Test support for Mellanox interfaces

ramperher · ramperher · commit 28b21f1b06b5 · 2025-04-29T17:31:05.000+02:00
diff --git a/grout-container-app/cnfapp/Dockerfile b/grout-container-app/cnfapp/Dockerfile
@@ -1,7 +1,7 @@
 ## Image to build webserver
-FROM docker.io/library/golang:1.23 as build
+FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as build
 
-WORKDIR /utils
+WORKDIR /tmp
 COPY utils/webserver.go .
 RUN go mod init webserver.go
 RUN GOOS=linux CGO_ENABLED=0 go build -a -o webserver .
@@ -53,12 +53,12 @@ RUN chmod 750 /var/log/grout
 RUN chown example-cnf /var/log/grout
 
 # Copy scripts
-COPY --chmod=550 --from=build /utils/webserver /usr/local/bin/webserver
+COPY --chmod=550 --from=build /tmp/webserver /usr/local/bin/webserver
 COPY --chmod=550 scripts/grout-wrapper /usr/local/bin/example-cnf/grout-wrapper
 COPY --chmod=550 scripts/retrieve-grout-ip-addresses /usr/local/bin/example-cnf/retrieve-grout-ip-addresses
 
 # Move to the custom user
-USER example-cnf
+USER root
 
 # Prepare entrypoint
 ENTRYPOINT ["/usr/local/bin/example-cnf/grout-wrapper"]
diff --git a/grout-operator/roles/grout/templates/deployment.yml b/grout-operator/roles/grout/templates/deployment.yml
@@ -49,9 +49,6 @@ spec:
                 values:
                 - pkt-gen
             topologyKey: kubernetes.io/hostname
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 56560
       serviceAccountName: grout-account
 {% if runtime_class_name is defined and runtime_class_name | length %}
       runtimeClassName: "{{ runtime_class_name }}"
@@ -64,17 +61,10 @@ spec:
         image: "{{ image_grout }}"
         imagePullPolicy: "{{ image_pull_policy }}"
         securityContext:
-          runAsNonRoot: true
-          runAsUser: 56560
 {% if run_deployment is defined and run_deployment == 1 %}
           readOnlyRootFilesystem: true
 {% endif %}
-{% if privileged %}
           privileged: true
-{% else %}
-          capabilities:
-            add: ["IPC_LOCK", "NET_ADMIN", "AUDIT_WRITE"]
-{% endif %}
         resources:
           limits:
             hugepages-1Gi: {{ hugepage_1gb_count }}
diff --git a/testpmd-container-app/cnfapp/Dockerfile b/testpmd-container-app/cnfapp/Dockerfile
@@ -2,9 +2,9 @@
 FROM quay.io/rh-nfv-int/dpdk:v0.0.1 as build
 
 ## Image to build webserver
-FROM docker.io/library/golang:1.23 as build2
+FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as build2
 
-WORKDIR /utils
+WORKDIR /tmp
 COPY utils/webserver.go .
 RUN go mod init webserver.go
 RUN GOOS=linux CGO_ENABLED=0 go build -a -o webserver .
@@ -43,7 +43,7 @@ RUN chmod 750 /var/log/testpmd
 RUN chown example-cnf /var/log/testpmd
 
 # Copy scripts
-COPY --chmod=550 --from=build2 /utils/webserver /usr/local/bin/webserver
+COPY --chmod=550 --from=build2 /tmp/webserver /usr/local/bin/webserver
 COPY --chmod=550 --from=build /usr/local/bin/dpdk-testpmd /usr/local/bin/example-cnf/testpmd
 COPY --chmod=550 scripts/testpmd-wrapper /usr/local/bin/example-cnf/testpmd-wrapper
 
diff --git a/trex-container-app/app/Dockerfile b/trex-container-app/app/Dockerfile
@@ -1,6 +1,6 @@
-FROM docker.io/library/golang:1.23 as build
+FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as build
 
-WORKDIR /utils
+WORKDIR /tmp
 COPY utils/webserver.go .
 RUN go mod init webserver.go
 RUN GOOS=linux CGO_ENABLED=0 go build -a -o webserver .
@@ -45,7 +45,7 @@ RUN chown example-cnf:example-cnf /var/log/trex
 
 # Copy scripts
 COPY --chmod=550 scripts /usr/local/bin/
-COPY --chmod=550 --from=build /utils/webserver /usr/local/bin/webserver
+COPY --chmod=550 --from=build /tmp/webserver /usr/local/bin/webserver
 COPY --chmod=550 pyfiles /opt/pyfiles/
 
 # Move to the custom user
diff --git a/trex-container-app/server/Dockerfile b/trex-container-app/server/Dockerfile
@@ -1,6 +1,6 @@
-FROM docker.io/library/golang:1.23 as build
+FROM registry.access.redhat.com/ubi9/go-toolset:1.23 as build
 
-WORKDIR /utils
+WORKDIR /tmp
 COPY utils/webserver.go .
 RUN go mod init webserver.go
 RUN GOOS=linux CGO_ENABLED=0 go build -a -o webserver .
@@ -79,7 +79,7 @@ RUN chmod 664 /usr/local/bin/example-cnf/trex_cfg.yaml
 
 # Copy scripts
 COPY --chmod=550 scripts /usr/local/bin
-COPY --chmod=550 --from=build /utils/webserver /usr/local/bin/webserver
+COPY --chmod=550 --from=build /tmp/webserver /usr/local/bin/webserver
 
 # Move to the custom user
-USER example-cnf
+USER root
diff --git a/trex-operator/roles/trexconfig/templates/deployment.yml b/trex-operator/roles/trexconfig/templates/deployment.yml
@@ -58,9 +58,6 @@ spec:
                 values:
                 - cnf-app
             topologyKey: kubernetes.io/hostname
-      securityContext:
-        runAsNonRoot: true
-        runAsUser: 56560
       serviceAccountName: trex-server-account
 {% if runtime_class_name is defined and runtime_class_name | length %}
       runtimeClassName: "{{ runtime_class_name }}"
@@ -82,17 +79,10 @@ spec:
         - name: "http-probe"
           containerPort: 8096
         securityContext:
-          runAsNonRoot: true
-          runAsUser: 56560
 {% if run_deployment is defined and run_deployment == 1 %}
           readOnlyRootFilesystem: true
 {% endif %}
-{% if privileged %}
           privileged: true
-{% else %}
-          capabilities:
-            add: ["IPC_LOCK", "NET_ADMIN", "AUDIT_WRITE"]
-{% endif %}
         resources:
           limits:
             hugepages-1Gi: {{ hugepage_1gb_count }}
@@ -168,8 +158,6 @@ spec:
         image: "{{ image_app }}"
         imagePullPolicy: "{{ image_pull_policy }}"
         securityContext:
-          runAsNonRoot: true
-          runAsUser: 56560
 {% if run_deployment is defined and run_deployment == 1 %}
           readOnlyRootFilesystem: true
 {% endif %}
