Skip to content

qat: Add a note on plugin deployment with AppArmor #1576

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

qat: Add a note on plugin deployment with AppArmor #1576

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions cmd/qat_plugin/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,12 @@ repository. Thus the easiest way to deploy the plugin in your cluster is to run
$ kubectl apply -k 'https://github.com/intel/intel-device-plugins-for-kubernetes/deployments/qat_plugin?ref=<RELEASE_VERSION>'
```

NOTE: In case AppArmor kernel module is installed and enabled by default (Ubuntu, SUSE), use the customization overlay with AppArmor annnotations (otherwise plugin's daemonset will fail with bind/unbind errors):

```bash
$ kubectl apply -k 'https://github.com/intel/intel-device-plugins-for-kubernetes/deployments/qat_plugin/overlays/apparmor_unconfined?ref=<RELEASE_VERSION>'
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will not work anymore if the user is also interested in Automatic Provisioning. We will have to re-think the apparmor case thoroughly in #1575 before adding random notes.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this will not work anymore if the user is also interested in Automatic Provisioning

I re-tested, the annotation has no effect on provisioning, the provisioning is fine with or without it.

What connection this has to the automatic provisioning and why won't it work anymore?

We will have to re-think the apparmor case thoroughly in #1575 before adding random notes.

We already have this overlay, also the annotation is used in e2e tests.

In what way is this comment random and what's preventing us to document an existing behaviour?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What connection this has to the automatic provisioning and why won't it work anymore?

that if they deploy overlays/qat_initcontainer, they won't get the annotation.

In what way is this comment random and what's preventing us to document an existing behaviour?

it does not cover the helm/operator flows for example. I submitted #1575 so that the best approach to address the problem is agreed first

```

Where `<RELEASE_VERSION>` needs to be substituted with the desired [release tag](https://github.com/intel/intel-device-plugins-for-kubernetes/tags) or `main` to get `devel` images.

An alternative kustomization for deploying the plugin is with the debug mode switched on:
Expand Down