aboutsummaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
authorSridhar K. N. Rao <srao@linuxfoundation.org>2022-12-13 22:05:48 +0530
committerSridhar K. N. Rao <srao@linuxfoundation.org>2022-12-19 21:22:29 +0530
commit9bb2fe4b0f99a0c7a8a675f3277c19ed304d852f (patch)
tree325889d69060e227f7a62249cd119ab2244551dd /tools
parent34147ac299351c44d4f7d135892457fba38a132b (diff)
TOOLS: Add eBPF-based solution support
This patch adds automation support for eBPF based CNI. Add license headers Signed-off-by: Sridhar K. N. Rao <srao@linuxfoundation.org> Change-Id: I1ad7e6f785b5dd98a170c87a74f8b7ce02daa765
Diffstat (limited to 'tools')
-rw-r--r--tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml68
-rw-r--r--tools/ebpfautomation/afxdp-deploy/daemonset.yml135
-rw-r--r--tools/ebpfautomation/afxdp-deploy/deploy.sh42
-rw-r--r--tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml47
-rw-r--r--tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile30
5 files changed, 322 insertions, 0 deletions
diff --git a/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml b/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml
new file mode 100644
index 00000000..1174941c
--- /dev/null
+++ b/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml
@@ -0,0 +1,68 @@
+# Copyright 2022 The Linux Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# WARNING: This is an example definition only. Remove all comments before use.
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: afxdp-east-network # Name of this network, pods will request this network by name
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: afxdp/eastPool # Needs to match the device plugin pool name / resource type
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "afxdp", # CNI binary, leave as afxdp
+ "mode": "cdq", # CNI mode setting (required)
+ "logFile": "afxdp-cni-east.log", # CNI log file location (optional)
+ "logLevel": "debug", # CNI logging level (optional)
+ "ipam": { # CNI IPAM plugin and associated config (optional)
+ "type": "host-local",
+ "subnet": "192.168.1.0/24",
+ "rangeStart": "192.168.1.200",
+ "rangeEnd": "192.168.1.220",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ],
+ "gateway": "192.168.1.1"
+ }
+ }'
+
+---
+
+apiVersion: "k8s.cni.cncf.io/v1"
+kind: NetworkAttachmentDefinition
+metadata:
+ name: afxdp-west-network # Name of this network, pods will request this network by name
+ annotations:
+ k8s.v1.cni.cncf.io/resourceName: afxdp/westPool # Needs to match the device plugin pool name / resource type
+spec:
+ config: '{
+ "cniVersion": "0.3.0",
+ "type": "afxdp",
+ "mode": "cdq",
+ "logFile": "afxdp-cni-west.log",
+ "logLevel": "debug",
+ "ipam": {
+ "type": "host-local",
+ "subnet": "192.168.2.0/24",
+ "rangeStart": "192.168.2.200",
+ "rangeEnd": "192.168.2.220",
+ "routes": [
+ { "dst": "0.0.0.0/0" }
+ ],
+ "gateway": "192.168.2.1"
+ }
+ }'
+
diff --git a/tools/ebpfautomation/afxdp-deploy/daemonset.yml b/tools/ebpfautomation/afxdp-deploy/daemonset.yml
new file mode 100644
index 00000000..c2979703
--- /dev/null
+++ b/tools/ebpfautomation/afxdp-deploy/daemonset.yml
@@ -0,0 +1,135 @@
+# Copyright 2022 The Linux Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: afxdp-dp-config
+ namespace: kube-system
+data:
+ config.json: |
+ {
+ "logLevel":"debug",
+ "logFile":"afxdp-dp.log",
+ "pools":[
+ {
+ "name":"eastPool",
+ "mode":"cdq",
+ "devices":[
+ {
+ "name":"ens801f0",
+ "secondary":10
+ }
+ ]
+ },
+ {
+ "name":"westPool",
+ "mode":"cdq",
+ "devices":[
+ {
+ "name":"ens801f1"
+ "secondary":10
+
+ },
+ ]
+ }
+ ]
+ }
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: afxdp-device-plugin
+ namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ name: kube-afxdp-device-plugin
+ namespace: kube-system
+ labels:
+ tier: node
+ app: afxdp
+spec:
+ selector:
+ matchLabels:
+ name: afxdp-device-plugin
+ template:
+ metadata:
+ labels:
+ name: afxdp-device-plugin
+ tier: node
+ app: afxdp
+ spec:
+ hostNetwork: true
+ nodeSelector:
+ kubernetes.io/arch: amd64
+ tolerations:
+ - key: node-role.kubernetes.io/master
