Skip to content

OCPBUGS-54352 Default value seems to be set to false for the parameter enableInjector and enableOperatorWebhook #91315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Mar 31, 2025
Merged

OCPBUGS-54352 Default value seems to be set to false for the parameter enableInjector and enableOperatorWebhook #91315

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 12 additions & 15 deletions modules/nw-sriov-configuring-operator.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,21 +15,20 @@
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovOperatorConfig
metadata:
name: default
name: default <1>
namespace: openshift-sriov-network-operator
spec:
disableDrain: false
enableInjector: true
enableOperatorWebhook: true
enableInjector: true <2>
enableOperatorWebhook: true <3>
logLevel: 2
featureGates:
metricsExporter: false
----
+
[NOTE]
====
The only valid name for the `SriovOperatorConfig` resource is `default` and it must be in the namespace where the Operator is deployed.
====
<1> The only valid name for the `SriovOperatorConfig` resource is `default` and it must be in the namespace where the Operator is deployed.
<2> The `enableInjector` field, if not specified in the CR or explicitly set to `true`, defaults to `false` or `<none>`, preventing any `network-resources-injector` pod from running in the namespace. The recommended setting is `true`.
<3> The `enableOperatorWebhook` field, if not specified in the CR or explicitly set to true, defaults to `false` or `<none>`, preventing any `operator-webhook` pod from running in the namespace. The recommended setting is `true`.

.. Create the resource by running the following command:
+
Expand Down Expand Up @@ -75,12 +74,11 @@ For single-node clusters, set this field to `true` after installing the Operator
|`spec.enableInjector`
|`boolean`
|Specifies whether to enable or disable the Network Resources Injector daemon set.
By default, this field is set to `true`.

|`spec.enableOperatorWebhook`
|`boolean`
|Specifies whether to enable or disable the Operator Admission Controller webhook daemon set.
By default, this field is set to `true`.


|`spec.logLevel`
|`integer`
Expand Down Expand Up @@ -113,7 +111,7 @@ The Network Resources Injector is a Kubernetes Dynamic Admission Controller appl
* Mutation of resource requests and limits in a pod specification to add an SR-IOV resource name according to an SR-IOV network attachment definition annotation.
* Mutation of a pod specification with a Downward API volume to expose pod annotations, labels, and huge pages requests and limits. Containers that run in the pod can access the exposed information as files under the `/etc/podnetinfo` path.

By default, the Network Resources Injector is enabled by the SR-IOV Network Operator and runs as a daemon set on all control plane nodes. The following is an example of Network Resources Injector pods running in a cluster with three control plane nodes:
The Network Resources Injector is enabled by the SR-IOV Network Operator when the `enableInjector` is set to `true` in the `SriovOperatorConfig` CR. The `network-resources-injector` pod runs as a daemon set on all control plane nodes. The following is an example of Network Resources Injector pods running in a cluster with three control plane nodes:

[source,terminal]
----
Expand Down Expand Up @@ -155,7 +153,7 @@ spec:
[id="disable-enable-network-resource-injector_{context}"]
== Disabling or enabling the Network Resources Injector

To disable or enable the Network Resources Injector, which is enabled by default, complete the following procedure.
To disable or enable the Network Resources Injector, complete the following procedure.

.Prerequisites

Expand Down Expand Up @@ -193,13 +191,12 @@ spec:
[id="about-sr-iov-operator-admission-control-webhook_{context}"]
== About the SR-IOV Network Operator admission controller webhook

The SR-IOV Network Operator Admission Controller webhook is a Kubernetes Dynamic
Admission Controller application. It provides the following capabilities:
The SR-IOV Network Operator Admission Controller webhook is a Kubernetes Dynamic Admission Controller application. It provides the following capabilities:

* Validation of the `SriovNetworkNodePolicy` CR when it is created or updated.
* Mutation of the `SriovNetworkNodePolicy` CR by setting the default value for the `priority` and `deviceType` fields when the CR is created or updated.

By default the SR-IOV Network Operator Admission Controller webhook is enabled by the Operator and runs as a daemon set on all control plane nodes.
The SR-IOV Network Operator Admission Controller webhook is enabled by the Operator when the `enableOperatorWebhook` is set to `true` in the `SriovOperatorConfig` CR. The `operator-webhook` pod runs as a daemon set on all control plane nodes.

[NOTE]
====
Expand All @@ -225,7 +222,7 @@ operator-webhook-rpfrl 1/1 Running 0 16m
[id="disable-enable-sr-iov-operator-admission-control-webhook_{context}"]
== Disabling or enabling the SR-IOV Network Operator admission controller webhook

To disable or enable the admission controller webhook, which is enabled by default, complete the following procedure.
To disable or enable the admission controller webhook, complete the following procedure.

.Prerequisites

Expand Down