device-plugin/ccnp-device-plugin: device plugin for CCNP (#54)

* device-plugin/ccnp-device-plugin: add device plugin for CCNP * ccnp-device-plugin: update to use klog
intel · Jul 18, 2023 · 7b54ed1 · 7b54ed1
1 parent 9554371
commit 7b54ed1
Show file tree

Hide file tree

Showing 13 changed files with 625 additions and 0 deletions.
diff --git a/device-plugin/ccnp-device-plugin/Makefile b/device-plugin/ccnp-device-plugin/Makefile
@@ -0,0 +1,14 @@
+
+export GO111MODULE=on
+
+.PHONY: build deploy
+
+build:
+	CGO_ENABLED=0 GOOS=linux 
+	@go build -a -installsuffix cgo -o build/ccnp-device-plugin cmd/server/app.go
+
+deploy:
+	helm install ccnp-device-plugin deploy/helm/ccnp-device-plugin 
+
+clean:
+	@rm -f build
diff --git a/device-plugin/ccnp-device-plugin/cmd/server/app.go b/device-plugin/ccnp-device-plugin/cmd/server/app.go
@@ -0,0 +1,50 @@
+/* SPDX-license-identifier: Apache-2.0 */
+package main
+
+import (
+	"log"
+	"os"
+	"path"
+
+	"ccnp-device-plugin/pkg/server"
+
+	"github.com/fsnotify/fsnotify"
+	"k8s.io/klog/v2"
+)
+
+func main() {
+
+	log.Println("Intel CCNP device plugin starting")
+	ccnpdpsrv := server.NewCcnpDpServer()
+	go ccnpdpsrv.Run()
+
+	if err := ccnpdpsrv.RegisterToKubelet(); err != nil {
+		klog.Errorf("register to kubelet error: %v", err)
+	}
+
+	watcher, err := fsnotify.NewWatcher()
+	if err != nil {
+		klog.Fatalf("Failed to created FS watcher.")
+		os.Exit(1)
+	}
+	defer watcher.Close()
+
+	err = watcher.Add(path.Dir(server.KubeletSocket))
+	if err != nil {
+		klog.Fatalf("watch kubelet error")
+		return
+	}
+	for {
+		select {
+		case event := <-watcher.Events:
+			if event.Name == server.KubeletSocket && event.Op&fsnotify.Create == fsnotify.Create {
+				klog.Fatalf("restart CCNP device plugin due to kubelet restart")
+			}
+			if event.Name == server.CcnpDpSocket && event.Op&fsnotify.Remove == fsnotify.Remove {
+				klog.Fatalf("restart CCNP device plugin due to device plugin socket being deleted")
+			}
+		case err := <-watcher.Errors:
+			klog.Fatalf("fsnotify watch error: %s", err)
+		}
+	}
+}
diff --git a/device-plugin/ccnp-device-plugin/container/Dockerfile b/device-plugin/ccnp-device-plugin/container/Dockerfile
@@ -0,0 +1,17 @@
+From golang:1.20-alpine3.17 AS builder
+
+RUN apk update \
+    && apk add --no-cache protoc make
+
+WORKDIR /usr/local/go/src/github.com/ccnp-device-plugin/
+COPY . ./
+RUN make
+
+
+From alpine:3.17.0
+
+WORKDIR /bin
+COPY --from=builder /usr/local/go/src/github.com/ccnp-device-plugin/build/ccnp-device-plugin ./
+
+CMD ["/bin/ccnp-device-plugin"]
+
diff --git a/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/Chart.yaml b/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/Chart.yaml
@@ -0,0 +1,21 @@
+apiVersion: v2
+name: ccnp-device-plugin
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application.
+appVersion: latest
diff --git a/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/_helpers.tpl b/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/_helpers.tpl
@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "ccnp-device-plugin.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "ccnp-device-plugin.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "ccnp-device-plugin.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "ccnp-device-plugin.labels" -}}
+helm.sh/chart: {{ include "ccnp-device-plugin.chart" . }}
+{{ include "ccnp-device-plugin.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
+
+{{/*
+Selector labels
+*/}}
+{{- define "ccnp-device-plugin.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "ccnp-device-plugin.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "ccnp-device-plugin.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "ccnp-device-plugin.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/...gin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/cluster-role-binding.yaml b/...gin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+    name: ccnp-device-plugin-admin-binding
