Review comments

Signed-off-by: Sayan Bandyopadhyay <[email protected]>
ipdk-io · Jan 10, 2024 · b3b4a5b · b3b4a5b
1 parent bcdef5f
commit b3b4a5b
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 201 deletions.
diff --git a/docs/compiling-p4-programs.md b/docs/compiling-p4-programs.md
diff --git a/docs/docker-containerd-install.md b/docs/docker-containerd-install.md
@@ -17,7 +17,7 @@ Before installing Kubernetes, do the following:
    swapoff -a
    ```
 
-2. For Fedora* 33, swapoff doesn't completely turn off the swapping after
+2. Swapoff doesn't completely turn off the swapping after
    a reboot. Remove the following package:
    ```bash
    dnf remove zram-generator-defaults

diff --git a/docs/index.rst b/docs/index.rst
@@ -19,7 +19,6 @@ Welcome to k8s-infra-offload's documentation!
    docker-containerd-install
    target-setup-dpdk
    target-setup-es2k
-   compiling-p4-programs
 
 .. toctree::
    :maxdepth: 2

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
@@ -1,7 +1,7 @@
 IPDK Kubernetes Infrastructure Offload Release Notes
 #############################################################
 
-IPDK 24.07
+IPDK 24.01
 ************
 
 What's new in this Release
@@ -54,9 +54,6 @@ Component Feature Support
   * - Execution support in Split Mode with Inframanager running on ACC
     - Inframanager running on ACC but infraagent on host
     - Production ready
-  * - Socket extension to Felix for Network policy and routing offload.
-    - Addition of socket between Felix and Infraagent for policies.
-    - Production ready
   * - Automation scripts for cluster deployment
     - Example scripts for cluster deployment of Load balancing and CNI add
     - Production ready
@@ -67,7 +64,6 @@ Component Feature Support
 Resolved Issues
 ===========================
 
-- NODE_IP env is needed on ACC for inframanager to run
 - After deleting and creating multiple test pods, multiple times some of the pods are not
   getting created, with error "failed to get a CDQ interface for pod: no free resources left" on infraagent.
 - No Readme for TLS certificates and security guide
@@ -89,7 +85,7 @@ Known issues and limitations
   User may need to manually configure and execute instructions mentioned in the script.
 - The `setup_infra_sriov.sh` script doesn't support the `-r` option for remote IP for host IP on ACC.
   Only host mode is supported for this release as an engineering preview.
-- Max supported CDQ interfaces are 50 as max vport for host.
+- Max supported CDQ interfaces are 254 as max vport for host. The default max vport in the cdq use case cp_init file has been provided as 50 which can be configured.
 
 IPDK 23.07
 ************

diff --git a/docs/setup.md b/docs/setup.md
@@ -23,7 +23,7 @@ installation of SDE and InfraP4d on P4-DPDK target.
 See [Target Setup for Intel IPU ES2K](target-setup-es2k.md) for
 installation of SDE and InfraP4d on Intel IPU ES2100 target.
 
-### Set Up P4 Kubernetes
+## Set Up P4 Kubernetes
 
 On the Intel IPU, k8s-infra-offload can run in two different modes, details of
 which are present in all relevant sections where mode based configurations are
@@ -35,6 +35,8 @@ a. The split mode, where the inframanager runs on IPU ARM cores for rule offload
 b. The host mode, where every component runs on the host and offload happens
    from host.
 
+On DPDK, only the host mode is supported.
+
 Following steps cover instructions on setting up P4-K8S in either modes,
 once mentioned dependencies are compiled and installed.
 
@@ -108,7 +110,7 @@ once mentioned dependencies are compiled and installed.
    sub-functions on ES2100), sets up the HugePages and starts infrap4d.
    The script supports infrastructure setup in two different modes.
 
-   a. The split mode, where the inframanager runs on IPU ARM cores(remote end)
+   a. The split mode on ES2100, where the inframanager runs on IPU ARM cores(remote end)
    while the infraagent runs on the host. In this mode, the communication channel
    between IPU ACC-ARM complex and host must pre-exist prior to execution of the
    script. This communication channel can be provisioned using node policy file
@@ -121,7 +123,7 @@ once mentioned dependencies are compiled and installed.
    of `10.10.0.2` for the remote end. Incase a different IP address is configured,
    update `scripts/tls/openssl.cnf` and re-execute step 4.
 
-   b. The host mode, where every component runs on the host(engineering
+   b. The host mode on both targets, where every component runs on the host(engineering
    preview).
 
