diff --git a/.github/workflows/lib-e2e.yaml b/.github/workflows/lib-e2e.yaml index bbc84f315..b25c0aa23 100644 --- a/.github/workflows/lib-e2e.yaml +++ b/.github/workflows/lib-e2e.yaml @@ -11,36 +11,6 @@ jobs: fail-fast: false matrix: include: - - name: e2e-dsa-gnr - targetjob: e2e-dsa - runner: simics-gnr - images: - - intel-dsa-plugin - - intel-idxd-config-initcontainer - - accel-config-demo - - intel-deviceplugin-operator - - name: e2e-iaa-gnr - targetjob: e2e-iaa - runner: simics-gnr - images: - - intel-iaa-plugin - - intel-idxd-config-initcontainer - - accel-config-demo - - intel-deviceplugin-operator - - name: e2e-qat-gnrd - targetjob: e2e-qat FOCUS="Mode:dpdk" SKIP="(App:(crypto-perf|compress-perf|qat-engine)|Functionality)" - runner: simics-gnrd - images: - - intel-qat-plugin - - intel-qat-initcontainer - - openssl-qat-engine - - name: e2e-fpga - runner: fpga - images: - - intel-fpga-plugin - - intel-fpga-initcontainer - - intel-fpga-admissionwebhook - - opae-nlb-demo - name: e2e-spr targetjob: e2e-spr SKIP="App:compress-perf" runner: spr diff --git a/.trivyignore b/.trivyignore index 84a705526..62b573045 100644 --- a/.trivyignore +++ b/.trivyignore @@ -29,3 +29,7 @@ AVD-KSV-0014 # Trivy invalidly detects securityContext issues from yaml # files that are patch files AVD-KSV-0118 + +# Ignore GitRepo volume vulnerability as we don't use it and it might not +# receive a fix due to being a deprecated feature. +CVE-2025-1767 diff --git a/INSTALL.md b/INSTALL.md index 4c9bd784f..7c14b7a9c 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1,5 +1,16 @@ # Installing device plugins to cluster +## Pod security admission + +In Kubernetes clusters where [Pod Security admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) is enabled, device plugins deployed directly from the [deployments](deployments/) will fail to get scheduled to the cluster. Device plugins require access to the underlying host via [hostpaths](https://kubernetes.io/docs/concepts/storage/volumes/#hostpath), and hostpath use is reserved for privileged Pods. If the plugins are deployed from the `deployments` directory, the target namespace will require these labels: +``` +pod-security.kubernetes.io/enforce: privileged +pod-security.kubernetes.io/audit: privileged +pod-security.kubernetes.io/warn: privileged +``` + +Since the 0.32.1 release the Device Plugin Operator sets the required admission labels automatically in its deployment. The device plugins deployed via the operator are scheduled to the same namespace as the operator, and do not then need any other configuration. + ## Install device plugins via a DaemonSet Each plugin can be installed via a DaemonSet. The install changes slightly based on the desired plugin. See install instructions per [plugin](README.md#plugins). diff --git a/Makefile b/Makefile index d053b15f0..d44053e47 100644 --- a/Makefile +++ b/Makefile @@ -137,7 +137,7 @@ clean: ORG?=intel REG?=$(ORG)/ -TAG?=0.32.0 +TAG?=0.32.1 export TAG ifeq ($(E2E_LEVEL), $(filter $(E2E_LEVEL), full)) diff --git a/README.md b/README.md index 00611dbde..16976a9c6 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ This repository contains a framework for developing plugins for the Kubernetes [device plugins framework](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/device-plugins/), along with a number of device plugin implementations utilizing that framework. -The [v0.32.0 release](https://github.com/intel/intel-device-plugins-for-kubernetes/releases/latest) +The [v0.32.1 release](https://github.com/intel/intel-device-plugins-for-kubernetes/releases/latest) is the latest feature release with its documentation available [here](https://intel.github.io/intel-device-plugins-for-kubernetes/0.32/). Table of Contents diff --git a/build/docker/intel-deviceplugin-operator.Dockerfile b/build/docker/intel-deviceplugin-operator.Dockerfile index f606d3dea..063baafa6 100644 --- a/build/docker/intel-deviceplugin-operator.Dockerfile +++ b/build/docker/intel-deviceplugin-operator.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_deviceplugin_operator"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-deviceplugin-operator' LABEL summary='Intel® device plugin operator for Kubernetes' diff --git a/build/docker/intel-dlb-initcontainer.Dockerfile b/build/docker/intel-dlb-initcontainer.Dockerfile index a24cb0044..f4e6d15d0 100644 --- a/build/docker/intel-dlb-initcontainer.Dockerfile +++ b/build/docker/intel-dlb-initcontainer.Dockerfile @@ -40,8 +40,8 @@ ARG DIR=/intel-device-plugins-for-kubernetes WORKDIR $DIR COPY . . RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -57,7 +57,8 @@ RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION ### FROM ${FINAL_BASE} LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' COPY --from=builder /install_root / COPY demo/dlb-init.sh /usr/local/bin/ diff --git a/build/docker/intel-dlb-plugin.Dockerfile b/build/docker/intel-dlb-plugin.Dockerfile index 757c2240b..da8e4da1e 100644 --- a/build/docker/intel-dlb-plugin.Dockerfile +++ b/build/docker/intel-dlb-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_dlb_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-dlb-plugin' LABEL summary='Intel® DLB device plugin for Kubernetes' diff --git a/build/docker/intel-dsa-plugin.Dockerfile b/build/docker/intel-dsa-plugin.Dockerfile index 4213bb35f..c483dcebb 100644 --- a/build/docker/intel-dsa-plugin.Dockerfile +++ b/build/docker/intel-dsa-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_dsa_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-dsa-plugin' LABEL summary='Intel® DSA device plugin for Kubernetes' diff --git a/build/docker/intel-fpga-admissionwebhook.Dockerfile b/build/docker/intel-fpga-admissionwebhook.Dockerfile index 76530fb41..05d4121ff 100644 --- a/build/docker/intel-fpga-admissionwebhook.Dockerfile +++ b/build/docker/intel-fpga-admissionwebhook.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_fpga_admissionwebhook"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-fpga-admissionwebhook' LABEL summary='Intel® FPGA admission controller webhook for Kubernetes' diff --git a/build/docker/intel-fpga-initcontainer.Dockerfile b/build/docker/intel-fpga-initcontainer.Dockerfile index 7da437876..24b6a086e 100644 --- a/build/docker/intel-fpga-initcontainer.Dockerfile +++ b/build/docker/intel-fpga-initcontainer.Dockerfile @@ -51,9 +51,10 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### ARG CMD=fpga_tool ARG EP=/usr/local/fpga-sw/$CMD @@ -62,12 +63,13 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -83,7 +85,8 @@ RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION ### FROM ${FINAL_BASE} LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-fpga-initcontainer' LABEL summary='Intel® FPGA programming CDI hook for Kubernetes' diff --git a/build/docker/intel-fpga-plugin.Dockerfile b/build/docker/intel-fpga-plugin.Dockerfile index 8afa7a730..46eb967e8 100644 --- a/build/docker/intel-fpga-plugin.Dockerfile +++ b/build/docker/intel-fpga-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_fpga_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-fpga-plugin' LABEL summary='Intel® FPGA device plugin for Kubernetes' diff --git a/build/docker/intel-gpu-fakedev.Dockerfile b/build/docker/intel-gpu-fakedev.Dockerfile index 56a32201e..bc5138ef7 100644 --- a/build/docker/intel-gpu-fakedev.Dockerfile +++ b/build/docker/intel-gpu-fakedev.