[WIP] Tuning parameters to make end-to-end testing work.
Please don't merge this patch, it's not ready yet.
When it's ready, this message will be gone.
- Disble Hugepage to avoid ngic-dp crash.
- Adding debug parameter in accelleran.
Change-Id: I98edeaef82d2bae9759bd1a4157694a709c3fbe8
diff --git a/mcord/cni-config/01-cni-service-account.yaml b/mcord/cni-config/01-cni-service-account.yaml
index 022e248..762cb77 100644
--- a/mcord/cni-config/01-cni-service-account.yaml
+++ b/mcord/cni-config/01-cni-service-account.yaml
@@ -29,22 +29,40 @@
- '*'
verbs:
- '*'
+#- apiGroups: [""]
+# resources: ["pods"]
+# verbs: ["get"]
+#- apiGroups: [""]
+# resources: ["pods/status"]
+# verbs: ["update"]
+#- apiGroups: ["k8s.cni.cncf.io"]
+# resources: ["*"]
+# verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
- name: sriov-dp
+ name: multus-sa
namespace: kube-system
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: v1
+kind: Secret
metadata:
- name: sriov-dp
+ name: multus-sa-secret
+ namespace: kube-system
+ annotations:
+ kubernetes.io/service-account.name: multus-sa
+type: kubernetes.io/service-account-token
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: multus-rb
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pod-networks-operator
subjects:
- kind: ServiceAccount
- name: sriov-dp
+ name: multus-sa
namespace: kube-system
diff --git a/mcord/cni-config/04-sriov-device-plugin-configmap.yaml b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
index 086b9e7..3069f96 100644
--- a/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
+++ b/mcord/cni-config/04-sriov-device-plugin-configmap.yaml
@@ -17,7 +17,7 @@
kind: ConfigMap
apiVersion: v1
metadata:
- name: multus-certs
+ name: multus-scripts
namespace: kube-system
data:
install-certs.sh: |
@@ -29,7 +29,7 @@
KUBE_CA_FILE=$SERVICE_ACCOUNT_PATH/ca.crt
TLS_CFG="certificate-authority-data: $(cat $KUBE_CA_FILE | base64 | tr -d '\n')"
SERVICEACCOUNT_TOKEN=$(cat $SERVICE_ACCOUNT_PATH/token)
- #cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
+ cat > /host/etc/cni/net.d/multus-kubeconfig <<EOF
# Kubeconfig file for Multus CNI plugin.
apiVersion: v1
kind: Config
@@ -49,6 +49,23 @@
user: multus
current-context: multus-context
EOF
+ install-multus-conf.sh: |
+ # copied from https://github.com/intel/multus-cni/blob/master/images/entrypoint.sh
+ rm -f /host/etc/cni/net.d/00-multus.conf
+ MASTER_PLUGIN="$(ls /host/etc/cni/net.d | grep -E '\.conf(list)?$' | head -1)"
+ MASTER_PLUGIN_JSON="$(cat /host/etc/cni/net.d/$MASTER_PLUGIN)"
+ cat > /host/etc/cni/net.d/00-multus.conf <<EOF
+ {
+ "name": "multus-cni-network",
+ "type": "multus",
+ "logFile": "/var/log/multus.log",
+ "logLevel": "debug",
+ "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
+ "delegates": [
+ $MASTER_PLUGIN_JSON
+ ]
+ }
+ EOF
---
kind: ConfigMap
apiVersion: v1
@@ -68,27 +85,3 @@
}
]
}
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: multus-conf
- namespace: kube-system
-data:
- 01-cni-conf.json: |
- {
- "name": "multus-cni-network",
- "type": "multus",
- "logLevel": "debug",
- "logFile": "/tmp/multus.log",
- "kubeconfig": "/etc/cni/net.d/multus-kubeconfig",
- "delegates": [
- {
- "name": "cbr0",
- "type": "flannel",
- "delegate": {
- "isDefaultGateway": true
- }
- }
- ]
- }
diff --git a/mcord/cni-config/05-sriov-device-plugin.yaml b/mcord/cni-config/05-sriov-device-plugin.yaml
index 9b358a9..6dbb38e 100644
--- a/mcord/cni-config/05-sriov-device-plugin.yaml
+++ b/mcord/cni-config/05-sriov-device-plugin.yaml
@@ -28,13 +28,16 @@
labels:
name: sriov-device-plugin
spec:
- serviceAccountName: sriov-dp
+ serviceAccountName: multus-sa
initContainers:
- - name: init-sriov-dp
+ - name: multus
image: ngick8stesting/aio-cni:k8s-1.13
command: [ "bash", "-c" ]
args:
- cp /tmp/cni/bin/{multus,sriov,centralip} /host/opt/cni/bin/;
+ /tmp/multus/install-multus-conf.sh;
+ /tmp/multus/install-certs.sh;
+ systemctl stop kubelet;
echo "Restarting crio/containerd, kubelet";
systemctl daemon-reload;
systemctl restart containerd;
@@ -45,9 +48,9 @@
mountPath: /host/usr/bin
- name: cni-bin
mountPath: /host/opt/cni/bin
- - name: multus-cm
- mountPath: /tmp/etc/cni/net.d
- - name: multus-certs
+ - name: multus-sa
+ mountPath: /var/run/secrets/multus/serviceaccount
+ - name: multus-scripts
mountPath: /tmp/multus
- name: cni-conf
mountPath: /host/etc/cni/net.d
@@ -59,10 +62,10 @@
- name: sriov-device-plugin
image: ngick8stesting/aio-cni:k8s-1.13
imagePullPolicy: IfNotPresent
- command: [ "/bin/sh", "-c" ]
+ command: [ "sh", "-c" ]
args:
- /usr/bin/sriovdp --logtostderr -v 10;
- echo "exit status $?";
+ sleep infinity;
volumeMounts:
- mountPath: /var/lib/kubelet/device-plugins/
name: devicesock
@@ -83,13 +86,13 @@
- name: cni-bin
hostPath:
path: /opt/cni/bin
- - name: multus-cm
- configMap:
- name: multus-conf
- - name: multus-certs
+ - name: multus-sa
+ secret:
+ secretName: multus-sa-secret
+ - name: multus-scripts
configMap:
defaultMode: 511
- name: multus-certs
+ name: multus-scripts
- name: cni-conf
hostPath:
path: /etc/cni/net.d