    For CDQ interfaces :
@@ -257,7 +259,7 @@ once mentioned dependencies are compiled and installed.
     crictl pull localhost:5000/infraagent:latest
     ```
 
-#### infraagent config file update
+### infraagent config file update
 
 The config file `deploy/es2k/infraagent-config.yaml` is used to inform the
 infraagent which interface and interfacetype to use.
@@ -279,7 +281,7 @@ managerAddr : <IP address of comms channel on ACC>
 managerPort : 50002
 ```
 
-#### inframanager config file update
+### inframanager config file update
 
 The config file `deploy/inframanager-config.yaml` is used to define the parameters
 which the inframanager will use for the connection establishment with infrap4d
@@ -359,7 +361,7 @@ images in step 9 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
 
 6. Start the deployments:
 
-   For split mode, run the below on the host
+   For split mode on the Intel IPU ES2100, run the below on the host
    ```bash
    make deploy-split
    make deploy-calico
@@ -472,15 +474,15 @@ images in step 9 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
    ...
    ```
 
-### Troubleshooting
+## Troubleshooting
 
-#### Debugging
+### Debugging
 
 - The Kubernetes Infrastructure Offload software provides logging capabilities.
   Check logs emitted to stdout
   and stderr using `"kubectl logs <pod> -n <namespace>"`.
 
-#### FAQs
+### FAQs
 
 1. idpf crash observed leading to host reboot
 
@@ -496,8 +498,7 @@ images in step 9 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
 2. "failed to get a CDQ interface for pod: no free resources left" error is seen on infraagent and
     remaining pods do not come up
 
-    Reason : The wrong cp_init.cfg file was used in the IMC and the correct number of max_host_apfs
-    were not allocated. Or the cpf_host number to be used is not correct.
+    Reason : The wrong cp_init.cfg file was used in the IMC and the correct number of host apf under num_max_vport in the cp_init file needs to be at least 50.
     Solution : Use the cdq uses cases cp_init.cfg file
 
 3. CDQ interfaces not coming up
@@ -572,21 +573,21 @@ images in step 9 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
    pkill inframanager
    ```
 
-### Versions and Third-parties
+## Versions and Third-parties
 
 Versions of Kubernetes, linux distros, docker and other third-party libraries tested with (calico, felix)
 
-#### OS
+### OS
 
 - Linux
   - Rocky Linux 9.2
   - RHEL 9.2
 
-#### golang
+### golang
 
 go1.21.4
 
-#### docker
+### docker
 
 ```bash
 docker version
@@ -595,15 +596,15 @@ Client: Docker Engine - Community
  API version:       1.41
 ```
 
-#### containerd
+### containerd
 
 Tested on 1.6.x
 
 ```bash
 ctr version
 ```
 
-#### kubernetes
+### kubernetes
 
 Versions tested and supported with
 
@@ -617,6 +618,6 @@ kubectl.x86_64                                   1.25.4-0
 kubelet.x86_64                                   1.25.4-0
 ```
 
-#### Calico
+### Calico
 
 v3.24.1
diff --git a/docs/target-setup-es2k.md b/docs/target-setup-es2k.md
@@ -3,7 +3,7 @@
 ## Set Up Hardware Board
 Hardware setup requires the Intel IPU device to be connected to a link partner
 in a back-to-back manner. Refer to the setup topology in the
-FXP_P4_SDE_User_Guide.md included in the documentation in official CI release
+FXP_P4_SDE_User_Guide.md included in the documentation in official release
 for details. This document also provides instructions on how to configure the
 machine with required BIOS settings, required third-party software, boot
 instructions, and system settings, as well as other information.
@@ -112,48 +112,5 @@ touch <file_path>/tofino.bin
 ```
 
 ## Generating certificates
-The system relies on mTLS (mutual TLS) for authentication.
 
-IPs of the servers using TLS, should be here. If in host mode,
-localhost is used so `127.0.0.1` works. But if in split mode,
-ensure that the IP is present here.
-in the list in the config openssl.cnf file :scripts/tls/openssl.cnf
-```bash
-DNS.1 = *.intel.com
-DNS.2 = k8s
-DNS.3 = kubernetes.default
-IP.1  = 127.0.0.1
-IP.2  = 10.10.0.2 # Inframanager server IP here for example
-```
-
-This config file is used to generate Certificate Signing Request (CSR)
-files for each
-1. Infraagent(client)
-2. Inframanager(server)
-3. Inframanager(client)
-4. Infrap4d
-
-Run the below from base directory.
-```bash
-make gen-certs
-```
-The files will be generated under
-```bash
-$BASE_DIR/tls/certs/infraagent/client   #Infraagent(client)
-$BASE_DIR/tls/certs/inframanager/server #Inframanager(server)
-$BASE_DIR/tls/certs/inframanager/client #Inframanager(client)
-$BASE_DIR/tls/certs/infrap4d #infrap4d
-```
-
-## Installing certificates
-
-`infrap4d` will check for server certificates in the default location
-`/usr/share/stratum/certs/`.
-
-inframanager and infraagent will be expecting certificates in the
-location `/etc/pki/inframanager/certs` and `/etc/pki/infraagent/certs`
-respectively.
-
-
-For more information regarding default and non-default path, refer to
-inframanager-config-file section in the Readme
+Refer to the file[security-guide.md](security/security-guide.md) for more details on generating and installing certificates