This adds a PreferredAllocator interface so that plugins can
optionally implement the API.
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
The SGX device nodes have changed from /dev/sgx/[enclave|provision]
to /dev/sgx_[enclave|provision] in v4x RFC patches according to the
LKML feedback.
This changes moves to use the new device nodes. Backwards compatibility
is provided by adding /dev/sgx directory mount to containers. This
assumes the cluster admin has installed the udev rules provided in the
README to make the old device nodes as symlinks to the new device nodes.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Warn users if sgx.intel.com/[enclave|provision] resources are
specified in the pod spec. Only sgx.intel.com/epc should be used
directly.
The warnings work only with kubernetes 1.19 and later.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This call is implemented by calling ioctl, which raises
"open /dev/intel-fpga-port.X: operation not permitted" error
when called inside unprivileged container.
This breaks FPGA plugin.
Calling this API from fpga_tool is still OK, so
moving calls there should fix the issue.
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
This adds the initImage field to the custom resource definition
and takes it into use.
The fpga webhook image validation function is split off into a
separate file.
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
The function will be re-used by other webhooks too so it's better
to move it to its own package.
The unit tests are taken from the original implementation with some
minor changes.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
This commit adds new function validateContainer() that runs the
same FPGA_* ENV validation checks as before in getRequestedResources().
The restructuring is done in preparations for moving
getRequestedResources() to a separate package.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
this commits also changes validatePluginImage() to allow
image version as a parameter so that it can be used by by
other webooks too.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
fpga: make AFU resource name 63 char long
webhook: drop mode from README
webhook: extend mappings description
webhook: tighten CRD definitions
webhook: drop mapping to non-existing afuId
explicitly state mappings names can be in any format
use consistent terminology across fpga webhook and plugin
Doing strings.Split with a non-empty separator against a potentially
empty string (hint.NUMAs) may return an empty string in a slice of
size one, which then doesn't parse nicely with ParseInt and results
in a repeating warning.
It is better to check for hint.NUMAs emptiness before trying to
split it.
Signed-off-by: Ukri Niemimuukko <ukri.niemimuukko@intel.com>
