Intel Device Plugins for Kubernetes v0.25.1

Release Notes

What's Changed

• qat: fix initcontainer to skip when sriov is already configured
• deployments: update kube-rbac-proxy image and args
• fix gpu nfdhook numa labeling

Full Changelog: v0.25.0...v0.25.1

Intel Device Plugins for Kubernetes v0.25.0

Release notes

Highlights

The release adds an initial version of DLB initcontainer for device provisioning. The documentation has been been improved and automated end-to-end validation coverage has been improved.

Note: In #850 we dropped the deprecated /dev/sgx/ hostpath mount which made the udev created symlinks to /dev/sgx_* device nodes available to containers. Thise the first release without the automatic backwards compatibility. Containers that still require these symlinks and know that they are installed on hosts they run can manually add the hostpath volume mounts.

Generic

• Upgraded Kubernetes API to v1.25 level (#1131).
• Improved documentation especially in the areas of developer documentation and GPUs.
• Helm charts are now supported but maintained in intel/helm-charts.

Images

• Updated Golang build images to Go 1.19 (#1093).
• Scanned Dockerfiles using Hadolint and mitigated all errors and most warnings (#1201).
• Improved the Dockerfile maintenance by making them auto-generated (#1013).

Operator

• Configured webhooks' TLS Min version to 1.3 and added a TLS configuration e2e test case (#1054).
• Updated operator command line parameters to be consistent with the kubebuilder v3 set (#1055).
• Fixed RBAC rules for LeaderElection (#1155).

GPU

• Deprecated debugfs GPU IP block version labels in NFD hook doc (#1115).

SGX

• Dropped the deprecated /dev/sgx/ hostpath mounts (#850).
• Added a workaround to kubelet TopologyHints admission error (#1141).

DSA

• IDXD: Dropped unused sysfs parameter (#1048).

IAA

• IDXD: Dropped unused sysfs parameter (#1048).

FPGA

• Fixed NFD labeling rules (#1070).

QAT

• Added support for reading crypto and compression capabilities from sysfs on QAT Gen4 platforms (#1134).

VPU

• No updates.

DLB

• Added an initial version of DLB initcontainer for device provisioning (#1088).

Intel Device Plugins for Kubernetes v0.24.1

Release notes

SGX

In #850 we dropped the deprecated /dev/sgx/ hostpath mount which made the udev created symlinks to /dev/sgx_* device nodes available to containers. v0.25.0 will be the first release without the automatic backwards compatibility. In #1141 we workarounded a kubelet issue with the SGX plugin when TopologyManager was enabled. v0.24.1 is released with #1141 backported for users who cannot jump to v0.25.0.

Intel Device Plugins for Kubernetes v0.24.0

Release notes

Highlights

The release adds new plugin for Intel Analytics Accelerator (IAA) device. The functionality is on part with other plugins: kustomize and IaaDevicePlugin controller based deployments, and sample Dockerfiles.

Added annotations parameter to the NewDeviceInfo() API. This is a breaking change for users using pkg/deviceplugin (#873).

Generic

• Upgraded Kubernetes API to v1.24 level (#995).

Images

• Updated Golang build images to Go 1.18 (#923).
• Added intel-iaa-plugin and intel-qat-initcontainer images.

Operator

• Added support for seamless upgrades (#857).
• Harmonized nodeSelector constraints usage in controllers (#871).
• Implemented Helm chart to install the operator (#981).

GPU

• Added gpu-numbers label to support nodes with large number of GPUs (#854).
• Added pci-groups label to group GPUs based on their PCI addresses for group level control (#854).
• Added numa-gpu-map label to indicate GPU's NUMA zone (#937).
• Added support for GAS' container-tiles annotation to dedicate tiles to containers via env variable (#935).
• Changed allocation logic to leverage GetPreferredAllocation when resource manager is enabled ((#935).

SGX

• No updates.

DSA

• Improved support for configuring DSA work-queues using accel-config (#819).

IAA

• New intel-iaa-plugin and IaaDevicePlugin CRD (#911).
• Improved support for configuring IAA work-queues using accel-config (#819).

FPGA

• Fixed FPGA admissionwebook to be idempotent (#863).
• Updated opae-nlb-demo to use libjson-c 5.0 (#904).

QAT

• Added initImage to QatDevicePlugin CRD and intel-qat-initcontainer image to enable SR-IOV (#898).
• Implemented preferredAllocation policies for QAT device selection (#884).
• Split qat.intel.com/generic resources to separate crypto and compression resources on QAT Gen4 platforms (#700).
• Disabled -mode kernel usage on QAT Gen4 platforms (#980).

