Add KVM device plugin
This adds a KVM device plugin for Kubernetes. This plugin allows for unprivileged access and granular
control of KVM access.
Test Plan: Tested in subsequent revision
X-Origin-Diff: phab/D739
GitOrigin-RevId: 5cd738a47d24e7bfdc29bbd1a31537209e1ebf46
diff --git a/metropolis/node/kubernetes/service.go b/metropolis/node/kubernetes/service.go
index 8d0c795..bd0d211 100644
--- a/metropolis/node/kubernetes/service.go
+++ b/metropolis/node/kubernetes/service.go
@@ -34,6 +34,7 @@
"source.monogon.dev/metropolis/node/kubernetes/clusternet"
"source.monogon.dev/metropolis/node/kubernetes/nfproxy"
"source.monogon.dev/metropolis/node/kubernetes/pki"
+ "source.monogon.dev/metropolis/node/kubernetes/plugins/kvmdevice"
"source.monogon.dev/metropolis/node/kubernetes/reconciler"
"source.monogon.dev/metropolis/pkg/supervisor"
apb "source.monogon.dev/metropolis/proto/api"
@@ -136,6 +137,10 @@
ClientSet: clientSet,
}
+ kvmDevicePlugin := kvmdevice.Plugin{
+ KubeletDirectory: &s.c.Root.Data.Kubernetes.Kubelet,
+ }
+
for _, sub := range []struct {
name string
runnable supervisor.Runnable
@@ -149,6 +154,7 @@
{"csi-provisioner", csiProvisioner.Run},
{"clusternet", clusternet.Run},
{"nfproxy", nfproxy.Run},
+ {"kvmdeviceplugin", kvmDevicePlugin.Run},
} {
err := supervisor.Run(ctx, sub.name, sub.runnable)
if err != nil {