initcontainer enables vfs and configures vfs
- only first pf is used to configure a vf
- only one vf is configured from the pf
add dlb-initcontainer kustomize overlay
update CRD to have initImage
implment operator to run initcontainer
update e2e test to run initcontainer overlay
update envtest to test initimage
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
With the latest version of controller-tools, we get to set
reinvocationPolicy tag so that we no longer have to add that
field manually in our Admission Webhook manifests.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
QAT_401xx is a derivative of 4xxx. Add support for that device
by including the device IDs (both PF and VF).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
* run the sgx container as container_device_plugin_t and init container
as container_device_plugin_init_t. these labels are being added to
container_selinux package upstream.
* add rbac role for openshift
Signed-off-by: Manish Regmi <manish.regmi@intel.com>
grpc-go v1.43.0 deprecated grpc.WithInsecure() in favor of
insecure.NewCredentials(). Move to use the recommended approach
and drop the linter annotations.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
For some reason the API server may want to pass an already mutated CR
through the webhook once again. The webhook must accept such CR with
no additional transformations.
This patch adds support for such idempotence by maintaining
a set of identity mappings which effectively resolve to themselves. No
patching is applied to them.
Fixes a linter warning:
"unexported-return: exported method GetPatcher returns unexported type
*patcher.patcher, which can be annoying to use (revive)"
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The amount of GPU plugin parameters has increased but the
args slice capacity has not been changed. Update it to avoid
slice reallocations.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The default -kernelVfDrivers parameter set by QatDevicePlugin controller
was not in sync with the plugin parameters. Update.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The upgrade of the deployed plugins can be done by simply installing
a new release of the operator.
The operator auto-upgrades operator-managed plugins (CR images
and thus corresponding deployed daemonsets) to the current release
of the operator.
The [registry-url]/[namespace]/[image] are kept intact on the upgrade.
No upgrade is done for:
- Non-operator managed deployments
- Operator deployments without numeric tags
Closes#702
Signed-off-by: Oleg Zhurakivskyy <oleg.zhurakivskyy@intel.com>
Webhook's patcher currently can't be re-applied to its output because it
rejects containers with the env vars it adds (e.i. FPGA_AFU_* and
FPGA_REGION_*).
Instead of rejecting container with disallowed env vars just reset them
first upon patching.
The changes made by addVolumeMount() were overriden when the
intermediate container variable was assigned to the pod and
thus the volumeMount changes were lost.
Fix it by making the volumeMount changes to the intermediate
container that is then assigned to the final pod.
Also, make the latest e2e test case to use the
checkMutatedVolumes() helper and fix the illegal Volume
name.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.42.0 to 1.43.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.42.0...v1.43.0)
---
updated-dependencies:
- dependency-name: google.golang.org/grpc
dependency-type: direct:production
update-type: version-update:semver-minor
...
---
In addition to changes made by dependabot, I add nolint comments to ignore staticcheck(SA1019) errors.
It is because insecure.NewCredentials() recommended as an alternative is still declared experimental.
So keep grpc.withInsecure() with nolint comment.
Signed-off-by: Hyeongju Johannes Lee <hyeongju.lee@intel.com>
