Skip to content

Commit

Permalink
Merge pull request #14 from SataQiu/fix-rbac
Browse files Browse the repository at this point in the history 
Fix rbac for vgpu monitor
  • Loading branch information
@archlitchi
archlitchi authored Aug 13, 2024
2 parents 0f93282 + 16d7686 commit 38055fa
Show file tree
Hide file tree
Showing 2 changed files with 137 additions and 137 deletions.
158 changes: 79 additions & 79 deletions volcano-vgpu-device-plugin-with-monitor.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,24 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: volcano-device-plugin
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list", "watch","update","patch"]
- apiGroups: [""]
resources: ["nodes/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "update","patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["nodes/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "update", "patch", "watch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: volcano-device-plugin
subjects:
- kind: ServiceAccount
name: volcano-device-plugin
namespace: kube-system
- kind: ServiceAccount
name: volcano-device-plugin
namespace: kube-system
roleRef:
kind: ClusterRole
name: volcano-device-plugin
Expand Down Expand Up @@ -82,95 +82,95 @@ spec:
priorityClassName: "system-node-critical"
serviceAccount: volcano-device-plugin
containers:
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.3
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.4
args: ["--device-split-count=10"]
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","cp -f /k8s-vgpu/lib/nvidia/* /usr/local/vgpu/"]
command: ["/bin/sh", "-c", "cp -f /k8s-vgpu/lib/nvidia/* /usr/local/vgpu/"]
name: volcano-device-plugin
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: HOOK_PATH
value: "/usr/local/vgpu"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: HOOK_PATH
value: "/usr/local/vgpu"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["SYS_ADMIN"]
volumeMounts:
- name: device-plugin
mountPath: /var/lib/kubelet/device-plugins
- name: lib
mountPath: /usr/local/vgpu
- name: hosttmp
mountPath: /tmp
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.3
- name: device-plugin
mountPath: /var/lib/kubelet/device-plugins
- name: lib
mountPath: /usr/local/vgpu
- name: hosttmp
mountPath: /tmp
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.4
name: monitor
command:
- /bin/bash
- -c
- volcano-vgpu-monitor
- /bin/bash
- -c
- volcano-vgpu-monitor
env:
- name: NVIDIA_VISIBLE_DEVICES
value: "all"
- name: NVIDIA_MIG_MONITOR_DEVICES
value: "all"
- name: HOOK_PATH
value: "/tmp/vgpu"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: NVIDIA_VISIBLE_DEVICES
value: "all"
- name: NVIDIA_MIG_MONITOR_DEVICES
value: "all"
- name: HOOK_PATH
value: "/tmp/vgpu"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["SYS_ADMIN"]
volumeMounts:
- name: dockers
mountPath: /run/docker
- name: containerds
mountPath: /run/containerd
- name: sysinfo
mountPath: /sysinfo
- name: hostvar
mountPath: /hostvar
- name: hosttmp
mountPath: /tmp
volumes:
- hostPath:
path: /var/lib/kubelet/device-plugins
type: Directory
name: device-plugin
- hostPath:
path: /usr/local/vgpu
type: DirectoryOrCreate
name: lib
- name: hosttmp
hostPath:
path: /tmp
type: DirectoryOrCreate
- name: dockers
hostPath:
path: /run/docker
type: DirectoryOrCreate
mountPath: /run/docker
- name: containerds
hostPath:
path: /run/containerd
type: DirectoryOrCreate
- name: usrbin
hostPath:
path: /usr/bin
type: Directory
mountPath: /run/containerd
- name: sysinfo
hostPath:
path: /sys
type: Directory
mountPath: /sysinfo
- name: hostvar
hostPath:
path: /var
type: Directory
mountPath: /hostvar
- name: hosttmp
mountPath: /tmp
volumes:
- hostPath:
path: /var/lib/kubelet/device-plugins
type: Directory
name: device-plugin
- hostPath:
path: /usr/local/vgpu
type: DirectoryOrCreate
name: lib
- name: hosttmp
hostPath:
path: /tmp
type: DirectoryOrCreate
- name: dockers
hostPath:
path: /run/docker
type: DirectoryOrCreate
- name: containerds
hostPath:
path: /run/containerd
type: DirectoryOrCreate
- name: usrbin
hostPath:
path: /usr/bin
type: Directory
- name: sysinfo
hostPath:
path: /sys
type: Directory
- name: hostvar
hostPath:
path: /var
type: Directory
116 changes: 58 additions & 58 deletions volcano-vgpu-device-plugin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,24 +24,24 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: volcano-device-plugin
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get","list", "watch","update","patch"]
- apiGroups: [""]
resources: ["nodes/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "update","patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: [""]
resources: ["nodes/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: volcano-device-plugin
subjects:
- kind: ServiceAccount
name: volcano-device-plugin
namespace: kube-system
- kind: ServiceAccount
name: volcano-device-plugin
namespace: kube-system
roleRef:
kind: ClusterRole
name: volcano-device-plugin
Expand Down Expand Up @@ -82,62 +82,62 @@ spec:
priorityClassName: "system-node-critical"
serviceAccount: volcano-device-plugin
containers:
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.3
- image: docker.io/projecthami/volcano-vgpu-device-plugin:v1.9.4
args: ["--device-split-count=10"]
lifecycle:
postStart:
exec:
command: ["/bin/sh","-c","cp -f /k8s-vgpu/lib/nvidia/* /usr/local/vgpu/"]
command: ["/bin/sh", "-c", "cp -f /k8s-vgpu/lib/nvidia/* /usr/local/vgpu/"]
name: volcano-device-plugin
env:
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: HOOK_PATH
value: "/usr/local/vgpu"
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: HOOK_PATH
value: "/usr/local/vgpu"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
add: ["SYS_ADMIN"]
volumeMounts:
- name: device-plugin
mountPath: /var/lib/kubelet/device-plugins
- name: lib
mountPath: /usr/local/vgpu
- name: hosttmp
mountPath: /tmp
volumes:
- hostPath:
path: /var/lib/kubelet/device-plugins
type: Directory
name: device-plugin
- hostPath:
path: /usr/local/vgpu
type: DirectoryOrCreate
name: lib
- name: device-plugin
mountPath: /var/lib/kubelet/device-plugins
- name: lib
mountPath: /usr/local/vgpu
- name: hosttmp
hostPath:
path: /tmp
type: DirectoryOrCreate
- name: dockers
hostPath:
path: /run/docker
type: DirectoryOrCreate
- name: containerds
hostPath:
path: /run/containerd
type: DirectoryOrCreate
- name: usrbin
hostPath:
path: /usr/bin
type: Directory
- name: sysinfo
hostPath:
path: /sys
type: Directory
- name: hostvar
hostPath:
path: /var
type: Directory
mountPath: /tmp
volumes:
- hostPath:
path: /var/lib/kubelet/device-plugins
type: Directory
name: device-plugin
- hostPath:
path: /usr/local/vgpu
type: DirectoryOrCreate
name: lib
- name: hosttmp
hostPath:
path: /tmp
type: DirectoryOrCreate
- name: dockers
hostPath:
path: /run/docker
type: DirectoryOrCreate
- name: containerds
hostPath:
path: /run/containerd
type: DirectoryOrCreate
- name: usrbin
hostPath:
path: /usr/bin
type: Directory
- name: sysinfo
hostPath:
path: /sys
type: Directory
- name: hostvar
hostPath:
path: /var
type: Directory

0 comments on commit 38055fa

Please sign in to comment.