mirror of
https://github.com/intel/intel-device-plugins-for-kubernetes.git
synced 2025-06-03 03:59:37 +00:00
d65cb902e6
The SGX device nodes have changed from /dev/sgx/[enclave|provision] to /dev/sgx_[enclave|provision] in v4x RFC patches according to the LKML feedback. This changes moves to use the new device nodes. Backwards compatibility is provided by adding /dev/sgx directory mount to containers. This assumes the cluster admin has installed the udev rules provided in the README to make the old device nodes as symlinks to the new device nodes. Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
63 lines
1.7 KiB
YAML
63 lines
1.7 KiB
YAML
apiVersion: apps/v1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: intel-sgx-plugin
|
|
labels:
|
|
app: intel-sgx-plugin
|
|
spec:
|
|
selector:
|
|
matchLabels:
|
|
app: intel-sgx-plugin
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: intel-sgx-plugin
|
|
spec:
|
|
initContainers:
|
|
- name: intel-sgx-initcontainer
|
|
image: intel/intel-sgx-initcontainer:devel
|
|
imagePullPolicy: IfNotPresent
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
volumeMounts:
|
|
- mountPath: /etc/kubernetes/node-feature-discovery/source.d/
|
|
name: nfd-source-hooks
|
|
containers:
|
|
- name: intel-sgx-plugin
|
|
image: intel/intel-sgx-plugin:devel
|
|
securityContext:
|
|
readOnlyRootFilesystem: true
|
|
imagePullPolicy: IfNotPresent
|
|
volumeMounts:
|
|
- name: kubeletsockets
|
|
mountPath: /var/lib/kubelet/device-plugins
|
|
- name: sgxdevices
|
|
mountPath: /dev/sgx
|
|
readOnly: true
|
|
- name: sgx-enclave
|
|
mountPath: /dev/sgx_enclave
|
|
readOnly: true
|
|
- name: sgx-provision
|
|
mountPath: /dev/sgx_provision
|
|
readOnly: true
|
|
volumes:
|
|
- name: kubeletsockets
|
|
hostPath:
|
|
path: /var/lib/kubelet/device-plugins
|
|
- name: sgxdevices
|
|
hostPath:
|
|
path: /dev/sgx
|
|
type: DirectoryOrCreate
|
|
- name: sgx-enclave
|
|
hostPath:
|
|
path: /dev/sgx_enclave
|
|
type: CharDevice
|
|
- name: sgx-provision
|
|
hostPath:
|
|
path: /dev/sgx_provision
|
|
type: CharDevice
|
|
- name: nfd-source-hooks
|
|
hostPath:
|
|
path: /etc/kubernetes/node-feature-discovery/source.d/
|
|
type: DirectoryOrCreate
|