Commit Graph

177 Commits

Author SHA1 Message Date
Mikko Ylinen
f559d8717d
Merge pull request #1327 from eero-t/nfd-features
Use more generic name for NFD features host directory volume
2023-02-13 11:45:26 +02:00
Eero Tamminen
2f3dc23651 Use more generic name for NFD features host directory volume
NFD hooks are deprecated and going away:
https://github.com/kubernetes-sigs/node-feature-discovery/issues/856

This makes the mount names more future-proof, and shows where later
changes need to be done (to change operator mount directory, and
switch hook-using deployments e.g. to feature files).

Signed-off-by: Eero Tamminen <eero.t.tamminen@intel.com>
2023-02-08 18:20:41 +02:00
Mikko Ylinen
c65d4ab896 operator: update to 0.26.0 images
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2023-01-20 11:49:51 +02:00
Mikko Ylinen
27b008a461 upgrade to controller-runtime v0.14.0
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-12-19 10:08:18 +02:00
Mikko Ylinen
10a26b8fd8
Merge pull request #1234 from hj-johannes-lee/qat-cfgServices
qat: add configuration of cfgServices to qat initcontainer
2022-12-13 08:26:13 +02:00
Hyeongju Johannes Lee
a6037eae3c
qat: add configuration of cfgServices to qat initcontainer
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-12-12 21:48:21 +02:00
Mikko Ylinen
34d930a567 upgrade to k8s 1.26.0-rc.1 and controller-runtime@master
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-12-07 15:04:33 +02:00
Oleg Zhurakivskyy
ad68e998b1 iaa: Switch to device type "iaa"
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-10-28 10:51:18 +03:00
Mikko Ylinen
419a5ab586 operator: update to 0.25.0 images
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-10-17 22:45:41 +03:00
Ed Bartosh
9dea92541a
Merge pull request #1088 from hj-johannes-lee/dlb-initcontainer
dlb: add initcontainer to plugin
2022-10-07 14:43:12 +03:00
Hyeongju Johannes Lee
11b04425c2 dlb: add initcontainer to plugin
initcontainer enables vfs and configures vfs
 - only first pf is used to configure a vf
 - only one vf is configured from the pf
add dlb-initcontainer kustomize overlay
update CRD to have initImage
implment operator to run initcontainer
update e2e test to run initcontainer overlay
update envtest to test initimage

Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-10-06 17:11:03 +03:00
Tuomas Katila
8426fb975f operator: gpu: prevent resourcemanager's use without shared devices
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2022-10-05 13:09:06 +03:00
Mikko Ylinen
8c0abb54b1 deployments: disable unused serviceAccounts for plugins
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-09-23 08:21:25 +03:00
Mikko Ylinen
0f5afc258d operator: move to controller-tools v0.10.0
With the latest version of controller-tools, we get to set
reinvocationPolicy tag so that we no longer have to add that
field manually in our Admission Webhook manifests.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-09-21 19:37:00 +03:00
Manish Regmi
a888a91d2a add selinux labels for QAT
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
2022-09-19 15:31:55 -07:00
Manish Regmi
22e9d5f882 add selinux labels for GPU plugins 2022-09-15 14:44:51 -04:00
dependabot[bot]
2dc9591a2f build(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0
Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.12.3 to 0.13.0.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/master/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.12.3...v0.13.0)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-09-05 07:03:03 +03:00
Eero Tamminen
fb18923298 Log GPU device share count & type count changes separately
And instead of accessing DeviceTree internals, add suitable method for it.

Signed-off-by: Eero Tamminen <eero.t.tamminen@intel.com>
2022-08-31 17:23:57 +03:00
Mikko Ylinen
642c4f7b59 build: move to Go 1.19 and golangci-lint 1.48 because of that
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-08-15 10:13:37 +03:00
Mikko Ylinen
a13ee14e5f deployments: regenerate using the latest controller-gen
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-07-26 13:57:27 +03:00
Oleg Zhurakivskyy
495b01eecf operator: TestUpgrade: make expected*Image to follow ImageMinVersion
Closes #1005

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-07-07 12:08:29 +03:00
Ed Bartosh
9d04ce825d idxd: get rid of unused sysfsDir parameter 2022-06-08 22:09:27 +03:00
Mikko Ylinen
8987f1ba53 qat: add support for 401xx devices
QAT_401xx is a derivative of 4xxx. Add support for that device
by including the device IDs (both PF and VF).

