"unconfined" annotation was needed to get writes to new_id / bind
to succeed on AppArmor enabled OSes.
However, many things have changed:
* new_id should not be used anymore and it was dropped in the plugin.
* QAT initcontainer has assumed the role of HW initialization.
* vfio-pci is the preferred "dpdkDriver" and starting with QAT Gen4, it
is the only available VF driver so unbind isn't necessary.
* k8s AppArmor is "GA" since 1.30 and the annotation is deprecated.
As of now, the initcontainer will take care of binding QAT VFs to vfio-pci
so the plugin does not neeed to set AppArmor at all.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Differentiate objects by adding cr names as suffixes
Drop kind book keeping and related functions from controllers
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
setInitContainer() adds "init-sriov-numvfs" to initContainers
but uses initcontainerName constant to search where to add
the QAT configMap volumeMount. Fix by moving all code to use
the const.
It was also noticed in the controller logs that setting Pod
Volumes is not idempotent but broken DaemonSet gets created:
""intel-device-plugins-manager: Reconciler error "err="DaemonSet.apps
\"intel-qat-plugin\" is invalid: spec.template.spec.volumes[6].name:
Duplicate value: \"qat-config\"" controller="qatdeviceplugin"
controllerGroup="deviceplugin.intel.com"
Finally, change 'qat-config' to 'intel-qat-config-volume' to
better describe that it's a volume.
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
with the updated controller-runtime, new ginkgo is pulled in and it
warns about a few to-be-deprecated functions. This commit fixes those
too as they were rather small changes.
Smalle delay is added AfterEach() device plugin controller test as
they became flaky after the envtest updates (DaemonSet deletion failed).
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
The device plugins daemonsets are cluster wide and currently only
one device plugin instance per device is possible so making the
corresponding deviceplugin/v1 CRDs non-namespaced (i.e., scope: cluster)
fits better.
Previously, the device plugin daemonset was deployed in the same
namespace as the CR for that device but with the cluster scoped CRDs
we default to use the same namespace as the operator, unless overridden
via DEVICEPLUGIN_NAMESPACE env variable or a command line parameter
to operator manager deployment.
Three additional changes in this commit:
- enable DSA envtest tests
- update controller-runtime to v0.8.1
- change device plugin envtest suite to use klog/v2
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
