openshift · SamD2021 · Feb 27, 2026 · Feb 27, 2026 · Feb 28, 2026 · Feb 28, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,20 @@
+# Build the manager binary
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+
+# Build directly to avoid GOARCH leaking into go-run helper tooling during cross builds.
+RUN mkdir -p /workspace/bin && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/manager.${TARGETARCH} ./cmd/main.go
+
+# Use a minimal runtime image for the manager binary.
+FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
+WORKDIR /
+ARG TARGETARCH
+COPY --from=builder /workspace/bin/manager.${TARGETARCH} /manager
+USER 65532:65532
+ENTRYPOINT ["/manager"]
diff --git a/Dockerfile.CNI b/Dockerfile.CNI
@@ -0,0 +1,12 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+COPY . /usr/src/dpu-cni
+WORKDIR /usr/src/dpu-cni
+RUN GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -o dpucni ./dpu-cni/dpu-cni.go
+
+FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
+COPY --from=builder /usr/src/dpu-cni/dpucni /usr/bin/
+WORKDIR /
+LABEL io.k8s.display-name="DPU-CNI"
diff --git a/Dockerfile.IntelNetSecVSP b/Dockerfile.IntelNetSecVSP
@@ -0,0 +1,29 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+
+# Build directly to avoid GOARCH leaking into go-run helper tooling during cross builds.
+RUN mkdir -p /workspace/bin && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/vsp-intel-netsec.${TARGETARCH} ./internal/daemon/vendor-specific-plugins/intel-netsec/main.go
+
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+ARG TARGETARCH
+COPY --from=builder /workspace/bin/vsp-intel-netsec.${TARGETARCH} /vsp-intel-netsec
+
+RUN dnf update -y \
+    && dnf install -y \
+       ethtool \
+       net-tools \
+       kmod \
+       pciutils \
+       iputils \
+       iproute \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+USER 0
+ENTRYPOINT ["/vsp-intel-netsec"]
diff --git a/Dockerfile.IntelP4 b/Dockerfile.IntelP4
@@ -0,0 +1,53 @@
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+
+ARG P4_NAME=fxp-net_linux-networking
+ENV P4_NAME $P4_NAME
+
+ARG TARGETOS
+ARG TARGETARCH
+ENV ARCHSUFFIX="aarch64"
+
+COPY . /src
+WORKDIR /src
+RUN dnf install -y \
+   kmod \
+   gettext \
+   python3-pip \
+   pciutils \
+   libnl3 \
+   libedit \
+   net-tools \
+   libatomic \
+   libconfig \
+   gcc gcc-c++ \
+   && dnf clean all
+
+RUN mkdir -p /opt/${P4_NAME}
+COPY cmd/intelvsp/$P4_NAME/* /opt/${P4_NAME}/
+COPY cmd/intelvsp/p4sdk/entrypoint.sh /
+COPY cmd/intelvsp/p4sdk/es2k_skip_p4.conf.template /
+
+RUN python3 -m pip install --no-cache-dir \
+    netaddr==1.2.1
+
+WORKDIR /
+
+# Add steps for cachito
+ENV REMOTE_SOURCES=${REMOTE_SOURCES:-"./openshift/"}
+ENV REMOTE_SOURCES_DIR=${REMOTE_SOURCES_DIR:-"/cachito"}
+COPY ${REMOTE_SOURCES} ${REMOTE_SOURCES_DIR}
+COPY openshift/install-dpu.sh .
+RUN chmod +x install-dpu.sh \
+    && ./install-dpu.sh
+
+# Remove packages only needed for cachito.
+RUN dnf remove -y gcc gcc-c++ \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+COPY ./cmd/intelvsp/p4runtime-2023.11.0/p4 /opt/p4rt_proto
+COPY ./cmd/intelvsp/p4runtime-2023.11.0/copy_p4rt_python_deps.sh /opt/p4rt_proto/
+RUN chmod a+x /opt/p4rt_proto/copy_p4rt_python_deps.sh
+RUN /opt/p4rt_proto/copy_p4rt_python_deps.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/Dockerfile.IntelVSP b/Dockerfile.IntelVSP
@@ -0,0 +1,52 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+
+# Build directly to avoid GOARCH leaking into go-run helper tooling during cross builds.
+RUN mkdir -p /workspace/bin && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/ipuplugin.${TARGETARCH} ./cmd/intelvsp/intelvsp.go
+
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+ARG TARGETARCH
+ENV PYTHONUNBUFFERED=1
+WORKDIR /
+
+# https://github.com/grpc/grpc/issues/24556
+RUN dnf install -y \
+    centos-release-nfv-openvswitch \
+    && dnf install -y \
+    NetworkManager iproute python3 python3-devel openssh-clients gcc gcc-c++ openvswitch3.4 \
+    && python3 -m ensurepip --upgrade
+
+# By setting WORKDIR, directories are created automatically.
