* Adding version section to Readme

.gitignore

@@ -1 +1,10 @@
 /bin/
+
+# temp vim files
+*.swp
+*.swo
+
+#Temp doc files
+docs/_build
+docs/_static
+

docs/Setup.md

@@ -42,13 +42,23 @@ IPU ES2K target.
    Refer to section [inframanager config file update](#inframanager-config-file-update)
    for details.
 
+4. Run `make install` to install all config and other artifacts to relevant
+   directories
 
-4. Build P4-K8s binaries and container images.
+5. Build P4-K8s binaries and container images.
 
    Notes:
    i) For ES2K target, get the K8s P4 artifacts from ES2K release package and
       copy them into p4-k8s/k8s_dp/es2k/. This must be done before running
-      below make commands.
+      below make commands. Ensure the following artifacts are present.
+      ```bash
+      cd k8s_dp/es2k/
+      # ls
+      bf-rt.json  context.json  k8s_dp.p4  k8s_dp.pb.bin  p4Info.txt
+      ```
+      For generating the artifacts, use the
+      [compiling-p4-programs](guides/es2k/compiling-p4-programs.md) guide.
+
    ii) By default, Makefile is configured to build for ES2K target. To build
       for P4-DPDK target, use "tagname=dpdk" argument for both make targets
       below.
@@ -63,7 +73,7 @@ IPU ES2K target.
    make docker-build
    ```
 
-5. Push InfraManager and InfraAgent images into docker private repo either
+6. Push InfraManager and InfraAgent images into docker private repo either
    manually or through make command, using either of the following:
 
    ```bash
@@ -88,7 +98,7 @@ IPU ES2K target.
    ...
    ```
 
-6. Pull images for use by Kubernetes Container Runtime Interface (CRI):
+7. Pull images for use by Kubernetes Container Runtime Interface (CRI):
    ```bash
    crictl pull localhost:5000/inframanager:latest
    crictl pull localhost:5000/infraagent:latest
@@ -132,16 +142,29 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
 
 ## Deploy P4 Kubernetes
 
-1. Run the `create_interfaces.sh` script, which, in addition to creating the
+1. Run the `setup_infra.sh` script, which, in addition to creating the
    specified number of virtual interfaces (TAP type on DPDK target and IDPF
-   Sub-Function type on ES2K), sets up the HugePages and starts infrap4d. The
-   script requires the following environment variables to be set:
-   `SDE_INSTALL`, `IPDK_RECIPE`, `DEPEND_INSTALL`.
+   Sub-Function type on ES2K), sets up the HugePages and starts infrap4d.
 
    ```bash
-   ./scripts/create_interfaces.sh <8/16/32/...>
+   ./setup_infra.sh -i <8|16|..> -m <split|host> -r <10.10.0.2>
    ```
 
+   Where, the options:
+     -i  Num interfaces to configure for deployment
+     -m  Mode host or split, depending on where Inframanager is configured to run
+     -r  IP address configured by the user on the ACC-ARM complex for
+       connectivity to the Host. This is provisioned using Node Policy - comms
+       channel [[0,3],[4,2]]. This is needed for runnning in split mode. Script will assign
+       an IP addresss from the same subnet on the Host side for connectivity.
+
+
+   Please set following env variables for host deployment:
+     SDE_INSTALL - Default SDE install directory
+     P4CP_INSTALL - Default p4cp install directory
+     DEPEND_INSTALL - Default target dependencies directory
+
+
    After running the above script, verify that infrap4d is running.
    ```bash
    ps -ef | grep infrap4d
@@ -196,7 +219,14 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
      export KUBECONFIG=/etc/kubernetes/admin.conf
      ```
 
-5. Remove taints from the node.
+5. Install and setup Calico plugin
+   ```bash
+    cd /usr/local/bin
+    curl -L https://github.com/projectcalico/calico/releases/download/v3.24.1/calicoctl-linux-amd64 -o kubectl-calico
+    chmod +x kubectl-calico
+   ```
+
+6. Remove taints from the node.
    For single node deployment, the node must be untainted to allow worker pods
    to share the node with control plane. The taint to remove is "control-plane"
    or "master" or both. These taints can be removed as shown:
@@ -205,13 +235,13 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
    kubectl taint node <node-name> node-role.kubernetes.io/master-
    ```
 
-6. Create Kubernetes secrets from the generated certificates. The infraagent and
+7. Create Kubernetes secrets from the generated certificates. The infraagent and
    inframanager read the certificates from the secrets.
    ```bash
    make tls-secrets
    ```
 