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_gpu_fakedev"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-gpu-fakedev' LABEL summary='Fake device file generator for Intel® GPU plugin' diff --git a/build/docker/intel-gpu-initcontainer.Dockerfile b/build/docker/intel-gpu-initcontainer.Dockerfile index 4347006a6..68ccacbfd 100644 --- a/build/docker/intel-gpu-initcontainer.Dockerfile +++ b/build/docker/intel-gpu-initcontainer.Dockerfile @@ -52,12 +52,13 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -73,7 +74,8 @@ RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION ### FROM ${FINAL_BASE} LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-gpu-initcontainer' LABEL summary='Intel® GPU NFD hook for Kubernetes' diff --git a/build/docker/intel-gpu-levelzero.Dockerfile b/build/docker/intel-gpu-levelzero.Dockerfile index 49a050ee8..b4e81b80d 100644 --- a/build/docker/intel-gpu-levelzero.Dockerfile +++ b/build/docker/intel-gpu-levelzero.Dockerfile @@ -24,7 +24,9 @@ ARG ROCKYLINUX=1 ARG BUILD_BASE=rockylinux:9 ARG FINAL_BASE_DYN=registry.access.redhat.com/ubi9/ubi-minimal:9.3 ### -FROM ${BUILD_BASE} AS builder +## Use the BUILD_BASE when either the a) golang-bookworm is updated to a newer glibc +## or b) the intel-igc-core libraries are fixed to not to demand a newer glibc +FROM ${FINAL_BASE_DYN} AS builder ARG DIR=/intel-device-plugins-for-kubernetes ENV CGO_CFLAGS="-pipe -fno-plt" ENV CGO_LDFLAGS="-fstack-protector-strong -Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now,-z,noexecstack,-z,defs,-s,-w" @@ -38,14 +40,18 @@ ARG ROCKYLINUX ARG CGO_VERSION=1.23 RUN mkdir /runtime RUN if [ $ROCKYLINUX -eq 0 ]; then \ - apt-get update && apt-get install --no-install-recommends -y wget libc6-dev ca-certificates ocl-icd-libopencl1 && \ + apt-get update && apt-get install --no-install-recommends -y wget jq curl libc6-dev ocl-icd-libopencl1 gcc ca-certificates && \ + LATEST_GO=$(curl --no-progress-meter https://go.dev/dl/?mode=json | jq ".[] | select(.version | startswith(\"go${CGO_VERSION}\")).version" | tr -d "\"") && \ + wget -q https://go.dev/dl/$LATEST_GO.linux-amd64.tar.gz -O - | tar -xz -C /usr/local && \ cd /runtime && \ - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/intel-level-zero-gpu_1.3.30049.6_amd64.deb && \ - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/intel-opencl-icd_24.26.30049.6_amd64.deb && \ - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/libigdgmm12_22.3.20_amd64.deb && \ - wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.17.6/level-zero-devel_1.17.6+u22.04_amd64.deb && \ - wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.17.6/level-zero_1.17.6+u22.04_amd64.deb && \ - dpkg --ignore-depends=intel-igc-core,intel-igc-opencl -i *.deb && \ + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/intel-level-zero-gpu_1.6.32961.7_amd64.deb && \ + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/intel-opencl-icd_25.09.32961.7_amd64.deb && \ + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/libigdgmm12_22.6.0_amd64.deb && \ + wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.20.2/level-zero-devel_1.20.2+u22.04_amd64.deb && \ + wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.20.2/level-zero_1.20.2+u22.04_amd64.deb && \ + wget -q https://github.com/intel/intel-graphics-compiler/releases/download/v2.8.3/intel-igc-core-2_2.8.3+18762_amd64.deb && \ + wget -q https://github.com/intel/intel-graphics-compiler/releases/download/v2.8.3/intel-igc-opencl-2_2.8.3+18762_amd64.deb && \ + dpkg -i *.deb && \ rm -rf /var/lib/apt/lists/\*; \ else \ source /etc/os-release && dnf install -y gcc jq wget 'dnf-command(config-manager)' && \ @@ -61,14 +67,17 @@ ARG EP=/usr/local/bin/intel_gpu_levelzero ARG CMD WORKDIR ${DIR} COPY . . -RUN export PATH=$PATH:/usr/local/go/bin/ && cd cmd/${CMD} && \ +## Apply for the build phase as well as the license copy below the build. +ENV PATH=$PATH:/usr/local/go/bin/ +RUN cd cmd/${CMD} && \ GO111MODULE=on CGO_ENABLED=1 go install $CGOFLAGS --gcflags="$GCFLAGS" --asmflags="$ASMFLAGS" --ldflags="$LDFLAGS" RUN [ $ROCKYLINUX -eq 0 ] && install -D /go/bin/${CMD} /install_root${EP} || install -D /root/go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses FROM ${FINAL_BASE_DYN} ARG CMD ARG ROCKYLINUX @@ -76,7 +85,7 @@ COPY --from=builder /runtime /runtime RUN if [ $ROCKYLINUX -eq 0 ]; then \ apt-get update && apt-get install --no-install-recommends -y ocl-icd-libopencl1 && \ rm /runtime/level-zero-devel_*.deb && \ - cd /runtime && dpkg --ignore-depends=intel-igc-core,intel-igc-opencl -i *.deb && rm -rf /runtime && \ + cd /runtime && dpkg -i *.deb && rm -rf /runtime && \ rm "/lib/x86_64-linux-gnu/libze_validation"* && rm "/lib/x86_64-linux-gnu/libze_tracing_layer"*; \ else \ cp -a /runtime//*.so* /usr/lib64/ && cp -a /runtime/OpenCL /etc/ && cp -a /runtime/licenses/* /usr/share/licenses/; \ @@ -84,7 +93,8 @@ RUN if [ $ROCKYLINUX -eq 0 ]; then \ COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_gpu_levelzero"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-gpu-levelzero' LABEL summary='Intel® GPU levelzero for Kubernetes' diff --git a/build/docker/intel-gpu-plugin.Dockerfile b/build/docker/intel-gpu-plugin.Dockerfile index 5e7cb7305..ad85e6c1c 100644 --- a/build/docker/intel-gpu-plugin.Dockerfile +++ b/build/docker/intel-gpu-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_gpu_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-gpu-plugin' LABEL summary='Intel® GPU device plugin for Kubernetes' diff --git a/build/docker/intel-iaa-plugin.Dockerfile b/build/docker/intel-iaa-plugin.Dockerfile index c9c2c5f47..a4f344098 100644 --- a/build/docker/intel-iaa-plugin.Dockerfile +++ b/build/docker/intel-iaa-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_iaa_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-iaa-plugin' LABEL summary='Intel® IAA device plugin for Kubernetes' diff --git a/build/docker/intel-qat-initcontainer.Dockerfile b/build/docker/intel-qat-initcontainer.Dockerfile index 3ebb3e4fe..cf855374c 100644 --- a/build/docker/intel-qat-initcontainer.Dockerfile +++ b/build/docker/intel-qat-initcontainer.Dockerfile @@ -40,8 +40,8 @@ ARG DIR=/intel-device-plugins-for-kubernetes WORKDIR $DIR COPY . . RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -57,7 +57,8 @@ RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION ### FROM ${FINAL_BASE} LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-qat-initcontainer' LABEL summary='Intel® QAT initcontainer for Kubernetes' diff --git a/build/docker/intel-qat-plugin-kerneldrv.Dockerfile b/build/docker/intel-qat-plugin-kerneldrv.Dockerfile index 0de13d08a..19e6deb24 100644 --- a/build/docker/intel-qat-plugin-kerneldrv.Dockerfile +++ b/build/docker/intel-qat-plugin-kerneldrv.Dockerfile @@ -55,12 +55,14 @@ RUN (cd cmd/$CMD && GOFLAGS=${GOFLAGS} GO111MODULE=${GO111MODULE} CGO_ENABLED=1 RUN chmod a+x /go/bin/$CMD && install -D /go/bin/$CMD /install_root/usr/local/bin/intel_qat_device_plugin RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses FROM debian:unstable-slim LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-qat-plugin-kerneldrv' LABEL summary='Intel® QAT device plugin kerneldrv for Kubernetes' diff --git a/build/docker/intel-qat-plugin.Dockerfile b/build/docker/intel-qat-plugin.Dockerfile index 909853c00..5f6898e95 100644 --- a/build/docker/intel-qat-plugin.Dockerfile +++ b/build/docker/intel-qat-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_qat_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-qat-plugin' LABEL summary='Intel® QAT device plugin for Kubernetes' diff --git a/build/docker/intel-sgx-admissionwebhook.Dockerfile b/build/docker/intel-sgx-admissionwebhook.Dockerfile index 1675d81e9..3311cdc0c 100644 --- a/build/docker/intel-sgx-admissionwebhook.Dockerfile +++ b/build/docker/intel-sgx-admissionwebhook.