Power Modernization

Power Modernization

Learn about the robust capabilities of IBM Power systems - alongside Red Hat technologies - for modernizing your apps and operations without the need to overhaul existing hardware, offering a flexible and incremental path to innovation.


#Power

 View Only

Kernel Module Management Operator 2.5: Now Supporting IBM Power

By PAUL BASTIDE posted yesterday

  

We are excited to announce the release of Kernel Module Management (KMM) Operator 2.5, which brings significant enhancements to how you deploy specialized drivers on OpenShift Container Platform to IBM Power.

The KMM Operator streamlines the management of out-of-tree kernel modules and their associated device plugins. The operator centrally manages, builds, signs, and deploys these components across your cluster.

What is KMM?

At its core, KMM utilizes a Module Custom Resource Definition (CRD). This resource allows you to configure everything necessary for an out-of-tree kernel module:

  • How to load the module.
  • Defining ModuleLoader images for specific kernel versions.
  • Including instructions for building and signing modules.

One of KMM’s most powerful features is its ability to handle multiple kernel versions at once for any given module. This capability is critical for achieving seamless node upgrades and reduced application downtime on your OpenShift clusters. A prime example of this support includes the effortless management of specialized storage drivers that require custom kernel modules to function.

Other features, such as In-Cluster Building and Signing, where KMM supports building DriverContainer images and signing kernel modules in-cluster to ensure compatibility, including support for Secure Boot environments.

Please note IBM Power does not provides an Real-Time kernel, and the features of the KMM Operator for Real Time kernel are not applicable to IBM Power.

🛠️ Installation

KMM is supported on OpenShift Container Platform on IBM Power 4.20 and later.

Using the Web Console

As a cluster administrator, you can install KMM through the OpenShift web console:

  1. Log in to the OpenShift web console.
  2. Navigate to Ecosystem Software Catalog.
  3. Select the Kernel Module Management Operator and click Install.
  4. Choose the openshift-kmm namespace from the Installed Namespace list.
  5. Click Install.

To verify the installation, navigate to Ecosystem Installed Operators and ensure the Kernel Module Management Operator in the openshift-kmm project shows a status of InstallSucceeded.

💡 Usage Example: Deploying a Module

The Module Custom Resource (CR) is used to define and deploy your kernel module.

A Module CR specifies the following:

  • spec.selector: A node selector (e.g., node-role.kubernetes.io/worker: "") to determine which nodes are eligible.
  • spec.moduleLoader.container.kernelMappings: A list of kernel versions or regular expressions (regexp) and the corresponding container image to use.
  • spec.devicePlugin (Optional): Configuration for an associated device plugin.

Example Module CR (Annotated)

The following example shows how to configure a module named my_kmod to be deployed to all worker nodes. It uses kernel mappings to specify different container images for different kernel versions and includes configuration for building/signing the module if the image doesn't exist.

apiVersion: kmm.sigs.x-k8s.io/v1beta1
kind: Module
metadata:
  name: my-kmod
spec:
  # Selects all worker nodes
  selector:
    node-role.kubernetes.io/worker: ""

  moduleLoader:
    container:
      # Required name of the kernel module to load
      modprobe:
        moduleName: my-kmod 

      # Defines container images based on kernel version
      kernelMappings:  
        # Literal match for a specific kernel version
        - literal: 6.0.15-300.fc37.x86_64
          containerImage: some.registry/org/my-kmod:6.0.15-300.fc37.x86_64

        # Regular expression match for any other kernel 
        - regexp: '^.+$' 
          containerImage: "some.registry/org/my-kmod:${KERNEL_FULL_VERSION}"
          # Instructions for KMM to build the image if it doesn't exist
          build:
            dockerfileConfigMap:  
              name: my-kmod-dockerfile
          # Instructions for KMM to sign the module if Secure Boot is required
          sign:
            certSecret:
              name: cert-secret 
            keySecret:
              name: key-secret 
            filesToSign:
              - /opt/lib/modules/${KERNEL_FULL_VERSION}/my-kmod.ko

The KMM reconciliation loop will then handle listing matching nodes, finding the correct image for the running kernel, building/signing the image if needed, and creating worker pods to execute modprobe and load the kernel module.

Summary

The Kernel Module Management (KMM) Operator 2.5 release enhances OpenShift’s ability to manage specialized hardware drivers. A key addition is support for IBM Power (ppc64le), enabling seamless, automated deployment of out-of-tree kernel modules and specialized storage drivers on this architecture. KMM continues to minimize disruption during node maintenance by supporting multiple kernel versions. However, Real-Time kernel support remains unavailable for IBM Power.

References

For more details on the KMM Operator and the latest changes, please consult the official documentation:

  1. KMM Operator 2.5 Release Notes
  2. Chapter 4. Kernel Module Management Operator Overview
0 comments
1 view

Permalink

https://community.ibm.com/community/user/blogs/paul-bastide/2025/12/03/kernel-module-management-operator-25-now-supportin