+WORKDIR /opt/p4/p4-cp-nws/bin/
+RUN mkdir -p /opt/p4/p4-cp-nws/bin/p4
+
+COPY ./cmd/intelvsp/fxp-net_linux-networking/fxp-net_linux-networking.pkg /
+COPY ./cmd/intelvsp/p4rt-ctl /opt/p4/p4-cp-nws/bin/
+
+# Add steps for cachito
+ENV REMOTE_SOURCES=${REMOTE_SOURCES:-"./openshift/"}
+ENV REMOTE_SOURCES_DIR=${REMOTE_SOURCES_DIR:-"/cachito"}
+COPY ${REMOTE_SOURCES} ${REMOTE_SOURCES_DIR}
+COPY openshift/install-dpu.sh .
+RUN chmod +x install-dpu.sh \
+    && ./install-dpu.sh
+
+# Remove packages only needed for cachito.
+RUN dnf remove -y gcc gcc-c++ \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+COPY ./cmd/intelvsp/p4runtime-2023.11.0/p4 /opt/p4rt_proto
+COPY ./cmd/intelvsp/p4runtime-2023.11.0/copy_p4rt_python_deps.sh /opt/p4rt_proto
+RUN chmod a+x /opt/p4rt_proto/copy_p4rt_python_deps.sh
+RUN /opt/p4rt_proto/copy_p4rt_python_deps.sh
+
+COPY --chmod=755 --from=builder /workspace/bin/ipuplugin.${TARGETARCH} /ipuplugin
+LABEL io.k8s.display-name="IPU OPI Plugin"
+ENTRYPOINT ["/ipuplugin"]
diff --git a/Dockerfile.daemon b/Dockerfile.daemon
@@ -0,0 +1,28 @@
+# Build the daemon and CNI binaries
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+
+# Build directly to avoid GOARCH leaking into go-run helper tooling during cross builds.
+RUN mkdir -p /workspace/bin && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/daemon.${TARGETARCH} ./cmd/daemon/daemon.go && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/dpu-cni.${TARGETARCH} ./dpu-cni/dpu-cni.go
+
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+ARG TARGETARCH
+WORKDIR /
+COPY --from=builder /workspace/bin/daemon.${TARGETARCH} /daemon
+COPY --from=builder /workspace/bin/dpu-cni.${TARGETARCH} /dpu-cni
+
+# Install hwdata to include pci.ids so jaypipes/ghw can run offline.
+RUN dnf install -y hwdata ethtool \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+USER 65532:65532
+ENTRYPOINT ["/daemon"]
diff --git a/Dockerfile.inc b/Dockerfile.inc
@@ -0,0 +1,6 @@
+
+FROM localhost/dpu-operator:dev-base-arm64
+
+ARG TARGETARCH
+
+COPY  bin/manager.${TARGETARCH} /manager
diff --git a/Dockerfile.mrvlCPAgent b/Dockerfile.mrvlCPAgent
@@ -0,0 +1,57 @@
+ARG TARGETARCH
+FROM --platform=linux/${TARGETARCH} docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS stage1
+ARG TARGETOS
+ARG TARGETARCH
+
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gawk gcc g++ libconfig-dev make pkg-config \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /workspace
+COPY . .
+
+RUN \
+    set -x && \
+    mkdir -p /cpagent-bin/ && \
+    if [ "$TARGETARCH" = "arm64" ] ; then \
+        export OCTEP_PATH="/workspace/pcie_ep_octeon_target/target/libs/octep_cp_lib" && \
+        ln -nfs internal/daemon/vendor-specific-plugins/marvell/vendor/pcie_ep_octeon_target.25.03.0/ /workspace/pcie_ep_octeon_target && \
+        cd "/workspace/pcie_ep_octeon_target/target/libs/octep_cp_lib" && \
+        make CFLAGS="-DUSE_PEM_AND_DPI_PF=1" && \
+        cd "/workspace/pcie_ep_octeon_target/target/apps/octep_cp_agent" && \
+        make CFLAGS="$(pkg-config --cflags libconfig) -I$OCTEP_PATH/include" \
+             LDFLAGS="$(pkg-config --libs libconfig) -L$OCTEP_PATH/bin/lib" && \
+        cp bin/bin/octep_cp_agent /cpagent-bin/octep_cp_agent.25.03.0 && \
+        ln -nfs internal/daemon/vendor-specific-plugins/marvell/vendor/pcie_ep_octeon_target/ /workspace/pcie_ep_octeon_target && \
+        cd "/workspace/pcie_ep_octeon_target/target/libs/octep_cp_lib" && \
+        make CFLAGS="-DUSE_PEM_AND_DPI_PF=1" && \
+        cd "/workspace/pcie_ep_octeon_target/target/apps/octep_cp_agent" && \
+        make CFLAGS="$(pkg-config --cflags libconfig) -I$OCTEP_PATH/include" \
+             LDFLAGS="$(pkg-config --libs libconfig) -L$OCTEP_PATH/bin/lib" && \
+        cp bin/bin/octep_cp_agent /cpagent-bin/ && \
+        cp cn106xx.cfg /cpagent-bin/ && \
+        echo "build completed" ; \
+    fi
+
+# Due to https://github.com/golang/go/issues/70329 cross-compilation hangs at times.