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_sgx_admissionwebhook"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-sgx-admissionwebhook' LABEL summary='Intel® SGX admission controller webhook for Kubernetes' diff --git a/build/docker/intel-sgx-initcontainer.Dockerfile b/build/docker/intel-sgx-initcontainer.Dockerfile index 7b03e09bf..2eda64753 100644 --- a/build/docker/intel-sgx-initcontainer.Dockerfile +++ b/build/docker/intel-sgx-initcontainer.Dockerfile @@ -52,12 +52,13 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root RUN apt-get update && apt-get --no-install-recommends -y install musl musl-tools musl-dev SHELL ["/bin/bash", "-o", "pipefail", "-c"] @@ -73,7 +74,8 @@ RUN curl -SL https://github.com/landley/toybox/archive/refs/tags/$TOYBOX_VERSION ### FROM ${FINAL_BASE} LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-sgx-initcontainer' LABEL summary='Intel® SGX NFD hook for Kubernetes' diff --git a/build/docker/intel-sgx-plugin.Dockerfile b/build/docker/intel-sgx-plugin.Dockerfile index aba50a1eb..5a2a6dadf 100644 --- a/build/docker/intel-sgx-plugin.Dockerfile +++ b/build/docker/intel-sgx-plugin.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_sgx_device_plugin"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-sgx-plugin' LABEL summary='Intel® SGX device plugin for Kubernetes' diff --git a/build/docker/intel-xpumanager-sidecar.Dockerfile b/build/docker/intel-xpumanager-sidecar.Dockerfile index 4b6526a4f..33fcee770 100644 --- a/build/docker/intel-xpumanager-sidecar.Dockerfile +++ b/build/docker/intel-xpumanager-sidecar.Dockerfile @@ -51,15 +51,17 @@ COPY . . RUN (cd cmd/${CMD}; GO111MODULE=${GO111MODULE} GOFLAGS=${GOFLAGS} CGO_ENABLED=0 go install -gcflags="${GCFLAGS}" -asmflags="${ASMFLAGS}" -ldflags="${LDFLAGS}") && install -D /go/bin/${CMD} /install_root${EP} RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \ && if [ ! -d "licenses/$CMD" ] ; then \ - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \ --save_path /install_root/licenses/$CMD/go-licenses ; \ - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \ + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses ### FROM ${FINAL_BASE} COPY --from=builder /install_root / ENTRYPOINT ["/usr/local/bin/intel_xpumanager_sidecar"] LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' LABEL name='intel-xpumanager-sidecar' LABEL summary='Intel® xpumanager sidecar' diff --git a/build/docker/lib/default_labels.docker b/build/docker/lib/default_labels.docker index 08cde1d21..8d3eda0e0 100644 --- a/build/docker/lib/default_labels.docker +++ b/build/docker/lib/default_labels.docker @@ -1,3 +1,4 @@ LABEL vendor='Intel®' -LABEL version='0.32.0' +LABEL version='0.32.1' +LABEL maintainer="Intel®" LABEL release='1' diff --git a/build/docker/lib/default_licenses.docker b/build/docker/lib/default_licenses.docker index 824e08f8e..c7f390b65 100644 --- a/build/docker/lib/default_licenses.docker +++ b/build/docker/lib/default_licenses.docker @@ -1,5 +1,6 @@ RUN install -D ${DIR}/LICENSE /install_root/licenses/intel-device-plugins-for-kubernetes/LICENSE \N && if [ ! -d "licenses/$CMD" ] ; then \N - GO111MODULE=on go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \N + GO111MODULE=on GOROOT=$(go env GOROOT) go run github.com/google/go-licenses@${GOLICENSES_VERSION} save "./cmd/$CMD" \N --save_path /install_root/licenses/$CMD/go-licenses ; \N - else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi + else mkdir -p /install_root/licenses/$CMD/go-licenses/ && cd licenses/$CMD && cp -r * /install_root/licenses/$CMD/go-licenses/ ; fi && \N + echo "Verifying installed licenses" && test -e /install_root/licenses/$CMD/go-licenses diff --git a/build/docker/lib/toybox_build.docker b/build/docker/lib/toybox_build.docker index 203a97721..b22325898 100644 --- a/build/docker/lib/toybox_build.docker +++ b/build/docker/lib/toybox_build.docker @@ -1,5 +1,5 @@ -ARG TOYBOX_VERSION="0.8.11" -ARG TOYBOX_SHA256="83a3a88cbe1fa30f099c2f58295baef4637aaf988085aaea56e03aa29168175d" +ARG TOYBOX_VERSION="0.8.12" +ARG TOYBOX_SHA256="3c529d93923dde67d048e7bcbd5d1bc0dd1ad09362269e2415f5f2eaab349b5b" ARG ROOT=/install_root diff --git a/build/docker/templates/intel-gpu-levelzero.Dockerfile.in b/build/docker/templates/intel-gpu-levelzero.Dockerfile.in index b95ad6f6c..e831d1c87 100644 --- a/build/docker/templates/intel-gpu-levelzero.Dockerfile.in +++ b/build/docker/templates/intel-gpu-levelzero.Dockerfile.in @@ -12,7 +12,9 @@ ARG BUILD_BASE=rockylinux:9 ARG FINAL_BASE_DYN=registry.access.redhat.com/ubi9/ubi-minimal:9.3 ### -FROM ${BUILD_BASE} AS builder +## Use the BUILD_BASE when either the a) golang-bookworm is updated to a newer glibc +## or b) the intel-igc-core libraries are fixed to not to demand a newer glibc +FROM ${FINAL_BASE_DYN} AS builder ARG DIR=/intel-device-plugins-for-kubernetes @@ -31,14 +33,18 @@ ARG CGO_VERSION=1.23 RUN mkdir /runtime RUN if [ $ROCKYLINUX -eq 0 ]; then \N - apt-get update && apt-get install --no-install-recommends -y wget libc6-dev ca-certificates ocl-icd-libopencl1 && \N + apt-get update && apt-get install --no-install-recommends -y wget jq curl libc6-dev ocl-icd-libopencl1 gcc ca-certificates && \N + LATEST_GO=$(curl --no-progress-meter https://go.dev/dl/?mode=json | jq ".[] | select(.version | startswith(\"go${CGO_VERSION}\")).version" | tr -d "\"") && \N + wget -q https://go.dev/dl/$LATEST_GO.linux-amd64.tar.gz -O - | tar -xz -C /usr/local && \N cd /runtime && \N - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/intel-level-zero-gpu_1.3.30049.6_amd64.deb && \N - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/intel-opencl-icd_24.26.30049.6_amd64.deb && \N - wget -q https://github.com/intel/compute-runtime/releases/download/24.26.30049.6/libigdgmm12_22.3.20_amd64.deb && \N - wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.17.6/level-zero-devel_1.17.6+u22.04_amd64.deb && \N - wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.17.6/level-zero_1.17.6+u22.04_amd64.deb && \N - dpkg --ignore-depends=intel-igc-core,intel-igc-opencl -i *.deb && \N + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/intel-level-zero-gpu_1.6.32961.7_amd64.deb && \N + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/intel-opencl-icd_25.09.32961.7_amd64.deb && \N + wget -q https://github.com/intel/compute-runtime/releases/download/25.09.32961.7/libigdgmm12_22.6.0_amd64.deb && \N + wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.20.2/level-zero-devel_1.20.2+u22.04_amd64.deb && \N + wget -q https://github.com/oneapi-src/level-zero/releases/download/v1.20.2/level-zero_1.20.2+u22.04_amd64.deb && \N + wget -q https://github.com/intel/intel-graphics-compiler/releases/download/v2.8.3/intel-igc-core-2_2.8.3+18762_amd64.deb && \N + wget -q https://github.com/intel/intel-graphics-compiler/releases/download/v2.8.3/intel-igc-opencl-2_2.8.3+18762_amd64.deb && \N + dpkg -i *.deb && \N rm -rf /var/lib/apt/lists/\*; \N else \N source /etc/os-release && dnf install -y gcc jq wget 'dnf-command(config-manager)' && \N @@ -57,7 +63,10 @@ ARG CMD WORKDIR ${DIR} COPY . . -RUN export PATH=$PATH:/usr/local/go/bin/ && cd cmd/${CMD} && \N +## Apply for the build phase as well as the license copy below the build. +ENV PATH=$PATH:/usr/local/go/bin/ + +RUN cd cmd/${CMD} && \N GO111MODULE=on CGO_ENABLED=1 go install $CGOFLAGS --gcflags="$GCFLAGS" --asmflags="$ASMFLAGS" --ldflags="$LDFLAGS" RUN [ $ROCKYLINUX -eq 0 ] && install -D /go/bin/${CMD} /install_root${EP} || install -D /root/go/bin/${CMD} /install_root${EP} @@ -73,7 +82,7 @@ COPY --from=builder /runtime /runtime RUN if [ $ROCKYLINUX -eq 0 ]; then \N apt-get update && apt-get install --no-install-recommends -y ocl-icd-libopencl1 && \N rm /runtime/level-zero-devel_*.deb && \N - cd /runtime && dpkg --ignore-depends=intel-igc-core,intel-igc-opencl -i *.deb && rm -rf /runtime && \N + cd /runtime && dpkg -i *.deb && rm -rf /runtime && \N rm "/lib/x86_64-linux-gnu/libze_validation"* && rm "/lib/x86_64-linux-gnu/libze_tracing_layer"*; \N else \N cp -a /runtime//*.so* /usr/lib64/ && cp -a /runtime/OpenCL /etc/ && cp -a /runtime/licenses/* /usr/share/licenses/; \N