image
+                        items:
+                          type: string
+                        type: array
+                      repository:
+                        description: Address of the registry that stores the image
+                        pattern: '[a-zA-Z0-9\.\-\/]+'
+                        type: string
+                      version:
+                        description: Version of the image to use
+                        type: string
+                    required:
+                    - image
+                    - repository
+                    - version
+                    type: object
+                required:
+                - configurationDaemon
+                - operator
+                type: object
               nicFeatureDiscovery:
                 description: |-
                   NicFeatureDiscovery works with NodeFeatureDiscovery to expose information about NVIDIA NICs.

config/crd/bases/mellanox.com_nicclusterpolicies.yaml

@@ -117,6 +117,41 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - configuration.net.nvidia.com
+  resources:
+  - nicconfigurationtemplates
+  - nicdevices
+  - nicfirmwaresources
+  - nicfirmwaretemplates
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - configuration.net.nvidia.com
+  resources:
+  - nicconfigurationtemplates/finalizers
+  - nicdevices/finalizers
+  - nicfirmwaresources/finalizers
+  - nicfirmwaretemplates/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - configuration.net.nvidia.com
+  resources:
+  - nicconfigurationtemplates/status
+  - nicdevices/status
+  - nicfirmwaresources/status
+  - nicfirmwaretemplates/status
+  verbs:
+  - get
+  - patch
+  - update
 - apiGroups:
   - coordination.k8s.io
   resources:
@@ -158,6 +193,18 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - maintenance.nvidia.com
+  resources:
+  - nodemaintenances
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - mellanox.com
   resources:

config/rbac/role.yaml

@@ -72,6 +72,7 @@ type NicClusterPolicyReconciler struct {
 // +kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch;update;patch
 // +kubebuilder:rbac:groups="",resources=pods,verbs=list
 // +kubebuilder:rbac:groups="",resources=pods/eviction,verbs=create;delete;get;list;patch;update;watch
+// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get
 // +kubebuilder:rbac:groups=apps,resources=deployments;daemonsets;replicasets;statefulsets,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=apps,resources=deployments/finalizers,verbs=update
 // +kubebuilder:rbac:groups=monitoring.coreos.com,resources=servicemonitors,verbs=get;list;watch;create
@@ -89,6 +90,19 @@ type NicClusterPolicyReconciler struct {
 // +kubebuilder:rbac:groups=admissionregistration.k8s.io,resources=validatingwebhookconfigurations,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=image.openshift.io,resources=imagestreams,verbs=get;list;watch
 // +kubebuilder:rbac:groups=k8s.cni.cncf.io,resources=network-attachment-definitions,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicconfigurationtemplates,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicconfigurationtemplates/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicconfigurationtemplates/finalizers,verbs=update
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicdevices/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicdevices,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicdevices/finalizers,verbs=update
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaretemplates,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaretemplates/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaretemplates/finalizers,verbs=update
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaresources/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaresources,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicfirmwaresources/finalizers,verbs=update
+// +kubebuilder:rbac:groups=maintenance.nvidia.com,resources=nodemaintenances,verbs=get;list;watch;create;update;patch;delete
 
 // Reconcile is part of the main kubernetes reconciliation loop which aims to
 // move the current state of the cluster closer to the desired state.