Add GPUClusterConfig CRD and controller for DRA-based stack#2571
Add GPUClusterConfig CRD and controller for DRA-based stack#2571karthikvetrivel wants to merge 8 commits into
Conversation
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
| # NVIDIADriver CR). GPUClusterConfig does not manage the driver or device plugin | ||
| # itself; it waits for driver readiness before deploying the DRA driver. | ||
| gpuClusterConfig: | ||
| enabled: false |
There was a problem hiding this comment.
We should think a bit more on the right interface for this. A few questions come to mind:
- Is
enabledthe right name for this field? As currently implemented, settinggpuClusterConfig.enabled=truewill create a default GPUClusterConfig CR and will NOT create a default ClusterPolicy CR when the helm chart gets rendered. This may not be clear to the user. - Should the
draDriverstruct be embedded under the top-levelgpuClusterConfigstruct?
| affinity: {{ .KubeletPluginAffinity | toJson }} | ||
| {{- else }} | ||
| affinity: | ||
| nodeAffinity: |
There was a problem hiding this comment.
Question -- should we add a nodeAntiAffinity rule here to prevent the kubelet-plugin from running on a node where the k8s-device-plugin is running? E.g. don't run on nodes labeled with nvidia.com/gpu.deploy.device-plugin=true
| {{- else }} | ||
| deviceClassName: gpu.nvidia.com | ||
| allocationMode: All | ||
| adminAccess: true |
There was a problem hiding this comment.
Question -- does the GPU Operator namespace have to be labeled with resource.kubernetes.io/admin-access: true for this? From https://kubernetes.io/docs/concepts/scheduling-eviction/dynamic-resource-allocation/#admin-access:
Only users authorized to create ResourceClaim or ResourceClaimTemplate objects in namespaces labeled with resource.kubernetes.io/admin-access: "true" (case-sensitive) can use the adminAccess field.
There was a problem hiding this comment.
Yes, I believe it does (as the link you found mentioned). We already handle this.
gpu-operator/internal/state/gfd.go
Lines 115 to 133 in 5691bbc
As it exists right now, it isn't pre-baked in.
… CRD job Signed-off-by: Karthik Vetrivel <kvetrivel@nvidia.com>
1. Overview
We introduce a new CRD named
GPUClusterConfigand a new controller for reconciling it. LikeClusterPolicytoday, it is a singleton, cluster-scoped CRD that configures the operands needed to enable GPUs in Kubernetes.GPUClusterConfigrepresents the new DRA-based software-enablement stack; it is an evolution ofClusterPolicy.Change Log
9f08bec:
GPUClusterConfigGo types inapi/nvidia/v1alpha1, cluster-scoped + singleton, with kubebuilder validation/default markers for every operand block. WireAddToScheme. Generated the CRD manifest + deepcopy.make manifests generateproduces the CRD yaml and deepcopy.kubectl applythe CRD succeeds.73c9d30:
state.Manager/SyncState()engine (the samepattern
NVIDIADriveruses), registered incmd/gpu-operator/main.go.instance is marked
Ignoredand skipped. Mirrors howClusterPolicyhandles duplicates.ccc0f7a:
gpusandcomputeDomainscontainers start, validates that the NVIDIA driver is installed, and writes/run/nvidia/validations/driver-readywith the two env vars the kubelet-plugin containers source on startup (NVIDIA_DRIVER_ROOT,DRIVER_ROOT_CTR_PATH).87fa6c0:
aff2736
gpuClusterConfig.enabled=truerenders a newdeployments/gpu-operator/templates/gpuclusterconfig.yamlthat creates the singleton gpu-cluster-config CR (full draDriver spec exposed via values, reusing the shared hostPaths/daemonsets), and gates the clusterpolicy.yaml template off so the chart never deploys both paths at once.