Commit Graph

104 Commits

Author SHA1 Message Date
Hyeongju Johannes Lee
11b04425c2 dlb: add initcontainer to plugin
initcontainer enables vfs and configures vfs
 - only first pf is used to configure a vf
 - only one vf is configured from the pf
add dlb-initcontainer kustomize overlay
update CRD to have initImage
implment operator to run initcontainer
update e2e test to run initcontainer overlay
update envtest to test initimage

Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-10-06 17:11:03 +03:00
Mikko Ylinen
8c0abb54b1 deployments: disable unused serviceAccounts for plugins
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-09-23 08:21:25 +03:00
Manish Regmi
a888a91d2a add selinux labels for QAT
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
2022-09-19 15:31:55 -07:00
Manish Regmi
22e9d5f882 add selinux labels for GPU plugins 2022-09-15 14:44:51 -04:00
Mikko Ylinen
642c4f7b59 build: move to Go 1.19 and golangci-lint 1.48 because of that
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-08-15 10:13:37 +03:00
Mikko Ylinen
a13ee14e5f deployments: regenerate using the latest controller-gen
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-07-26 13:57:27 +03:00
Oleg Zhurakivskyy
495b01eecf operator: TestUpgrade: make expected*Image to follow ImageMinVersion
Closes #1005

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-07-07 12:08:29 +03:00
Mikko Ylinen
8987f1ba53 qat: add support for 401xx devices
QAT_401xx is a derivative of 4xxx. Add support for that device
by including the device IDs (both PF and VF).

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-06-02 08:11:39 +03:00
Oleg Zhurakivskyy
6c36827b54 idxd: Add /sys/bus/dsa to DSA, IAA initcontainer deployments
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-05-18 19:14:58 +03:00
Hyeongju Johannes Lee
85a12609a3 sgx: deprecate /dev/sgx/ mounts
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-05-09 18:59:34 +03:00
Mikko Ylinen
910a3d9a32 operator: update to 0.24.0 images
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-05-09 15:04:58 +03:00
Oleg Zhurakivskyy
54961c3d75 idxd: Make root filesystem read-only
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-05-05 10:44:47 +03:00
Manish Regmi
78d2fe24e3 changes related to selinux and permissions for openshift
* run the sgx container as container_device_plugin_t and init container
   as container_device_plugin_init_t. these labels are being added to
   container_selinux package upstream.
 * add rbac role for openshift
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
2022-04-28 14:32:35 -07:00
Mikko Ylinen
069b9bd79a qat: 4xxx: split generic resource to compression and crypto
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-04-07 22:33:17 +03:00
Hyeongju Johannes Lee
d3c8063ff3 qat: implement preferredAllocation policies
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-04-07 14:14:00 +03:00
Hyeongju Johannes Lee
df419b3a82 qat: add initimage to plugin
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-03-30 13:46:42 -07:00
Oleg Zhurakivskyy
dbb2a9a7f8 operator: iaa: Drop hardcoded deployment, use embedded YAML
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-03-09 11:58:39 +02:00
Ed Bartosh
6b27cf1f7c Implement IAA plugin, operator, demo
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-03-04 15:58:42 +02:00
Ed Bartosh
3e2f9b1e80
Merge pull request #907 from mythi/PR-2022-016
operator: QAT and GPU controller updates
2022-03-01 17:43:49 +02:00
Ed Bartosh
13780a8cdc implement terrascan check
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2022-03-01 15:54:28 +02:00
Mikko Ylinen
fb73e2ecb3 gpu: avoid slice realloc in GpuDevicePlugin controller
The amount of GPU plugin parameters has increased but the
args slice capacity has not been changed. Update it to avoid
slice reallocations.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-01 07:48:17 +02:00
Mikko Ylinen
289fbb2eaa qat: update default devices in QatDevicePlugin controller
The default -kernelVfDrivers parameter set by QatDevicePlugin controller
was not in sync with the plugin parameters. Update.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-01 07:45:54 +02:00
Oleg Zhurakivskyy
cfc8eb18cb operator: Support upgrade of plugins
The upgrade of the deployed plugins can be done by simply installing
a new release of the operator.

The operator auto-upgrades operator-managed plugins (CR images
and thus corresponding deployed daemonsets) to the current release
of the operator.

The [registry-url]/[namespace]/[image] are kept intact on the upgrade.

No upgrade is done for:

- Non-operator managed deployments
- Operator deployments without numeric tags

Closes #702

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:52:55 +02:00
Oleg Zhurakivskyy
b825e41f76 sgx: Add handling of initcontainer and its volume on update
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:52:48 +02:00
Oleg Zhurakivskyy
34044a9d48 fpga: Rename: fpgadeviceplugin -> intel-fpga-plugin
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:03:24 +02:00
Ed Bartosh
cec004c398 lint: enable wsl check
Fixes: #392

Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-12-17 11:48:48 +02:00
Hyeongju Johannes Lee
251727a3db operator: add node selection constraint (amd64 arch)
In order to make controllers consistent, I add a nodeselector constraint of daemonset to dlb, fpga, qat too.
Since the same code is commonly used in many files, I add a function that replaces duplicated code.

Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2021-12-02 08:54:50 -08:00
Oleg Zhurakivskyy
f92394fbe2 operator: dsa: Handle initcontainer and ConfigMap updates
Closes #729

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2021-12-01 15:11:43 +02:00
Oleg Zhurakivskyy
6bba74acef dsa: Rename idxd-initcontainer to idxd-config-initcontainer
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2021-11-30 15:32:29 +02:00
Mikko Ylinen
b63bb53057 operator: allow controllers to touch ownerReferences always
Resources in clusters with OwnerReferencesPermissionEnforcement
(e.g., OpenShift) get stricter checks for metadata.ownerReferences.