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-06-02 08:11:39 +03:00
Oleg Zhurakivskyy
6c36827b54 idxd: Add /sys/bus/dsa to DSA, IAA initcontainer deployments
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-05-18 19:14:58 +03:00
Hyeongju Johannes Lee
85a12609a3 sgx: deprecate /dev/sgx/ mounts
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-05-09 18:59:34 +03:00
Mikko Ylinen
910a3d9a32 operator: update to 0.24.0 images
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-05-09 15:04:58 +03:00
Oleg Zhurakivskyy
54961c3d75 idxd: Make root filesystem read-only
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-05-05 10:44:47 +03:00
Manish Regmi
78d2fe24e3 changes related to selinux and permissions for openshift
* run the sgx container as container_device_plugin_t and init container
   as container_device_plugin_init_t. these labels are being added to
   container_selinux package upstream.
 * add rbac role for openshift
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
2022-04-28 14:32:35 -07:00
Ed Bartosh
bac24e1772
Merge pull request #962 from mythi/PR-2022-026
drop one more grpc.WithInsecure()
2022-04-20 17:55:41 +03:00
Mikko Ylinen
a4affb853c drop one more grpc.WithInsecure()
Commit 2adad5ae76 missed one grpc.WithInsecure(). Drop
it in this commit.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-04-12 12:23:52 +03:00
Mikko Ylinen
069b9bd79a qat: 4xxx: split generic resource to compression and crypto
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-04-07 22:33:17 +03:00
Mikko Ylinen
482ed7ba4d
Merge pull request #939 from hj-johannes-lee/qat-allocation-policy
qat: implement preferredAllocation policies
2022-04-07 21:15:49 +03:00
Hyeongju Johannes Lee
d3c8063ff3 qat: implement preferredAllocation policies
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-04-07 14:14:00 +03:00
Mikko Ylinen
2adad5ae76 drop deprecated grpc.WithInsecure()
grpc-go v1.43.0 deprecated grpc.WithInsecure() in favor of
insecure.NewCredentials(). Move to use the recommended approach
and drop the linter annotations.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-04-07 13:40:51 +03:00
Mikko Ylinen
c34eb51ebe
Merge pull request #915 from hj-johannes-lee/qat-initimage
qat: add initimage to plugin
2022-03-31 17:26:00 +03:00
Hyeongju Johannes Lee
df419b3a82 qat: add initimage to plugin
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
2022-03-30 13:46:42 -07:00
Dmitry Rozhkov
2cb914225c fpga_webhook: never reject already mutated CRs
For some reason the API server may want to pass an already mutated CR
through the webhook once again. The webhook must accept such CR with
no additional transformations.

This patch adds support for such idempotence by maintaining
a set of identity mappings which effectively resolve to themselves. No
patching is applied to them.
2022-03-29 11:01:49 +03:00
Mikko Ylinen
e3440505a9 fpga: export Patcher type
Fixes a linter warning:
"unexported-return: exported method GetPatcher returns unexported type
*patcher.patcher, which can be annoying to use (revive)"

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-29 08:03:58 +03:00
Oleg Zhurakivskyy
dbb2a9a7f8 operator: iaa: Drop hardcoded deployment, use embedded YAML
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-03-09 11:58:39 +02:00
Ed Bartosh
6b27cf1f7c Implement IAA plugin, operator, demo
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-03-04 15:58:42 +02:00
Ed Bartosh
3e2f9b1e80
Merge pull request #907 from mythi/PR-2022-016
operator: QAT and GPU controller updates
2022-03-01 17:43:49 +02:00
Ed Bartosh
13780a8cdc implement terrascan check
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2022-03-01 15:54:28 +02:00
Mikko Ylinen
fb73e2ecb3 gpu: avoid slice realloc in GpuDevicePlugin controller
The amount of GPU plugin parameters has increased but the
args slice capacity has not been changed. Update it to avoid
slice reallocations.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-01 07:48:17 +02:00
Mikko Ylinen
289fbb2eaa qat: update default devices in QatDevicePlugin controller
The default -kernelVfDrivers parameter set by QatDevicePlugin controller
was not in sync with the plugin parameters. Update.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
2022-03-01 07:45:54 +02:00
Ed Bartosh
d4966e089c
Merge pull request #857 from ozhuraki/operator-upgrade
operator: Support upgrade of plugins
2022-02-18 17:55:53 +02:00
Oleg Zhurakivskyy
cfc8eb18cb operator: Support upgrade of plugins
The upgrade of the deployed plugins can be done by simply installing
a new release of the operator.

The operator auto-upgrades operator-managed plugins (CR images
and thus corresponding deployed daemonsets) to the current release
of the operator.

The [registry-url]/[namespace]/[image] are kept intact on the upgrade.

No upgrade is done for:

- Non-operator managed deployments
- Operator deployments without numeric tags

Closes #702

Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:52:55 +02:00
Oleg Zhurakivskyy
b825e41f76 sgx: Add handling of initcontainer and its volume on update
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:52:48 +02:00
Oleg Zhurakivskyy
34044a9d48 fpga: Rename: fpgadeviceplugin -> intel-fpga-plugin
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
2022-02-18 12:03:24 +02:00
Dmitry Rozhkov
961fb3412c
fpga_webhook: make patcher idempotent (#892)
Webhook's patcher currently can't be re-applied to its output because it
rejects containers with the env vars it adds (e.i. FPGA_AFU_* and
FPGA_REGION_*).

Instead of rejecting container with disallowed env vars just reset them
first upon patching.
2022-02-18 10:24:03 +02:00
Ed Bartosh
55f3e17dd0 add 'annotations' parameter to the NewDeviceInfo API
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
2022-02-07 15:15:30 +02:00