VPU

• No updates.

DLB

• No updates.

Intel Device Plugins for Kubernetes v0.23.0

Release notes

Highlights

The release adds new plugin for Intel Dynamic LoadBalancer device. The functionality is on part with other plugins: kustomize and DlbDevicePlugin controller based deployments, e2e tests and sample Dockerfiles.

The release also adds improved DSA device provisioning. With an opt-in initContainer cluster admins can setup per-node DSA device configurations using accel-config tool and json templates via ConfigMaps.

Generic

• Upgraded Kubernetes API to v1.23 level (#788)
• Added wsl linter along with code fixes for the findings (#807)
• Moved to Kubernetes custom resource definition (CRD) v1 API only (#730)

Images

• Updated Golang build images to Go 1.17 (#724)
• Added intel-dlb-plugin and intel-idxd-config-initcontainer images.

Operator

• Moved to go:embed to generate controller DaemonSet objects (#747)
• Harmonized nodeSelector constraints usage in controllers (#764)

GPU

• Implemented preferredAllocation policies for GPU device selection (#742)
• Updated GPU labels in NFD hook to adapt to the latest DRM changes (#802)
• Documented a workaround with QSV and VA-API libraries in multi-GPU scenarios (#798)

SGX

• Fixed SGX admission webhook mutations when aesmd volumeMounts were already present in pods(#810, #813)
• Fixed SGX feature labeling when SGX CPUID bits were present but SGX was not enabled in BIOS (#766)

DSA

• Improved support for configuring DSA work-queues using accel-config from an InitContainer with configMaps (#761)

FPGA

• No updates.

QAT

• Reworked device binding to address issues with the latest kernels (#809)
• Updated default deployment flags (#754)

VPU

• Added support for 4fc0 and 4fc1 PCI devices (#752)

DLB

• Added new plugin for Intel Dynamic Load Balancer device (#733)
• Added DlbDevicePlugin controller to operator (#753)
• Added envtest and e2e tests for DLB (#760, #770))

Intel Device Plugins for Kubernetes v0.22.0

Release notes

Generic

• Upgraded Kubernetes API to v1.22 level
• Updated/added new Go linters along with code fixes for the findings: revive, goerr113, govet/fieldalignment (#678, #685, #709)
• Added NewDeviceInfoWithTopologyHints() API to device plugins framework (pkg/deviceplugin) to create DeviceInfo with custom topology hints (#679)

Images

• Moved opae-nlb-demo and intel-vpu-plugin images to use Debian unstable (#696, #717)
• Changed image builds to verify SHA256 sums integrity for downloaded .tar.gz. files ((#701)
• Updated Golang build images from buster to bullseye (#718)

Operator

• Changed QAT controller to copy CR annotations to DaemonSet/PodSpec annotations. (#710)

GPU

• Updated NFD hook's GPU memory reading logic (#707)

SGX

• Added e2e tests for SGX admission webhook (#682)

DSA

• Added initial support for configuring DSA work-queues using accel-config from an InitContainer (both via kustomize and via DsaDevicePlugin CR with the operator).

FPGA

• Updated mappings collection and improved documentation (#669, #675)

QAT

• Enabled 4xxvf by default (#714)

VPU

• No updates

Limitations

• DSA work-queue provisioning uses a hard-coded "balanced" default configuration. Future work (#704) will make it easier to provide custom work-queue configuration files.

Intel Device Plugins for Kubernetes v0.21.0

Release notes

Generic

• Upgraded Kubernetes API to v1.21 level
• Moved to Go 1.16 and cleaned-up io/util which is now deprecated starting with Go 1.16 (#630)
• Added Allocate interface to device plugins framework (pkg/deviceplugin) to allow individual plugins to implement their own Allocate logic
• Moved device plugin container images to use distroless/static base image and made Go builds static. (#635, #636)

Operator

• Added a configuration option to allow watching only selected devices' CRDs. (#599)

GPU

• Optional fractional resource management support for k8s extended resources (#638)
• Optional monitoring resource which allows access to all GPUs of the node (#622, #628)
• Basic SR-IOV support (skips PF if VF is present for the GPU)

SGX

• Added a separate SGX admission webhook image (#603)

DSA

• No updates

FPGA

• Dropped the check for 0x8086 vendor to allow non-Intel devices that are Intel FPGA based use the plugin (#621)

QAT

• Renamed wrong c4xxvf to c4xxxvf in plugin parameters and QatDevicePlugin CRD (#647)

VPU

• Added support for Keem Bay (#634)

