diff --git a/deployment/helm/resource-policy/.helmignore b/deployment/helm/resource-policy/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/deployment/helm/resource-policy/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/deployment/helm/resource-policy/Chart.yaml b/deployment/helm/resource-policy/Chart.yaml new file mode 100644 index 000000000..062df2d91 --- /dev/null +++ b/deployment/helm/resource-policy/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +appVersion: main +description: | + NRI resource policy is a NRI plugin that will apply hardware-aware resource allocation + policies to the containers running in the system. +name: nri-resource-policy +sources: + - https://github.com/containers/nri-plugins +home: https://github.com/containers/nri-plugins +type: application +version: 0.0.0 diff --git a/deployment/helm/resource-policy/balloons_values.yaml b/deployment/helm/resource-policy/balloons_values.yaml new file mode 100644 index 000000000..9446e760d --- /dev/null +++ b/deployment/helm/resource-policy/balloons_values.yaml @@ -0,0 +1,42 @@ +# Default values for nri-plugins. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +--- +image: + name: ghcr.io/containers/nri-plugins/nri-resource-policy-balloons + # tag, if defined will use the given image tag, otherwise Chart.appVersion will be used + tag: unstable + pullPolicy: Always +container: + name: nri-resource-policy-balloons + +namespace: kube-system + +configMap: + data: + ReservedResources: + cpu: 750m + +spec: + containers: + ports: + - containerPort: 8891 + protocol: TCP + name: metrics + resources: + requests: + cpu: 500m + memory: 512Mi + args: + - --host-root + - /host + - --fallback-config + - /etc/nri-resource-policy/nri-resource-policy.cfg + - --pid-file + - /tmp/nri-resource-policy.pid + - -metrics-interval + - 5s + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] diff --git a/deployment/helm/resource-policy/crds/noderesourcetopology.yaml b/deployment/helm/resource-policy/crds/noderesourcetopology.yaml new file mode 100644 index 000000000..3719f2c2d --- /dev/null +++ b/deployment/helm/resource-policy/crds/noderesourcetopology.yaml @@ -0,0 +1,270 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.kubernetes.io: https://github.com/kubernetes/enhancements/pull/1870 + controller-gen.kubebuilder.io/version: v0.11.2 + creationTimestamp: null + name: noderesourcetopologies.topology.node.k8s.io +spec: + group: topology.node.k8s.io + names: + kind: NodeResourceTopology + listKind: NodeResourceTopologyList + plural: noderesourcetopologies + shortNames: + - node-res-topo + singular: noderesourcetopology + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - topologyPolicies + - zones + type: object + served: true + storage: false + - name: v1alpha2 + schema: + openAPIV3Schema: + description: NodeResourceTopology describes node resources and their topology. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + topologyPolicies: + description: 'DEPRECATED (to be removed in v1beta1): use top level attributes + if needed' + items: + type: string + type: array + zones: + description: ZoneList contains an array of Zone objects. + items: + description: Zone represents a resource topology zone, e.g. socket, + node, die or core. + properties: + attributes: + description: AttributeList contains an array of AttributeInfo objects. + items: + description: AttributeInfo contains one attribute of a Zone. + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + costs: + description: CostList contains an array of CostInfo objects. + items: + description: CostInfo describes the cost (or distance) between + two Zones. + properties: + name: + type: string + value: + format: int64 + type: integer + required: + - name + - value + type: object + type: array + name: + type: string + parent: + type: string + resources: + description: ResourceInfoList contains an array of ResourceInfo + objects. + items: + description: ResourceInfo contains information about one resource + type. + properties: + allocatable: + anyOf: + - type: integer + - type: string + description: Allocatable quantity of the resource, corresponding + to allocatable in node status, i.e. total amount of this + resource available to be used by pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + available: + anyOf: + - type: integer + - type: string + description: Available is the amount of this resource currently + available for new (to be scheduled) pods, i.e. Allocatable + minus the resources reserved by currently running pods. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + capacity: + anyOf: + - type: integer + - type: string + description: Capacity of the resource, corresponding to capacity + in node status, i.e. total amount of this resource that + the node has. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + name: + description: Name of the resource. + type: string + required: + - allocatable + - available + - capacity + - name + type: object + type: array + type: + type: string + required: + - name + - type + type: object + type: array + required: + - zones + type: object + served: true + storage: true diff --git a/deployment/helm/resource-policy/templates/_helpers.tpl b/deployment/helm/resource-policy/templates/_helpers.tpl new file mode 100644 index 000000000..efaae3349 --- /dev/null +++ b/deployment/helm/resource-policy/templates/_helpers.tpl @@ -0,0 +1,8 @@ +{{/* +Common labels +*/}} +{{- define "nri-plugins.labels" -}} +app: nri-resource-policy +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/deployment/helm/resource-policy/templates/clusterrole.yaml b/deployment/helm/resource-policy/templates/clusterrole.yaml new file mode 100644 index 000000000..163e9313e --- /dev/null +++ b/deployment/helm/resource-policy/templates/clusterrole.yaml @@ -0,0 +1,22 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nri-resource-policy +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - watch +- apiGroups: + - topology.node.k8s.io + resources: + - noderesourcetopologies + verbs: + - create + - get + - list + - update + - delete diff --git a/deployment/helm/resource-policy/templates/clusterrolebinding.yaml b/deployment/helm/resource-policy/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..d57e1e80f --- /dev/null +++ b/deployment/helm/resource-policy/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nri-resource-policy +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nri-resource-policy +subjects: +- kind: ServiceAccount + name: nri-resource-policy + namespace: {{ .Values.namespace }} diff --git a/deployment/helm/resource-policy/templates/configmap.yaml b/deployment/helm/resource-policy/templates/configmap.yaml new file mode 100644 index 000000000..1521f4052 --- /dev/null +++ b/deployment/helm/resource-policy/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: nri-resource-policy-config.default + namespace: {{ .Values.namespace }} +data: + policy: |+ + {{- toYaml .Values.configMap.data | nindent 4 }} diff --git a/deployment/helm/resource-policy/templates/daemonset.yaml b/deployment/helm/resource-policy/templates/daemonset.yaml new file mode 100644 index 000000000..1dcb94398 --- /dev/null +++ b/deployment/helm/resource-policy/templates/daemonset.yaml @@ -0,0 +1,66 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "nri-plugins.labels" . | nindent 4 }} + name: nri-resource-policy + namespace: {{ .Values.namespace }} +spec: + selector: + matchLabels: + {{- include "nri-plugins.labels" . | nindent 6 }} + template: + metadata: + labels: + {{- include "nri-plugins.labels" . | nindent 8 }} + spec: + serviceAccount: nri-resource-policy + nodeSelector: + kubernetes.io/os: "linux" + containers: + - name: {{ .Values.container.name }} + args: + {{- toYaml .Values.spec.containers.args | nindent 12 }} + ports: + {{- toYaml .Values.spec.containers.ports | nindent 12 }} + env: + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: {{ .Values.image.name }}:{{ .Values.image.tag | default .Chart.AppVersion }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + {{- toYaml .Values.spec.containers.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.spec.containers.resources | nindent 12 }} + volumeMounts: + - name: resource-policydata + mountPath: /var/lib/nri-resource-policy + - name: hostsysfs + mountPath: /host/sys + - name: resource-policysockets + mountPath: /var/run/nri-resource-policy + - name: resource-policyconfig + mountPath: /etc/nri-resource-policy + - name: nrisockets + mountPath: /var/run/nri + volumes: + - name: resource-policydata + hostPath: + path: /var/lib/nri-resource-policy + type: DirectoryOrCreate + - name: hostsysfs + hostPath: + path: /sys + type: Directory + - name: resource-policysockets + hostPath: + path: /var/run/nri-resource-policy + - name: resource-policyconfig + configMap: + name: nri-resource-policy-config + - name: nrisockets + hostPath: + path: /var/run/nri + type: Directory diff --git a/deployment/helm/resource-policy/templates/role.yaml b/deployment/helm/resource-policy/templates/role.yaml new file mode 100644 index 000000000..6b274be29 --- /dev/null +++ b/deployment/helm/resource-policy/templates/role.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: nri-resource-policy + namespace: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - watch diff --git a/deployment/helm/resource-policy/templates/rolebinding.yaml b/deployment/helm/resource-policy/templates/rolebinding.yaml new file mode 100644 index 000000000..beed2e732 --- /dev/null +++ b/deployment/helm/resource-policy/templates/rolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: nri-resource-policy + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: nri-resource-policy +subjects: +- kind: ServiceAccount + name: nri-resource-policy + namespace: {{ .Values.namespace }} diff --git a/deployment/helm/resource-policy/templates/serviceaccount.yaml b/deployment/helm/resource-policy/templates/serviceaccount.yaml new file mode 100644 index 000000000..e455bbacf --- /dev/null +++ b/deployment/helm/resource-policy/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nri-resource-policy + namespace: {{ .Values.namespace }} diff --git a/deployment/helm/resource-policy/topology_aware_values.yaml b/deployment/helm/resource-policy/topology_aware_values.yaml new file mode 100644 index 000000000..12885e1d1 --- /dev/null +++ b/deployment/helm/resource-policy/topology_aware_values.yaml @@ -0,0 +1,42 @@ +# Default values for nri-plugins. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +--- +image: + name: ghcr.io/containers/nri-plugins/nri-resource-policy-topology-aware + # tag, if defined will use the given image tag, otherwise Chart.AppVersion will be used + tag: unstable + pullPolicy: Always +container: + name: nri-resource-policy-topology-aware + +namespace: kube-system + +configMap: + data: + ReservedResources: + cpu: 750m + +spec: + containers: + ports: + - containerPort: 8891 + protocol: TCP + name: metrics + resources: + requests: + cpu: 500m + memory: 512Mi + args: + - --host-root + - /host + - --fallback-config + - /etc/nri-resource-policy/nri-resource-policy.cfg + - --pid-file + - /tmp/nri-resource-policy.pid + - -metrics-interval + - 5s + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"]