cleanup: v3.0.0 make bundle with devicePluginImage updates

- README.md now references new Onload Device Plugin image location
- Removed unused metrics
- Copyright header hack for bundle

Author: pcolledg-amd

.gitignore

@@ -11,6 +11,9 @@ bin
 testbin/*
 Dockerfile.cross
 
+# Moved to bundle/Dockerfile but hard-coded in Operator SDK
+bundle.Dockerfile
+
 # Machine config output
 scripts/machineconfig/mc
 
@@ -29,3 +32,6 @@ scripts/machineconfig/mc
 *.swp
 *.swo
 *~
+
+# User generated
+my-*

Makefile

@@ -6,7 +6,7 @@
 # To re-generate a bundle for another specific version without changing the standard setup, you can:
 # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2)
 # - use environment variables to overwrite this value (e.g export VERSION=0.0.2)
-VERSION ?= 0.0.1
+VERSION ?= 3.0.0
 
 # CHANNELS define the bundle channels used in the bundle.
 # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable")
@@ -53,10 +53,11 @@ endif
 # This is useful for CI or a project to utilize a specific version of the operator-sdk toolkit.
 OPERATOR_SDK_VERSION ?= v1.31.0
 
+IMG_BASE ?= docker.io/onload
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= $(IMG_BASE)/onload-operator:$(VERSION)
 # Image URL to use for building/pushing device plugin
-DEVICE_IMG ?= deviceplugin:latest
+DEVICE_IMG ?= $(IMG_BASE)/onload-device-plugin:$(VERSION)
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.26.0
 
@@ -268,8 +269,11 @@ endif
 .PHONY: bundle
 bundle: manifests kustomize operator-sdk ## Generate bundle manifests and metadata, then validate generated files.
 	$(OPERATOR_SDK) generate kustomize manifests -q
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
+	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG) deviceplugin=${DEVICE_IMG}
 	$(KUSTOMIZE) build config/manifests | $(OPERATOR_SDK) generate bundle $(BUNDLE_GEN_FLAGS)
+	for generated in `grep -rL --include '*.yaml' '^# SPDX-License-Identifier' bundle/`; do \
+		cat hack/boilerplate.yaml.txt $$generated > $$generated.out && mv $$generated.out $$generated; \
+	done
 	$(OPERATOR_SDK) bundle validate ./bundle
 
 .PHONY: bundle-build

README.md

@@ -9,7 +9,7 @@ Use OpenOnload® or EnterpriseOnload® to accelerate your workloads in Kubernete
 * [OpenOnload](https://github.com/Xilinx-CNS/onload) (including EnterpriseOnload) 8.1+
 * [AMD Solarflare](https://www.solarflare.com) hardware (`sfc`)
 * OpenShift Container Platform (OCP) 4.10+ with
-  * [Kernel Module Management (KMM) Operator](https://kmm.sigs.k8s.io/) 1.1 ([OpenShift documentation](https://docs.openshift.com/container-platform/4.14/hardware_enablement/kmm-kernel-module-management.html)
+  * [Kernel Module Management (KMM) Operator](https://kmm.sigs.k8s.io/) 1.1 ([OpenShift documentation](https://docs.openshift.com/container-platform/4.14/hardware_enablement/kmm-kernel-module-management.html))
 * Both restricted network or internet-connected clusters
 
 Deployment can also be performed on Kubernetes 1.23+ but full implementation details are not currently provided.
@@ -121,9 +121,9 @@ an `Onload` *kind* of Custom Resource (CR).
 
