Commit Graph

25 Commits

Author SHA1 Message Date
Mikko Ylinen
fe3eaeeb0b qat: drop AppArmor annotations
"unconfined" annotation was needed to get writes to new_id / bind
to succeed on AppArmor enabled OSes.

However, many things have changed:

* new_id should not be used anymore and it was dropped in the plugin.
* QAT initcontainer has assumed the role of HW initialization.
* vfio-pci is the preferred "dpdkDriver" and starting with QAT Gen4, it
is the only available VF driver so unbind isn't necessary.
* k8s AppArmor is "GA" since 1.30 and the annotation is deprecated.

As of now, the initcontainer will take care of binding QAT VFs to vfio-pci
so the plugin does not neeed to set AppArmor at all.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2025-01-16 13:54:37 +02:00
Tuomas Katila
05bb8ef156 qat: add support for 420xx driver and its devices (4946)
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2024-05-02 11:36:13 +03:00
Tuomas Katila
52be7ed1e9 Add tolerations support to operator and plugin CRDs
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2024-03-20 10:00:41 +02:00
Oleg Zhurakivskyy
ab0e8bc146 qat: Add annotation configurability in the operator
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2024-01-09 10:20:16 +02:00
Tuomas Katila
f9221c46fd operator: remove one-cr-per-kind limitation
Differentiate objects by adding cr names as suffixes
Drop kind book keeping and related functions from controllers

Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2023-11-09 13:05:40 +02:00
Tuomas Katila
a15c84c81e operator: fix controllers indicating changes when there are none
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2023-10-23 11:03:14 +03:00
Hyeongju Johannes Lee
20caa42e7a operator: add ctx to func UpgradeImages and logger for env vars of images
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2023-09-18 12:04:32 -07:00
Mikko Ylinen
52d3d4abd1 operator: fix setting QAT provisioning config volumeMount
setInitContainer() adds "init-sriov-numvfs" to initContainers
but uses initcontainerName constant to search where to add
the QAT configMap volumeMount. Fix by moving all code to use
the const.

It was also noticed in the controller logs that setting Pod
Volumes is not idempotent but broken DaemonSet gets created:

""intel-device-plugins-manager: Reconciler error "err="DaemonSet.apps
\"intel-qat-plugin\" is invalid: spec.template.spec.volumes[6].name:
Duplicate value: \"qat-config\"" controller="qatdeviceplugin"
controllerGroup="deviceplugin.intel.com"

Finally, change 'qat-config' to 'intel-qat-config-volume' to
better describe that it's a volume.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2023-05-25 06:43:18 +03:00
Mikko Ylinen
934c00f5fc qat: add support for QAT 402xx
Based on
https://lore.kernel.org/linux-crypto/20230303165650.81405-1-damian.muszynski@intel.com/

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2023-03-09 15:06:30 +02:00
Hyeongju Johannes Lee
a6037eae3c
qat: add configuration of cfgServices to qat initcontainer
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-12-12 21:48:21 +02:00
Manish Regmi
a888a91d2a add selinux labels for QAT
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
2022-09-19 15:31:55 -07:00
Mikko Ylinen
8987f1ba53 qat: add support for 401xx devices
QAT_401xx is a derivative of 4xxx. Add support for that device
by including the device IDs (both PF and VF).

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-06-02 08:11:39 +03:00
Hyeongju Johannes Lee
d3c8063ff3 qat: implement preferredAllocation policies
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-04-07 14:14:00 +03:00
Hyeongju Johannes Lee
df419b3a82 qat: add initimage to plugin
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-03-30 13:46:42 -07:00
Mikko Ylinen
289fbb2eaa qat: update default devices in QatDevicePlugin controller
The default -kernelVfDrivers parameter set by QatDevicePlugin controller
was not in sync with the plugin parameters. Update.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-01 07:45:54 +02:00
Oleg Zhurakivskyy
cfc8eb18cb operator: Support upgrade of plugins
The upgrade of the deployed plugins can be done by simply installing
a new release of the operator.

The operator auto-upgrades operator-managed plugins (CR images
and thus corresponding deployed daemonsets) to the current release
of the operator.

The [registry-url]/[namespace]/[image] are kept intact on the upgrade.

No upgrade is done for:

- Non-operator managed deployments
- Operator deployments without numeric tags

Closes #702

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:52:55 +02:00
Ed Bartosh
cec004c398 lint: enable wsl check
Fixes: #392

Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-12-17 11:48:48 +02:00
Hyeongju Johannes Lee
251727a3db operator: add node selection constraint (amd64 arch)
In order to make controllers consistent, I add a nodeselector constraint of daemonset to dlb, fpga, qat too.
Since the same code is commonly used in many files, I add a function that replaces duplicated code.

Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2021-12-02 08:54:50 -08:00
Mikko Ylinen
b63bb53057 operator: allow controllers to touch ownerReferences always
Resources in clusters with OwnerReferencesPermissionEnforcement
(e.g., OpenShift) get stricter checks for metadata.ownerReferences.

This appears via errors like:
“is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to
a resource you can’t set finalizers on: ...”

The fix is to add "update" permissions to finalizers subresource
for the xDevicePlugins resources.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-11-26 08:28:29 +02:00
Ed Bartosh
b6caadfc63 operator: use go:embed to generate daemonset objects
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-11-22 16:55:55 +02:00
Ed Bartosh
5af85a785f qat: copy annotations
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-09-22 11:27:24 +03:00
Ukri Niemimuukko
39f7c4c747 gpu resource manager operator parts
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-06-24 11:49:08 +03:00
Mikko Ylinen
37618d4f85 operator: move deviceplugin/v1 CRDs to cluster scope
The device plugins daemonsets are cluster wide and currently only
one device plugin instance per device is possible so making the
corresponding deviceplugin/v1 CRDs non-namespaced (i.e., scope: cluster)
fits better.

Previously, the device plugin daemonset was deployed in the same
namespace as the CR for that device but with the cluster scoped CRDs
we default to use the same namespace as the operator, unless overridden
via DEVICEPLUGIN_NAMESPACE env variable or a command line parameter
to operator manager deployment.

Three additional changes in this commit:
- enable DSA envtest tests
- update controller-runtime to v0.8.1
- change device plugin envtest suite to use klog/v2

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-02-11 11:41:47 +02:00
Dmitry Rozhkov
5f0da56045 Upgrade to k8s v1.19.3 2020-11-10 16:09:20 +02:00
Dmitry Rozhkov
6b2fa0a264 operator: initial version with gpu and qat controllers 2020-06-25 13:48:41 +03:00