add generic-device-plugin

kubernetes/apps/kube-system/generic-device-plugin/app/helmrelease.yaml

@@ -0,0 +1,67 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: generic-device-plugin
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+  driftDetection:
+    mode: enabled
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    defaultPodOptions:
+      priorityClassName: system-node-critical
+    controllers:
+      generic-device-plugin:
+        type: daemonset
+        strategy: RollingUpdate
+        annotations:
+          reloader.stakater.com/auto: "true"
+        containers:
+          generic-device-plugin:
+            image:
+              repository: ghcr.io/squat/generic-device-plugin
+              tag: latest@sha256:ba6f0b4cf6c858d6ad29ba4d32e4da11638abbc7d96436bf04f582a97b2b8821
+            args:
+              - --config=/config/config.yml
+            ports:
+              - containerPort: 8080
+                name: http
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+    persistence:
+      config:
+        type: configMap
+        name: generic-device-plugin-configmap
+        globalMounts:
+          - path: /config/config.yml
+            subPath: config.yml
+            readOnly: true
+      dev:
+        type: hostPath
+        hostPath: /dev
+        globalMounts:
+          - path: /dev
+      device-plugin:
+        type: hostPath
+        hostPath: /var/lib/kubelet/device-plugins
+        globalMounts:
+          - path: /var/lib/kubelet/device-plugins

kubernetes/apps/kube-system/generic-device-plugin/app/kustomization.yaml

@@ -0,0 +1,12 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+configMapGenerator:
+  - name: generic-device-plugin-configmap
+    files:
+      - ./resources/config.yml
+generatorOptions:
+  disableNameSuffixHash: true

kubernetes/apps/kube-system/generic-device-plugin/app/resources/config.yml

@@ -0,0 +1,9 @@
+---
+log-level: info
+domain: kernel.org
+devices:
+  - name: tun
+    groups:
+      - count: 1000
+        paths:
+          - path: /dev/net/tun

kubernetes/apps/kube-system/generic-device-plugin/ks.yaml

@@ -0,0 +1,20 @@
+---
+# yaml-language-server: $schema=https://ks.hsn.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app generic-device-plugin
+  namespace: flux-system
+spec:
+  targetNamespace: kube-system
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: "./kubernetes/apps/kube-system/generic-device-plugin/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: theshire
+  wait: true
+  interval: 30m
+  timeout: 5m

kubernetes/apps/kube-system/kustomization.yaml

@@ -12,6 +12,7 @@ resources:
   - ./descheduler/ks.yaml
   - ./dnsimple-webhook-rbac.yaml
   - ./fstrim/ks.yaml
+  - ./generic-device-plugin/ks.yaml
   - ./kubelet-csr-approver/ks.yaml
   - ./metrics-server/ks.yaml
   - ./node-feature-discovery/ks.yaml