Skip to content

Instantly share code, notes, and snippets.

@fabiand

fabiand/README.md

Last active April 3, 2018 12:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save fabiand/af2da1d48efd41f5773270ad4b939ec8 to your computer and use it in GitHub Desktop.
Save fabiand/af2da1d48efd41f5773270ad4b939ec8 to your computer and use it in GitHub Desktop.
Download ZIP
DP API Options
Raw
README.md

Assumption:

  • We want to support a range of devices
  • We acknowledge that certain devices are exposed using different kernel APIs (paths, netlink, …)
  • We acknowledge that a logical/physical device can consist of multiple kernel level objects (paths, netlinks, …)
  • We acknowledge that device plugins could require informations about the pod in order to provide the right resource.

Goal:

  • Keep the declarative approach
  • iow: DP creates, kubelet allocates
  • iow: Prevent side-kubelet
Raw
explicit.proto
// FilesystemDevice is representing a device which shall be allocated to a
// container using a file-system path.
// Is equal to the previous DeviceSpec definition.
message FilesystemDevice {
// Path of the device within the container.
string container_path = 1;
// Path of the device on the host.
string host_path = 2;
// Cgroups permissions of the device, candidates are one or more of
// * r - allows container to read from the specified device.
// * w - allows container to write to the specified device.
// * m - allows container to create device files that do not yet exist.
string permissions = 3;
}
// NetlinkDevice is representing a device which shall be allocated to a pod
// as network interface (via the netlink API).
message NetlinkDevice {
// FIXME we need to understand how to pass a namespace with pb
string netNS = 1;
string interfacename = 2;
}
// PciDevice is representing a device which shall be allocated to a container
// as a PCI device. For a container runtime this could mean exposing the sysfs
// path. For a hypervisor runtime, this could mean exposing it using PCI
// passthrough mode.
message PciDevice {
string vendorid = 1;
string productid = 2;
}
// DeviceSpec specifies a host device to be allocated into a container or pod.
message DeviceSpec {
oneof cls {
FilesystemDevice fs;
NetlinkDevice ifname;
PciDevice pci;
}
}
// Examples
Raw
kapi.proto
// DeviceSpec specifies a host device to mount into a container.
message DeviceSpec {
// Path of the device within the container.
string identifier_container = 1;
// Path of the device on the host.
string identifier_host = 2;
// Cgroups permissions of the device, candidates are one or more of
// * r - allows container to read from the specified device.
// * w - allows container to write to the specified device.
// * m - allows container to create device files that do not yet exist.
string permissions = 3;
// Define the type of
enum ApiType {
PATH = 1;
NETLINK = 2;
}
ApiType api_type = 4;
}
// Examples (cid, hid, api_type)
// ("/dev/gpu0", "/dev/gpu0", "path")
// ("eth42", "eth42", "netlink")
// ("/sys/class/fpga/intel-fpga-dev.1/intel-fpga-fme.1", …, "path")
// ("/sys/class/fpga/intel-fpga-dev.1/intel-fpga-port.2", …, "path")
// (/sys/class/fpga/intel-fpga-dev.1/intel-fpga-port.3, …, "path")
// Issues
// - Permissions does not apply to all types
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment