Instructions for Device Plugin Development and Maintenance
+Table of Contents
+-
+
- + + +
- + + +
- +
Day-to-day Development How to’s
+Get the Source Code
+With git installed on the system, just clone the repository:
$ export INTEL_DEVICE_PLUGINS_SRC=/path/to/intel-device-plugins-for-kubernetes
+$ git clone https://github.com/intel/intel-device-plugins-for-kubernetes ${INTEL_DEVICE_PLUGINS_SRC}
+Build and Run Plugin Binaries
+With go development environment installed on the system, build the plugin:
$ cd ${INTEL_DEVICE_PLUGINS_SRC}
+$ make <plugin-build-target>
+Note: All the available plugin build targets is roughly the output of ls ${INTEL_DEVICE_PLUGINS_SRC}/cmd.
To test the plugin binary on the development system, run as administrator:
+$ sudo -E ${INTEL_DEVICE_PLUGINS_SRC}/cmd/<plugin-build-target>/<plugin-build-target>
+Build Container Images
+The dockerfiles are generated on the fly from .in suffixed files and .docker include-snippets which are stitched together with
+cpp preprocessor. You need to install cpp for that, e.g. in ubuntu it is found from build-essential (sudo apt install build-essential).
+Don’t edit the generated dockerfiles. Edit the inputs.
The simplest way to build all the docker images, is:
+$ make images
+But it is very slow. You can drastically speed it up by first running once:
+$ make vendor
+Which brings the libraries into the builder container without downloading them again and again for each plugin.
+But it is still slow. You can further speed it up by first running once:
+$ make licenses
+Which pre-creates the go-licenses for all plugins, instead of re-creating them for each built plugin, every time.
+But it is still rather slow to build all the images, and unnecessary, if you iterate on just one. Instead, build just the one you are iterating on, example:
+$ make <image-build-target>
+Note: All the available image build targets is roughly the output of ls ${INTEL_DEVICE_PLUGINS_SRC}/build/docker/*.Dockerfile.
If you iterate on only one plugin and if you know what its target cmd is (see folder cmd/), you can opt to pre-create just its licenses, example:
$ make licenses/<plugin-build-target>
+The container image target names in the Makefile are derived from the .Dockerfile.in suffixed filenames under folder build/docker/templates/.
Recap:
+$ make vendor
+$ make licenses (or just make licenses/<plugin-build-target>)
+$ make <image-build-target>
+Repeat the last step only, unless you change library dependencies. If you pull in new sources, start again from make vendor.
Note: The image build tool can be changed from the default docker by setting the BUILDER argument
+to the Makefile: make <image-build-target> BUILDER=<builder>. Supported values are docker, buildah, and podman.
Build Against a Newer Version of Kubernetes
+First, you need to update module dependencies. The easiest way is to use
+scripts/upgrade_k8s.sh copied from a k/k issue:
Just run it inside the repo’s root, e.g.
+$ ${INTEL_DEVICE_PLUGINS_SRC}/scripts/upgrade_k8s.sh <k8s version>
+Finally, run:
+$ make generate
+$ make test
+and fix all new compilation issues.
+Work with Intel Device Plugins Operator Modifications
+There are few useful steps when working with changes to Device Plugins CRDs and controllers:
+-
+
Install controller-gen:
GO111MODULE=on go get -u sigs.k8s.io/controller-tools/cmd/controller-gen@<release ver>, e.g, v0.4.1
+Generate CRD and Webhook artifacts:
make generate
+Test local changes using envtest:
make envtest
+Build a custom operator image:
make intel-deviceplugin-operator
+(Un)deploy operator:
kubectl [apply|delete] -k deployments/operator/default
+
Publish a New Version of the Intel Device Plugins Operator to operatorhub.io
+Check if the fields mentioned below in the base CSV manifest file have the correct values. If not, fix them manually (operator-sdk does not support updating these fields in any other way).
+-
+
spec.version
+spec.replaces
+metadata.annotations.containerImage
+metadata.annotations.createdAT
+
Fork the Community Operators repo and clone it:
+$ git clone https://github.com/<GitHub Username>/community-operators
+Generate bundle and build bundle image:
+$ make bundle TAG=0.X.Y CHANNELS=alpha DEFAULT_CHANNEL=alpha
+$ make bundle-build
+Push the image to a registry:
+-
+
If pushing to the Docker hub, specify
docker.io/in front of the image name for running bundle.
+If pushing to the local registry, put the option
--use-httpfor running bundle.
