sgx-device-plugin/deploy/sgx-device-plugin-enable-aesm-socket-attach.yaml at master · AliyunContainerService/sgx-device-plugin · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: sgx-device-plugin-ds
  namespace: kube-system
spec:
  selector:
    matchLabels:
      k8s-app: sgx-device-plugin
  template:
    metadata:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ""
      labels:
        k8s-app: sgx-device-plugin
    spec:
      containers:
        - image: registry.cn-hangzhou.aliyuncs.com/acs/sgx-device-plugin:v1.0.0-fb467e2-aliyun
          imagePullPolicy: IfNotPresent
          name: sgx-device-plugin
          args: ["--enable-aesm-socket-attach"]
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
          volumeMounts:
            - mountPath: /var/lib/kubelet/device-plugins
              name: device-plugin
            - mountPath: /var/run/aesmd
              name: aesm
            - mountPath: /dev
              name: dev
      tolerations:
        - effect: NoSchedule
          key: alibabacloud.com/sgx_epc_MiB
          operator: Exists
      volumes:
        - hostPath:
            path: /var/lib/kubelet/device-plugins
            type: DirectoryOrCreate
          name: device-plugin
        - hostPath:
            path: /var/run/aesmd
            type: Directory
          name: aesm
        - hostPath:
            path: /dev
            type: Directory
          name: dev