github/intel-device-plugins-for-kubernetes
7
0
Fork 0
mirror of https://github.com/intel/intel-device-plugins-for-kubernetes.git synced 2025-06-03 03:59:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
intel-device-plugins-for-ku.../deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml
Tuomas Katila 74006cda80 depl: drop capabilities from all plugins 
Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
2025-01-02 15:42:32 +02:00

92 lines
2.3 KiB
YAML
Raw Permalink Blame History

apiVersion: apps/v1
kind: DaemonSet
metadata:
name: intel-fpga-plugin
namespace: system
labels:
app: intel-fpga-plugin
spec:
selector:
matchLabels:
app: intel-fpga-plugin
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 0
maxUnavailable: 1
template:
metadata:
labels:
app: intel-fpga-plugin
spec:
initContainers:
- name: intel-fpga-initcontainer
image: intel/intel-fpga-initcontainer:devel
imagePullPolicy: IfNotPresent
securityContext:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /opt/intel/fpga-sw
name: intel-fpga-sw
containers:
- name: intel-fpga-plugin
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
image: intel/intel-fpga-plugin:devel
imagePullPolicy: IfNotPresent
args:
- -mode=af
terminationMessagePath: /tmp/termination-log
securityContext:
seLinuxOptions:
type: "container_device_plugin_t"
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
resources:
requests:
memory: "30Mi"
cpu: 80m
limits:
memory: "60Mi"
cpu: 160m
volumeMounts:
- name: devfs
mountPath: /dev
readOnly: true
- name: sysfs
mountPath: /sys/class
readOnly: true
- name: kubeletsockets
mountPath: /var/lib/kubelet/device-plugins
- name: cdidir
mountPath: /var/run/cdi
volumes:
- name: devfs
hostPath:
path: /dev
- name: sysfs
hostPath:
path: /sys/class
- name: kubeletsockets
hostPath:
path: /var/lib/kubelet/device-plugins
- name: intel-fpga-sw
hostPath:
path: /opt/intel/fpga-sw
type: DirectoryOrCreate
- name: cdidir
hostPath:
path: /var/run/cdi
type: DirectoryOrCreate
nodeSelector:
kubernetes.io/arch: amd64
Reference in New Issue View Git Blame Copy Permalink