diff --git a/build/docker/toybox-config-static b/build/docker/toybox-config-static index c0dd9434b..203cb5bac 100644 --- a/build/docker/toybox-config-static +++ b/build/docker/toybox-config-static @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # ToyBox version: KCONFIG_VERSION -# Tue Apr 23 18:03:07 2024 +# Wed Mar 19 11:18:16 2025 # # CONFIG_TOYBOX_ON_ANDROID is not set CONFIG_TOYBOX_FORK=y @@ -105,6 +105,7 @@ CONFIG_TEST_GLUE=y # # CONFIG_ARP is not set # CONFIG_ARPING is not set +# CONFIG_AWK is not set # CONFIG_BC is not set # CONFIG_BOOTCHARTD is not set # CONFIG_BRCTL is not set @@ -138,22 +139,18 @@ CONFIG_TEST_GLUE=y # CONFIG_IPCRM is not set # CONFIG_IPCS is not set # CONFIG_KLOGD is not set -# CONFIG_KLOGD_SOURCE_RING_BUFFER is not set # CONFIG_LAST is not set # CONFIG_LSOF is not set # CONFIG_MAN is not set # CONFIG_MDEV is not set # CONFIG_MDEV_CONF is not set -# CONFIG_MKE2FS is not set -# CONFIG_MKE2FS_JOURNAL is not set -# CONFIG_MKE2FS_GEN is not set -# CONFIG_MKE2FS_LABEL is not set -# CONFIG_MKE2FS_EXTENDED is not set # CONFIG_MODPROBE is not set # CONFIG_MORE is not set # CONFIG_ROUTE is not set CONFIG_SH=y +# CONFIG_BREAK is not set # CONFIG_CD is not set +# CONFIG_CONTINUE is not set # CONFIG_DECLARE is not set # CONFIG_EXIT is not set # CONFIG_SET is not set @@ -163,6 +160,7 @@ CONFIG_SH=y # CONFIG_EXPORT is not set # CONFIG_JOBS is not set # CONFIG_LOCAL is not set +# CONFIG_RETURN is not set # CONFIG_SHIFT is not set # CONFIG_SOURCE is not set # CONFIG_WAIT is not set @@ -237,7 +235,7 @@ CONFIG_SH=y # CONFIG_LSATTR is not set # CONFIG_CHATTR is not set # CONFIG_LSMOD is not set -CONFIG_LSPCI=y +# CONFIG_LSPCI is not set # CONFIG_LSUSB is not set # CONFIG_MAKEDEVS is not set # CONFIG_MCOOKIE is not set diff --git a/build/docker/toybox-config-ubi9-micro b/build/docker/toybox-config-ubi9-micro index b734a9525..e37766b6f 100644 --- a/build/docker/toybox-config-ubi9-micro +++ b/build/docker/toybox-config-ubi9-micro @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # ToyBox version: KCONFIG_VERSION -# Wed Sep 6 10:24:35 2023 +# Wed Mar 19 11:21:03 2025 # # CONFIG_TOYBOX_ON_ANDROID is not set CONFIG_TOYBOX_FORK=y @@ -35,6 +35,7 @@ CONFIG_TOYBOX_FORK=y # CONFIG_FALSE is not set # CONFIG_FILE is not set # CONFIG_FIND is not set +# CONFIG_FOLD is not set # CONFIG_GETCONF is not set CONFIG_GREP=y CONFIG_EGREP=y @@ -86,10 +87,10 @@ CONFIG_FGREP=y # CONFIG_TIME is not set # CONFIG_TOUCH is not set # CONFIG_TRUE is not set +# CONFIG_TSORT is not set # CONFIG_TTY is not set # CONFIG_ULIMIT is not set # CONFIG_ARCH is not set -# CONFIG_LINUX32 is not set # CONFIG_UNAME is not set # CONFIG_UNIQ is not set # CONFIG_UNLINK is not set @@ -104,12 +105,14 @@ CONFIG_FGREP=y # # CONFIG_ARP is not set # CONFIG_ARPING is not set +# CONFIG_AWK is not set # CONFIG_BC is not set # CONFIG_BOOTCHARTD is not set # CONFIG_BRCTL is not set # CONFIG_CHSH is not set # CONFIG_CROND is not set # CONFIG_CRONTAB is not set +# CONFIG_CSPLIT is not set # CONFIG_DHCP is not set # CONFIG_DHCP6 is not set # CONFIG_DHCPD is not set @@ -118,10 +121,8 @@ CONFIG_FGREP=y # CONFIG_DUMPLEASES is not set # CONFIG_EXPR is not set # CONFIG_FDISK is not set -# CONFIG_FOLD is not set # CONFIG_FSCK is not set # CONFIG_GETFATTR is not set -# CONFIG_GETOPT is not set # CONFIG_GETTY is not set # CONFIG_GITCOMPAT is not set # CONFIG_GITCLONE is not set @@ -138,22 +139,18 @@ CONFIG_FGREP=y # CONFIG_IPCRM is not set # CONFIG_IPCS is not set # CONFIG_KLOGD is not set -# CONFIG_KLOGD_SOURCE_RING_BUFFER is not set # CONFIG_LAST is not set # CONFIG_LSOF is not set # CONFIG_MAN is not set # CONFIG_MDEV is not set # CONFIG_MDEV_CONF is not set -# CONFIG_MKE2FS is not set -# CONFIG_MKE2FS_JOURNAL is not set -# CONFIG_MKE2FS_GEN is not set -# CONFIG_MKE2FS_LABEL is not set -# CONFIG_MKE2FS_EXTENDED is not set # CONFIG_MODPROBE is not set # CONFIG_MORE is not set # CONFIG_ROUTE is not set # CONFIG_SH is not set +# CONFIG_BREAK is not set # CONFIG_CD is not set +# CONFIG_CONTINUE is not set # CONFIG_DECLARE is not set # CONFIG_EXIT is not set # CONFIG_SET is not set @@ -163,6 +160,7 @@ CONFIG_FGREP=y # CONFIG_EXPORT is not set # CONFIG_JOBS is not set # CONFIG_LOCAL is not set +# CONFIG_RETURN is not set # CONFIG_SHIFT is not set # CONFIG_SOURCE is not set # CONFIG_WAIT is not set @@ -213,6 +211,7 @@ CONFIG_FGREP=y # CONFIG_FREERAMDISK is not set # CONFIG_FSFREEZE is not set # CONFIG_FSYNC is not set +# CONFIG_GETOPT is not set # CONFIG_GPIODETECT is not set # CONFIG_GPIOFIND is not set # CONFIG_GPIOINFO is not set @@ -230,15 +229,17 @@ CONFIG_FGREP=y # CONFIG_INSMOD is not set # CONFIG_IONICE is not set # CONFIG_IORENICE is not set +# CONFIG_LINUX32 is not set # CONFIG_LOGIN is not set # CONFIG_LOSETUP is not set # CONFIG_LSATTR is not set # CONFIG_CHATTR is not set # CONFIG_LSMOD is not set -CONFIG_LSPCI=y +# CONFIG_LSPCI is not set # CONFIG_LSUSB is not set # CONFIG_MAKEDEVS is not set # CONFIG_MCOOKIE is not set +# CONFIG_MEMEATER is not set # CONFIG_MIX is not set # CONFIG_MKPASSWD is not set # CONFIG_MKSWAP is not set @@ -282,6 +283,7 @@ CONFIG_LSPCI=y # CONFIG_TASKSET is not set # CONFIG_TIMEOUT is not set # CONFIG_TRUNCATE is not set +# CONFIG_TS is not set # CONFIG_UCLAMPSET is not set # CONFIG_UPTIME is not set # CONFIG_USLEEP is not set @@ -382,6 +384,7 @@ CONFIG_TOYBOX_LSM_NONE=y # CONFIG_TOYBOX_FLOAT is not set # CONFIG_TOYBOX_HELP is not set # CONFIG_TOYBOX_HELP_DASHDASH is not set +# CONFIG_TOYBOX_ZHELP is not set # CONFIG_TOYBOX_FREE is not set # CONFIG_TOYBOX_NORECURSE is not set # CONFIG_TOYBOX_DEBUG is not set diff --git a/demo/dlb-libdlb-demo-pf-pod.yaml b/demo/dlb-libdlb-demo-pf-pod.yaml index 374c24d30..b85668000 100644 --- a/demo/dlb-libdlb-demo-pf-pod.yaml +++ b/demo/dlb-libdlb-demo-pf-pod.yaml @@ -6,7 +6,7 @@ spec: restartPolicy: Never containers: - name: dlb-libdlb-demo-pf-pod - image: intel/dlb-libdlb-demo:0.32.0 + image: intel/dlb-libdlb-demo:0.32.1 imagePullPolicy: IfNotPresent resources: limits: diff --git a/demo/dlb-libdlb-demo-pod.yaml b/demo/dlb-libdlb-demo-pod.yaml index 9a396a7cb..69bb899ac 100644 --- a/demo/dlb-libdlb-demo-pod.yaml +++ b/demo/dlb-libdlb-demo-pod.yaml @@ -6,7 +6,7 @@ spec: restartPolicy: Never containers: - name: pf - image: intel/dlb-libdlb-demo:0.32.0 + image: intel/dlb-libdlb-demo:0.32.1 imagePullPolicy: IfNotPresent resources: limits: @@ -18,7 +18,7 @@ spec: cpu: 1 memory: 200Mi - name: vf - image: intel/dlb-libdlb-demo:0.32.0 + image: intel/dlb-libdlb-demo:0.32.1 imagePullPolicy: IfNotPresent resources: limits: diff --git a/demo/dlb-libdlb-demo-vf-pod.yaml b/demo/dlb-libdlb-demo-vf-pod.yaml index 1797a1fed..e85d29e70 100644 --- a/demo/dlb-libdlb-demo-vf-pod.yaml +++ b/demo/dlb-libdlb-demo-vf-pod.yaml @@ -6,7 +6,7 @@ spec: restartPolicy: Never containers: - name: dlb-libdlb-demo-vf-pod - image: intel/dlb-libdlb-demo:0.32.0 + image: intel/dlb-libdlb-demo:0.32.1 command: [ "sh", "-c", "/usr/local/bin/dir_traffic -n 8 -w epoll -d $(ls /dev/dlb* | sed 's/\\/dev\\/dlb//')" ] imagePullPolicy: IfNotPresent resources: diff --git a/demo/dsa-accel-config-demo-pod.yaml b/demo/dsa-accel-config-demo-pod.yaml index fb77522bd..fa32582a1 100644 --- a/demo/dsa-accel-config-demo-pod.yaml +++ b/demo/dsa-accel-config-demo-pod.yaml @@ -7,7 +7,7 @@ metadata: spec: containers: - name: dsa-accel-config-demo - image: intel/accel-config-demo:0.32.0 + image: intel/accel-config-demo:0.32.1 imagePullPolicy: IfNotPresent workingDir: "/usr/libexec/accel-config/test/" command: diff --git a/demo/iaa-accel-config-demo-pod.yaml b/demo/iaa-accel-config-demo-pod.yaml index ebaca3984..4aaa4f7a1 100644 --- a/demo/iaa-accel-config-demo-pod.yaml +++ b/demo/iaa-accel-config-demo-pod.yaml @@ -7,7 +7,7 @@ metadata: spec: containers: - name: iaa-accel-config-demo - image: intel/accel-config-demo:0.32.0 + image: intel/accel-config-demo:0.32.1 workingDir: "/usr/libexec/accel-config/test/" command: - "./iaa_user_test_runner.sh" diff --git a/demo/intelfpga-job.yaml b/demo/intelfpga-job.yaml index ec2fc77ca..87cde7ca0 100644 --- a/demo/intelfpga-job.yaml +++ b/demo/intelfpga-job.yaml @@ -13,7 +13,7 @@ spec: restartPolicy: Never containers: - name: intelfpga-demo-job-1 - image: intel/opae-nlb-demo:0.32.0 + image: intel/opae-nlb-demo:0.32.1 imagePullPolicy: IfNotPresent securityContext: capabilities: diff --git a/demo/qat-autoreset.sh b/demo/qat-autoreset.sh index 0e1441759..49cd36d5a 100755 --- a/demo/qat-autoreset.sh +++ b/demo/qat-autoreset.sh @@ -1,12 +1,20 @@ #!