Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

Chapter 11. DPU Operator

11.1. About DPU and the DPU Operator
Copier lien

As a cluster administrator, you can add the DPU Operator to your cluster to manage DPU devices and network attachments.

Important

The DPU Operator is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

11.1.1. Orchestrating DPUs with the DPU Operator
Copier lien

A Data Processing Unit (DPU) is a type of programmable processor that is considered one of the three fundamental pillars of computing, alongside CPUs and GPUs. While CPUs handle general computing tasks and GPUs accelerate specific workloads, the primary role of the DPU is to offload and accelerate data-centric workloads, such as networking, storage, and security functions.

DPUs are typically used in data centers and cloud environments to improve performance, reduce latency, and enhance security by offloading these tasks from the CPU. DPUs can also be used to create a more efficient and flexible infrastructure by enabling the deployment of specialized workloads closer to the data source.

The DPU Operator is responsible for managing the DPU devices and network attachments. The DPU Operator deploys the DPU daemon onto OpenShift Container Platform compute nodes that interface through an API controlling the DPU daemon running on the DPU. The DPU Operator is responsible for the life-cycle management of the ovn-kube components and the necessary host network initialization on the DPU.

The currently supported DPU device is described in the following table.

Expand
Table 11.1. Supported device
VendorDeviceFirmwareDescription

Intel

IPU E2100

Version 2.0.0.11126 or later

A DPU designed to offload networking, storage, and security tasks from host CPUs in data centers, improving efficiency and performance. For instructions on deploying a full end-to-end solution, see the Red Hat Knowledgebase solution Accelerating Confidential AI on OpenShift with the Intel E2100 IPU, DPU Operator, and F5 NGINX.

11.2. Installing the DPU Operator
Copier lien

You can install the Data Processing Unit (DPU) Operator on your cluster to manage DPU devices and network attachments. Install the DPU Operator on both the host cluster and all the DPU clusters. The DPU Operator manages the lifecycle of all the supported DPUs.

As a cluster administrator, you can install the DPU Operator by using the OpenShift Container Platform CLI or the web console.

Note

You need to install the DPU Operator on the host cluster and each of the DPU clusters.

11.2.1. Installing the DPU Operator by using the CLI
Copier lien

As a cluster administrator, you can install the DPU Operator by using the CLI.

Note

The CLI must be used to install the DPU Operator on the DPU cluster.

Prerequisites

  • Install the OpenShift CLI (oc).
  • An account with cluster-admin privileges.

Procedure

  1. Create the openshift-dpu-operator namespace by entering the following command: 

    $ cat << EOF| oc create -f -
apiVersion: v1
kind: Namespace
metadata:
  name: openshift-dpu-operator
  annotations:
    workload.openshift.io/allowed: management
EOF
    Copy to Clipboard Toggle word wrap

  2. Create an OperatorGroup custom resource (CR) by entering the following command: 

    $ cat << EOF| oc create -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: dpu-operators
  namespace: openshift-dpu-operator
spec:
  targetNamespaces:
  - openshift-dpu-operator
EOF
    Copy to Clipboard Toggle word wrap

  3. Create a Subscription CR for the DPU Operator by entering the following command: 

    $ cat << EOF| oc create -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: openshift-dpu-operator-subscription
  namespace: openshift-dpu-operator
spec:
  channel: stable
  name: dpu-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF
    Copy to Clipboard Toggle word wrap

Verification

  1. To verify that the Operator is installed, enter the following command and then check that output shows Succeeded for the Operator: 

    $ oc get csv -n openshift-dpu-operator \
  -o custom-columns=Name:.metadata.name,Phase:.status.phase
    Copy to Clipboard Toggle word wrap

  2. Change to the openshift-dpu-operator project: 

    $ oc project openshift-dpu-operator
    Copy to Clipboard Toggle word wrap

  3. Verify the DPU Operator is running by entering the following command: 

    $ oc get pods -n openshift-dpu-operator
    Copy to Clipboard Toggle word wrap

    Example output

    NAME                                               READY   STATUS    RESTARTS   AGE
dpu-operator-controller-manager-6b7bbb5db8-7lvkj   2/2     Running   0          2m9s
    Copy to Clipboard Toggle word wrap

11.2.2. Installing the DPU Operator using the web console
Copier lien

As a cluster administrator, you can install the DPU Operator by using the web console.

