From 9bb2fe4b0f99a0c7a8a675f3277c19ed304d852f Mon Sep 17 00:00:00 2001 From: "Sridhar K. N. Rao" Date: Tue, 13 Dec 2022 22:05:48 +0530 Subject: TOOLS: Add eBPF-based solution support This patch adds automation support for eBPF based CNI. Add license headers Signed-off-by: Sridhar K. N. Rao Change-Id: I1ad7e6f785b5dd98a170c87a74f8b7ce02daa765 --- tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml | 68 +++++++++++ tools/ebpfautomation/afxdp-deploy/daemonset.yml | 135 +++++++++++++++++++++ tools/ebpfautomation/afxdp-deploy/deploy.sh | 42 +++++++ .../afxdp-podspec/afxdp-podspec.yaml | 47 +++++++ .../cnibinarybuilder/afxdp/Dockerfile | 30 +++++ 5 files changed, 322 insertions(+) create mode 100644 tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml create mode 100644 tools/ebpfautomation/afxdp-deploy/daemonset.yml create mode 100644 tools/ebpfautomation/afxdp-deploy/deploy.sh create mode 100644 tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml create mode 100644 tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile (limited to 'tools/ebpfautomation') diff --git a/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml b/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml new file mode 100644 index 00000000..1174941c --- /dev/null +++ b/tools/ebpfautomation/afxdp-deploy/afxdp-nad.yaml @@ -0,0 +1,68 @@ +# Copyright 2022 The Linux Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# WARNING: This is an example definition only. Remove all comments before use. + +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: afxdp-east-network # Name of this network, pods will request this network by name + annotations: + k8s.v1.cni.cncf.io/resourceName: afxdp/eastPool # Needs to match the device plugin pool name / resource type +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "afxdp", # CNI binary, leave as afxdp + "mode": "cdq", # CNI mode setting (required) + "logFile": "afxdp-cni-east.log", # CNI log file location (optional) + "logLevel": "debug", # CNI logging level (optional) + "ipam": { # CNI IPAM plugin and associated config (optional) + "type": "host-local", + "subnet": "192.168.1.0/24", + "rangeStart": "192.168.1.200", + "rangeEnd": "192.168.1.220", + "routes": [ + { "dst": "0.0.0.0/0" } + ], + "gateway": "192.168.1.1" + } + }' + +--- + +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: afxdp-west-network # Name of this network, pods will request this network by name + annotations: + k8s.v1.cni.cncf.io/resourceName: afxdp/westPool # Needs to match the device plugin pool name / resource type +spec: + config: '{ + "cniVersion": "0.3.0", + "type": "afxdp", + "mode": "cdq", + "logFile": "afxdp-cni-west.log", + "logLevel": "debug", + "ipam": { + "type": "host-local", + "subnet": "192.168.2.0/24", + "rangeStart": "192.168.2.200", + "rangeEnd": "192.168.2.220", + "routes": [ + { "dst": "0.0.0.0/0" } + ], + "gateway": "192.168.2.1" + } + }' + diff --git a/tools/ebpfautomation/afxdp-deploy/daemonset.yml b/tools/ebpfautomation/afxdp-deploy/daemonset.yml new file mode 100644 index 00000000..c2979703 --- /dev/null +++ b/tools/ebpfautomation/afxdp-deploy/daemonset.yml @@ -0,0 +1,135 @@ +# Copyright 2022 The Linux Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: afxdp-dp-config + namespace: kube-system +data: + config.json: | + { + "logLevel":"debug", + "logFile":"afxdp-dp.log", + "pools":[ + { + "name":"eastPool", + "mode":"cdq", + "devices":[ + { + "name":"ens801f0", + "secondary":10 + } + ] + }, + { + "name":"westPool", + "mode":"cdq", + "devices":[ + { + "name":"ens801f1" + "secondary":10 + + }, + ] + } + ] + } +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: afxdp-device-plugin + namespace: kube-system +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-afxdp-device-plugin + namespace: kube-system + labels: + tier: node + app: afxdp +spec: + selector: + matchLabels: + name: afxdp-device-plugin + template: + metadata: + labels: + name: afxdp-device-plugin + tier: node + app: afxdp + spec: + hostNetwork: true + nodeSelector: + kubernetes.io/arch: amd64 + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + serviceAccountName: afxdp-device-plugin + containers: + - name: kube-afxdp + image: afxdp-device-plugin:latest + imagePullPolicy: IfNotPresent + securityContext: + capabilities: + drop: + - all + add: + - SYS_ADMIN + - NET_ADMIN + resources: + requests: + cpu: "250m" + memory: "40Mi" + limits: + cpu: "1" + memory: "200Mi" + volumeMounts: + - name: unixsock + mountPath: /tmp/afxdp_dp/ + - name: devicesock + mountPath: /var/lib/kubelet/device-plugins/ + - name: resources + mountPath: /var/lib/kubelet/pod-resources/ + - name: config-volume + mountPath: /afxdp/config + - name: log + mountPath: /var/log/afxdp-k8s-plugins/ + - name: cnibin + mountPath: /opt/cni/bin/ + volumes: + - name: unixsock + hostPath: + path: /tmp/afxdp_dp/ + - name: devicesock + hostPath: + path: /var/lib/kubelet/device-plugins/ + - name: resources + hostPath: + path: /var/lib/kubelet/pod-resources/ + - name: config-volume + configMap: + name: afxdp-dp-config + items: + - key: config.json + path: config.json + - name: log + hostPath: + path: /var/log/afxdp-k8s-plugins/ + - name: cnibin + hostPath: + path: /opt/cni/bin/ diff --git a/tools/ebpfautomation/afxdp-deploy/deploy.sh b/tools/ebpfautomation/afxdp-deploy/deploy.sh new file mode 100644 index 00000000..4d6adb5f --- /dev/null +++ b/tools/ebpfautomation/afxdp-deploy/deploy.sh @@ -0,0 +1,42 @@ +#!/bin/bash + +# Copyright 2022 The Linux Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This script should be run from a node that has access to K8S Cluster + +ROOT_UID=0 +SUDO="" + +# check if root +if [ "$UID" -ne "$ROOT_UID" ] +then + # installation must be run via sudo + SUDO="sudo -E" +fi + +# clone afxdp plugins repository +echo "Cloning afxdp-plugins-for-kubernetes repository..." +[ -d afxdp-plugins-for-kubernetes ] && rm -rf afxdp-plugins-for-kubernetes +git clone https://github.com/intel/afxdp-plugins-for-kubernetes &> /dev/null + + +# Copy daemonset.yml to the appropriate folder +cp daemonset.yml afxdp-plugins-for-kubernetes/deployments + +# Build and deploy +cd afxdp-plugins-for-kubernetes && make deploy + +# Deploy the network attachment definition +kubectl create -f afxdp-nad.yaml diff --git a/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml b/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml new file mode 100644 index 00000000..75520631 --- /dev/null +++ b/tools/ebpfautomation/afxdp-podspec/afxdp-podspec.yaml @@ -0,0 +1,47 @@ +# Copyright 2022 The Linux Foundation. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Pod +metadata: + name: afxdp-l2fwd # Pod name + annotations: + k8s.v1.cni.cncf.io/networks: afxdp-east-network, afxdp-west-network # List of networks to attach to this pod +spec: + containers: + - name: afxdp + image: dpdk-app-centos + imagePullPolicy: Never + command: ["sleep", "infinity"] + securityContext: + privileged: true + capabilities: + add: ["CAP_SYS_ADMIN"] + volumeMounts: + - mountPath: /dev/hugepages + name: hugepage + resources: + requests: + cpu: "6000m" + afxdp/eastPool: '1' + afxdp/westPool: '1' + limits: + cpu: "6000m" + hugepages-1Gi: 2Gi + afxdp/eastPool: '1' + afxdp/westPool: '1' + volumes: + - name: hugepage + emptyDir: + medium: HugePages diff --git a/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile b/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile new file mode 100644 index 00000000..7ad30053 --- /dev/null +++ b/tools/ebpfautomation/cnibinarybuilder/afxdp/Dockerfile @@ -0,0 +1,30 @@ +# Copyright 2022 The Linux Foundation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Build the container +# docker build -t afxdpbuilder . +# Copy the binary from container to local system (ex: replace ./ with /opt/cni/bin) +# docker run --name afxdp afxdpbuilder && docker cp afxdp:/usr/local/bin/afxdp ./ && docker stop afxdp && docker rm afxdp + +FROM golang:1.19 + +WORKDIR /usr/src/ + +RUN git clone https://github.com/intel/afxdp-plugins-for-kubernetes afxdp +RUN apt-get update +RUN apt-get install -y libbpf-dev + +WORKDIR /usr/src/afxdp + +RUN go build -o /usr/local/bin/afxdp ./cmd/cni -- cgit 1.2.3-korg