-7. Start the deployments:
+8. Start the deployments:
    ```bash
    make deploy
    make deploy-calico
@@ -343,14 +373,6 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
    ./steps/cleanup.sh
    ```
 
-## Debugging
-
-- The Kubernetes Infrastructure Offload software provides logging capabilities.
-  The logs are dumped in temporary log file. Logs for Infra Manager are put in
-  `/var/log/inframanager/inframanager.log` while logs for Infra Agent are put
-  in `/var/log/infraagent/infraagent.log`). You can inspect logs emitted to stdout
-  and stderr using `"kubectl logs <pod> -n <namespace>"`.
-
 ## Setup Scripts
 
 - The script `./script/create_interfaces.sh` sets up HugePages required by
@@ -360,14 +382,35 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
   assigns an interface to it, and then launches the ARP proxy within the
   isolated namespace.
 
-## Clean Up All
+## Troubleshooting
+
+### Debugging
+
+- The Kubernetes Infrastructure Offload software provides logging capabilities.
+  Check logs emitted to stdout
+  and stderr using `"kubectl logs <pod> -n <namespace>"`.
+
+### FAQs
+
+1. "failed to get a CDQ interface for pod: no free resources left" error is seen on infraagent and remaining pods do not come up
+
+Reason : interface mapping available on host needs to be refreshed
+Solution : Run [cleanup](#Clean-Up) before `make deploy`
+
+2. CDQ interfaces not coming up.
+
+Reason : IDPF driver failed to load
+Solution : Verify using `dmesg` command that it is the case. Then perform a `modprobe idpf`
+
+## Clean Up
    Reset kubernetes which would stop and remove all pods. Then, remove all k8s
    runtime configurations and other files. Finally, stop container services.
 
-   Delete all started pods, service deployments and daemonsets
+   Delete all started pods, service deployments, namespace and daemonsets
    ```bash
    kubectl delete pod < >
    kubectl delete deployment < >
+   sudo ip -all netns delete
    make undeploy
    make undeploy-calico
    ```
@@ -392,3 +435,50 @@ images in step 4 of the [Set Up P4 Kubernetes](#set-up-p4-kubernetes) section.
    pkill arp_proxy
    pkill infrap4d
    ```
+## Versions and Third-parties
+
+Versions of Kubernetes, linux distros, docker and other third-party libraries tested with (calico, felix)
+
+### OS
+
+* Linux
+  * Fedora 33
+  * Fedora 37
+  * Rocky Linux 9.1
+
+### golang
+
+go1.20.5
+
+### docker
+```bash
+docker version
+Client: Docker Engine - Community
+ Version:           20.10.12
+ API version:       1.41
+```
+
+### containerd
+
+Tested on 1.6.x
+
+```bash
+ctr version
+```
+### kubernetes
+
+Versions tested and supported with
+
+1.25.x
+
+```bash
+$ dnf list installed | grep kube
+cri-tools.x86_64                                 1.25.2-0
+kubeadm.x86_64                                   1.25.4-0
+kubectl.x86_64                                   1.25.4-0
+kubelet.x86_64                                   1.25.4-0
+```
+
+### Calico
+
+v3.24.1

