Driver Toolkit

    The Driver Toolkit is a container image in the OKD payload used as a base image on which you can build driver containers. The Driver Toolkit image includes the kernel packages commonly required as dependencies to build or install kernel modules, as well as a few tools needed in driver containers. The version of these packages will match the kernel version running on the Fedora CoreOS (FCOS) nodes in the corresponding OKD release.

    Driver containers are container images used for building and deploying out-of-tree kernel modules and drivers on container operating systems like FCOS. Kernel modules and drivers are software libraries running with a high level of privilege in the operating system kernel. They extend the kernel functionalities or provide the hardware-specific code required to control new devices. Examples include hardware devices like Field Programmable Gate Arrays (FPGA) or GPUs, and software-defined storage (SDS) solutions, such as Lustre parallel file systems, which require kernel modules on client machines. Driver containers are the first layer of the software stack used to enable these technologies on Kubernetes.

    The list of kernel packages in the Driver Toolkit includes the following and their dependencies:

    • kernel-devel

    • kernel-headers

    • kernel-modules

    • kernel-modules-extra

    In addition, the Driver Toolkit also includes the corresponding real-time kernel packages:

    • kernel-rt-core

    • kernel-rt-devel

    • kernel-rt-modules

    • kernel-rt-modules-extra

    The Driver Toolkit also has several tools that are commonly needed to build and install kernel modules, including:

    • elfutils-libelf-devel

    • binutilskabi-dw

    • dependencies for the above

    Prior to the Driver Toolkit’s existence, users would install kernel packages in a pod or build config on OKD using or by installing from the kernel RPMs in the hosts machine-os-content. The Driver Toolkit simplifies the process by removing the entitlement step, and avoids the privileged operation of accessing the machine-os-content in a pod. The Driver Toolkit can also be used by partners who have access to pre-released OKD versions to prebuild driver-containers for their hardware devices for future OKD releases.

    The Driver Toolkit is also used by the Kernel Module Management (KMM), which is currently available as a community Operator on OperatorHub. KMM supports out-of-tree and third-party kernel drivers and the support software for the underlying operating system. Users can create modules for KMM to build and deploy a driver container, as well as support software like a device plugin, or metrics. Modules can include a build config to build a driver container-based on the Driver Toolkit, or KMM can deploy a prebuilt driver container.

    The driver-toolkit image is available from the and in the OKD release payload. The image corresponding to the most recent minor release of OKD will be tagged with the version number in the catalog. The image URL for a specific release can be found using the oc adm CLI command.

    Instructions for pulling the driver-toolkit image from registry.redhat.io with podman or in OKD can be found on the . The driver-toolkit image for the latest minor release are tagged with the minor release version on registry.redhat.io, for example: .

    Prerequisites

    • You obtained the image .

    • You installed the OpenShift CLI (oc).

    Procedure

    1. Use the oc adm command to extract the image URL of the driver-toolkit corresponding to a certain release:

      • For an x86 image, the command is as follows:

      • For an ARM image, the command is as follows:

        1. $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.13.z-aarch64 --image-for=driver-toolkit

      Example output

      The output for the ocp-release:4.13.0-x86_64 image is as follows:

      1. quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b53883ca2bac5925857148c4a1abc300ced96c222498e3bc134fe7ce3a1dd404

    2. Obtain this image using a valid pull secret, such as the pull secret required to install OKD:

      1. $ podman pull --authfile=path/to/pullsecret.json quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:<SHA>

    As an example, the Driver Toolkit can be used as the base image for building a very simple kernel module called simple-kmod.

    • You have a running OKD cluster.

    • You set the Image Registry Operator state to Managed for your cluster.

    • You installed the OpenShift CLI (oc).

    • You are logged into the OpenShift CLI as a user with cluster-admin privileges.

    Procedure

    Create a namespace. For example:

    1. $ oc new-project simple-kmod-demo

    1. The YAML defines an ImageStream for storing the simple-kmod driver container image, and a for building the container. Save this YAML as 0000-buildconfig.yaml.template.

    2. Substitute the correct driver toolkit image for the OKD version you are running in place of “DRIVER_TOOLKIT_IMAGE” with the following commands.

        1. $ DRIVER_TOOLKIT_IMAGE=$(oc adm release info $OCP_VERSION --image-for=driver-toolkit)
        1. $ sed "s#DRIVER_TOOLKIT_IMAGE#${DRIVER_TOOLKIT_IMAGE}#" 0000-buildconfig.yaml.template > 0000-buildconfig.yaml

      1. Create the image stream and build config with

        1. $ oc create -f 0000-buildconfig.yaml

      2. After the builder pod completes successfully, deploy the driver container image as a DaemonSet.

        1. The driver container must run with the privileged security context in order to load the kernel modules on the host. The following YAML file contains the RBAC rules and the DaemonSet for running the driver container. Save this YAML as 1000-drivercontainer.yaml.

        2. Create the RBAC rules and daemon set:

          1. $ oc create -f 1000-drivercontainer.yaml

      3. After the pods are running on the worker nodes, verify that the simple_kmod kernel module is loaded successfully on the host machines with lsmod.

        1. Verify that the pods are running:

          1. $ oc get pod -n simple-kmod-demo

          Example output

          1. NAME                                 READY   STATUS      RESTARTS   AGE
          2. simple-kmod-driver-build-1-build     0/1     Completed   0          6m
          3. simple-kmod-driver-container-b22fd   1/1     Running     0          40s
          4. simple-kmod-driver-container-jz9vn   1/1     Running     0          40s
          5. simple-kmod-driver-container-p45cc   1/1     Running     0          40s

        2. Execute the lsmod command in the driver container pod:

          1. $ oc exec -it pod/simple-kmod-driver-container-p45cc -- lsmod | grep simple

          Example output

      • For more information about configuring registry storage for your cluster, see .