0

I am trying to bind vfio-pci driver to sriov vfs in k8s pod container,but got an error print 

#./dpdk-devbind.py -b vfio-pci 0000:19:02.1
Error: unbind failed for 0000:19:02.1 - Cannot open /sys/bus/pci/drivers/iavf/unbind.
# echo "0000:19:02.1" > /sys/bus/pci/drivers/iavf/unbind
bash: /sys/bus/pci/drivers/iavf/unbind: Read-only file system

But dpdk-devbind.py can works in another docker container created by "docker run --privileged ", I thinks this is maybe the PodSecurityPolicy issue.
After I create PodSecurityPolicy with "privileged: true, readOnlyRootFilesystem: false", the issue still exist, I was confused.

Why dpdk-devbind.py can not works in k8s pod container with privileged ?
should I move the binding operation to host? but some apps runs in container really want to pick the sriov VFs and bind the vfio-pci driver.

Also, the KNI can not works well.

KNI: Failed to open file: /sys/devices/virtual/net/vEth0_0/carrier.

update: insmod rte_kni.ko carrier=on, then comment code rte_kni_update_link() can fix KNI issue

update: according to Kubernetes volumes not getting mounted, use initContainers to mount host /sys to pod /sys rw, now dpdk-devbind.py can works .

Thanks a lot!

happy
  • 37
  • 7
  • are you running DPDK devbind script with `sudo` privilege or not? – Vipin Varghese Nov 01 '21 at 10:24
  • @ Vipin Varghese, with root privilege – happy Nov 03 '21 at 01:03
  • Hmm, with proper debug I am not able to root cause the issue. Only one option is to ensure the `0000:19:02.1` is down `ifconfig [vf interface name] down`, then unbind from iAVF. Let me know if you are up and availble for a debug. – Vipin Varghese Nov 03 '21 at 02:47
  • @VipinVarghese, thanks for your reply, this issue have been closed, use `initContainers` to mount host /sys to pod /sys rw, now dpdk-devbind.py can works, thanks – happy Nov 03 '21 at 05:42

0 Answers0