docs/guides/es2k/compiling-p4-programs.md

@@ -0,0 +1,117 @@
+# Compiling P4 Programs for ES2K
+
+## 1. Overview
+
+This document explains how to install the Intel® IPU E2100 P4 Compiler
+(`p4c-pna-xxp`) and Configurable Pipeline Tool (`cpt`), and use
+them to compile a P4 program
+
+## 2. Installing the P4 Compiler and Tools
+
+### 2.1 Install RPMs
+
+Install the `cpt`, `p4c-pna-xxp`, and `p4-sde` packages on a Fedora 37 x86_64 server,
+from RPMs in the release tarball.
+
+  ```bash
+  # Extract RPMs from the tarball
+  tar xvzf mev-hw-b0-<release>-fedora37.tgz
+  cd host/packages/x86_64/
+
+  # Install RPMs on server
+  rpm -i cpt-<version>-ci.ts.release.<xxxx>.ehb0.5.15.fc37.x86_64.rpm
+  dnf localinstall p4c*.rpm --allowerasing
+  dnf localinstall p4-sde*.rpm --allowerasing
+  ```
+
+The packages will be installed under `/usr` directory. Note that these
+RPMs are not relocatable.
+
+### 2.2 Confirm tool versions
+
+After installing the RPMs, verify the version numbers of the executables:
+
+```bash
+# Set environment variables
+export LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib:/usr/local/lib64:$LD_LIBRARY_PATH
+
+[root@host ~]# cpt --version
+Intel(R) Configurable Pipeline Tool Version 3.8.0.16
+Copyright (C) 2022 Intel Corporation.  All rights reserved.
+
+[root@host ~] # p4c-pna-xxp --version
+p4c-pna-xxp
+Version 3.0.70.7
+```
+
+### 2.3 Address "no such file" error
+
+If the `p4c-pna-xxp --version` command displays the following error message:
+
+```text
+error while loading shared libraries: libboost_iostreams.so.1.69.0:\
+cannot open shared object file: No such file or directory
+```
+
+You will need to download and install the correct version of the Boost
+libraries.
+
+```bash
+wget https://boostorg.jfrog.io/artifactory/main/release/1.69.0/source/boost_1_69_0.tar.gz
+tar -xf boost_1_69_0.tar.gz
+cd boost_1_69_0/
+./bootstrap.sh
+./b2
+./b2 install
+```
+
+Verify the compiler version number:
+
+```bash
+[root@host ~] # p4c-pna-xxp --version
+p4c-pna-xxp
+Version 3.0.70.7
+```
+
+The compiler should now be ready for use.
+
+
+## 3. Compiling a P4 Program
+
+The `k8s_dp/es2k` directory contains the reference P4 
+
+Use `p4c-pna-xxp` to compile a P4 program.
+
+```bash
+# Set environment variables
+export LD_LIBRARY_PATH=/usr/lib:/usr/lib64:/usr/local/lib:/usr/local/lib64:$LD_LIBRARY_PATH
+export OUTPUT_DIR=k8s_dp/es2k/
+
+# Compile p4 program
+p4c-pna-xxp -I/usr/lib -I/usr/share/p4c/p4include -I/usr/share/p4c/idpf-lib \
+            $OUTPUT_DIR/k8s_dp.p4 -o $OUTPUT_DIR/k8s_dp.pb.bin \
+            --p4runtime-files $OUTPUT_DIR/k8s_dp.p4info.txt \
+            --context $OUTPUT_DIR/k8s_dp.context.json \
+            --bfrt $OUTPUT_DIR/k8s_dp.bf-rt.json
+```
+
+The compiler will generate the following files:
+
+- k8s_dp.p4info.txt
+- k8s_dp.bf-rt.json
+- k8s_dp.context.json
+- k8s_dp.pb.bin
+
+These files are called _P4 artifacts_.
+
+## 5. Generating a Pkg File
+
+Use `cpt` to prepare the P4 artifacts for deployment:
+
+```bash
+cpt --npic --format csr --pbd  -o k8s_dp.pkg \
+    cpt_ver.s k8s_dp.pb.bin
+```
+
+Please see [Deploying P4 Programs](Setup.md#Deploy-P4-Kubernetes)
+for details about deployment.

docs/index.rst

@@ -17,8 +17,9 @@ Welcome to k8s-infra-offload's documentation!
 
    Setup
    guides/k8s-docker-containerd-install
-   guides/setup/target-setup-dpdk
-   guides/setup/target-setup-es2k
+   guides/es2k/compiling-p4-programs
+   security/security-guide
+   security/using-tls-certificates
 
 .. toctree::
    :maxdepth: 1
@@ -27,7 +28,6 @@ Welcome to k8s-infra-offload's documentation!
    ReleaseNotes
 
 
-
 Indices and tables
 ==================
 
@@ -36,4 +36,3 @@ Indices and tables
 * :ref:`search`
 
 
-

docs/security/security-guide.md

@@ -0,0 +1,29 @@
+# Security Guide
+
+This document provides information about secure and insecure
+modes for K8s-infra-offload recipe and certificate management.
+
+## TLS Certificates
+
+The gRPC ports are secured using TLS certificates. 
+There are 2 gRPC interfaces in the recipe.
+1. infraagent(client) <-> inframanager(server)
+2. inframanager(client) <-> infrap4d  (p4runtime)
+
+A script and reference
+configuration files are available to assist in generating certificates and
+keys using OpenSSL for both the gRPC connections. You may use other
+tools if you wish.
+
+The [reference files](https://github.com/ipdk-io/k8s-infra-offload/tree/main/scripts/tls)
+use a simple PKI where a self-signed key and certificate.
+The root level Certificate Authority (CA) is used to generate server-side
+key and cert files, and client-side key and cert files. This results in a
+1-depth level certificate chain, which will suffice for validation and
+confirmation but may not provide sufficient security for production systems.
+It is highly recommended to use well-known CAs, and generate certificates at
+multiple depth levels in order to conform to higher security standards.
+
+See [Using TLS Certificates](docs/guides/security/using-tls-certificates.md)
+for step by step guide to generate and install TLS certificates
+