From c11a9ddf76065ae6dc565f2f23109b58b13e8d2b Mon Sep 17 00:00:00 2001 From: hairongchen Date: Thu, 13 Jul 2023 21:02:12 +0800 Subject: [PATCH] ccnp-device-plugin: add udev and uds dir section --- .github/cspell.json | 4 +++- device-plugin/ccnp-device-plugin/README.md | 21 +++++++++++++++++++-- 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/.github/cspell.json b/.github/cspell.json index bf535a7f..3536c931 100644 --- a/.github/cspell.json +++ b/.github/cspell.json @@ -12,6 +12,8 @@ "ccnp", "TDVM", "kustomization", - "srwxr" + "srwxr", + "udev", + "udevadm" ] } diff --git a/device-plugin/ccnp-device-plugin/README.md b/device-plugin/ccnp-device-plugin/README.md index 24e129aa..2155b691 100644 --- a/device-plugin/ccnp-device-plugin/README.md +++ b/device-plugin/ccnp-device-plugin/README.md @@ -24,7 +24,24 @@ The CCNP device plugin need to deploy on VM nodes with guest TEE devices(current of the plugin daemonset is based on the node label set by [Node Feature Discovery](https://github.com/kubernetes-sigs/node-feature-discovery/). So we need to install the NFD and corresponding label rules. -1. deploy NFD +1. setup following udev rule to enable other user in the node to read and write to tdx guest device node +``` +cat /etc/udev/rules.d/90-tdx.rules +SUBSYSTEM=="misc",KERNEL=="tdx-guest",MODE="0666" + +``` +After adding the rule, you can restart the node or run following command to trigger the update: +``` +udevadm trigger +``` + +2. prepare the shared Unix Domain Socket directory to be mounted to both ccnp service pods and workload pods +``` +mkdir -p /run/ccnp/uds +chmod o+w /run/ccnp/uds +``` + +3. deploy NFD > Note: when node-feature-discovery new [release v0.14](https://github.com/kubernetes-sigs/node-feature-discovery/issues/1250) is ready, bellow command can be used to deploy NFD with TDVM support: @@ -40,7 +57,7 @@ make image kubectl apply -k kustomization.yaml ``` -2. deploy NFD label rules +4. deploy NFD label rules ``` kubectl apply -f device-plugin/ccnp-device-plugin/deploy/node-feature-rules.yaml ```