+# As a temporary workaround, we can try specifying GOMAXPROCS=2 to relieve this issue.
+WORKDIR /workspace
+RUN GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /cpagent-bin/cp-agent-run internal/daemon/vendor-specific-plugins/marvell/cp-agent/cp-agent-run.go
+
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+COPY --from=stage1 /cpagent-bin/ /usr/bin/
+
+RUN dnf update -y \
+    && dnf install -y \
+       net-tools \
+       kmod \
+       pciutils \
+       iputils \
+       iproute \
+       libconfig \
+    && dnf clean all \
+    && rm -rf /var/cache/dnf
+
+USER 0
+ENTRYPOINT ["/usr/bin/cp-agent-run"]
diff --git a/Dockerfile.mrvlVSP b/Dockerfile.mrvlVSP
@@ -0,0 +1,29 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+
+# Build directly to avoid GOARCH leaking into go-run helper tooling during cross builds.
+RUN mkdir -p /workspace/bin && \
+  GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+  go build -o /workspace/bin/vsp-mrvl.${TARGETARCH} ./internal/daemon/vendor-specific-plugins/marvell/main.go
+
+FROM quay.io/centos/centos:stream9@sha256:f6041e6d52b61ece8da2c9733ea2a522ba6b36663303fd91024ea6882c5a8942
+ARG TARGETARCH
+COPY --from=builder /workspace/bin/vsp-mrvl.${TARGETARCH} /vsp-mrvl
+
+RUN dnf update -y \
+  && dnf install -y \
+  net-tools \
+  kmod \
+  pciutils \
+  iputils \
+  iproute \
+  ethtool \
+  && dnf clean all \
+  && rm -rf /var/cache/dnf
+
+USER 0
+ENTRYPOINT ["/vsp-mrvl"]
diff --git a/Dockerfile.networkResourcesInjector b/Dockerfile.networkResourcesInjector
@@ -0,0 +1,15 @@
+FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.24-bookworm@sha256:1a6d4452c65dea36aac2e2d606b01b4a029ec90cc1ae53890540ce6173ea77ac AS builder
+ARG TARGETOS
+ARG TARGETARCH
+
+WORKDIR /workspace
+COPY . .
+RUN mkdir -p /workspace/bin && \
+    GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} \
+    go build -o /workspace/bin/nri.${TARGETARCH} ./cmd/nri/networkresourcesinjector.go
+
+FROM gcr.io/distroless/static-debian12:nonroot@sha256:a9329520abc449e3b14d5bc3a6ffae065bdde0f02667fa10880c49b35c109fd1
+ARG TARGETARCH
+WORKDIR /
+COPY --from=builder /workspace/bin/nri.${TARGETARCH} /webhook
+ENTRYPOINT ["/webhook"]
diff --git a/README.md b/README.md
@@ -114,7 +114,7 @@ kubectl create -f examples/config.yaml
 
 After creating the `DpuOperatorConfig` CR, you should see the following pods:
 ```sh
-oc get pods -n openshift-dpu-operator -o wide
+kubectl get pods -n openshift-dpu-operator -o wide
 NAME                                              READY   STATUS    RESTARTS   AGE   IP                NODE             NOMINATED NODE   READINESS GATES
 dpu-daemon-rn6mc                                  1/1     Running   0          22h   192.168.122.218   worker-229       <none>           <none>
 dpu-daemon-xrrlg                                  1/1     Running   0          22h   192.168.122.90    worker-229-ptl   <none>           <none>

diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml
@@ -17,9 +17,9 @@ patches:
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-#- path: patches/cainjection_in_dpuoperatorconfigs.yaml
-#- path: patches/cainjection_in_servicefunctionchains.yaml
-#- path: patches/cainjection_in_dataprocessingunits.yaml
+- path: patches/cainjection_in_dpuoperatorconfigs.yaml
+# - path: patches/cainjection_in_servicefunctionchains.yaml
+# - path: patches/cainjection_in_dataprocessingunits.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # [WEBHOOK] To enable webhook, uncomment the following section