Prerequisites

  • Install the OpenShift CLI (oc).
  • An account with cluster-admin privileges.

Procedure

  1. In the OpenShift Container Platform web console, click Operators OperatorHub.
  2. Select DPU Operator from the list of available Operators, and then click Install.

  3. On the Install Operator page, under Installed Namespace, the Operator recommended Namespace option is preselected by default. No action is required.

    1. Click Install.

Verification

  1. Navigate to the Operators Installed Operators page.

  2. Ensure that DPU Operator is listed in the openshift-dpu-operator project with a Status of InstallSucceeded.

    Note

    During installation an Operator might display a Failed status. If the installation later succeeds with an InstallSucceeded message, you can ignore the Failed message.

Troubleshooting

  • Inspect the Operator Subscriptions and Install Plans tabs for any failure or errors under Status.
  • Navigate to the Workloads Pods page and check the logs for pods in the openshift-dpu-operator project.

  • Check the namespace of the YAML file. If the annotation is missing, you can add the annotation workload.openshift.io/allowed=management to the Operator namespace with the following command: 

    $ oc annotate ns/openshift-dpu-operator workload.openshift.io/allowed=management
    Copy to Clipboard Toggle word wrap
    Note

    For single-node OpenShift clusters, the annotation workload.openshift.io/allowed=management is required for the namespace.

11.2.3. Next steps
Copier lien

11.3. Configuring the DPU Operator
Copier lien

You can configure the DPU Operator to manage the DPU devices and network attachments in your cluster.

11.3.1. Configuring the DPU Operator
Copier lien

To configure the DPU Operator follow these steps:

Procedure

  1. Create a DpuOperatorConfig custom resource (CR) on both the host cluster and on each of the DPU clusters. The DPU Operator in each cluster is activated after this CR is created.

  2. Create a file named dpu-operator-host-config.yaml by using the following YAML: 

    apiVersion: config.openshift.io/v1
kind: DpuOperatorConfig
metadata:
 name: dpu-operator-config
    1 
    
spec:
 mode: host
    2
    Copy to Clipboard Toggle word wrap
    1
    The name of the custom resource must be dpu-operator-config.
    2
    Set the value to host on the host cluster. On each DPU cluster, which runs a single MicroShift cluster per DPU, set the value to dpu.

  3. Create the resource by running the following command: 

    $ oc apply -f dpu-operator-host-config.yaml
    Copy to Clipboard Toggle word wrap

  4. You must label all nodes that either have an attached DPU or are functioning as a DPU. On the host cluster, this means labeling all compute nodes assuming each node has an attached DPU with dpu=true. On the DPU, where each MicroShift cluster consists of a single node, label that single node in each cluster with dpu=true. You can apply this label by running the following command: 

    $ oc label node <node_name> dpu=true
    Copy to Clipboard Toggle word wrap

    where:

    node_name
    Refers to the name of your node, such as worker-1.

11.4. Running a workload on the DPU
Copier lien

Running workloads on a DPU enables offloading specialized infrastructure tasks such as networking, security, and storage to a dedicated processing unit. This improves performance, enforces a stronger security boundary between infrastructure and application workloads, and frees up host CPU resources.

11.4.1. Running a workload on the DPU
Copier lien

Follow these steps to deploy a workload on the DPU.

Prerequisites

  • The OpenShift CLI (oc) is installed.
  • An account with cluster-admin privileges is available.
  • The DPU Operator is installed.

