Skip to content

Commit

Permalink
Merge pull request #978 from NVIDIA/no-privileged-toolkit-validation
Browse files Browse the repository at this point in the history 
disable privileged mode for toolkit-validation init containers
  • Loading branch information
@tariq1890
tariq1890 authored Sep 6, 2024
2 parents 5b18e60 + dc1ea09 commit 751bf09
Show file tree
Hide file tree
Showing 7 changed files with 1 addition and 15 deletions.
4 changes: 1 addition & 3 deletions assets/gpu-feature-discovery/0500_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,12 +30,10 @@ spec:
image: "FILLED BY THE OPERATOR"
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container stack to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia
mountPath: /run/nvidia
mountPropagation: Bidirectional
mountPropagation: HostToContainer
- name: config-manager-init
image: "FILLED BY THE OPERATOR"
command: ["config-manager"]
Expand Down
2 changes: 0 additions & 2 deletions assets/state-dcgm-exporter/0900_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
image: "FILLED BY THE OPERATOR"
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container stack to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia
mountPath: "/run/nvidia"
Expand Down
2 changes: 0 additions & 2 deletions assets/state-dcgm/0400_dcgm.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
image: "FILLED BY THE OPERATOR"
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container stack to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia
mountPath: /run/nvidia
Expand Down
2 changes: 0 additions & 2 deletions assets/state-device-plugin/0500_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
name: toolkit-validation
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container stack to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia-validations
mountPath: /run/nvidia/validations
Expand Down
2 changes: 0 additions & 2 deletions assets/state-mig-manager/0600_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,6 @@ spec:
image: "FILLED BY THE OPERATOR"
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container toolkit to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia-validations
mountPath: /run/nvidia/validations
Expand Down
2 changes: 0 additions & 2 deletions assets/state-mps-control-daemon/0400_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,6 @@ spec:
name: toolkit-validation
command: ['sh', '-c']
args: ["until [ -f /run/nvidia/validations/toolkit-ready ]; do echo waiting for nvidia container stack to be setup; sleep 5; done"]
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia
mountPath: /run/nvidia
Expand Down
2 changes: 0 additions & 2 deletions assets/state-sandbox-device-plugin/0500_daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ spec:
env:
- name: NVIDIA_VISIBLE_DEVICES
value: void
securityContext:
privileged: true
volumeMounts:
- name: run-nvidia-validations
mountPath: /run/nvidia/validations
Expand Down

0 comments on commit 751bf09

Please sign in to comment.