Biohazard icon indicating copy to clipboard operation
Biohazard copied to clipboard

Published 20 hours ago verified publisher icon JJGadgets

feat(helm): update chart intel-device-plugins-operator to 0.31.0

Open tinfoild[bot] opened this issue 9 months ago • 3 comments

This PR contains the following updates:

Package Update Change OpenSSF
intel-device-plugins-operator minor 0.29.0 -> 0.31.0 OpenSSF Scorecard

Release Notes

intel/helm-charts (intel-device-plugins-operator)

v0.31.0

Compare Source

A Helm chart for Intel GPU Device Plugin

v0.30.0

Compare Source

A Helm chart for Intel GPU Device Plugin

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

tinfoild[bot] avatar May 15 '24 09:05 tinfoild[bot]

Deploying jjgadgets-biohazard with  Cloudflare Pages  Cloudflare Pages

Latest commit: 47ce661
Status: ✅  Deploy successful!
Preview URL: https://acfa5861.jjgadgets-biohazard.pages.dev
Branch Preview URL: https://renovate-intel-device-plugin-dt4z.jjgadgets-biohazard.pages.dev

View logs

cloudflare-workers-and-pages[bot] avatar May 15 '24 09:05 cloudflare-workers-and-pages[bot] 

--- kube/deploy/core/hardware/intel-device-plugins/app Kustomization: flux-system/1-core-hardware-intel-device-plugins-app HelmRelease: kube-system/intel-device-plugins-operator

+++ kube/deploy/core/hardware/intel-device-plugins/app Kustomization: flux-system/1-core-hardware-intel-device-plugins-app HelmRelease: kube-system/intel-device-plugins-operator

@@ -12,13 +12,13 @@

     spec:
       chart: intel-device-plugins-operator
       sourceRef:
         kind: HelmRepository
         name: intel
         namespace: flux-system
-      version: 0.29.0
+      version: 0.31.1
   driftDetection:
     ignore:
     - paths:
       - /spec/replicas
     mode: warn
   install:

tinfoild[bot] avatar Jul 12 '24 11:07 tinfoild[bot] 

--- HelmRelease: kube-system/intel-device-plugins-operator ClusterRole: kube-system/inteldeviceplugins-manager-role

+++ HelmRelease: kube-system/intel-device-plugins-operator ClusterRole: kube-system/inteldeviceplugins-manager-role

@@ -2,12 +2,19 @@

 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   creationTimestamp: null
   name: inteldeviceplugins-manager-role
 rules:
+- apiGroups:
+  - ''
+  resources:
+  - nodes/proxy
+  verbs:
+  - get
+  - list
 - apiGroups:
   - ''
   resources:
   - pods
   verbs:
   - get
@@ -51,179 +58,47 @@

   - get
   - update
 - apiGroups:
   - deviceplugin.intel.com
   resources:
   - dlbdeviceplugins
+  - dsadeviceplugins
+  - fpgadeviceplugins
+  - gpudeviceplugins
+  - iaadeviceplugins
+  - qatdeviceplugins
+  - sgxdeviceplugins
   verbs:
   - create
   - delete
   - get
   - list
   - patch
   - update
   - watch
 - apiGroups:
   - deviceplugin.intel.com
   resources:
   - dlbdeviceplugins/finalizers
+  - dsadeviceplugins/finalizers
+  - fpgadeviceplugins/finalizers
+  - gpudeviceplugins/finalizers
+  - iaadeviceplugins/finalizers
+  - qatdeviceplugins/finalizers
+  - sgxdeviceplugins/finalizers
   verbs:
   - update
 - apiGroups:
   - deviceplugin.intel.com
   resources:
   - dlbdeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - dsadeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - dsadeviceplugins/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - dsadeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - fpgadeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - fpgadeviceplugins/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - fpgadeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - gpudeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - gpudeviceplugins/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - gpudeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - iaadeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - iaadeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - qatdeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - qatdeviceplugins/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - qatdeviceplugins/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - sgxdeviceplugins
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
-  - sgxdeviceplugins/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - deviceplugin.intel.com
-  resources:
   - sgxdeviceplugins/status
   verbs:
   - get
   - patch
   - update
 - apiGroups:
--- HelmRelease: kube-system/intel-device-plugins-operator Deployment: kube-system/inteldeviceplugins-controller-manager

+++ HelmRelease: kube-system/intel-device-plugins-operator Deployment: kube-system/inteldeviceplugins-controller-manager

@@ -20,13 +20,13 @@

       - args: null
         env:
         - name: DEVICEPLUGIN_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: intel/intel-deviceplugin-operator:0.29.0
+        image: intel/intel-deviceplugin-operator:0.31.1
         imagePullPolicy: IfNotPresent
         name: manager
         ports:
         - containerPort: 9443
           name: webhook-server
           protocol: TCP
@@ -53,25 +53,27 @@

           name: cert
           readOnly: true
       - args:
         - --secure-listen-address=0.0.0.0:8443
         - --upstream=http://127.0.0.1:8080/
         - --logtostderr=true
-        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+        - --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
         - --v=10
-        image: gcr.io/kubebuilder/kube-rbac-proxy:v0.15.0
+        image: quay.io/brancz/kube-rbac-proxy:v0.18.1
         name: kube-rbac-proxy
         ports:
         - containerPort: 8443
           name: https
         securityContext:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsGroup: 1000
           runAsNonRoot: true
           runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/arch: amd64
       serviceAccountName: default
       terminationGracePeriodSeconds: 10
       volumes:
       - name: cert

tinfoild[bot] avatar Jul 12 '24 11:07 tinfoild[bot]