feat: deploy configuration daemon via reconcilation of the NicConfigurationTemplate

Dockerfile

@@ -28,6 +28,7 @@ RUN --mount=type=cache,target=/go/pkg/mod/ GO_GCFLAGS=${GCFLAGS} make build-mana
 FROM gcr.io/distroless/static:nonroot
 WORKDIR /
 COPY --from=builder /workspace/build/manager .
+COPY bindata /bindata
 USER 65532:65532
 
 ENTRYPOINT ["/manager"]

api/v1alpha1/nicconfigurationtemplate_types.go

@@ -112,7 +112,7 @@ type NicConfigurationTemplateSpec struct {
 // NicConfigurationTemplateStatus defines the observed state of NicConfigurationTemplate
 type NicConfigurationTemplateStatus struct {
 	// NicDevice CRs matching this configuration template
-	NicDevices []string `json:"nicDevices"`
+	NicDevices []string `json:"nicDevices,omitempty"`
 }
 
 //+kubebuilder:object:root=true

deployment/nic-configuration-operator-chart/templates/config-daemon.yaml → bindata/manifests/daemon/config-daemon.yaml

@@ -2,37 +2,56 @@ apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   name: nic-configuration-daemon
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Namespace}}
   labels:
     app.kubernetes.io/name: nic-configuration-daemon
     app.kubernetes.io/created-by: nic-configuration-operator
     app.kubernetes.io/part-of: nic-configuration-operator
-    {{- include "nic-configuration-operator.labels" . | nindent 4 }}
+  {{- if eq .ClusterType "openshift" }}
+  annotations:
+    release.openshift.io/version: "{{.ReleaseVersion}}"
+  {{- end }}
 spec:
   selector:
     matchLabels:
-      control-plane: nic-configuration-daemon
-      {{- include "nic-configuration-operator.selectorLabels" . | nindent 6 }}
+      app: nic-configuration-daemon
   template:
     metadata:
       annotations:
         kubectl.kubernetes.io/default-container: nic-configuration-daemon
+        {{- if eq .ClusterType "openshift" }}
+        openshift.io/required-scc: privileged
+        {{- end }}
       labels:
-        control-plane: nic-configuration-daemon
-        {{- include "nic-configuration-operator.selectorLabels" . | nindent 8 }}
+        app: nic-configuration-daemon
+        component: network
+        type: infra
+        {{- if eq .ClusterType "openshift" }}
+        openshift.io/component: network
+        {{- end }}
     spec:
-      nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }}
-      serviceAccountName: {{ include "nic-configuration-operator.serviceAccountName" . }}
+      serviceAccountName: {{.ServiceAccountName}}
       terminationGracePeriodSeconds: 10
       hostNetwork: true
       hostPID: true
       priorityClassName: system-node-critical
+      {{- if .ImagePullSecrets }}
+      imagePullSecrets:
+      {{- range .ImagePullSecrets }}
+      - name: {{ . }}
+      {{- end }}
+      {{- end }}
+      {{- if .NodeSelector }}
+      nodeSelector: {{.NodeSelector}}
+      {{- end }}
       containers:
-        - image: "{{ .Values.configDaemon.image.repository }}/{{ .Values.configDaemon.image.name }}:{{ .Values.configDaemon.image.tag | default .Chart.AppVersion }}"
+        - image: {{.Image}}
           name: nic-configuration-daemon
           securityContext:
             privileged: true
-          resources: {{- toYaml .Values.configDaemon.resources | nindent 12 }}
+          {{- if .Resources }}
+          resources: {{.Resources}}
+          {{- end }}
           env:
             - name: NODE_NAME
               valueFrom:
@@ -42,9 +61,9 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-            {{- if .Values.logLevel}}
+            {{- if .LogLevel }}
             - name: LOG_LEVEL
-              value: {{ .Values.logLevel }}
+              value: {{.LogLevel}}
             {{- end}}
           volumeMounts:
             - name: sys

config/crd/bases/configuration.net.nvidia.com_nicconfigurationtemplates.yaml

@@ -166,8 +166,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - nicDevices
             type: object
         type: object
     served: true

config/manager/manager.yaml

@@ -72,6 +72,10 @@ spec:
         env:
           - name: LOG_LEVEL
             value: debug
+          - name: NAMESPACE
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.namespace
         livenessProbe:
           httpGet:
             path: /healthz

config/rbac/role.yaml

@@ -10,6 +10,8 @@ rules:
   - configmaps
   verbs:
   - get
+  - list
+  - watch
 - apiGroups:
   - ""
   resources:

deployment/nic-configuration-operator-chart/crds/configuration.net.nvidia.com_nicconfigurationtemplates.yaml

@@ -166,8 +166,6 @@ spec:
                 items:
                   type: string
                 type: array
-            required:
-            - nicDevices
             type: object
         type: object
     served: true

deployment/nic-configuration-operator-chart/templates/nic-configuration-operator-configmap.yaml

