From 71c83dc4763454ffea6685f0ca51dc80d2d28717 Mon Sep 17 00:00:00 2001
From: Alex Kozyrev <alex.kozyrev@windriver.com>
Date: Thu, 31 Oct 2019 15:49:41 -0400
Subject: [PATCH] Add intel-fpga-device-plugin to ansible playbook

Enable FPGA device plugin for Kubernetes on each worker
node where intelfpga=enabled label is assigned.

Change-Id: I8aa6cdb7608d3772b0fca0eadaae1f1feb017096
Story: 2006495
Task: 37330
Signed-off-by: Alex Kozyrev <alex.kozyrev@windriver.com>
---
 .../playbooks/host_vars/bootstrap/default.yml |  1 +
 .../plugins/tasks/intel-fpga-plugin.yml       |  8 ++
 .../templates/intel-fpga-plugin.yaml.j2       | 93 +++++++++++++++++++
 3 files changed, 102 insertions(+)
 create mode 100644 playbookconfig/src/playbooks/roles/bootstrap/plugins/tasks/intel-fpga-plugin.yml
 create mode 100644 playbookconfig/src/playbooks/roles/bootstrap/plugins/templates/intel-fpga-plugin.yaml.j2

diff --git a/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml b/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml
index 293fa28a8..2794bd1f4 100644
--- a/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml
+++ b/playbookconfig/src/playbooks/host_vars/bootstrap/default.yml
@@ -300,3 +300,4 @@ wipe_ceph_osds: false
 k8s_plugins:
 #  intel-gpu-plugin: intelgpu=enabled
 #  intel-qat-plugin: intelqat=enabled
+#  intel-fpga-plugin: intelfpga=enabled
diff --git a/playbookconfig/src/playbooks/roles/bootstrap/plugins/tasks/intel-fpga-plugin.yml b/playbookconfig/src/playbooks/roles/bootstrap/plugins/tasks/intel-fpga-plugin.yml
new file mode 100644
index 000000000..e9cc9ec63
--- /dev/null
+++ b/playbookconfig/src/playbooks/roles/bootstrap/plugins/tasks/intel-fpga-plugin.yml
@@ -0,0 +1,8 @@
+---
+- name: Create Intel FPGA device plugin config file
+  template:
+    src: "intel-fpga-plugin.yaml.j2"
+    dest: /etc/kubernetes/intel-fpga-daemonset.yaml
+
+- name: Activate Intel FPGA device plugin
+  command: "kubectl --kubeconfig=/etc/kubernetes/admin.conf apply -f /etc/kubernetes/intel-fpga-daemonset.yaml"
diff --git a/playbookconfig/src/playbooks/roles/bootstrap/plugins/templates/intel-fpga-plugin.yaml.j2 b/playbookconfig/src/playbooks/roles/bootstrap/plugins/templates/intel-fpga-plugin.yaml.j2
new file mode 100644
index 000000000..d182fa20f
--- /dev/null
+++ b/playbookconfig/src/playbooks/roles/bootstrap/plugins/templates/intel-fpga-plugin.yaml.j2
@@ -0,0 +1,93 @@
+# Intel FPGA  device plugin
+# Based on:
+# https://github.com/intel/intel-device-plugins-for-kubernetes/blob/master/deployments/fpga_plugin/fpga_plugin.yaml
+# and
+# https://github.com/intel/intel-device-plugins-for-kubernetes/blob/master/deployments/fpga_plugin/fpga_plugin_service_account.yaml
+#
+# The following modifications have been made:
+#  - A nodeSelector of 'intelfpga' has been added to ensure the fpga device plugin
+#   pods only run on appropriately labelled nodes.
+#  - The daemonset is modified to tolerate all NoSchedule taints
+#  - A initContainers clause has been removed. The intel-fpga-initcontainer,
+#  that reprogramm FPGA on a container's startup, only works with CRI-O.
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: intel-fpga-plugin-controller
+  namespace: kube-system
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: node-getter
+rules:
+- apiGroups: [""]
+  resources: ["nodes"]
+  verbs: ["get"]
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: get-nodes
+  namespace: kube-system
+subjects:
+- kind: ServiceAccount
+  name: intel-fpga-plugin-controller
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: node-getter
+  apiGroup: rbac.authorization.k8s.io
+---
+
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: intel-fpga-plugin
+  namespace: kube-system
+  labels:
+    app: intel-fpga-plugin
+spec:
+  selector:
+    matchLabels:
+      app: intel-fpga-plugin
+  template:
+    metadata:
+      labels:
+        app: intel-fpga-plugin
+    spec:
+      nodeSelector:
+        intelfpga: enabled
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      serviceAccountName: intel-fpga-plugin-controller
+      containers:
+      - name: intel-fpga-plugin
+        env:
+          - name: NODE_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: spec.nodeName
+        image: "{{ docker_registry.url }}/starlingx/intel-fpga-plugin:master-distroless-stable-latest"
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          readOnlyRootFilesystem: true
+        volumeMounts:
+        - name: devfs
+          mountPath: /dev
+        - name: sysfs
+          mountPath: /sys
+        - name: kubeletsockets
+          mountPath: /var/lib/kubelet/device-plugins
+      volumes:
+      - name: devfs
+        hostPath:
+          path: /dev
+      - name: sysfs
+        hostPath:
+          path: /sys
+      - name: kubeletsockets
+        hostPath:
+          path: /var/lib/kubelet/device-plugins