Bug fixes

• Fixed image name validation failure for QAT when registry hostname:port is specified (#605)
• Fixed driver (un)binding failure when the QAT VF device was not bound to any driver (#644)

Intel Device Plugins for Kubernetes v0.20.0

Release notes

Generic

• Upgraded Kubernetes API to v1.20 level and klog v2.4.0
• Cleaned up inclusive language and renamed default branch from master to main
• Moved all admission|admissionregistration|apiextensions|rbac.authorization.k8s.io to v1 kubernetes APIs (#489)
• Added getPreferredAllocation support to device plugins framework (pkg/deviceplugin) (#535, #538)
• Documented "new device plugins checklist" for developers (#520)

Operator

• Moved xDevicePlugin custom resource definitions (CRDs) to cluster scope (#557)
• Added DsaDevicePlugin CRD and controller (#553)
• Released Intel Device Plugin Operator to operatorhub.io

GPU

• Added tile count label to NFD source hook (#596)

SGX

• Added implementation of EPC extended resource advertiser and NFD-less deployment (#550)
• Updated SGX SDK/DCAP versions (#569)

DSA

• Added new device plugin for Intel Data Streaming Accelerator (DSA) device (#494)

FPGA

• Moved GetAPIVersion call out of NewPort and NewFME (#497)

QAT

• Added support for 4xxx (Gen4) and c4xxx devices (#451)
• Documented vfio-pci setup for QAT 1.x devices (#517)

VPU

• No updates

Bug fixes

• Fixed image name validation failure when registry hostname:port is specified (#605)

Intel Device Plugins for Kubernetes v0.19.0

Release Notes

Generic

• Finalized Intel Device Plugin Operator. The operator watches plugin/device specific CRDs and controls the plugins' daemonset deployments. GpuDevicePlugin, FpgaDevicePlugin, SgxDevicePlugin and QatDevicePlugin are released as v1 APIs using k8s CRD v1 API.
• Upgraded Kubernetes API to v1.19 level (#493)
• Added tooling to publish HTML documentation on Github Pages (#468)
• Enabled more golangci-lint linters: exportloopref, prealloc, scopelint, errcheck, and staticcheck.

SGX

• Added an SGX device plugin, SGX EPC extended resource registration, and a mutating webhook that mutates and validates Pod specifications to simplify user API to add the right settings for attestation and Kata containers SGX based sandboxes.
• Added SGX e2e selftests.
• Added SGX SDK and SGX DCAP sample Dockerfiles and a demo screencast that runs SGX DCAP ECDSA Quote Generation in Kubernetes

FPGA

• Added support for FPGA SR-IOV
• Added Operator for FPGA
• Upgraded OPAE release to 1.5.0-2 (#459)

GPU

• Added an initContainer that installs a node-feature-discovery GPU feature source
• Optimized TopologyHint calculation for shared devices

QAT:

• Added a kustomization overlay to enable QAT SR-IOV in an InitContainer (#455 )
• Upgraded QAT and QAT Engine releases to their latest versions

VPU

• Updated gousb dependency to v1.1.0

Bug fixes

• FPGA SRIO-V is not supported by the FPGA device plugin (#372)
• crypto-perf image fails on kernels with CVE-2020-12888 (#415)

Intel Device Plugins for Kubernetes v0.18.0

Release Notes

Generic

• Added the first version of the device Operator. The operator watches plugin/device specific CRDs and controls the plugins' daemonset deployments. Initially, only GpuDevicePlugin and QatDevicePlugin are implemented with other devices to follow
  in the following releases.
• Upgraded Kubernetes API to v1.18 level (#317)
• Moved to Kubernetes klog based logging (#323)
• Improved Go unit test coverage to 80+% in all plugins
• Moved golangci-lint linter checks

FPGA

• Refactored FPGA admission webhook to be "modeless" to serve heterogeneous FPGA plugins mode (af/region) configuration. Previously, the webhook's mode needed to match to the mode the FPGA plugin was running in (#301)
• Modified AcceleratedFunction CRDs (v2 API) to contain info on the hardware the accelerated function is intended to run on (interface ID) and the required mode of the FPGA plugin.
• Finalized kustomization changes for FPGA deployments. With the changes, it is possible to deploy FPGA using kubectl apply directly without needing to clone the repository to run setup scripts.
• Implemented e2e tests for FPGA.

QAT

• Added a kustomization overlay to deploy QAT plugin without Apparmor profile (#381)
• Fixed UIO mounts (#351)

GPU

• no changes

VPU

• no changes

Known issues

• crypto-perf image fails on kernels with CVE-2020-12888 (#415)
• FPGA SRIO-V is not supportted by the FPGA device plugin (#372)