+ operator: Exists
+ effect: NoSchedule
+ serviceAccountName: afxdp-device-plugin
+ containers:
+ - name: kube-afxdp
+ image: afxdp-device-plugin:latest
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ capabilities:
+ drop:
+ - all
+ add:
+ - SYS_ADMIN
+ - NET_ADMIN
+ resources:
+ requests:
+ cpu: "250m"
+ memory: "40Mi"
+ limits:
+ cpu: "1"
+ memory: "200Mi"
+ volumeMounts:
+ - name: unixsock
+ mountPath: /tmp/afxdp_dp/
+ - name: devicesock
+ mountPath: /var/lib/kubelet/device-plugins/
+ - name: resources
+ mountPath: /var/lib/kubelet/pod-resources/
+ - name: config-volume
+ mountPath: /afxdp/config
+ - name: log
+ mountPath: /var/log/afxdp-k8s-plugins/
+ - name: cnibin
+ mountPath: /opt/cni/bin/
+ volumes:
+ - name: unixsock
+ hostPath:
+ path: /tmp/afxdp_dp/
+ - name: devicesock
+ hostPath:
+ path: /var/lib/kubelet/device-plugins/
+ - name: resources
+ hostPath:
+ path: /var/lib/kubelet/pod-resources/
+ - name: config-volume
+ configMap:
+ name: afxdp-dp-config
+ items:
+ - key: config.json
+ path: config.json
+ - name: log
+ hostPath:
+ path: /var/log/afxdp-k8s-plugins/
+ - name: cnibin
+ hostPath:
+ path: /opt/cni/bin/
diff --git a/tools/ebpfautomation/afxdp-deploy/deploy.sh b/tools/ebpfautomation/afxdp-deploy/deploy.sh
new file mode 100644
index 00000000..4d6adb5f
--- /dev/null
+++ b/tools/ebpfautomation/afxdp-deploy/deploy.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Copyright 2022 The Linux Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This script should be run from a node that has access to K8S Cluster
+
+ROOT_UID=0
+SUDO=""
+
+# check if root
+if [ "$UID" -ne "$ROOT_UID" ]
+then
+ # installation must be run via sudo
+ SUDO="sudo -E"
+fi
+
+# clone afxdp plugins repository
+echo "Cloning afxdp-plugins-for-kubernetes repository..."
+[ -d afxdp-plugins-for-kubernetes ] && rm -rf afxdp-plugins-for-kubernetes
+git clone https://github.com/intel/afxdp-plugins-for-kubernetes &> /dev/null
+
+
+# Copy daemonset.yml to the appropriate folder
+cp daemonset.yml afxdp-plugins-for-kubernetes/deployments
+
+# Build and deploy
+cd afxdp-plugins-for-kubernetes && make deploy
+
+# Deploy the network attachment definition
+kubectl create -f afxdp-nad.yaml
diff --git a/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml b/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml
new file mode 100644
index 00000000..75520631
--- /dev/null
+++ b/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml
@@ -0,0 +1,47 @@
+# Copyright 2022 The Linux Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Pod
+metadata:
+ name: afxdp-l2fwd # Pod name
+ annotations:
+ k8s.v1.cni.cncf.io/networks: afxdp-east-network, afxdp-west-network # List of networks to attach to this pod
+spec:
+ containers:
+ - name: afxdp
+ image: dpdk-app-centos
+ imagePullPolicy: Never
+ command: ["sleep", "infinity"]
+ securityContext:
+ privileged: true
+ capabilities:
+ add: ["CAP_SYS_ADMIN"]
+ volumeMounts:
+ - mountPath: /dev/hugepages
+ name: hugepage
+ resources:
+ requests:
+ cpu: "6000m"
+ afxdp/eastPool: '1'
+ afxdp/westPool: '1'
+ limits:
+ cpu: "6000m"
+ hugepages-1Gi: 2Gi
+ afxdp/eastPool: '1'
+ afxdp/westPool: '1'
+ volumes:
+ - name: hugepage
+ emptyDir:
+ medium: HugePages
diff --git a/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile b/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile
new file mode 100644
index 00000000..7ad30053
--- /dev/null
+++ b/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile
@@ -0,0 +1,30 @@
+# Copyright 2022 The Linux Foundation
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Build the container
+# docker build -t afxdpbuilder .
+# Copy the binary from container to local system (ex: replace ./ with /opt/cni/bin)
+# docker run --name afxdp afxdpbuilder && docker cp afxdp:/usr/local/bin/afxdp ./ && docker stop afxdp && docker rm afxdp
+
+FROM golang:1.19
+
+WORKDIR /usr/src/
+
+RUN git clone https://github.com/intel/afxdp-plugins-for-kubernetes afxdp
+RUN apt-get update
+RUN apt-get install -y libbpf-dev
+
+WORKDIR /usr/src/afxdp
+
+RUN go build -o /usr/local/bin/afxdp ./cmd/cni