[release-1.6] Update sriov-network-operator Helm chart to v1.6.4+up1.6.0
Upgrade the sriov-network-operator chart to v1.6.4+up1.6.0, which brings the proper fix for the operator-webhook certificate not being automatically renewed bug.
This bug was mitigated for versions newer than Sylva 1.4 with Kyverno policies via workarounds in #3090 (closed) and #3437 (closed). Those workarounds involve periodic pod restarts, which can generate some noise in monitoring systems, so upgrading to v1.6.4+up1.6.0 will remove it.
Removal of these workarounds is tracked as part of issue.
Since this is a significant change and usually backports are done only for patch version bumps, decision to implement or not the proposed backport will need to be discussed as mention in MR comment.
Other fixes in v1.6.4+up1.6.0 since 1.5.2+up1.5.0:
- Mellanox dual-port VF reset - VFs on both ports now reset before firmware reset; previously one port was missed - https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/896
- disableDrain: true stuck in InProgress - isDrainCompleted() now returns correctly when drain is disabled; syncStatus was hanging - https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/895
- VF config files not cleaned from host on teardown - https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/852
- PCI config folder not cleaned up properly - https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/913
New features in v1.6.4+up1.6.0 since 1.5.2+up1.5.0
- New hardware support
Two new NIC families supported: Intel E825 and E830 adapters.
- NetworkPolicies for webhooks
New NetworkPolicy objects deployed alongside operator-webhook and network-resources-injector, restricts ingress/egress to API server port 6443 only. New RBAC permissions added for NetworkPolicy management.
Daemon rewritten to use controller-runtime.