distribute sr-iov configuration using initContainer (#539)

In order to make network playbook operator friendly, we need to move node configuration to daemon sets. With this patch, node sr-iov DP configuration is stored in cluster-level config map and saved on a node using SR-IOV DP init container. The config map contains SR-IOV configuration per node (data key is name of the node) and 'fallback-config' in case specific node configuration is not provided. In order to reconfigure node's SR-IOV conf, config map must be updated and respective pod restarted.
kubevirt · Jan 14, 2019 · 5ebfa70 · 5ebfa70
1 parent 04c2c27
commit 5ebfa70
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 19 deletions.
diff --git a/playbooks/network.yml b/playbooks/network.yml
@@ -28,14 +28,6 @@
 
     - name: configure SR-IOV device plugin
       block:
-        - name: Create /etc/pcidp
-          file: path=/etc/pcidp state=directory
-
-        - name: Configure SR-IOV DP allocation pool
-          template:
-            src: roles/network-multus/templates/sriovdp-config.json
-            dest: /etc/pcidp/config.json
-
         - name: Fix SELinux labels for /var/lib/kubelet/device-plugins/
           command: restorecon -Rv /var/lib/kubelet/device-plugins/
           ignore_errors: True

diff --git a/roles/network-multus/templates/cni-plugins.yml b/roles/network-multus/templates/cni-plugins.yml
@@ -1,4 +1,23 @@
 ---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sriov-nodes-config
+  namespace: {{ network_namespace }}
+data:
+  fallback-config: |
+    {
+        "resourceList":
+        [
+            {
+                "resourceName": "sriov",
+                "rootDevices": [{{ sriov_pci_ids }}],
+                "sriovMode": true,
+                "deviceType": "vfio"
+            }
+        ]
+    }
+---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
@@ -21,6 +40,39 @@ spec:
       - key: node-role.kubernetes.io/master
         operator: Exists
         effect: NoSchedule
+      initContainers:
+      - name: config-container
+        image: fedora:29
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        command:
+        - /bin/bash
+        - -c
+        args:
+        - |
+          if [ -f /etc/sriov-nodes-config/$NODE_NAME ]; then
+            config_path=/etc/sriov-nodes-config/$NODE_NAME
+          else
+            config_path=/etc/sriov-nodes-config/fallback-config
+          fi
+          cp $config_path /etc/pcidp/config.json
+        volumeMounts:
+        - name: etc-pcidp
+          mountPath: /etc/pcidp
+        - name: sriov-nodes-config
+          mountPath: /etc/sriov-nodes-config
+        securityContext:
+          privileged: true
+        env:
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
       containers:
       - name: cni-plugins
         image: {{ cni_provisioner_repo }}:{{ cni_provisioner_release }}
@@ -40,3 +92,10 @@ spec:
       - name: cnibin
         hostPath:
           path: /opt/cni/bin
+      - name: etc-pcidp
+        hostPath:
+          path: /etc/pcidp
+          type: DirectoryOrCreate
+      - name: sriov-nodes-config
+        configMap:
+          name: sriov-nodes-config
diff --git a/roles/network-multus/templates/sriovdp-config.json b/roles/network-multus/templates/sriovdp-config.json