+
Verify the operator deployment works OK via OLM in your development cluster:
+$ operator-sdk olm install
+$ kubectl create namespace testoperator
+$ operator-sdk run bundle <Registry>:<Tag> -n testoperator
+# do verification checks
+...
+# do clean up
+$ operator-sdk cleanup intel-device-plugins-operator --namespace testoperator
+$ kubectl delete namespace testoperator
+$ operator-sdk olm uninstall
+Commit files:
+$ cd community-operators
+$ git add operators/intel-device-plugins-operator/0.X.Y
+$ git commit -am 'operators intel-device-plugins-operator (0.X.Y)' -s
+Submit a PR to Community Operators repo.
+Check operator page +https://operatorhub.io/operator/intel-device-plugins-operator +after PR is merged.
+Run E2E Tests
+Currently the E2E tests require having a Kubernetes cluster already configured +on the nodes with the hardware required by the device plugins. Also all the +container images with the executables under test must be available in the +cluster. If these two conditions are satisfied, run the tests with:
+$ go test -v ./test/e2e/...
+In case you want to run only certain tests, e.g., QAT ones, run:
+$ go test -v ./test/e2e/... -args -ginkgo.focus "QAT"
+If you need to specify paths to your custom kubeconfig containing
+embedded authentication info then add the -kubeconfig argument:
$ go test -v ./test/e2e/... -args -kubeconfig /path/to/kubeconfig
+The full list of available options can be obtained with:
+$ go test ./test/e2e/... -args -help
+It is also possible to run the tests which don’t depend on hardware +without a pre-configured Kubernetes cluster. Just make sure you have +Kind installed on your host and run:
+$ make test-with-kind
+Run Controller Tests with a Local Control Plane
+The controller-runtime library provides a package for integration testing by +starting a local control plane. The package is called +envtest. The +operator uses this package for its integration testing.
+For setting up the environment for testing, setup-envtest can be used:
$ go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+$ setup-envtest use <K8S_VERSION>
+$ KUBEBUILDER_ASSETS=$(setup-envtest use -i -p path <K8S_VERSION>) make envtest
+How to Develop Simple Device Plugins
+To create a simple device plugin without the hassle of developing your own gRPC
+server, you can use a package included in this repository called
+github.com/intel/intel-device-plugins-for-kubernetes/pkg/deviceplugin.
All you have to do is instantiate a deviceplugin.Manager and call
+its Run() method:
func main() {
+ ...
+
+ manager := dpapi.NewManager(namespace, plugin)
+ manager.Run()
+}
+The manager’s constructor accepts two parameters:
+-
+
namespacewhich is a string like “color.example.com”. All your devices +will be exposed under this name space, e.g. “color.example.com/yellow”. +Please note that one device plugin can register many such “colors”. +The manager will instantiate multiple gRPC servers for every registered “color”.
+pluginwhich is a reference to an object implementing one mandatory +interfacedeviceplugin.Scanner.
+
deviceplugin.Scanner defines one method Scan() which is called only once
+for every device plugin by deviceplugin.Manager in a goroutine and operates
+in an infinite loop. A Scan() implementation scans the host for devices and
+sends all found devices to a deviceplugin.Notifier instance. The
+deviceplugin.Notifier is implemented and provided by the deviceplugin
+package itself. The found devices are organized in an instance of
+deviceplugin.DeviceTree object. The object is filled in with its
+AddDevice() method:
func (dp *devicePlugin) Scan(notifier deviceplugin.Notifier) error {
+ for {
+ devTree := deviceplugin.NewDeviceTree()
+ ...
+ devTree.AddDevice("yellow", devID, deviceplugin.DeviceInfo{
+ State: health,
+ Nodes: []pluginapi.DeviceSpec{
+ {
+ HostPath: devPath,
+ ContainerPath: devPath,
+ Permissions: "rw",
+ },
+ },
+ })
+ ...
+ notifier.Notify(devTree)
+ }
+}
+Optionally, your device plugin may also implement the
+deviceplugin.PostAllocator interface. If implemented, its method
+PostAllocate() modifies pluginapi.AllocateResponse responses just
+before they are sent to kubelet. To see an example, refer to the FPGA
+plugin which implements this interface to annotate its responses.
In case you want to implement the whole allocation functionality in your
+device plugin, you can implement the optional deviceplugin.Allocator
+interface. In this case PostAllocate() is not called. But if you decide in your
+implementation of deviceplugin.Allocator that you need to resort to the default
+implementation of the allocation functionality then return an error of the type
+deviceplugin.UseDefaultMethodError.
Logging
+The framework uses klog as its logging
+framework. It is encouraged for plugins to also use klog to maintain uniformity
+in the logs and command line options.
The framework initialises klog, so further calls to klog.InitFlags() by
+plugins should not be necessary. This does add a number of log configuration
+options to your plugin, which can be viewed with the -h command line option of your
+plugin.
The framework tries to adhere to the Kubernetes
+Logging Conventions.
+The advise is to use the V() levels for Info() calls, as calling Info()
+with no set level will make configuration and filtering of logging via the command
+line more difficult.
The default is to not log Info() calls. This can be changed using the plugin command
+line -v parameter. The additional annotations prepended to log lines by ‘klog’ can be disabled
+with the -skip_headers option.
Error Conventions
+The framework has a convention for producing and logging errors. Ideally plugins will also adhere +to the convention.
+Errors generated within the framework and plugins are instantiated with the New() and
+Errorf() functions of the errors package:
return errors.New("error message")
+Errors generated from outside the plugins and framework are augmented with their stack dump with code such as
+ return errors.WithStack(err)
+or
+ return errors.Wrap(err, "some additional error message")
+These errors are then logged using a default struct value format like:
+ klog.Errorf("Example of an internal error death: %+v", err)
+at the line where it’s certain that the error cannot be passed out farther nor handled gracefully. +Otherwise, they can be logged as simple values:
+ klog.Warningf("Example of a warning due to an external error: %v", err)
+Checklist for New Device Plugins
+For new device plugins contributed to this repository, below is a +checklist to get the plugin on par feature and quality wise with +others:
+-
+
Plugin binary available in
cmd/, its corresponding Dockerfile inbuild/docker/and deployment Kustomization/YAMLs indeployments/.
+Plugin binary Go unit tests implemented and passing with >80% coverage:
make test WHAT=./cmd/<plugin>.
+Plugin binary linter checks passing:
make lint.
+Plugin e2e tests implemented in
test/e2e/and passing:go test -v ./test/e2e/... -args -ginkgo.focus "<plugin>".
+Plugin CRD API added to
pkg/apis/deviceplugin/v1and CRDs generated:make generate.
+Plugin CRD validation tests implemented in
test/envtest/and passing:make envtest.
+Plugin CRD controller implemented in
pkg/controllers/and added to the manager incmd/operator/main.go.
+Plugin documentation written
cmd/<plugin>/README.mdand optionally end to end demos created indemo.
+
+
+### Verify Operator installation
+1. Go to **Operator** -> **Installed Operators**
+2. Verify the status of operator as **Succeeded**
+3. Click **Intel Device Plugins Operator** to view the details
+ 
+
+
+## Deploying Intel Device Plugins
+
+### Intel SGX Device Plugin
+Follow the steps below to deploy Intel SGX Device Plugin Custom Resource
+1. Go to **Operator** -> **Installed Operators**
+2. Open **Intel Device Plugins Operator**
+3. Navigate to tab **Intel Software Guard Extensions Device Plugin**
+4. Click **Create SgxDevicePlugin ->** set correct parameters -> Click **Create**
+ OR for any customizations, please select `YAML view` and edit details. Once done, click **Create**
+5. Verify CR by checking the status of DaemonSet **`intel-sgx-plugin`**
+6. Now `SgxDevicePlugin` is ready to deploy any workloads
diff --git a/0.27/_sources/cmd/qat_plugin/README.md.txt b/0.27/_sources/cmd/qat_plugin/README.md.txt
new file mode 100644
index 000000000..15875480e
--- /dev/null
+++ b/0.27/_sources/cmd/qat_plugin/README.md.txt
@@ -0,0 +1,256 @@
+# Intel QuickAssist Technology (QAT) device plugin for Kubernetes
+
+Table of Contents
+
+* [Introduction](#introduction)
+* [Modes and Configuration Options](#modes-and-configuration-options)
+* [Installation](#installation)
+ * [Prerequisites](#prerequisites)
+ * [Pre-built Images](#pre-built-images)
+ * [Verify Plugin Registration](#verify-plugin-registration)
+* [Demos and Testing](#demos-and-testing)
+ * [DPDK QAT Demos](#dpdk-qat-demos)
+ * [DPDK Prerequisites](#dpdk-prerequisites)
+ * [Deploy the pod](#deploy-the-pod)
+ * [Manual test run](#manual-test-run)
+ * [Automated test run](#automated-test-run)
+ * [OpenSSL QAT Demo](#openssl-qat-demo)
+* [Checking for Hardware](#checking-for-hardware)
+
+## Introduction
+
+This Intel QAT device plugin provides support for Intel QAT devices under Kubernetes.