+roleRef:
+    kind: ClusterRole
+    name: cluster-admin
+    apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: ccnp-device-plugin-admin
+    namespace: {{ .Values.namespace }} 
diff --git a/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/daemonset.yaml b/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/daemonset.yaml
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "ccnp-device-plugin.fullname" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+    {{- include "ccnp-device-plugin.labels" . | nindent 4 }}
+spec:
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      {{- include "ccnp-device-plugin.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        {{- include "ccnp-device-plugin.selectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "ccnp-device-plugin.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: device-plugin
+              mountPath: /var/lib/kubelet/device-plugins
+            - name: tdx-guest
+              mountPath: {{ .Values.tdxDevice }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      volumes:
+      - name: device-plugin
+        hostPath:
+          type: Directory
+          path: /var/lib/kubelet/device-plugins
+      - name: tdx-guest
+        hostPath:
+          path: {{ .Values.tdxDevice }}
+          type: CharDevice
diff --git a/...ce-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/serviceaccount.yaml b/...ce-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/templates/serviceaccount.yaml
@@ -0,0 +1,9 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "ccnp-device-plugin.serviceAccountName" . }}
+  namespace: {{ .Values.namespace }}
+  labels:
+{{ include "ccnp-device-plugin.labels" . | nindent 4 }}
+{{- end -}}
diff --git a/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/values.yaml b/device-plugin/ccnp-device-plugin/deploy/helm/ccnp-device-plugin/values.yaml
@@ -0,0 +1,55 @@
+# Default values for ccnp-device-plugin.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: docker.io/library/ccnp-device-plugin
+  tag: 0.1
+  pullPolicy: IfNotPresent
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+namespace: kube-system
+
+tdxDevice: /dev/tdx-guest
+
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ccnp-device-plugin-admin
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+nodeSelector: {
+  intel.feature.node.kubernetes.io/tdx-guest: enabled
+}
+
+affinity: {}
diff --git a/device-plugin/ccnp-device-plugin/deploy/node-feature-rules.yaml b/device-plugin/ccnp-device-plugin/deploy/node-feature-rules.yaml
@@ -0,0 +1,13 @@
+apiVersion: nfd.k8s-sigs.io/v1alpha1
+kind: NodeFeatureRule
+metadata:
+  name: ccnp-dp-devices
+spec:
+  rules:
+    - name: "intel.tdx"
+      labels:
+        "intel.feature.node.kubernetes.io/tdx-guest": "enabled"
+      matchFeatures:
+        - feature: cpu.security
+          matchExpressions:
+            tdx.protected: {op: IsTrue}
diff --git a/device-plugin/ccnp-device-plugin/go.mod b/device-plugin/ccnp-device-plugin/go.mod
@@ -0,0 +1,18 @@
+module ccnp-device-plugin
+
+go 1.20
+
+require (
+        github.com/fsnotify/fsnotify v1.6.0 // indirect
+        github.com/gogo/protobuf v1.3.2 // indirect
+        github.com/golang/protobuf v1.5.3 // indirect
+        golang.org/x/net v0.9.0 // indirect
+        golang.org/x/sys v0.7.0 // indirect
+        golang.org/x/text v0.9.0 // indirect
+        google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
+        google.golang.org/grpc v1.56.1 // indirect
+        google.golang.org/protobuf v1.30.0 // indirect
+        k8s.io/klog/v2 v2.90.1 // indirect
+        k8s.io/kubelet v0.27.3 // indirect
+        github.com/go-logr/logr v1.2.3
+)