-
Notifications
You must be signed in to change notification settings - Fork 122
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
vm based providers: Add single stack k8s-1.25 ipv6 lane (#912)
* vm based providers: Add single stack k8s-1.25 ipv6 lane Signed-off-by: Or Shoval <oshoval@redhat.com> * k8s-1.25-ipv6: Fix cni_ipv6.diff PodDisruptionBudget needs to use policy/v1 instead of the deprecated one. Signed-off-by: Or Shoval <oshoval@redhat.com> * k8s-1.25: Update the cni ipv6 diff The file should be updated on both folders so in case someone copies the base folder, it will work out of the box for the new folder even if it is ipv6 single stack. Signed-off-by: Or Shoval <oshoval@redhat.com> Signed-off-by: Or Shoval <oshoval@redhat.com>
- Loading branch information
Showing
115 changed files
with
83,579 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
centos8 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
#!/bin/bash | ||
|
||
set -ex | ||
|
||
if [ "$1" != "--vendor" ]; then | ||
echo "No vendor provided" | ||
exit 1 | ||
fi | ||
vendor=$2 | ||
|
||
function get_device_driver() { | ||
local dev_driver=$(readlink $driver_path) | ||
echo "${dev_driver##*/}" | ||
} | ||
|
||
# find the PCI address of the device by vendor_id:product_id | ||
pci_address=(`lspci -D -d ${vendor}`) | ||
pci_address="${pci_address[0]}" | ||
dev_sysfs_path="/sys/bus/pci/devices/$pci_address" | ||
|
||
if [[ ! -d $dev_sysfs_path ]]; then | ||
echo "Error: PCI address ${pci_address} does not exist!" 1>&2 | ||
exit 1 | ||
fi | ||
|
||
if [[ ! -d "$dev_sysfs_path/iommu/" ]]; then | ||
echo "Error: No vIOMMU found in the VM" 1>&2 | ||
exit 1 | ||
fi | ||
|
||
# set device driver path | ||
driver_path="${dev_sysfs_path}/driver" | ||
driver_override="${dev_sysfs_path}/driver_override" | ||
|
||
# load the vfio-pci module | ||
modprobe -i vfio-pci | ||
|
||
|
||
driver=$(get_device_driver) | ||
|
||
if [[ "$driver" != "vfio-pci" ]]; then | ||
|
||
# unbind from the original device driver | ||
echo ${pci_address} > "${driver_path}/unbind" | ||
# bind the device to vfio-pci driver | ||
echo "vfio-pci" > ${driver_override} | ||
echo $pci_address > /sys/bus/pci/drivers/vfio-pci/bind | ||
fi | ||
|
||
# The device should now be using the vfio-pci driver | ||
new_driver=$(get_device_driver) | ||
if [[ $new_driver != "vfio-pci" ]]; then | ||
echo "Error: Failed to bind to vfio-pci driver" 1>&2 | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"Description": "DEFAULT", | ||
"UUID": "", | ||
"Version": "v0.56.9", | ||
"ResultsDir": "/tmp/sonobuoy/results", | ||
"Resources": null, | ||
"Filters": { | ||
"Namespaces": ".*", | ||
"LabelSelector": "" | ||
}, | ||
"Limits": { | ||
"PodLogs": { | ||
"Namespaces": "kube-system", | ||
"SonobuoyNamespace": true, | ||
"FieldSelectors": [], | ||
"LabelSelector": "", | ||
"Previous": false, | ||
"SinceSeconds": null, | ||
"SinceTime": null, | ||
"Timestamps": false, | ||
"TailLines": null, | ||
"LimitBytes": null | ||
} | ||
}, | ||
"QPS": 30, | ||
"Burst": 50, | ||
"Server": { | ||
"bindaddress": "0.0.0.0", | ||
"bindport": 8080, | ||
"advertiseaddress": "", | ||
"timeoutseconds": 21600 | ||
}, | ||
"Plugins": null, | ||
"PluginSearchPath": [ | ||
"./plugins.d", | ||
"/etc/sonobuoy/plugins.d", | ||
"~/sonobuoy/plugins.d" | ||
], | ||
"Namespace": "sonobuoy", | ||
"WorkerImage": "sonobuoy/sonobuoy:v0.56.9", | ||
"ImagePullPolicy": "IfNotPresent", | ||
"ImagePullSecrets": "", | ||
"AggregatorPermissions": "clusterAdmin", | ||
"ServiceAccountName": "sonobuoy-serviceaccount", | ||
"ProgressUpdatesPort": "8099", | ||
"SecurityContextMode": "nonroot" | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
quay.io/kubevirtci/grafana-grafana:7.5.4 | ||
quay.io/kubevirtci/install-cni:1.15.0 | ||
quay.io/kubevirtci/operator:1.15.0 | ||
quay.io/kubevirtci/pilot:1.15.0 | ||
quay.io/kubevirtci/proxyv2:1.15.0 | ||
quay.io/prometheus-operator/prometheus-config-reloader:v0.47.0 | ||
quay.io/calico/cni:v3.18.0 | ||
quay.io/calico/kube-controllers:v3.18.0 | ||
quay.io/calico/node:v3.18.0 | ||
quay.io/calico/pod2daemon-flexvol:v3.18.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
#!/bin/bash | ||
|
||
set -euo pipefail | ||
|
||
function usage() { | ||
cat <<EOF | ||
Usage: $0 <k8s-cluster-dir> [source-image-list] | ||
Fetches all images from the cluster provision source and manifests. Returns a list that is sorted and | ||
without double entries. | ||
If source-image-list is provided this is taken as an input and added to the result. | ||
EOF | ||
} | ||
|
||
function check_args() { | ||
if [ "$#" -lt 1 ]; then | ||
usage | ||
exit 1 | ||
fi | ||
if [ ! -d "$1" ]; then | ||
usage | ||
echo "Directory $1 does not exist" | ||
exit 1 | ||
fi | ||
} | ||
|
||
function main() { | ||
check_args "$@" | ||
|
||
temp_file=$(mktemp) | ||
trap 'rm -f "${temp_file}"' EXIT SIGINT SIGTERM | ||
|
||
provision_dir="$1" | ||
image_regex='([a-z0-9\_\.]+[/-]?)+(@sha256)?:[a-z0-9\_\.\-]+' | ||
image_regex_w_double_quotes='"?'"${image_regex}"'"?' | ||
|
||
( | ||
# Avoid bailing out because of nothing found in scripts part | ||
set +e | ||
find "$provision_dir" -type f -name '*.sh' -print0 | | ||
xargs -0 grep -iE '(docker|podman)[ _]pull[^ ]+ '"${image_regex_w_double_quotes}" | ||
find "$provision_dir" -type f -name '*.yaml' -print0 | | ||
xargs -0 grep -iE '(image|value): '"${image_regex_w_double_quotes}" | ||
set -e | ||
# last `grep -v` is necessary to avoid trying to pre pull istio "images", as the regex also matches on values | ||
# from the generated istio deployment manifest | ||
) | grep -ioE "${image_regex_w_double_quotes}"'$' | grep -v '.svc:' >>"${temp_file}" | ||
|
||
sed -E 's/"//g' "${temp_file}" | sort | uniq | ||
} | ||
|
||
main "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
#!/bin/bash | ||
set -xe | ||
|
||
source /var/lib/kubevirtci/shared_vars.sh | ||
|
||
export PATH=$ISTIO_BIN_DIR:$PATH | ||
|
||
kubectl --kubeconfig /etc/kubernetes/admin.conf create ns istio-system | ||
istioctl --kubeconfig /etc/kubernetes/admin.conf --hub quay.io/kubevirtci operator init | ||
|
||
istio_manifests_dir=/opt/istio | ||
mkdir -p /opt/istio | ||
cat <<EOF >$istio_manifests_dir/istio-operator.tpl.yaml | ||
apiVersion: install.istio.io/v1alpha1 | ||
kind: IstioOperator | ||
metadata: | ||
namespace: istio-system | ||
name: istio-operator | ||
spec: | ||
profile: demo | ||
hub: quay.io/kubevirtci | ||
components: | ||
cni: | ||
enabled: true | ||
namespace: kube-system | ||
values: | ||
global: | ||
jwtPolicy: first-party-jwt | ||
cni: | ||
chained: \$ISTIO_CNI_CHAINED | ||
cniBinDir: /opt/cni/bin | ||
cniConfDir: \$ISTIO_CNI_CONF_DIR | ||
privileged: true | ||
excludeNamespaces: | ||
- istio-system | ||
- kube-system | ||
logLevel: debug | ||
EOF | ||
|
||
# generate istio-operator for usage with cnao enabled | ||
ISTIO_CNI_CHAINED=false ISTIO_CNI_CONF_DIR=/etc/cni/multus/net.d envsubst < $istio_manifests_dir/istio-operator.tpl.yaml > $istio_manifests_dir/istio-operator-with-cnao.cr.yaml | ||
cat <<EOF >>$istio_manifests_dir/istio-operator-with-cnao.yaml | ||
cniConfFileName: "istio-cni.conf" | ||
sidecarInjectorWebhook: | ||
injectedAnnotations: | ||
"k8s.v1.cni.cncf.io/networks": istio-cni | ||
EOF | ||
|
||
# generate istio-operator cr for usage without cnao | ||
ISTIO_CNI_CHAINED=true ISTIO_CNI_CONF_DIR=/etc/cni/net.d envsubst < $istio_manifests_dir/istio-operator.tpl.yaml > $istio_manifests_dir/istio-operator.cr.yaml |
Oops, something went wrong.