diff --git a/cluster/infrastructure/intel-quick-sync-support/README.md b/cluster/infrastructure/intel-quick-sync-support/README.md new file mode 100644 index 0000000..ae09297 --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/README.md @@ -0,0 +1,2 @@ +Manifests to provide Intel Quick Sync Support to Kubernetes Nodes + diff --git a/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/HelmRepository.yaml b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/HelmRepository.yaml new file mode 100644 index 0000000..94bc8f8 --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/HelmRepository.yaml @@ -0,0 +1,9 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: intel + namespace: intel-device-plugins +spec: + interval: 24h + url: https://intel.github.io/helm-charts/ diff --git a/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/README.md b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/README.md new file mode 100644 index 0000000..85aa4bc --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/README.md @@ -0,0 +1 @@ +- https://github.com/intel/intel-device-plugins-for-kubernetes diff --git a/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/gpu-device-plugin/HelmRelease.yml b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/gpu-device-plugin/HelmRelease.yml new file mode 100644 index 0000000..1588403 --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/gpu-device-plugin/HelmRelease.yml @@ -0,0 +1,23 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: intel-device-plugins-gpu + namespace: intel-device-plugins + labels: + app: cert-manager +spec: + chart: + spec: + # https://artifacthub.io/packages/helm/intel/intel-device-plugins-gpu + chart: intel-device-plugins-gpu + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: intel + namespace: intel-device-plugins + version: '0.32.*' + interval: 24h + timeout: 10m + values: + name: gpu-device-plugin diff --git a/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/namespace.yaml b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/namespace.yaml new file mode 100644 index 0000000..779fb7c --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/namespace.yaml @@ -0,0 +1,11 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: intel-device-plugins + labels: + # https://kubernetes.io/docs/concepts/security/pod-security-standards/ + # possible values: privileged, baseline, restricted + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/operator/HelmRelease.yml b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/operator/HelmRelease.yml new file mode 100644 index 0000000..a20a456 --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/intel-device-plugins/operator/HelmRelease.yml @@ -0,0 +1,28 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: intel-device-plugins-operator + namespace: intel-device-plugins + labels: + app: cert-manager +spec: + chart: + spec: + # https://artifacthub.io/packages/helm/intel/intel-device-plugins-operator + chart: intel-device-plugins-operator + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: intel + namespace: intel-device-plugins + version: '0.32.*' + interval: 24h + timeout: 10m + values: + resources: + limits: + memory: 120Mi + requests: + memory: 100Mi + cpu: 10m diff --git a/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/app/HelmRelease.yaml b/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/app/HelmRelease.yaml new file mode 100644 index 0000000..14a8bb7 --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/app/HelmRelease.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: node-feature-discovery + namespace: node-feature-discovery + labels: + app: node-feature-discovery +spec: + chart: + spec: + # https://artifacthub.io/packages/helm/node-feature-discovery/node-feature-discovery + chart: node-feature-discovery + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + name: node-feature-discovery + namespace: flux-system + # https://github.com/kubernetes-sigs/node-feature-discovery/releases + version: '0.17.*' + interval: 24h + timeout: 10m + values: + master: + resources: + limits: + memory: 250Mi + requests: + memory: 100Mi + cpu: 1m + + worker: + enable: true + resources: + limits: + memory: 250Mi + requests: + memory: 100Mi + cpu: 1m + config: + core: + sources: + - 'all' + sources: + usb: + deviceClassWhitelist: + - '02' + - '08' + - '0e' + - 'ef' + - 'fe' + - 'ff' + deviceLabelFields: + - 'class' + - 'vendor' + - 'device' + pci: + deviceLabelFields: + - 'class' + - 'vendor' + - 'device' + - 'subsystem_vendor' + - 'subsystem_device' + custom: + - name: 'intel-gpu' # Intel integrated GPU + labels: + 'intel.feature.node.kubernetes.io/gpu': 'true' + matchFeatures: + - feature: pci.device + matchExpressions: + class: { op: In, value: ['0300'] } + vendor: { op: In, value: ['8086'] } + + gc: + resources: + limits: + memory: 100Mi + requests: + memory: 25Mi + cpu: 1m diff --git a/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/namespace.yaml b/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/namespace.yaml new file mode 100644 index 0000000..ab8bead --- /dev/null +++ b/cluster/infrastructure/intel-quick-sync-support/node-feature-discovery/namespace.yaml @@ -0,0 +1,8 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: node-feature-discovery + labels: + name: node-feature-discovery + pod-security.kubernetes.io/enforce: privileged