 #### Local Onload Operator images in restricted networks
 
-For restricted networks, the `onload-operator` image location will require changing from its DockerHub default.
-To run the above command using locally hosted container images, open this repository locally and use the
-[following overlay](config/samples/default-clusterlocal/kustomization.yaml):
+For restricted networks, the `onload-operator` and `onload-device-plugin` image locations will require changing from
+their DockerHub defaults. To run the above command using locally hosted container images, open this repository
+locally and use the [following overlay](config/samples/default-clusterlocal/kustomization.yaml):
 
 ```sh
 git clone -b v3.0 https://github.com/Xilinx-CNS/kubernetes-onload && cd kubernetes-onload
@@ -140,8 +140,9 @@ to expose a [Kubernetes Resource](https://kubernetes.io/docs/concepts/configurat
 named `amd.com/onload`.
 
 It is distributed as the container image `onload-device-plugin` and is deployed and configured entirely by
-the Onload Operator. You can configure the image location and its settings via the Onload Operator within
-a [Onload Custom Resource (CR)](#onload-custom-resource-cr).
+the Onload Operator. Its image location is configured as an environment variable within the Onload Operator deployment
+([see above](#local-onload-operator-images-in-restricted-networks)) and its ImagePullPolicy as part of
+[Onload Custom Resource (CR)](#onload-custom-resource-cr) along with its other customisation properties.
 
 ### Onload Custom Resource (CR)
 
@@ -163,7 +164,6 @@ this recommended overlay further, see the variant steps below.
 The above overlay configures KMM to `modprobe onload` but `modprobe sfc` is also required.
 Please see [Out-of-tree `sfc` module](#out-of-tree-sfc-kernel-module) for options.
 
-
 > [!IMPORTANT]
 > Due to Kubernetes limitations on label lengths, the combined length of the Name and Namespace of the Onload CR must be less than 32 characters.
 

bundle/manifests/onload-module-dockerfile-ch29bghg54_v1_configmap.yaml

@@ -0,0 +1,37 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) Copyright 2023 Advanced Micro Devices, Inc.
+apiVersion: v1
+data:
+  dockerfile: |+
+    # SPDX-License-Identifier: MIT
+    # SPDX-FileCopyrightText: (c) Copyright 2023 Advanced Micro Devices, Inc.
+    # hadolint global ignore=DL3006,DL3059,DL3040,DL3041
+    ARG DTK_AUTO
+    ARG ONLOAD_SOURCE=onload-source
+    ARG UBI_BASE=registry.access.redhat.com/ubi9/ubi-minimal:9.2
+
+
+    FROM $ONLOAD_SOURCE as onload-source
+
+
+    FROM $DTK_AUTO as builder
+    ARG ONLOAD_BUILD_PARAMS
+    ARG KERNEL_FULL_VERSION
+    COPY --from=onload-source / /opt/onload
+    WORKDIR /opt/onload
+    RUN scripts/onload_build --kernel --kernelver $KERNEL_FULL_VERSION $ONLOAD_BUILD_PARAMS
+    RUN scripts/onload_install --nobuild --kernelfiles --kernelver $KERNEL_FULL_VERSION
+    RUN depmod $KERNEL_FULL_VERSION
+
+
+    # ON-15418: Consider reducing deps
+    FROM $UBI_BASE
+    ARG KERNEL_FULL_VERSION
+    RUN microdnf install -y kmod && microdnf clean all
+    COPY --from=builder /lib/modules/$KERNEL_FULL_VERSION/modules* /opt/lib/modules/$KERNEL_FULL_VERSION/
+    COPY --from=builder /lib/modules/$KERNEL_FULL_VERSION/extra /opt/lib/modules/$KERNEL_FULL_VERSION/extra
+    RUN ln -s /lib/modules/$KERNEL_FULL_VERSION/kernel /opt/lib/modules/$KERNEL_FULL_VERSION/kernel
+
+kind: ConfigMap
+metadata:
+  name: onload-module-dockerfile-ch29bghg54

bundle/manifests/onload-operator-controller-manager-metrics-service_v1_service.yaml

@@ -0,0 +1,14 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) Copyright 2023 Advanced Micro Devices, Inc.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  creationTimestamp: null
+  name: onload-operator-rb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: onload-operator-role
+subjects:
+- kind: ServiceAccount
+  name: onload-operator-sa

bundle/manifests/onload-operator-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) Copyright 2023 Advanced Micro Devices, Inc.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  creationTimestamp: null
+  name: onload-operator-role
+rules:
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get

bundle/manifests/onload-operator-rb_rbac.authorization.k8s.io_v1_rolebinding.yaml

@@ -1,4 +1,7 @@
 # SPDX-License-Identifier: MIT
 # SPDX-FileCopyrightText: (c) Copyright 2023 Advanced Micro Devices, Inc.
-resources:
-- base
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  creationTimestamp: null
+  name: onload-operator-sa