openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity
Files
d80b09cab92edd45c674f9c4fc514bddac1fffcf
openshift-docs/modules/kmm-example-module-cr.adoc

103 lines
4.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * hardware_enablement/kmm-kernel-module-management.adoc
:_mod-docs-content-type: REFERENCE
[id="kmm-example-cr_{context}"]
= Example Module CR
The following is an annotated `Module` example:
[source,yaml]
----
apiVersion: kmm.sigs.x-k8s.io/v1beta1
kind: Module
metadata:
name: <my_kmod>
spec:
moduleLoader:
container:
modprobe:
moduleName: <my_kmod> <1>
dirName: /opt <2>
firmwarePath: /firmware <3>
parameters: <4>
- param=1
kernelMappings: <5>
- literal: 6.0.15-300.fc37.x86_64
containerImage: some.registry/org/my-kmod:6.0.15-300.fc37.x86_64
- regexp: '^.+\fc37\.x86_64$' <6>
containerImage: "some.other.registry/org/<my_kmod>:${KERNEL_FULL_VERSION}"
- regexp: '^.+$' <7>
containerImage: "some.registry/org/<my_kmod>:${KERNEL_FULL_VERSION}"
build:
buildArgs: <8>
- name: ARG_NAME
value: <some_value>
secrets:
- name: <some_kubernetes_secret> <9>
baseImageRegistryTLS: <10>
insecure: false
insecureSkipTLSVerify: false <11>
dockerfileConfigMap: <12>
name: <my_kmod_dockerfile>
sign:
certSecret:
name: <cert_secret> <13>
keySecret:
name: <key_secret> <14>
filesToSign:
- /opt/lib/modules/${KERNEL_FULL_VERSION}/<my_kmod>.ko
registryTLS: <15>
insecure: false <16>
insecureSkipTLSVerify: false
serviceAccountName: <sa_module_loader> <17>
devicePlugin: <18>
container:
image: some.registry/org/device-plugin:latest <19>
env:
- name: MY_DEVICE_PLUGIN_ENV_VAR
value: SOME_VALUE
volumeMounts: <20>
- mountPath: /some/mountPath
name: <device_plugin_volume>
volumes: <21>
- name: <device_plugin_volume>
configMap:
name: <some_configmap>
serviceAccountName: <sa_device_plugin> <22>
imageRepoSecret: <23>
name: <secret_name>
selector:
node-role.kubernetes.io/worker: ""
----
<1> Required.
<2> Optional.
<3> Optional: Copies the contents of this path into the path specified in `worker.setFirmwareClassPath` (which is preset to `/var/lib/firmware`) of the `kmm-operator-manager-config` config map. This action occurs before `modprobe` is called to insert the kernel module.
<4> Optional.
<5> At least one kernel item is required.
<6> For each node running a kernel matching the regular expression, KMM checks if you have included a tag or a digest. If you have not specified a tag or digest in the container image, then the validation webhook returns an error and does not apply the module.
<7> For any other kernel, build the image using the Dockerfile in the `my-kmod` ConfigMap.
<8> Optional.
<9> Optional: A value for `some-kubernetes-secret` can be obtained from the build environment at `/run/secrets/some-kubernetes-secret`.
<10> This field has no effect. When building kmod images or signing kmods within a kmod image,
you might sometimes need to pull base images from a registry that serves a certificate signed by an
untrusted Certificate Authority (CA). In order for KMM to trust that CA, it must also trust the new CA
by replacing the cluster's CA bundle.
+
See "Additional resources" to learn how to replace the cluster's CA bundle.
<11> Optional: Avoid using this parameter. If set to `true`, the build will skip any TLS server certificate validation when pulling the image in the Dockerfile `FROM` instruction using plain HTTP.
<12> Required.
<13> Required: A secret holding the public secureboot key with the key 'cert'.
<14> Required: A secret holding the private secureboot key with the key 'key'.
<15> Optional: Avoid using this parameter. If set to `true`, KMM will be allowed to check if the container image already exists using plain HTTP.
<16> Optional: Avoid using this parameter. If set to `true`, KMM will skip any TLS server certificate validation when checking if the container image already exists.
<17> Optional.
<18> Optional.
<19> Required: If the device plugin section is present.
<20> Optional.
<21> Optional.
<22> Optional.
<23> Optional: Used to pull module loader and device plugin images.
View Git Blame Copy Permalink