/usr/bin/env bash NODE_NAME="${NODE_NAME:-}" ENABLED_QAT_PF_PCIIDS=${ENABLED_QAT_PF_PCIIDS:-37c8 4940 4942 4944 4946} -DEVS=$(for pf in $ENABLED_QAT_PF_PCIIDS; do lspci -n | grep -e "$pf" | grep -o -e "^\\S*"; done) AUTORESET_ENABLED="NONE" AUTORESET_ENABLED_FOUND="FALSE" AUTORESET_OPTIONS_LIST="on off" +DEVS="" +for DEV in $(realpath /sys/bus/pci/devices/*); do + for PF in $ENABLED_QAT_PF_PCIIDS; do + if grep -q "$PF" "$DEV"/device; then + DEVS="$DEV $DEVS" + fi + done +done + check_config() { [ -f "conf/qat.conf" ] && AUTORESET_ENABLED=$(grep "^AutoresetEnabled=" conf/qat.conf | cut -d= -f 2 | grep '\S') [ -f "conf/qat-$NODE_NAME.conf" ] && AUTORESET_ENABLED=$(grep "^AutoresetEnabled=" conf/qat-"$NODE_NAME".conf | cut -d= -f 2 | grep '\S') @@ -25,9 +33,8 @@ check_config() { enable_auto_reset() { if [ "$AUTORESET_ENABLED_FOUND" = "TRUE" ]; then - for dev in $DEVS; do - devpath="/sys/bus/pci/devices/0000:$dev" - autoreset_path="$devpath/qat/auto_reset" + for devpath in $DEVS; do + autoreset_path="$devpath"/qat/auto_reset if ! test -w "$autoreset_path"; then echo "error: $autoreset_path is not found or not writable. Check if QAT driver module is loaded. Skipping..." exit 1 diff --git a/demo/qat-init.sh b/demo/qat-init.sh index 98a3e337e..a3ad6a842 100755 --- a/demo/qat-init.sh +++ b/demo/qat-init.sh @@ -2,7 +2,6 @@ # This script is based on qatlib's qat_init.sh NODE_NAME="${NODE_NAME:-}" ENABLED_QAT_PF_PCIIDS=${ENABLED_QAT_PF_PCIIDS:-37c8 4940 4942 4944 4946} -DEVS=$(for pf in $ENABLED_QAT_PF_PCIIDS; do lspci -n | grep -e "$pf" | grep -o -e "^\\S*"; done) SERVICES_LIST="sym asym sym;asym dc sym;dc asym;dc" QAT_4XXX_DEVICE_PCI_ID="0x4940" QAT_401XX_DEVICE_PCI_ID="0x4942" @@ -11,6 +10,15 @@ QAT_420XX_DEVICE_PCI_ID="0x4946" SERVICES_ENABLED="NONE" SERVICES_ENABLED_FOUND="FALSE" +DEVS="" +for DEV in $(realpath /sys/bus/pci/devices/*); do + for PF in $ENABLED_QAT_PF_PCIIDS; do + if grep -q "$PF" "$DEV"/device; then + DEVS="$DEV $DEVS" + fi + done +done + check_config() { [ -f "conf/qat.conf" ] && SERVICES_ENABLED=$(grep "^ServicesEnabled=" conf/qat.conf | cut -d= -f 2 | grep '\S') [ -f "conf/qat-$NODE_NAME.conf" ] && SERVICES_ENABLED=$(grep "^ServicesEnabled=" conf/qat-"$NODE_NAME".conf | cut -d= -f 2 | grep '\S') @@ -29,8 +37,7 @@ check_config() { sysfs_config() { if [ "$SERVICES_ENABLED_FOUND" = "TRUE" ]; then - for dev in $DEVS; do - DEVPATH="/sys/bus/pci/devices/0000:$dev" + for DEVPATH in $DEVS; do PCI_DEV=$(cat "$DEVPATH"/device 2> /dev/null) if [ "$PCI_DEV" != "$QAT_4XXX_DEVICE_PCI_ID" ] && [ "$PCI_DEV" != "$QAT_401XX_DEVICE_PCI_ID" ] && [ "$PCI_DEV" != "$QAT_402XX_DEVICE_PCI_ID" ] && [ "$PCI_DEV" != "$QAT_420XX_DEVICE_PCI_ID" ]; then continue @@ -45,15 +52,14 @@ sysfs_config() { echo "$SERVICES_ENABLED" > "$DEVPATH"/qat/cfg_services CURRENT_SERVICES=$(cat "$DEVPATH"/qat/cfg_services) fi - echo "Device $dev configured with services: $CURRENT_SERVICES" + echo "Device $DEVPATH configured with services: $CURRENT_SERVICES" done fi } enable_sriov() { - for dev in $DEVS; do - DEVPATH="/sys/bus/pci/devices/0000:$dev" - NUMVFS="$DEVPATH/sriov_numvfs" + for DEVPATH in $DEVS; do + NUMVFS="$DEVPATH"/sriov_numvfs if ! test -w "$NUMVFS"; then echo "error: $NUMVFS is not found or not writable. Check if QAT driver module is loaded" exit 1 @@ -65,7 +71,7 @@ enable_sriov() { if [ "$(cat "$NUMVFS")" -ne 0 ]; then echo "$DEVPATH already configured" else - tee "$NUMVFS" < "$DEVPATH/sriov_totalvfs" + tee "$NUMVFS" < "$DEVPATH"/sriov_totalvfs VFDEVS=$(realpath -L "$DEVPATH"/virtfn*) for vfdev in $VFDEVS; do BSF=$(basename "$vfdev") diff --git a/demo/test-fpga-orchestrated.yaml b/demo/test-fpga-orchestrated.yaml index 4d5217c86..40a050c01 100644 --- a/demo/test-fpga-orchestrated.yaml +++ b/demo/test-fpga-orchestrated.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: test-container - image: intel/opae-nlb-demo:0.32.0 + image: intel/opae-nlb-demo:0.32.1 imagePullPolicy: IfNotPresent securityContext: capabilities: diff --git a/demo/test-fpga-preprogrammed.yaml b/demo/test-fpga-preprogrammed.yaml index 9f77fbe20..b4a7a462f 100644 --- a/demo/test-fpga-preprogrammed.yaml +++ b/demo/test-fpga-preprogrammed.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: test-container - image: intel/opae-nlb-demo:0.32.0 + image: intel/opae-nlb-demo:0.32.1 imagePullPolicy: IfNotPresent securityContext: capabilities: diff --git a/deployments/dlb_plugin/base/intel-dlb-plugin.yaml b/deployments/dlb_plugin/base/intel-dlb-plugin.yaml index dcdc095a2..845ec8d42 100644 --- a/deployments/dlb_plugin/base/intel-dlb-plugin.yaml +++ b/deployments/dlb_plugin/base/intel-dlb-plugin.yaml @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-dlb-plugin:0.32.0 + image: intel/intel-dlb-plugin:0.32.1 imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true diff --git a/deployments/dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml b/deployments/dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml index 25b397411..75096f2f6 100644 --- a/deployments/dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml +++ b/deployments/dlb_plugin/overlays/dlb_initcontainer/dlb_initcontainer.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: intel-dlb-initcontainer - image: intel/intel-dlb-initcontainer:0.32.0 + image: intel/intel-dlb-initcontainer:0.32.1 securityContext: readOnlyRootFilesystem: true privileged: true diff --git a/deployments/dsa_plugin/base/intel-dsa-plugin.yaml b/deployments/dsa_plugin/base/intel-dsa-plugin.yaml index 25431b35c..b957f7baa 100644 --- a/deployments/dsa_plugin/base/intel-dsa-plugin.yaml +++ b/deployments/dsa_plugin/base/intel-dsa-plugin.yaml @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-dsa-plugin:0.32.0 + image: intel/intel-dsa-plugin:0.32.1 imagePullPolicy: IfNotPresent securityContext: seLinuxOptions: diff --git a/deployments/dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml b/deployments/dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml index 4206ec021..d902ac19b 100644 --- a/deployments/dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml +++ b/deployments/dsa_plugin/overlays/dsa_initcontainer/dsa_initcontainer.yaml @@ -12,7 +12,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-idxd-config-initcontainer:0.32.0 + image: intel/intel-idxd-config-initcontainer:0.32.1 securityContext: seLinuxOptions: type: "container_device_plugin_init_t" diff --git a/deployments/fpga_admissionwebhook/manager/manager.yaml b/deployments/fpga_admissionwebhook/manager/manager.yaml index 027208107..fc342063e 100644 --- a/deployments/fpga_admissionwebhook/manager/manager.yaml +++ b/deployments/fpga_admissionwebhook/manager/manager.yaml @@ -16,7 +16,7 @@ spec: control-plane: controller-manager spec: containers: - - image: intel/intel-fpga-admissionwebhook:0.32.0 + - image: intel/intel-fpga-admissionwebhook:0.32.1 imagePullPolicy: IfNotPresent name: manager securityContext: diff --git a/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml b/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml index 0ccc83b28..35d9f966f 100644 --- a/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml +++ b/deployments/fpga_plugin/base/intel-fpga-plugin-daemonset.yaml @@ -21,7 +21,7 @@ spec: spec: initContainers: - name: intel-fpga-initcontainer - image: intel/intel-fpga-initcontainer:0.32.0 + image: intel/intel-fpga-initcontainer:0.32.1 imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true @@ -36,7 +36,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-fpga-plugin:0.32.0 + image: intel/intel-fpga-plugin:0.32.1 imagePullPolicy: IfNotPresent args: - -mode=af diff --git a/deployments/gpu_plugin/base/intel-gpu-plugin.yaml b/deployments/gpu_plugin/base/intel-gpu-plugin.yaml index 840cca5ab..a09bfa272 100644 --- a/deployments/gpu_plugin/base/intel-gpu-plugin.yaml +++ b/deployments/gpu_plugin/base/intel-gpu-plugin.yaml @@ -29,7 +29,7 @@ spec: valueFrom: fieldRef: fieldPath: status.hostIP - image: intel/intel-gpu-plugin:0.32.0 + image: intel/intel-gpu-plugin:0.32.1 imagePullPolicy: IfNotPresent securityContext: seLinuxOptions: diff --git a/deployments/gpu_plugin/overlays/levelzero/levelzero.yaml b/deployments/gpu_plugin/overlays/levelzero/levelzero.yaml index df259719b..b271daf3a 100644 --- a/deployments/gpu_plugin/overlays/levelzero/levelzero.yaml +++ b/deployments/gpu_plugin/overlays/levelzero/levelzero.yaml @@ -2,7 +2,7 @@ path: /spec/template/spec/containers/- value: name: intel-gpu-levelzero - image: intel/intel-gpu-levelzero:0.32.0 + image: intel/intel-gpu-levelzero:0.32.1 imagePullPolicy: IfNotPresent args: - "-v=2" diff --git a/deployments/gpu_tensorflow_test/deployment.yaml b/deployments/gpu_tensorflow_test/deployment.yaml index 261602a0e..8b6647fd0 100644 --- a/deployments/gpu_tensorflow_test/deployment.yaml +++ b/deployments/gpu_tensorflow_test/deployment.yaml @@ -6,7 +6,7 @@ spec: restartPolicy: Never containers: - name: testcontainer - image: intel/intel-extension-for-tensorflow:0.32.0 + image: intel/intel-extension-for-tensorflow:0.32.1 imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false diff --git a/deployments/iaa_plugin/base/intel-iaa-plugin.yaml b/deployments/iaa_plugin/base/intel-iaa-plugin.yaml index 25af0af9c..27d6245fa 100644 --- a/deployments/iaa_plugin/base/intel-iaa-plugin.yaml +++ b/deployments/iaa_plugin/base/intel-iaa-plugin.yaml @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-iaa-plugin:0.32.0 + image: intel/intel-iaa-plugin:0.32.1 imagePullPolicy: IfNotPresent securityContext: seLinuxOptions: diff --git a/deployments/iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml b/deployments/iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml index 8e3f912f6..d59bf56f5 100644 --- a/deployments/iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml +++ b/deployments/iaa_plugin/overlays/iaa_initcontainer/iaa_initcontainer.yaml @@ -14,7 +14,7 @@ spec: fieldPath: spec.nodeName - name: DEVICE_TYPE value: "iaa" - image: intel/intel-idxd-config-initcontainer:0.32.0 + image: intel/intel-idxd-config-initcontainer:0.32.1 securityContext: seLinuxOptions: type: "container_device_plugin_init_t" diff --git a/deployments/operator/manager/manager.yaml b/deployments/operator/manager/manager.yaml index f04ffecba..bf4ff87a3 100644 --- a/deployments/operator/manager/manager.yaml +++ b/deployments/operator/manager/manager.yaml @@ -4,6 +4,9 @@ metadata: labels: control-plane: controller-manager manager: intel-deviceplugin-operator + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged name: system --- apiVersion: apps/v1 @@ -27,7 +30,7 @@ spec: manager: intel-deviceplugin-operator spec: containers: - - image: docker.io/intel/intel-deviceplugin-operator:0.32.0 + - image: docker.io/intel/intel-deviceplugin-operator:0.32.1 imagePullPolicy: IfNotPresent name: manager args: diff --git a/deployments/operator/manifests/bases/intel-device-plugins-operator.clusterserviceversion.yaml b/deployments/operator/manifests/bases/intel-device-plugins-operator.clusterserviceversion.yaml index f5850fe8c..bd255461c 100644 --- a/deployments/operator/manifests/bases/intel-device-plugins-operator.clusterserviceversion.yaml +++ b/deployments/operator/manifests/bases/intel-device-plugins-operator.clusterserviceversion.yaml @@ -5,7 +5,7 @@ metadata: alm-examples: '[]' capabilities: Seamless Upgrades categories: Drivers and plugins - containerImage: docker.io/intel/intel-deviceplugin-operator:0.32.0 + containerImage: docker.io/intel/intel-deviceplugin-operator:0.32.1 createdAt: "2022-11-09" description: This operator is a Kubernetes custom controller whose goal is to serve the installation and lifecycle management of Intel device plugins for diff --git a/deployments/operator/samples/deviceplugin_v1_dlbdeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_dlbdeviceplugin.yaml index 3fd04bccf..f7767fb07 100644 --- a/deployments/operator/samples/deviceplugin_v1_dlbdeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_dlbdeviceplugin.yaml @@ -3,8 +3,8 @@ kind: DlbDevicePlugin metadata: name: dlbdeviceplugin-sample spec: - image: intel/intel-dlb-plugin:0.32.0 - initImage: intel/intel-dlb-initcontainer:0.32.0 + image: intel/intel-dlb-plugin:0.32.1 + initImage: intel/intel-dlb-initcontainer:0.32.1 logLevel: 4 nodeSelector: intel.feature.node.kubernetes.io/dlb: 'true' diff --git a/deployments/operator/samples/deviceplugin_v1_dsadeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_dsadeviceplugin.yaml index d736e84b5..f76a05b11 100644 --- a/deployments/operator/samples/deviceplugin_v1_dsadeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_dsadeviceplugin.yaml @@ -3,8 +3,8 @@ kind: DsaDevicePlugin metadata: name: dsadeviceplugin-sample spec: - image: intel/intel-dsa-plugin:0.32.0 - initImage: intel/intel-idxd-config-initcontainer:0.32.0 + image: intel/intel-dsa-plugin:0.32.1 + initImage: intel/intel-idxd-config-initcontainer:0.32.1 sharedDevNum: 10 logLevel: 4 nodeSelector: diff --git a/deployments/operator/samples/deviceplugin_v1_fpgadeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_fpgadeviceplugin.yaml index 4a61840f7..f3d72a377 100644 --- a/deployments/operator/samples/deviceplugin_v1_fpgadeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_fpgadeviceplugin.yaml @@ -3,8 +3,8 @@ kind: FpgaDevicePlugin metadata: name: fpgadeviceplugin-sample spec: - image: intel/intel-fpga-plugin:0.32.0 - initImage: intel/intel-fpga-initcontainer:0.32.0 + image: intel/intel-fpga-plugin:0.32.1 + initImage: intel/intel-fpga-initcontainer:0.32.1 mode: region logLevel: 4 nodeSelector: diff --git a/deployments/operator/samples/deviceplugin_v1_gpudeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_gpudeviceplugin.yaml index 65e394e63..24b1d2f41 100644 --- a/deployments/operator/samples/deviceplugin_v1_gpudeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_gpudeviceplugin.yaml @@ -3,7 +3,7 @@ kind: GpuDevicePlugin metadata: name: gpudeviceplugin-sample spec: - image: intel/intel-gpu-plugin:0.32.0 + image: intel/intel-gpu-plugin:0.32.1 sharedDevNum: 10 logLevel: 4 enableMonitoring: true diff --git a/deployments/operator/samples/deviceplugin_v1_iaadeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_iaadeviceplugin.yaml index c77d7e553..f6910c5f5 100644 --- a/deployments/operator/samples/deviceplugin_v1_iaadeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_iaadeviceplugin.yaml @@ -3,8 +3,8 @@ kind: IaaDevicePlugin metadata: name: iaadeviceplugin-sample spec: - image: intel/intel-iaa-plugin:0.32.0 - initImage: intel/intel-idxd-config-initcontainer:0.32.0 + image: intel/intel-iaa-plugin:0.32.1 + initImage: intel/intel-idxd-config-initcontainer:0.32.1 sharedDevNum: 10 logLevel: 4 nodeSelector: diff --git a/deployments/operator/samples/deviceplugin_v1_qatdeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_qatdeviceplugin.yaml index bf0ace068..1ae1deef1 100644 --- a/deployments/operator/samples/deviceplugin_v1_qatdeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_qatdeviceplugin.yaml @@ -3,8 +3,8 @@ kind: QatDevicePlugin metadata: name: qatdeviceplugin-sample spec: - image: intel/intel-qat-plugin:0.32.0 - initImage: intel/intel-qat-initcontainer:0.32.0 + image: intel/intel-qat-plugin:0.32.1 + initImage: intel/intel-qat-initcontainer:0.32.1 dpdkDriver: vfio-pci kernelVfDrivers: - 4xxxvf diff --git a/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml b/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml index 5ebba3557..f8e3c25f5 100644 --- a/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml +++ b/deployments/operator/samples/deviceplugin_v1_sgxdeviceplugin.yaml @@ -3,7 +3,7 @@ kind: SgxDevicePlugin metadata: name: sgxdeviceplugin-sample spec: - image: intel/intel-sgx-plugin:0.32.0 + image: intel/intel-sgx-plugin:0.32.1 enclaveLimit: 110 provisionLimit: 110 logLevel: 4 diff --git a/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-dc.yaml b/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-dc.yaml index 7de5f1fdd..35de0ac0a 100644 --- a/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-dc.yaml +++ b/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-dc.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: compress-perf - image: intel/crypto-perf:0.32.0 + image: intel/crypto-perf:0.32.1 imagePullPolicy: IfNotPresent env: - name: TESTCMD diff --git a/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-generic.yaml b/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-generic.yaml index 7de5f1fdd..35de0ac0a 100644 --- a/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-generic.yaml +++ b/deployments/qat_dpdk_app/compress-perf/compress-perf-dpdk-pod-requesting-qat-generic.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: compress-perf - image: intel/crypto-perf:0.32.0 + image: intel/crypto-perf:0.32.1 imagePullPolicy: IfNotPresent env: - name: TESTCMD diff --git a/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-cy.yaml b/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-cy.yaml index 7021970c2..8aa42fce3 100644 --- a/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-cy.yaml +++ b/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-cy.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: crypto-perf - image: intel/crypto-perf:0.32.0 + image: intel/crypto-perf:0.32.1 imagePullPolicy: IfNotPresent env: - name: TESTCMD diff --git a/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-generic.yaml b/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-generic.yaml index 4a068aa7a..985190240 100644 --- a/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-generic.yaml +++ b/deployments/qat_dpdk_app/crypto-perf/crypto-perf-dpdk-pod-requesting-qat-generic.yaml @@ -5,7 +5,7 @@ metadata: spec: containers: - name: crypto-perf - image: intel/crypto-perf:0.32.0 + image: intel/crypto-perf:0.32.1 imagePullPolicy: IfNotPresent env: - name: TESTCMD diff --git a/deployments/qat_plugin/base/intel-qat-kernel-plugin.yaml b/deployments/qat_plugin/base/intel-qat-kernel-plugin.yaml index 9a8f1209b..998a1d37c 100644 --- a/deployments/qat_plugin/base/intel-qat-kernel-plugin.yaml +++ b/deployments/qat_plugin/base/intel-qat-kernel-plugin.yaml @@ -24,7 +24,7 @@ spec: readOnlyRootFilesystem: true allowPrivilegeEscalation: false privileged: true - image: intel/intel-qat-plugin:0.32.0 + image: intel/intel-qat-plugin:0.32.1 imagePullPolicy: IfNotPresent args: ["-mode", "kernel"] volumeMounts: diff --git a/deployments/qat_plugin/base/intel-qat-plugin.yaml b/deployments/qat_plugin/base/intel-qat-plugin.yaml index 302c3cea7..0dc5ea41c 100644 --- a/deployments/qat_plugin/base/intel-qat-plugin.yaml +++ b/deployments/qat_plugin/base/intel-qat-plugin.yaml @@ -26,7 +26,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-qat-plugin:0.32.0 + image: intel/intel-qat-plugin:0.32.1 securityContext: seLinuxOptions: type: "container_device_plugin_t" diff --git a/deployments/qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml b/deployments/qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml index 89d34cb69..1e50105e4 100644 --- a/deployments/qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml +++ b/deployments/qat_plugin/overlays/qat_initcontainer/qat_initcontainer.yaml @@ -12,7 +12,7 @@ spec: valueFrom: fieldRef: fieldPath: spec.nodeName - image: intel/intel-qat-initcontainer:0.32.0 + image: intel/intel-qat-initcontainer:0.32.1 securityContext: readOnlyRootFilesystem: true privileged: true diff --git a/deployments/sgx_admissionwebhook/manager/manager.yaml b/deployments/sgx_admissionwebhook/manager/manager.yaml index da0be37ce..f12ebfb72 100644 --- a/deployments/sgx_admissionwebhook/manager/manager.yaml +++ b/deployments/sgx_admissionwebhook/manager/manager.yaml @@ -16,7 +16,7 @@ spec: control-plane: controller-manager spec: containers: - - image: intel/intel-sgx-admissionwebhook:0.32.0 + - image: intel/intel-sgx-admissionwebhook:0.32.1 imagePullPolicy: IfNotPresent name: manager securityContext: diff --git a/deployments/sgx_enclave_apps/base/intelsgx-job.yaml b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml index 496324489..d5ba3e505 100644 --- a/deployments/sgx_enclave_apps/base/intelsgx-job.yaml +++ b/deployments/sgx_enclave_apps/base/intelsgx-job.yaml @@ -14,7 +14,7 @@ spec: containers: - name: intelsgx-demo-job-1 - image: intel/sgx-sdk-demo:0.32.0 + image: intel/sgx-sdk-demo:0.32.1 imagePullPolicy: IfNotPresent workingDir: "/opt/intel/sgx-sample-app/" command: ["/opt/intel/sgx-sample-app/sgx-sample-app"] diff --git a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml index 8ac0aa739..fa818bdc4 100644 --- a/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml +++ b/deployments/sgx_enclave_apps/overlays/sgx_ecdsa_inproc_quote/add_sgx_default_qcnl_conf.yaml @@ -7,7 +7,7 @@ spec: spec: containers: - name: intelsgx-demo-job-1 - image: intel/sgx-sdk-demo:0.32.0 + image: intel/sgx-sdk-demo:0.32.1 volumeMounts: - name: qplconf mountPath: /etc/sgx_default_qcnl.conf diff --git a/deployments/sgx_plugin/base/intel-sgx-plugin.yaml b/deployments/sgx_plugin/base/intel-sgx-plugin.yaml index b4115cac7..33b6dac30 100644 --- a/deployments/sgx_plugin/base/intel-sgx-plugin.yaml +++ b/deployments/sgx_plugin/base/intel-sgx-plugin.yaml @@ -21,7 +21,7 @@ spec: automountServiceAccountToken: false containers: - name: intel-sgx-plugin - image: intel/intel-sgx-plugin:0.32.0 + image: intel/intel-sgx-plugin:0.32.1 securityContext: seLinuxOptions: type: "container_device_plugin_t" diff --git a/deployments/sgx_plugin/overlays/epc-hook-initcontainer/add-epc-nfd-initcontainer.yaml b/deployments/sgx_plugin/overlays/epc-hook-initcontainer/add-epc-nfd-initcontainer.yaml index 9b2e5ad5e..941c95e9e 100644 --- a/deployments/sgx_plugin/overlays/epc-hook-initcontainer/add-epc-nfd-initcontainer.yaml +++ b/deployments/sgx_plugin/overlays/epc-hook-initcontainer/add-epc-nfd-initcontainer.yaml @@ -7,7 +7,7 @@ spec: spec: initContainers: - name: intel-sgx-initcontainer - image: intel/intel-sgx-initcontainer:0.32.0 + image: intel/intel-sgx-initcontainer:0.32.1 imagePullPolicy: IfNotPresent securityContext: readOnlyRootFilesystem: true diff --git a/deployments/sgx_plugin/overlays/epc-register/init-daemonset.yaml b/deployments/sgx_plugin/overlays/epc-register/init-daemonset.yaml index fe75d74e5..33fdd5acc 100644 --- a/deployments/sgx_plugin/overlays/epc-register/init-daemonset.yaml +++ b/deployments/sgx_plugin/overlays/epc-register/init-daemonset.yaml @@ -16,7 +16,7 @@ spec: serviceAccountName: sgx-plugin containers: - name: sgx-node-init - image: intel/intel-sgx-initcontainer:0.32.0 + image: intel/intel-sgx-initcontainer:0.32.1 imagePullPolicy: IfNotPresent command: - /usr/local/bin/sgx-sw/intel-sgx-epchook diff --git a/deployments/xpumanager_sidecar/overlays/cert-manager/xpumanager.yaml b/deployments/xpumanager_sidecar/overlays/cert-manager/xpumanager.yaml index 956da0573..a2cfb4785 100644 --- a/deployments/xpumanager_sidecar/overlays/cert-manager/xpumanager.yaml +++ b/deployments/xpumanager_sidecar/overlays/cert-manager/xpumanager.yaml @@ -41,7 +41,7 @@ spec: httpGet: scheme: HTTPS - name: xelink-sidecar - image: intel/intel-xpumanager-sidecar:0.32.0 + image: intel/intel-xpumanager-sidecar:0.32.1 imagePullPolicy: IfNotPresent args: - -v=2 diff --git a/deployments/xpumanager_sidecar/overlays/http/xpumanager.yaml b/deployments/xpumanager_sidecar/overlays/http/xpumanager.yaml index fa48cbb17..b823fa79d 100644 --- a/deployments/xpumanager_sidecar/overlays/http/xpumanager.yaml +++ b/deployments/xpumanager_sidecar/overlays/http/xpumanager.yaml @@ -13,7 +13,7 @@ spec: path: "/etc/kubernetes/node-feature-discovery/features.d/" containers: - name: xelink-sidecar - image: intel/intel-xpumanager-sidecar:0.32.0 + image: intel/intel-xpumanager-sidecar:0.32.1 imagePullPolicy: IfNotPresent args: - -v=2 diff --git a/go.mod b/go.mod index ed508b7c5..413666620 100644 --- a/go.mod +++ b/go.mod @@ -13,8 +13,8 @@ require ( github.com/pkg/errors v0.9.1 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.62.0 - golang.org/x/sys v0.29.0 - golang.org/x/text v0.21.0 + golang.org/x/sys v0.31.0 + golang.org/x/text v0.23.0 google.golang.org/grpc v1.69.4 google.golang.org/protobuf v1.36.3 gopkg.in/yaml.v2 v2.4.0 @@ -24,7 +24,7 @@ require ( k8s.io/component-base v0.32.1 k8s.io/klog/v2 v2.130.1 k8s.io/kubelet v0.32.1 - k8s.io/kubernetes v1.32.1 + k8s.io/kubernetes v1.32.3 k8s.io/pod-security-admission v0.0.0 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 sigs.k8s.io/controller-runtime v0.20.0 @@ -120,13 +120,13 @@ require ( go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.31.0 // indirect + golang.org/x/crypto v0.36.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.33.0 // indirect + golang.org/x/net v0.38.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect - golang.org/x/sync v0.10.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/sync v0.12.0 // indirect + golang.org/x/term v0.30.0 // indirect golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 4b08f7aef..d839e3b60 100644 --- a/go.sum +++ b/go.sum @@ -295,8 +295,8 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= -golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -307,29 +307,29 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= -golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= +golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= +golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= -golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= -golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= -golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -406,8 +406,8 @@ k8s.io/kubectl v0.32.1 h1:/btLtXLQUU1rWx8AEvX9jrb9LaI6yeezt3sFALhB8M8= k8s.io/kubectl v0.32.1/go.mod h1:sezNuyWi1STk4ZNPVRIFfgjqMI6XMf+oCVLjZen/pFQ= k8s.io/kubelet v0.32.1 h1:bB91GvMsZb+LfzBxnjPEr1Fal/sdxZtYphlfwAaRJGw= k8s.io/kubelet v0.32.1/go.mod h1:4sAEZ6PlewD0GroV3zscY7llym6kmNNTVmUI/Qshm6w= -k8s.io/kubernetes v1.32.1 h1:46YPpIBCT9dkmeglstZ2Gg4LGaAdro1/3IQ+1AfbF1s= -k8s.io/kubernetes v1.32.1/go.mod h1:tiIKO63GcdPRBHW2WiUFm3C0eoLczl3f7qi56Dm1W8I= +k8s.io/kubernetes v1.32.3 h1:2A58BlNME8NwsMawmnM6InYo3Jf35Nw5G79q46kXwoA= +k8s.io/kubernetes v1.32.3/go.mod h1:GvhiBeolvSRzBpFlgM0z/Bbu3Oxs9w3P6XfEgYaMi8k= k8s.io/mount-utils v0.32.1 h1:RJOD6xXzEJT/OOJoG1KstfVa8ZXJJPlHb+t2MoulPHM= k8s.io/mount-utils v0.32.1/go.mod h1:Kun5c2svjAPx0nnvJKYQWhfeNW+O0EpzHgRhDcYoSY0= k8s.io/pod-security-admission v0.32.1 h1:jcQjcxSwMsqcnr8ADiYe3Yhts0zEvY8BPEIFY6ducxU= diff --git a/pkg/controllers/fpga/controller_test.go b/pkg/controllers/fpga/controller_test.go index 0a44c45fa..d30310c03 100644 --- a/pkg/controllers/fpga/controller_test.go +++ b/pkg/controllers/fpga/controller_test.go @@ -207,7 +207,7 @@ func TestNewDaemonSetFPGA(t *testing.T) { plugin := &devicepluginv1.FpgaDevicePlugin{ Spec: devicepluginv1.FpgaDevicePluginSpec{ - InitImage: "intel/intel-fpga-initcontainer:0.32.0", + InitImage: "intel/intel-fpga-initcontainer:0.32.1", }, } plugin.Name = "testing" diff --git a/pkg/controllers/reconciler.go b/pkg/controllers/reconciler.go index 86879cb3a..420e9a979 100644 --- a/pkg/controllers/reconciler.go +++ b/pkg/controllers/reconciler.go @@ -38,7 +38,7 @@ import ( ) var ( - ImageMinVersion = versionutil.MustParseSemantic("0.32.0") + ImageMinVersion = versionutil.MustParseSemantic("0.32.1") ) const ( diff --git a/test/e2e/fpga/fpga.go b/test/e2e/fpga/fpga.go index ae33ac38c..ed2dad486 100644 --- a/test/e2e/fpga/fpga.go +++ b/test/e2e/fpga/fpga.go @@ -143,7 +143,7 @@ func runDevicePlugin(ctx context.Context, fmw *framework.Framework, pluginKustom func runTestCase(ctx context.Context, fmw *framework.Framework, pluginMode, podResource, cmd1, cmd2 string) { resource := v1.ResourceName(podResource) - image := "intel/opae-nlb-demo:0.32.0" + image := "intel/opae-nlb-demo:0.32.1" ginkgo.By("submitting a pod requesting correct FPGA resources") diff --git a/test/e2e/qat/qatplugin_dpdk.go b/test/e2e/qat/qatplugin_dpdk.go index a6abf254e..5d6094f49 100644 --- a/test/e2e/qat/qatplugin_dpdk.go +++ b/test/e2e/qat/qatplugin_dpdk.go @@ -130,7 +130,7 @@ func describeQatDpdkPlugin() { "runTests=" + strconv.Itoa(symmetric), "signOfLife=1", } - pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.0", command) + pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.1", command) ginkgo.By("waiting the cpa-sample-code pod for the resource " + resourceName.String() + " to finish successfully") err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, pod.ObjectMeta.Name, f.Namespace.Name, 300*time.Second) @@ -157,7 +157,7 @@ func describeQatDpdkPlugin() { "-v", "-hw_algo", "0x0029", } - pod := createPod(ctx, f, "qat-engine-testapp", resourceName, "intel/openssl-qat-engine:0.32.0", command) + pod := createPod(ctx, f, "qat-engine-testapp", resourceName, "intel/openssl-qat-engine:0.32.1", command) ginkgo.By("waiting the qat-engine-testapp pod for the resource " + resourceName.String() + " to finish successfully") err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, pod.ObjectMeta.Name, f.Namespace.Name, 300*time.Second) @@ -184,7 +184,7 @@ func describeQatDpdkPlugin() { "runTests=" + strconv.Itoa(compression), "signOfLife=1", } - pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.0", command) + pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.1", command) ginkgo.By("waiting the cpa-sample-code pod for the resource " + resourceName.String() + " to finish successfully") err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, pod.ObjectMeta.Name, f.Namespace.Name, 300*time.Second) @@ -253,7 +253,7 @@ func describeQatDpdkPlugin() { "runTests=" + strconv.Itoa(compression), "signOfLife=1", } - pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.0", command) + pod := createPod(ctx, f, "cpa-sample-code", resourceName, "intel/openssl-qat-engine:0.32.1", command) ginkgo.By("waiting the cpa-sample-code pod for the resource " + resourceName.String() + " to finish successfully") err := e2epod.WaitForPodSuccessInNamespaceTimeout(ctx, f.ClientSet, pod.ObjectMeta.Name, f.Namespace.Name, 300*time.Second) diff --git a/test/e2e/sgx/sgx.go b/test/e2e/sgx/sgx.go index ffd846ca4..918c57e04 100644 --- a/test/e2e/sgx/sgx.go +++ b/test/e2e/sgx/sgx.go @@ -100,7 +100,7 @@ func describe() { Containers: []v1.Container{ { Name: "testcontainer", - Image: "intel/sgx-sdk-demo:0.32.0", + Image: "intel/sgx-sdk-demo:0.32.1", WorkingDir: "/opt/intel/sgx-sample-app/", Command: []string{"/opt/intel/sgx-sample-app/sgx-sample-app"}, Resources: v1.ResourceRequirements{