"unconfined" annotation was needed to get writes to new_id / bind
to succeed on AppArmor enabled OSes.
However, many things have changed:
* new_id should not be used anymore and it was dropped in the plugin.
* QAT initcontainer has assumed the role of HW initialization.
* vfio-pci is the preferred "dpdkDriver" and starting with QAT Gen4, it
is the only available VF driver so unbind isn't necessary.
* k8s AppArmor is "GA" since 1.30 and the annotation is deprecated.
As of now, the initcontainer will take care of binding QAT VFs to vfio-pci
so the plugin does not neeed to set AppArmor at all.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
controller-runtime has deprecated webhook.Defaulter/Validator and they
will be removed in the next controller-runtime release.
Move deviceplugin webhooks to use admission.CustomDefaulter/Validator.
Common defaulter/validator types can serve all the plugins with only
plugin specific data initialized.
As part of the rework, move away from (the unmaintained) pkg/errors
to errors in Go standard library.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Operatorhub bundle can have sha256 image tags that are put through
env vars. When operator controller manager gets upgraded, its
operands (plugin daemonsets) should be updated to the image in the
env vars. But it has not been working properly because of wrong
parsing.
Fix it to parse the image names that have sha256 tags correctly so
env vars in operator can be used as intended.
Additionatlly, add comments with an example result to the part
where parsing, trimming, or transforming the name of images happens
in UpgradImages to make the process intuitive.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
Operator maturity level 3 requires cpu/memory requests and limits
for operands. Add them to all plugins deployed by operator
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
Pass the whole cdi.spec structure to DeviceInfo and use
cdiCache for interacting with the CDI files on the host.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
grpc.NewClient(), added in grpc-go v1.63, is the preferred way to
create a new ClientConn. In most of our usages, moving away from
grpc.Dial*() to it is straightforward.
However, we've also relied on grpc.Dial*()'s behavior to automatically
make a new connection to "test" a connection is successful isn't available
anymore. Combined with grpc.WithBlock dialoption this usage is considered
"especially bad" way to handle a client connection.
The recommended approach to test a server connection is to separately
make a connection and watch the connection state to become Ready. This
change follows that recommendation.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
to address:
"Incorrect conversion of an unsigned 32-bit integer from to a lower bit
size type int without an upper bound check."
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
klog has added ktesting/textlogger and is going to deprecate
klogr. The deprecation is going to trigger golangci-lint (staticcheck)
errors so rework the logging and move to ktesting/textlogger.
The commit also fixes the loglevel setting with operator.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Additional objects are shared between device plugin CRs. Once the last
CR is removed, the additional objects are also removed.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Differentiate objects by adding cr names as suffixes
Drop kind book keeping and related functions from controllers
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
