initcontainer enables vfs and configures vfs
- only first pf is used to configure a vf
- only one vf is configured from the pf
add dlb-initcontainer kustomize overlay
update CRD to have initImage
implment operator to run initcontainer
update e2e test to run initcontainer overlay
update envtest to test initimage
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
Added testssl.sh switches to add more tests
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Jason Culligan <jason.culligan@intel.com>
Due to a regression in k8s.io@v1.25, WaitForPodsWithLabelRunningReady()
ignored user provided timeout and defaulted to 60s. In some cases, NFD
needs more than that to the tests fail.
Workaround the problem by moving to use WaitForPodsRunningReady() with
minPods=2 (nfd-master and at least one nfd-worker).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
- used different pods for PF and VF workloads
- increased waiting timeout to 200s
- used 'epoll' waiting mode for test apps
- decreased amount of packets from 128 to 8 for test apps
- output pod logs
- done small code optimisations
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
WaitForFinish waits for pod to finish running, regardless of
success or failure. WaitForSuccess waits for pod to succeed
which is what we expect from our test workloads that try
to use the devices.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Start using the newly created NodeFeatureRule configs with SGX.
This allows to drop the custom worker config.
Additionally, split the example NFD deployment into two steps
1) plain NFD (+SGX json patches)
2) NodeFeatureRule creation
NodeFeatureRule creation is not guaranteed to succeed when it's
part of the same kustomization with the CRD creation. Users may
also have NFD already running so allowing 2) alone works better
in that scenario.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The NFD worker sleep timout is 60s by default so there are changes
we'll miss getting the sgx.intel.com/epc extended resource registered
before the timeout.
Increase the timeout so that at least two NFD worker labeling rounds
are included.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Previously, the SGX plugin deployment pulled in NFD and
SGX webhook as well. This triggered kustomize issues when
trying to get everything under the same namespace.
This commit splits the three deployments into their own steps.
It allows to keep the static parts part of [Before|After]Each
and helps to build SGX plugin/application test cases more
easily.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The changes made by addVolumeMount() were overriden when the
intermediate container variable was assigned to the pod and
thus the volumeMount changes were lost.
Fix it by making the volumeMount changes to the intermediate
container that is then assigned to the final pod.
Also, make the latest e2e test case to use the
checkMutatedVolumes() helper and fix the illegal Volume
name.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
- don't delete deployment as it may not exist
- set restart policy to Never to avoid running the same tests many times
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
To simplify the e2e node setup, change the QAT tests to deploy with
the sriov_numvfs overlay.
Moreover, as we are seeing the vfio-pci driver becoming built-in and
requiring opt-in parameters depending on the kernel version, it's
better to move the vfio-pci initcontainer step(s) to kernel cmdline/
modules-load.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Unset fields are not 'false' but a nil pointer. Fix the
securityContext checks to take this into account.
Fixes: "e2e: add a test to check that plugins ReadOnlyRootfs is enabled"
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Go 1.16 release notes announced the deprecation of io/ioutil [1]. It's easy
for us to move to use what is was recommended so just do it.
[1] https://golang.org/doc/go1.16#ioutil
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
