I am trying to bind vfio-pci driver to sriov vfs in k8s pod container,but got an error print
#./dpdk-devbind.py -b vfio-pci 0000:19:02.1
Error: unbind failed for 0000:19:02.1 - Cannot open /sys/bus/pci/drivers/iavf/unbind.
# echo "0000:19:02.1" > /sys/bus/pci/drivers/iavf/unbind
bash: /sys/bus/pci/drivers/iavf/unbind: Read-only file system
But dpdk-devbind.py can works in another docker container created by "docker run --privileged ",
I thinks this is maybe the PodSecurityPolicy issue.
After I create PodSecurityPolicy with "privileged: true, readOnlyRootFilesystem: false", the issue still exist, I was confused.
Why dpdk-devbind.py can not works in k8s pod container with privileged ?
should I move the binding operation to host? but some apps runs in container really want to pick the sriov VFs and bind the vfio-pci driver.
Also, the KNI can not works well.
KNI: Failed to open file: /sys/devices/virtual/net/vEth0_0/carrier.
update: insmod rte_kni.ko carrier=on, then comment code rte_kni_update_link() can fix KNI issue
update: according to Kubernetes volumes not getting mounted, use initContainers to mount host /sys to pod /sys rw, now dpdk-devbind.py can works .
Thanks a lot!