-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'OpenVisualCloud:main' into 1ksession
- Loading branch information
Showing
37 changed files
with
4,371 additions
and
390 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
name: Trivy | ||
on: | ||
push: | ||
branches: | ||
- main | ||
pull_request: | ||
permissions: | ||
contents: read | ||
|
||
jobs: | ||
checkout_code: | ||
runs-on: ubuntu-20.04 | ||
name: Checkout code | ||
steps: | ||
- name: Harden Runner | ||
uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | ||
with: | ||
egress-policy: audit | ||
- name: Checkout code | ||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
|
||
scan_fs: | ||
runs-on: ubuntu-20.04 | ||
needs: checkout_code | ||
permissions: | ||
contents: read # for actions/checkout to fetch code | ||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
name: Scan FS | ||
steps: | ||
- name: Run Trivy vulnerability scanner for 'fs' | ||
uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # master | ||
with: | ||
scan-type: 'fs' | ||
ignore-unfixed: true | ||
format: 'sarif' | ||
output: 'trivy-results-fs.sarif' | ||
severity: 'CRITICAL,HIGH,MEDIUM' | ||
- name: Upload Trivy 'fs' scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 | ||
with: | ||
sarif_file: 'trivy-results-fs.sarif' | ||
|
||
scan_config: | ||
runs-on: ubuntu-20.04 | ||
needs: checkout_code | ||
permissions: | ||
contents: read # for actions/checkout to fetch code | ||
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results | ||
name: Scan Config | ||
steps: | ||
- name: Run Trivy vulnerability scanner for 'config' | ||
uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601 # master | ||
with: | ||
scan-type: 'config' | ||
hide-progress: false | ||
ignore-unfixed: true | ||
format: 'sarif' | ||
output: 'trivy-results-config.sarif' | ||
severity: 'CRITICAL,HIGH,MEDIUM' | ||
- name: Upload Trivy 'config' scan results to GitHub Security tab | ||
uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12 | ||
with: | ||
sarif_file: 'trivy-results-config.sarif' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: media-proxy-rx | ||
namespace: mcm | ||
labels: | ||
app: media-proxy-rx | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: media-proxy-rx | ||
template: | ||
metadata: | ||
labels: | ||
app: media-proxy-rx | ||
spec: | ||
nodeSelector: | ||
node-role.kubernetes.io/worker: "true" | ||
mcm-type: rx | ||
containers: | ||
- name: media-proxy-rx | ||
image: mcm/media-proxy:latest | ||
imagePullPolicy: Never | ||
command: [ "media_proxy" ] | ||
args: [ "-d", "0000:31:11.5", "-i", "192.168.96.20" ] | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
resources: | ||
requests: | ||
cpu: 2 | ||
memory: 4Gi | ||
limits: | ||
cpu: 2 | ||
memory: 8Gi | ||
hugepages-2Mi: 1Gi | ||
hugepages-1Gi: 2Gi | ||
securityContext: | ||
privileged: true | ||
runAsUser: 0 | ||
runAsGroup: 0 | ||
ports: | ||
- containerPort: 8001 | ||
hostPort: 8001 | ||
protocol: TCP | ||
name: grpc-port | ||
- containerPort: 8002 | ||
hostPort: 8002 | ||
protocol: TCP | ||
name: sdk-port | ||
volumeMounts: | ||
- name: memif-dir # Using hostPath volume | ||
mountPath: /run/mcm # Mount path in the pod | ||
- name: dev-vfio | ||
mountPath: /dev/vfio | ||
- mountPath: /hugepages-2Mi | ||
name: hugepage-2mi | ||
- mountPath: /hugepages-1Gi | ||
name: hugepage-1gi | ||
- mountPath: /dev/shm | ||
name: cache-volume | ||
- name: imtl-mgr # Communicate with IMTL manager | ||
mountPath: /var/run/imtl # Mount path in the pod | ||
volumes: | ||
- name: memif-dir # Using hostPath volume | ||
hostPath: | ||
path: /tmp/mcm/memif | ||
- name: dev-vfio | ||
hostPath: | ||
path: /dev/vfio | ||
- name: hugepage-2mi | ||
emptyDir: | ||
medium: HugePages-2Mi | ||
- name: hugepage-1gi | ||
emptyDir: | ||
medium: HugePages-1Gi | ||
- name: cache-volume | ||
emptyDir: | ||
medium: Memory | ||
sizeLimit: 4Gi | ||
- name: imtl-mgr | ||
persistentVolumeClaim: | ||
claimName: imtl-pvc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: media-proxy-tx | ||
namespace: mcm | ||
labels: | ||
app: media-proxy-tx | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: media-proxy-tx | ||
template: | ||
metadata: | ||
labels: | ||
app: media-proxy-tx | ||
spec: | ||
nodeSelector: | ||
node-role.kubernetes.io/worker: "true" | ||
mcm-type: tx | ||
containers: | ||
- name: media-proxy-tx | ||
image: mcm/media-proxy:latest | ||
imagePullPolicy: Never | ||
command: [ "media_proxy" ] | ||
args: [ "-d", "0000:31:01.5", "-i", "192.168.96.10" ] | ||
env: | ||
- name: NODE_NAME | ||
valueFrom: | ||
fieldRef: | ||
fieldPath: spec.nodeName | ||
resources: | ||
requests: | ||
cpu: 2 | ||
memory: 4Gi | ||
limits: | ||
cpu: 2 | ||
memory: 8Gi | ||
hugepages-2Mi: 1Gi | ||
hugepages-1Gi: 2Gi | ||
securityContext: | ||
privileged: true | ||
runAsUser: 0 | ||
runAsGroup: 0 | ||
ports: | ||
- containerPort: 8001 | ||
hostPort: 8001 | ||
protocol: TCP | ||
name: grpc-port | ||
- containerPort: 8002 | ||
hostPort: 8002 | ||
protocol: TCP | ||
name: sdk-port | ||
volumeMounts: | ||
- name: memif-dir # Using hostPath volume | ||
mountPath: /run/mcm # Mount path in the pod | ||
- name: dev-vfio | ||
mountPath: /dev/vfio | ||
- mountPath: /hugepages-2Mi | ||
name: hugepage-2mi | ||
- mountPath: /hugepages-1Gi | ||
name: hugepage-1gi | ||
- mountPath: /dev/shm | ||
name: cache-volume | ||
- name: imtl-mgr # Communicate with IMTL manager | ||
mountPath: /var/run/imtl # Mount path in the pod | ||
volumes: | ||
- name: memif-dir # Using hostPath volume | ||
hostPath: | ||
path: /tmp/mcm/memif | ||
- name: dev-vfio | ||
hostPath: | ||
path: /dev/vfio | ||
- name: hugepage-2mi | ||
emptyDir: | ||
medium: HugePages-2Mi | ||
- name: hugepage-1gi | ||
emptyDir: | ||
medium: HugePages-1Gi | ||
- name: cache-volume | ||
emptyDir: | ||
medium: Memory | ||
sizeLimit: 4Gi | ||
- name: imtl-mgr | ||
persistentVolumeClaim: | ||
claimName: imtl-pvc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.