+The supported devices are determined by the VF device drivers available in your Linux
+Kernel. See the [Prerequisites](#prerequisites) section for more details.
+
+Supported Devices include, but may not be limited to, the following:
+
+- [Intel® Xeon® with Intel® C62X Series Chipset][1]
+- Intel® Xeon® with Intel® QAT Gen4 devices
+- [Intel® Atom™ Processor C3000][2]
+- [Intel® Communications Chipset 8925 to 8955 Series][3]
+
+The QAT device plugin provides access to QAT hardware accelerated cryptographic and compression features.
+Demonstrations are provided utilising [DPDK](https://doc.dpdk.org/) and [OpenSSL](https://www.openssl.org/).
+
+[Kata Containers](https://katacontainers.io/) QAT integration is documented in the
+[Kata Containers documentation repository][6].
+
+## Modes and Configuration Options
+
+The QAT plugin can take a number of command line arguments, summarised in the following table:
+
+| Flag | Argument | Meaning |
+|:---- |:-------- |:------- |
+| -dpdk-driver | string | DPDK Device driver for configuring the QAT device (default: `vfio-pci`) |
+| -kernel-vf-drivers | string | Comma separated VF Device Driver of the QuickAssist Devices in the system. Devices supported: DH895xCC, C62x, C3xxx, 4xxx/401xx/402xx, C4xxx and D15xx (default: `c6xxvf,4xxxvf`) |
+| -max-num-devices | int | maximum number of QAT devices to be provided to the QuickAssist device plugin (default: `64`) |
+| -mode | string | plugin mode which can be either `dpdk` or `kernel` (default: `dpdk`) |
+| -allocation-policy | string | 2 possible values: balanced and packed. Balanced mode spreads allocated QAT VF resources balanced among QAT PF devices, and packed mode packs one QAT PF device full of QAT VF resources before allocating resources from the next QAT PF. (There is no default.) |
+
+The plugin also accepts a number of other arguments related to logging. Please use the `-h` option to see
+the complete list of logging related options.
+
+For more details on the `-dpdk-driver` choice, see
+[DPDK Linux Driver Guide](http://dpdk.org/doc/guides/linux_gsg/linux_drivers.html).
+
+> **Note:**: With Linux 5.9+ kernels the `vfio-pci` module must be loaded with
+> `disable_denylist=1` parameter for the QAT device plugin to work correctly with
+> devices prior to Gen4 (`4xxx`).
+
+For more details on the available options to the `-kernel-vf-drivers` option, see the list of
+vf drivers available in the [Linux Kernel](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat).
+
+If the `-mode` parameter is set to `kernel`, no other parameter documented above are valid,
+except the `klog` logging related parameters.
+`kernel` mode implements resource allocation based on system configured [logical instances][7].
+
+> **Note**: `kernel` mode is excluded by default from all builds (including those hosted on the Docker hub),
+> by default. See the [Build the plugin image](#build-the-plugin-image) section for more details.
+
+The `kernel` mode does not guarantee full device isolation between containers
+and therefore it's not recommended. This mode will be deprecated and removed once `libqat`
+implements non-UIO based device access.
+
+## Installation
+
+The below sections cover how to obtain, build and install this component.
+
+The component can be installed either using a DaemonSet or running 'by hand' on each node.
+
+### Prerequisites
+
+The component has the same basic dependancies as the
+[generic plugin framework dependencies](../../README.md#about).
+
+You will also need [appropriate hardware installed](#checking-for-hardware).
+
+The QAT plugin requires Linux Kernel VF QAT drivers to be available. These drivers
+are available via two methods. One of them must be installed and enabled:
+
+- [Linux Kernel upstream drivers](https://github.com/torvalds/linux/tree/master/drivers/crypto/qat)
+- [Intel QuickAssist Technology software for Linux][9]
+
+The demonstrations have their own requirements, listed in their own specific sections.
+
+### Pre-built Images
+
+[Pre-built images](https://hub.docker.com/r/intel/intel-qat-plugin)
+of this component are available on the Docker hub. These images are automatically built and uploaded
+to the hub from the latest main branch of this repository.
+
+Release tagged images of the components are also available on the Docker hub, tagged with their
+release version numbers in the format `x.y.z`, corresponding to the branches and releases in this
+repository. Thus the easiest way to deploy the plugin in your cluster is to run this command
+
+```bash
+$ kubectl apply -k 'https://github.com/intel/intel-device-plugins-for-kubernetes/deployments/qat_plugin?ref=