Skip to content

Add CAP_SYS_ADMIN if volume-mounts list strategy is included#873

Merged
elezar merged 7 commits intoNVIDIA:mainfrom
elezar:fix-caps
Aug 7, 2024
Merged

Add CAP_SYS_ADMIN if volume-mounts list strategy is included#873
elezar merged 7 commits intoNVIDIA:mainfrom
elezar:fix-caps

Conversation

@elezar
Copy link
Member

@elezar elezar commented Aug 6, 2024

This change ensures that the SYS_ADMIN capability is added if volume-mounts are included in the device list strategy. This ensures that the device plugin functions correctly if the NVIDIA Container Toolkit is configured to use volume mounts and block the use of the NVIDIA_VISIBLE_DEVICES envvar for non-SYS_ADMIN containers.

Fixes #856

@elezar elezar self-assigned this Aug 6, 2024
elezar
elezar commented Aug 6, 2024
View reviewed changes
tests/helm/helm_template_test.go
@@ -0,0 +1,132 @@
/**
Copy link
Member Author

@elezar elezar Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still need to add the logic to run these tests.

Copy link
Contributor

@klueska klueska Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Meaning you have run them locally and they pass, but there is nothing to trigger them automatically yet?

Copy link
Member Author

@elezar elezar Aug 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes. I am able to run the tests by running go tests in the tests/helm folder, but need to add some make targets and CI jobs.

@elezar elezar mentioned this pull request Aug 6, 2024
Merged
@elezar elezar force-pushed the fix-caps branch 5 times, most recently from 58e7695 to da0d476 Compare August 6, 2024 15:13
@elezar elezar requested a review from cdesiniotis August 7, 2024 11:28
@elezar elezar requested a review from klueska August 7, 2024 11:28
cdesiniotis
cdesiniotis reviewed Aug 7, 2024
View reviewed changes
Copy link
Contributor

@cdesiniotis cdesiniotis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @elezar, this lgtm. I left a few minor comments / questions.

elezar added 7 commits August 7, 2024 16:33
@elezar
Remove unneeded DEVICE_PLUGIN_MODE envvar
4534f27 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
Add CAP_SYS_ADMIN if volume-mounts list strategy is included
adb1673 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
[no-relnote] Add tests for rendered helm templates
0ff5f73 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
[no-relnote] Update vendoring for helm tests
fbda91f 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
[no-relnote] Add makefile for helm tests
c28092c 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
[no-relnote] Rename publish helm workflow file
18fc1d6 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar
[no-relnote] Add helm test worklflow
8d9e203 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
@elezar elezar requested a review from cdesiniotis August 7, 2024 14:34
@elezar elezar merged commit e8c84b1 into NVIDIA:main Aug 7, 2024
@elezar elezar mentioned this pull request Aug 7, 2024
Merged
@elezar elezar deleted the fix-caps branch August 8, 2024 08:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@klueska klueska klueska approved these changes

@cdesiniotis cdesiniotis cdesiniotis approved these changes

@ArangoGutierrez ArangoGutierrez Awaiting requested review from ArangoGutierrez

Assignees

@elezar elezar

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

nvml init failed: ERROR_LIBRARY_NOT_FOUND error after upgrading from 0.15.1 to 0.16.x

3 participants

@elezar @klueska @cdesiniotis