Procedure

  1. Create a sample workload on the host side by using the following YAML, save the file as workload-host.yaml: 

    apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  namespace: default
  annotations:
    k8s.v1.cni.cncf.io/networks: default-sriov-net
spec:
  nodeSelector:
    kubernetes.io/hostname: worker-237
    1 
    
  containers:
  - name: appcntr1
    image: registry.access.redhat.com/ubi9/ubi:latest
    command: ['/bin/sh', '-c', 'sleep infinity']
    imagePullPolicy: Always
    securityContext:
      priviledged: true
      runAsNonRoot: false
      runAsUser: 0
      seccompProfile:
        type: RuntimeDefault
    resources:
      requests:
        openshift.io/dpu: '1'
      limits:
        openshift.io/dpu: '1'
    Copy to Clipboard Toggle word wrap
    1
    The name of the node where the workload is deployed.

  2. Create the workload by running the following command: 

    $ oc apply -f workload-host.yaml
    Copy to Clipboard Toggle word wrap

11.4.2. Creating a service function chain on the DPU
Copier lien

Network service chaining, also known as service function chaining (SFC) is a capability that uses software-defined networking (SDN) capabilities to create a chain of connected network services, such as L4-7 services like firewalls, network address translation (NAT), and intrusion protection.

Follow this procedure on the DPU to create the network function my-network-function in the service function chain.

Prerequisites

  • Install the OpenShift CLI (oc).
  • An account with cluster-admin privileges.
  • Install the DPU Operator.

Procedure

  1. Save the following YAML file example as sfc.yaml: 

    apiVersion: config.openshift.io/v1
kind: ServiceFunctionChain
metadata:
  name: sfc
  namespace: openshift-dpu-operator
spec:
  networkFunctions:
  - name: my-network-function
    1 
    
    image: quay.io/example-org/my-network-function:latest
    2
    Copy to Clipboard Toggle word wrap
    1
    The name of the network function. This name is used to identify the network function in the service function chain.
    2
    The URL to the container image that contains the network function. The image must be accessible from the DPU.

  2. Create the chain by running the following command on the DPU nodes: 

    $ oc apply -f sfc.yaml
    Copy to Clipboard Toggle word wrap

11.5. Uninstalling the DPU Operator
Copier lien

To uninstall the DPU Operator, you must first delete any running DPU workloads. Follow this procedure to uninstall the DPU Operator.

11.5.1. Uninstalling the DPU Operator
Copier lien

As a cluster administrator, you can uninstall the DPU Operator.

Prerequisites

  • You have access to an OpenShift Container Platform cluster using an account with cluster-admin permissions.
  • You have the DPU Operator installed.

Procedure

  1. Delete the DpuOperatorConfig CR that was created by running the following command 

    $ oc delete DpuOperatorConfig dpu-operator-config
    Copy to Clipboard Toggle word wrap

  2. Delete the subscription that was used to install the DPU Operator by running the following command: 

    $ oc delete Subscription openshift-dpu-operator-subscription -n openshift-dpu-operator
    Copy to Clipboard Toggle word wrap

  3. Remove the OperatorGroup resource that was created by running the following command: 

    $ oc delete OperatorGroup dpu-operators -n openshift-dpu-operator
    Copy to Clipboard Toggle word wrap

  4. Uninstall the DPU Operator as follows:

    1. Check the installed Operators by running the following command: 

      $ oc get csv -n openshift-dpu-operator
      Copy to Clipboard Toggle word wrap

      Example output

      NAME                                DISPLAY        VERSION               REPLACES   PHASE
dpu-operator.v4.19.0-202503130333   DPU Operator   4.19.0-202503130333              Failed
      Copy to Clipboard Toggle word wrap

    2. Delete the DPU Operator by running the following command: 

      $ oc delete csv dpu-operator.v4.19.0-202503130333 -n openshift-dpu-operator
      Copy to Clipboard Toggle word wrap

  5. Delete the namespace that was created for the DPU Operator by running the following command: 

    $ oc delete namespace openshift-dpu-operator
    Copy to Clipboard Toggle word wrap

Verification

  1. Verify that the DPU Operator is uninstalled by running the following command. An example of succesful command output is No resources found in openshift-dpu-operator namespace. 

    $ oc get csv -n openshift-dpu-operator
    Copy to Clipboard Toggle word wrap
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat