golangci-lint config can be verified using the followint command:
golangci-lint config verify
Our config had some errors so fix them.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
"unconfined" annotation was needed to get writes to new_id / bind
to succeed on AppArmor enabled OSes.
However, many things have changed:
* new_id should not be used anymore and it was dropped in the plugin.
* QAT initcontainer has assumed the role of HW initialization.
* vfio-pci is the preferred "dpdkDriver" and starting with QAT Gen4, it
is the only available VF driver so unbind isn't necessary.
* k8s AppArmor is "GA" since 1.30 and the annotation is deprecated.
As of now, the initcontainer will take care of binding QAT VFs to vfio-pci
so the plugin does not neeed to set AppArmor at all.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
setupDeviceIDs() is obsoleted and the preferred approach is driver_override
already implemented in qat-init.sh initcontainer.
The new_id mechanism was added way before we had the initcontainer support in place.
Furthermore, at least for vfio-pci we don't need it at all if the driver uses
ids=8086:<qat VF dev IDs>.
Drop write attemps to new_id in favor of the initcontainer functionality.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
QAT device plugin has some initialization functions that require
special SecurityContext parameters (e.g., setting Apparmor policies
on some OSes).
It's better to move all of the initialization to the privileged
init-container that is already taking care some parts of it.
With this change, we default to vfio-pci "DpdkDrv".
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
k8s v1.32 client-go makes FakePods private so the current
resourcemanager fake client won't work anymore.
client-go provides a simple fake Client that works easily so
just move to use it.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
In addition to the levelzero's health data use, this adds support to
scan devices in WSL. Scanning happens by retrieving Intel device
indices from the Level-Zero API.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Pass the whole cdi.spec structure to DeviceInfo and use
cdiCache for interacting with the CDI files on the host.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Add deployment that uses cert-manager to provide self-signed certificates
Add functionality to verify server endpoint in the sidecar
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
Plugin used to consider only the value "-1" but there are some
cases when files show "\n" or "\n\x00". This makes plugin to have
wrong status of the device. So, trim the value after \n so only
numerical value can be read.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
grpc.NewClient(), added in grpc-go v1.63, is the preferred way to
create a new ClientConn. In most of our usages, moving away from
grpc.Dial*() to it is straightforward.
However, we've also relied on grpc.Dial*()'s behavior to automatically
make a new connection to "test" a connection is successful isn't available
anymore. Combined with grpc.WithBlock dialoption this usage is considered
"especially bad" way to handle a client connection.
The recommended approach to test a server connection is to separately
make a connection and watch the connection state to become Ready. This
change follows that recommendation.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
`prestart` hook is marked as deprecated in the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/main/config.md#posix-platform-hooks
Renamed `prestart` to the `createRuntime` as suggested in the spec.
Replaced `CDI hook` with `OCI hook` to be more clear. CDI is just a
way to update OCI config and theoretically there is no such thing as
CDI hook.
Plugin can support both i915 and xe drivers dynamically. But
having both drivers on same node with RM is not possible.
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