This appears via errors like:
“is forbidden: cannot set blockOwnerDeletion if an ownerReference refers to
a resource you can’t set finalizers on: ...”

The fix is to add "update" permissions to finalizers subresource
for the xDevicePlugins resources.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-11-26 08:28:29 +02:00
Ed Bartosh
b9b2de7889 operator: test NewDaemonSet for all plugins
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-11-22 20:20:34 +02:00
Ed Bartosh
b6caadfc63 operator: use go:embed to generate daemonset objects
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-11-22 16:55:55 +02:00
Dmitry Rozhkov
471549c11d
Merge pull request #753 from hj-johannes-lee/dlb-operator
operator: Add DLB support
2021-11-18 10:23:16 +02:00
Xu, Guoshu
e4c4a8f7ac GPU devices resource preferred allocation methods.
1. Implement PreferredAllocator interface.
2. Provide 3 preferred allocation policies: balancedPolicy, packedPolicy and nonePolicy.
3. Provide the cmdline interface: -allocation-policy balanced/packed/none, to select which preferred allocation policy to use.
4. Add operator support.

Co-authored-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-11-17 22:55:10 +08:00
Hyeongju Johannes Lee
ff9034822b operator: Add DLB support
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2021-11-17 01:51:47 -08:00
Oleg Zhurakivskyy
a7c612f7fc dsa: Rename dsa initcontainer to idxd
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2021-11-09 12:00:44 +02:00
Oleg Zhurakivskyy
594a696879 operator: dsa: Add provisioning configurability
The provisioning config can be optionally stored in the ProvisioningConfig
configMap which is then passed to initcontainer through the volume mount.

There's also a possibility for a node specific congfiguration through
passing a nodename via NODE_NAME into initcontainer's environment
and passing a node specific profile via configMap volume mount.

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2021-11-09 10:31:50 +02:00
Oleg Zhurakivskyy
94a13fc96f operator: dsa: Add InitImage for initcontainer
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2021-10-01 11:26:05 +03:00
Ed Bartosh
5af85a785f qat: copy annotations
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-09-22 11:27:24 +03:00
Hyeongju Johannes Lee
8fc5df7e37 Add govet-fieldalignment
Add govet-fieldalignment to .golangci.yml
Fix errors that come from adding govet-fieldalignment
- by reordering the fields of structs
- by putting nolint:govet annotations

Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2021-09-20 20:59:04 +03:00
Eero Tamminen
86a86e2863 Add "-enable-monitoring" GPU plugin option operator support
Based on Ukri's examples and tested by Ukri (thanks!).
2021-06-29 17:33:03 +03:00
Ukri Niemimuukko
efe6efdc0e fix flag value
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-06-24 12:40:56 +03:00
Ukri Niemimuukko
cf0073878b address Eero's comments
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-06-24 12:07:12 +03:00
Ukri Niemimuukko
39f7c4c747 gpu resource manager operator parts
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2021-06-24 11:49:08 +03:00
Mikko Ylinen
37618d4f85 operator: move deviceplugin/v1 CRDs to cluster scope
The device plugins daemonsets are cluster wide and currently only
one device plugin instance per device is possible so making the
corresponding deviceplugin/v1 CRDs non-namespaced (i.e., scope: cluster)
fits better.

Previously, the device plugin daemonset was deployed in the same
namespace as the CR for that device but with the cluster scoped CRDs
we default to use the same namespace as the operator, unless overridden
via DEVICEPLUGIN_NAMESPACE env variable or a command line parameter
to operator manager deployment.

Three additional changes in this commit:
- enable DSA envtest tests
- update controller-runtime to v0.8.1
- change device plugin envtest suite to use klog/v2

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2021-02-11 11:41:47 +02:00
Ed Bartosh
884f8e3dfe operator: add DSA support
Fixes: #443

Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2021-02-09 02:13:27 +02:00
Mikko Ylinen
d65cb902e6 sgx: move to RFC v4x device API
The SGX device nodes have changed from /dev/sgx/[enclave|provision]
to /dev/sgx_[enclave|provision] in v4x RFC patches according to the
LKML feedback.

This changes moves to use the new device nodes. Backwards compatibility
is provided by adding /dev/sgx directory mount to containers. This
assumes the cluster admin has installed the udev rules provided in the
README to make the old device nodes as symlinks to the new device nodes.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2020-11-18 21:17:28 +02:00
Dmitry Rozhkov
5f0da56045 Upgrade to k8s v1.19.3 2020-11-10 16:09:20 +02:00
Ukri Niemimuukko
c935570bab operator: GPU-plugin initImage
This adds the initImage field to the custom resource definition
and takes it into use.

The fpga webhook image validation function is split off into a
separate file.

Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
2020-11-09 20:55:12 +02:00
Mikko Ylinen
33a4f8f546 sgx: add SgxDevicePlugin CRD and admission webhook
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2020-09-10 15:31:26 +03:00
Mikko Ylinen
d8cd5814d7 operator: regenerate CRDs and small webhook/controller updates
this commits also changes validatePluginImage() to allow
image version as a parameter so that it can be used by by
other webooks too.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2020-08-31 11:29:04 +03:00
Dmitry Rozhkov
200e2f8181 operator: add simple FPGA operator combined with FPGA webhook 2020-08-18 17:32:23 +03:00
Dmitry Rozhkov
d27b12a925 operator: fix crash when assigning to nil map 2020-06-26 12:35:25 +03:00
Dmitry Rozhkov
6b2fa0a264 operator: initial version with gpu and qat controllers 2020-06-25 13:48:41 +03:00