Hi, all.
Based on my testing about the sst feature in the topology-aware policy. I found that there some problems in the NRI pod.
The NRI pod can't find the /host/dev/isst_interface device.
After some research, I add these lines to the NRI daemonset.
Then, the NRI pod has no permission to access this device:
W0804 01:56:49.287017 1 system.go:297] failed to get SST info for package 0: failed to read SST PP info: Mbox command failed with failed to open isst device "/host/dev/isst_interface": open /host/dev/isst_interface: operation not permitted
After that, I noticed that there are some securitycontext in the daemonset file and I modified it:
I added the privileged: true into it and I commented the next two lines. At last, the NRI can access the sst device:
So does my approach was correct?
Hi, all.
Based on my testing about the sst feature in the topology-aware policy. I found that there some problems in the NRI pod.
The NRI pod can't find the
/host/dev/isst_interfacedevice.After some research, I add these lines to the NRI daemonset.
Then, the NRI pod has no permission to access this device:
After that, I noticed that there are some securitycontext in the daemonset file and I modified it:
I added the
privileged: trueinto it and I commented the next two lines. At last, the NRI can access the sst device:So does my approach was correct?