From 58ad838763c9807f317329afc7247604aca08ebc Mon Sep 17 00:00:00 2001 From: Magdalena Pytel Date: Fri, 31 Jan 2025 10:54:09 +0100 Subject: [PATCH 1/2] Add manifests to run nmos pipeline --- nmos/README.md | 12 +- nmos/k8s/bcs/nmos-client-rx.yaml | 158 ++++++++++++++++++ nmos/k8s/bcs/nmos-client-tx.yaml | 157 +++++++++++++++++ nmos/k8s/bcs/nmos-client.yaml | 94 ----------- .../testing-dev/nmos-is-05-controller.yaml | 25 +++ .../nmos-sample-registry.yaml} | 0 .../nmos-testing.yaml | 0 7 files changed, 348 insertions(+), 98 deletions(-) create mode 100644 nmos/k8s/bcs/nmos-client-rx.yaml create mode 100644 nmos/k8s/bcs/nmos-client-tx.yaml delete mode 100644 nmos/k8s/bcs/nmos-client.yaml create mode 100644 nmos/k8s/testing-dev/nmos-is-05-controller.yaml rename nmos/k8s/{testing/nmos-registry.yaml => testing-dev/nmos-sample-registry.yaml} (100%) rename nmos/k8s/{testing => testing-dev}/nmos-testing.yaml (100%) diff --git a/nmos/README.md b/nmos/README.md index b8a402a1..13a6f9e3 100644 --- a/nmos/README.md +++ b/nmos/README.md @@ -188,10 +188,14 @@ cd /nmos/k8s # Install minikube https://minikube.sigs.k8s.io/docs/start/?arch=%2Fwindows%2Fx86-64%2Fstable%2F.exe+download minikube start # Build iamges. Refer to 4. Build images -# Adjust ConfigMaps in /nmos/k8s/nmos-client.yaml, /nmos/k8s/nmos-registry.yaml and /nmos/k8s/nmos-testing.yaml -kubectl apply -f /nmos/k8s/nmos-client.yaml -kubectl apply -f /nmos/k8s/nmos-registry.yaml -kubectl apply -f /nmos/k8s/nmos-testing.yaml +# Adjust ConfigMaps in /nmos/k8s/bcs/nmos-client-.yaml, /nmos/k8s/testing-dev/nmos-registry.yaml and /nmos/k8s/testing-dev/nmos-testing.yaml + +# Set environment variables: VFIO_PORT_TX and VFIO_PORT_RX that are for virtual functions interfaces +kubectl apply -f /nmos/k8s/bcs/nmos-client-tx.yaml +kubectl apply -f /nmos/k8s/bcs/nmos-client-rx.yaml +kubectl apply -f /nmos/k8s/testing-dev/nmos-registry.yaml +kubectl apply -f /nmos/k8s/testing-dev/nmos-is-05-controller.yaml +kubectl apply -f /nmos/k8s/testing-dev/nmos-testing.yaml #optional # Useful for accessing testing tool browser: https://minikube.sigs.k8s.io/docs/handbook/accessing/ ``` diff --git a/nmos/k8s/bcs/nmos-client-rx.yaml b/nmos/k8s/bcs/nmos-client-rx.yaml new file mode 100644 index 00000000..7e94f593 --- /dev/null +++ b/nmos/k8s/bcs/nmos-client-rx.yaml @@ -0,0 +1,158 @@ +#SPDX-FileCopyrightText: Copyright (c) 2024 Intel Corporation +# +#SPDX-License-Identifier: BSD-3-Clause + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nmos-node-config-rx + namespace: default +data: + node.json: | + { + "logging_level": 0, + "http_port": 95, + "label": "intel-broadcast-suite", + "senders": ["v"], + "senders_count": [0], + "receivers": ["v"], + "receivers_count": [1], + "device_tags": { + "pipeline": ["rx-sender"] + }, + "function": "rx-sender", + "gpu_hw_acceleration": "none", + "domain": "default.svc.cluster.local", + "ffmpeg_grpc_server_address": "tiber-broadcast-suite-tx.default.svc.cluster.local", + "ffmpeg_grpc_server_port": "50052", + "receiver_payload_type": 112, + "sender": [{ + "stream_payload": { + "video": { + "frame_width": 1920, + "frame_height": 1080, + "frame_rate": { "numerator": 60, "denominator": 1 }, + "pixel_format": "yuv422p10le", + "video_type": "rawvideo" + }, + "audio": { + "channels": 2, + "sampleRate": 48000, + "format": "pcm_s24be", + "packetTime": "1ms" + } + }, + "stream_type": { + "file": { + "path": "/root/recv", + "filename": "1920x1080p10le_2.yuv" + } + } + }], + "receiver": [{ + "stream_payload": { + "video": { + "frame_width": 960, + "frame_height": 1080, + "frame_rate": { "numerator": 60, "denominator": 1 }, + "pixel_format": "yuv422p10le", + "video_type": "rawvideo" + }, + "audio": { + "channels": 2, + "sampleRate": 48000, + "format": "pcm_s24be", + "packetTime": "1ms" + } + }, + "stream_type": { + "mcm": { + "conn_type": "st2110", + "transport": "st2110-20", + "urn": "NULL", + "transportPixelFormat": "yuv422p10le" + } + } + }] + } + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nmos-client-rx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nmos-client-rx + template: + metadata: + labels: + app: nmos-client-rx + spec: + containers: + - name: nmos-client-rx + image: nmos-cpp-node:1.2A-f549712 + ports: + - containerPort: 1084 + env: + - name: RUN_NODE + value: "TRUE" + - name: VFIO_PORT_TX + value: "${VFIO_PORT_TX}" + - name: VFIO_PORT_RX + value: "${VFIO_PORT_RX}" + volumeMounts: + - name: nmos-node-config-rx + mountPath: /home/node.json + subPath: node.json + resources: + requests: + cpu: 1 + memory: 500Mi + limits: + cpu: 1 + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: / + port: 50052 + host: tiber-broadcast-suite-rx.default.svc.cluster.local + initialDelaySeconds: 5 + periodSeconds: 10 + volumes: + - name: nmos-node-config-rx + configMap: + name: nmos-node-config-rx + +--- +apiVersion: v1 +kind: Service +metadata: + name: nmos-client-rx + namespace: default +spec: + type: NodePort + selector: + app: nmos-client-rx + ports: + - protocol: TCP + port: 1085 + targetPort: 1085 + name: nmos-client-rx-node-port-http + nodePort: 30085 + - protocol: TCP + port: 50052 + targetPort: 50052 + name: grpc-client-to-ffmpeg + nodePort: 30052 diff --git a/nmos/k8s/bcs/nmos-client-tx.yaml b/nmos/k8s/bcs/nmos-client-tx.yaml new file mode 100644 index 00000000..164319ac --- /dev/null +++ b/nmos/k8s/bcs/nmos-client-tx.yaml @@ -0,0 +1,157 @@ +# SPDX-FileCopyrightText: Copyright (c) 2024 Intel Corporation +# +# SPDX-License-Identifier: BSD-3-Clause +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nmos-node-config-tx + namespace: default +data: + node.json: | + { + "logging_level": 0, + "http_port": 90, + "label": "intel-broadcast-suite", + "senders": ["v"], + "senders_count": [1], + "receivers": ["v"], + "receivers_count": [0], + "device_tags": { + "pipeline": ["tx-sender"] + }, + "function": "tx-sender", + "gpu_hw_acceleration": "none", + "domain": "default.svc.cluster.local", + "ffmpeg_grpc_server_address": "tiber-broadcast-suite-rx.default.svc.cluster.local", + "ffmpeg_grpc_server_port": "50051", + "sender_payload_type": 112, + "sender": [{ + "stream_payload": { + "video": { + "frame_width": 1960, + "frame_height": 1080, + "frame_rate": { "numerator": 60, "denominator": 1 }, + "pixel_format": "yuv422p10le", + "video_type": "rawvideo" + }, + "audio": { + "channels": 2, + "sample_rate": 48000, + "format": "pcm_s24be", + "packet_time": "1ms" + } + }, + "stream_type": { + "mcm": { + "conn_type": "st2110", + "transport": "st2110-20", + "urn": "NULL", + "transport_pixel_format": "yuv422p10le" + } + } + }], + "receiver": [{ + "stream_payload": { + "video": { + "frame_width": 1920, + "frame_height": 1080, + "frame_rate": { "numerator": 60, "denominator": 1 }, + "pixel_format": "yuv422p10le", + "video_type": "rawvideo" + }, + "audio": { + "channels": 2, + "sample_rate": 48000, + "format": "pcm_s24be", + "packet_time": "1ms" + } + }, + "stream_type": { + "file": { + "path": "/root", + "filename": "1920x1080p10le_1.yuv" + } + } + }] + } + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nmos-client-tx + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + app: nmos-client-tx + template: + metadata: + labels: + app: nmos-client-tx + spec: + containers: + - name: nmos-client-tx + image: nmos-cpp-node:1.2A-f549712 + ports: + - containerPort: 1084 + env: + - name: RUN_NODE + value: "TRUE" + - name: VFIO_PORT_TX + value: "${VFIO_PORT_TX}" + - name: VFIO_PORT_RX + value: "${VFIO_PORT_RX}" + volumeMounts: + - name: nmos-node-config-tx + mountPath: /home/node.json + subPath: node.json + resources: + requests: + cpu: 1 + memory: 500Mi + limits: + cpu: 1 + memory: 500Mi + securityContext: + allowPrivilegeEscalation: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + readinessProbe: + httpGet: + path: / + port: 50051 + host: tiber-broadcast-suite-tx.default.svc.cluster.local + initialDelaySeconds: 5 + periodSeconds: 10 + volumes: + - name: nmos-node-config-tx + configMap: + name: nmos-node-config-tx + +--- +apiVersion: v1 +kind: Service +metadata: + name: nmos-client-tx + namespace: default +spec: + type: NodePort + selector: + app: nmos-client-tx + ports: + - protocol: TCP + port: 1084 + targetPort: 1084 + name: nmos-client-tx-node-port-http + nodePort: 30084 + - protocol: TCP + port: 50051 + targetPort: 50051 + name: grpc-client-to-ffmpeg + nodePort: 30051 \ No newline at end of file diff --git a/nmos/k8s/bcs/nmos-client.yaml b/nmos/k8s/bcs/nmos-client.yaml deleted file mode 100644 index 7785b545..00000000 --- a/nmos/k8s/bcs/nmos-client.yaml +++ /dev/null @@ -1,94 +0,0 @@ -#SPDX-FileCopyrightText: Copyright (c) 2024 Intel Corporation -# -#SPDX-License-Identifier: BSD-3-Clause - ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: nmos-node-config -data: - node.json: | - { - "logging_level": 0, - "http_port": 1084, - "label": "intel-broadcast-suite", - "senders": ["v","d"], - "senders_count": [2, 1], - "receivers": ["v"], - "receivers_count": [4], - "device_tags": { - "pipeline": ["multiviewer"] - }, - "frame_rate": { "numerator": 60, "denominator": 1 }, - "frame_width": 1920, - "frame_height": 1080, - "video_type": "video/jxsv", - "domain": "default.svc.cluster.local", - "ffmpeg_grpc_server_address": "", - "ffmpeg_grpc_server_port": "50051" - } - ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nmos-client -spec: - replicas: 1 - selector: - matchLabels: - app: nmos-client - template: - metadata: - labels: - app: nmos-client - spec: - containers: - - name: nmos-client - image: nmos-cpp-node:1.2A-f549712 - ports: - - containerPort: 1084 - env: - - name: RUN_NODE - value: "TRUE" - volumeMounts: - - name: nmos-node-config - mountPath: /home/node.json - subPath: node.json - resources: - requests: - cpu: 1 - memory: 100Mi - limits: - cpu: 1 - memory: 100Mi - securityContext: - readOnlyRootFilesystem: true - runAsNonRoot: false - allowPrivilegeEscalation: false - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - volumes: - - name: nmos-node-config - configMap: - name: nmos-node-config - ---- -apiVersion: v1 -kind: Service -metadata: - name: nmos-client -spec: - type: NodePort - selector: - app: nmos-client - ports: - - protocol: TCP - port: 1084 - targetPort: 1084 - name: nmos-client-node-port-http - nodePort: 30084 diff --git a/nmos/k8s/testing-dev/nmos-is-05-controller.yaml b/nmos/k8s/testing-dev/nmos-is-05-controller.yaml new file mode 100644 index 00000000..71c43c1f --- /dev/null +++ b/nmos/k8s/testing-dev/nmos-is-05-controller.yaml @@ -0,0 +1,25 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: nmos-is05-controller-job + namespace: default +spec: + template: + spec: + containers: + - name: nmos-is05-controller + image: nmos-is05-controller:latest + env: + - name: RECEIVER_IP + value: "localhost" + - name: RECEIVER_PORT + value: "90" + - name: SENDER_IP + value: "localhost" + - name: SENDER_PORT + value: "95" + ports: + - containerPort: 90 + - containerPort: 95 + restartPolicy: Never + backoffLimit: 10 diff --git a/nmos/k8s/testing/nmos-registry.yaml b/nmos/k8s/testing-dev/nmos-sample-registry.yaml similarity index 100% rename from nmos/k8s/testing/nmos-registry.yaml rename to nmos/k8s/testing-dev/nmos-sample-registry.yaml diff --git a/nmos/k8s/testing/nmos-testing.yaml b/nmos/k8s/testing-dev/nmos-testing.yaml similarity index 100% rename from nmos/k8s/testing/nmos-testing.yaml rename to nmos/k8s/testing-dev/nmos-testing.yaml From 3dd37dbac71706d064cceccf979bc51fbf1b0f05 Mon Sep 17 00:00:00 2001 From: Magdalena Pytel Date: Fri, 31 Jan 2025 12:10:59 +0100 Subject: [PATCH 2/2] fix security context --- nmos/k8s/bcs/nmos-client-rx.yaml | 1 + nmos/k8s/bcs/nmos-client-tx.yaml | 1 + nmos/k8s/testing-dev/nmos-is-05-controller.yaml | 3 +++ 3 files changed, 5 insertions(+) diff --git a/nmos/k8s/bcs/nmos-client-rx.yaml b/nmos/k8s/bcs/nmos-client-rx.yaml index 7e94f593..87918692 100644 --- a/nmos/k8s/bcs/nmos-client-rx.yaml +++ b/nmos/k8s/bcs/nmos-client-rx.yaml @@ -117,6 +117,7 @@ spec: cpu: 1 memory: 500Mi securityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault diff --git a/nmos/k8s/bcs/nmos-client-tx.yaml b/nmos/k8s/bcs/nmos-client-tx.yaml index 164319ac..6e950cad 100644 --- a/nmos/k8s/bcs/nmos-client-tx.yaml +++ b/nmos/k8s/bcs/nmos-client-tx.yaml @@ -116,6 +116,7 @@ spec: cpu: 1 memory: 500Mi securityContext: + readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: type: RuntimeDefault diff --git a/nmos/k8s/testing-dev/nmos-is-05-controller.yaml b/nmos/k8s/testing-dev/nmos-is-05-controller.yaml index 71c43c1f..adaa51f6 100644 --- a/nmos/k8s/testing-dev/nmos-is-05-controller.yaml +++ b/nmos/k8s/testing-dev/nmos-is-05-controller.yaml @@ -21,5 +21,8 @@ spec: ports: - containerPort: 90 - containerPort: 95 + securityContext: + readOnlyRootFilesystem: true restartPolicy: Never backoffLimit: 10 +