Skip to content

Commit 45def6e

Browse files
abyrne55claude
andcommitted
Fix DRA for in-tree driver mode: nodeSelector and NetworkPolicy egress
- Use module selector (not kernel version-based selector) for DRA DaemonSet when moduleLoader is nil (in-tree driver mode) - Add allow-all egress rule to DRA NetworkPolicy so the kubelet plugin can reach the API server to manage ResourceSlices Signed-off-by: Anthony Byrne <abyrne@redhat.com> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent edbb3a3 commit 45def6e

2 files changed

Lines changed: 5 additions & 0 deletions

File tree

internal/controllers/dra_reconciler.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -483,6 +483,8 @@ func (dsci *draDaemonSetCreatorImpl) setDRAAsDesired(
483483
versionLabel := utils.GetSchedulePluginVersionLabelName(mod.Namespace, mod.Name)
484484
standardLabels[versionLabel] = mod.Spec.ModuleLoader.Container.Version
485485
nodeSelector[versionLabel] = mod.Spec.ModuleLoader.Container.Version
486+
} else if mod.Spec.ModuleLoader == nil {
487+
nodeSelector = mod.Spec.Selector
486488
}
487489

488490
ds.SetLabels(

internal/networkpolicy/networkpolicy.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,9 @@ func (np *networkPolicy) DRANetworkPolicy(namespace string) *networkingv1.Networ
201201
"app.kubernetes.io/component": "dra",
202202
},
203203
},
204+
Egress: []networkingv1.NetworkPolicyEgressRule{
205+
{}, // Allow all egress — DRA kubelet plugin needs API server access for ResourceSlice management
206+
},
204207
PolicyTypes: []networkingv1.PolicyType{
205208
networkingv1.PolicyTypeIngress,
206209
networkingv1.PolicyTypeEgress,

0 commit comments

Comments
 (0)