@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nic-configuration-operator-config
+data:
+  serviceAccountName: "{{ include "nic-configuration-operator.serviceAccountName" . }}"
+  configDaemonImage: "{{ .Values.configDaemon.image.repository }}/{{ .Values.configDaemon.image.name }}:{{ .Values.configDaemon.image.tag | default .Chart.AppVersion }}"
+  {{- if .Values.imagePullSecrets}}
+  imagePullSecrets: {{ join "," .Values.imagePullSecrets }}
+  {{- end}}
+  {{- if .Values.configDaemon.nodeSelector}}
+  nodeSelector: {{ .Values.configDaemon.nodeSelector | toJson | quote }}
+  {{- end}}
+  {{- if .Values.configDaemon.resources}}
+  resources: {{ .Values.configDaemon.resources | toJson | quote }}
+  {{- end}}
+  {{- if .Values.logLevel}}
+  logLevel: {{ .Values.logLevel }}
+  {{- end}}
+  clusterType: vanilla

deployment/nic-configuration-operator-chart/templates/operator.yaml

@@ -40,11 +40,11 @@ spec:
             capabilities:
               drop:
                 - ALL
-          {{- if .Values.logLevel}}
           env:
-            - name: LOG_LEVEL
-              value: {{ .Values.logLevel }}
-          {{- end}}
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
           livenessProbe:
             httpGet:
               path: /healthz

deployment/nic-configuration-operator-chart/templates/role.yaml

@@ -11,6 +11,8 @@ rules:
     - configmaps
   verbs:
     - get
+    - list
+    - watch
 - apiGroups:
     - ""
   resources:
@@ -103,3 +105,15 @@ rules:
     - patch
     - update
     - watch
+- apiGroups:
+    - apps
+  resources:
+    - daemonsets
+  verbs:
+    - create
+    - delete
+    - get
+    - list
+    - patch
+    - update
+    - watch

go.mod

@@ -7,10 +7,12 @@ toolchain go1.22.4
 require (
 	github.com/Mellanox/maintenance-operator/api v0.0.0-20240916123230-810ab7bb25f4
 	github.com/Mellanox/rdmamap v1.1.0
+	github.com/go-task/slim-sprig/v3 v3.0.0
 	github.com/jaypipes/ghw v0.12.0
 	github.com/jaypipes/pcidb v1.0.1
 	github.com/onsi/ginkgo/v2 v2.20.0
 	github.com/onsi/gomega v1.34.1
+	github.com/pkg/errors v0.9.1
 	github.com/stretchr/testify v1.9.0
 	github.com/vishvananda/netlink v1.3.0
 	go.uber.org/zap v1.26.0
@@ -38,7 +40,6 @@ require (
 	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.21.0 // indirect
 	github.com/go-openapi/swag v0.23.0 // indirect
-	github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
@@ -56,7 +57,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/prometheus/client_golang v1.20.2 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect

internal/controller/nicconfigurationtemplate_controller.go

@@ -19,6 +19,7 @@ package controller
 import (
 	"context"
 	"fmt"
+	"os"
 	"reflect"
 	"slices"
 	"strings"
@@ -36,6 +37,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
 	v1alpha1 "github.com/Mellanox/nic-configuration-operator/api/v1alpha1"
+	"github.com/Mellanox/nic-configuration-operator/pkg/syncdaemon"
 )
 
 const nicConfigurationTemplateSyncEventName = "nic-configuration-template-sync-event"
@@ -54,6 +56,7 @@ type NicConfigurationTemplateReconciler struct {
 //+kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicdevices,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=configuration.net.nvidia.com,resources=nicdevices/finalizers,verbs=update
 //+kubebuilder:rbac:groups="",resources=nodes,verbs=get;list;watch;update;patch
+//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch
 //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get
 //+kubebuilder:rbac:groups="",resources=pods,verbs=list
 //+kubebuilder:rbac:groups="",resources=pods/eviction,verbs=create;delete;get;list;patch;update;watch
@@ -172,6 +175,12 @@ func (r *NicConfigurationTemplateReconciler) Reconcile(ctx context.Context, req
 		}
 	}
 
+	err = syncdaemon.SyncConfigDaemonObjs(ctx, r.Client, r.Scheme, os.Getenv("NAMESPACE"))
+	if err != nil {
+		log.Log.Error(err, "failed to sync ds")
+		return ctrl.Result{}, err
+	}
+
 	return ctrl.Result{}, nil
 }
 

pkg/consts/consts.go

@@ -82,4 +82,8 @@ const (
 	Mlx5ModuleVersionPath         = "/sys/bus/pci/drivers/mlx5_core/module/version"
 
 	FwConfigNotAppliedAfterRebootErrorMsg = "firmware configuration failed to apply after reboot"
+
+	ConfigDaemonManifestsPath = "./bindata/manifests/daemon"
+
+	OperatorConfigMapName = "nic-configuration-operator-config"
 )