Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.2 ) #1238

Merged
merged 1 commit into from
Aug 25, 2024
Merged

feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.2 ) #1238

merged 1 commit into from
Aug 25, 2024

Conversation

bot-akira[bot]
Copy link
Contributor

@bot-akira bot-akira bot commented Jun 25, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
nvidia-device-plugin minor 0.15.0 -> 0.16.2

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

NVIDIA/k8s-device-plugin (nvidia-device-plugin)

v0.16.2

Compare Source

  • Add CAP_SYS_ADMIN if volume-mounts list strategy is included (fixes #​856)
  • Remove unneeded DEVICE_PLUGIN_MODE envvar
  • Fix applying SELinux label for MPS

v0.16.1

Compare Source

  • Bump nvidia-container-toolkit to v1.16.1 to fix a bug with CDI spec generation for MIG devices

v0.16.0

Compare Source

  • Fixed logic of atomic writing of the feature file
  • Replaced WithDialer with WithContextDialer
  • Fixed SELinux context of MPS pipe directory.
  • Changed behavior for empty MIG devices to issue a warning instead of an error when the mixed strategy is selected
  • Added a a GFD node label for the GPU mode.
  • Update CUDA base image version to 12.5.1

v0.15.1

Compare Source

Changelog

  • Fix inconsistent usage of hasConfigMap helm template. This addresses cases where certain resources (roles and service accounts) would be created even if they were not required.
  • Raise an error in GFD when MPS is used with MIG. This ensures that the behavior across GFD and the Device Plugin is consistent.
  • Remove provenance information from published images.
  • Use half of total memory for size of MPS tmpfs by default.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@bot-akira
Copy link
Contributor Author

bot-akira bot commented Jun 25, 2024
edited
Loading 

--- HelmRelease: kube-system/nvidia-device-plugin ServiceAccount: kube-system/nvidia-device-plugin-service-account

+++ HelmRelease: kube-system/nvidia-device-plugin ServiceAccount: kube-system/nvidia-device-plugin-service-account

@@ -1,11 +0,0 @@

----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: nvidia-device-plugin-service-account
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: nvidia-device-plugin
-    app.kubernetes.io/instance: nvidia-device-plugin
-    app.kubernetes.io/managed-by: Helm
-
--- HelmRelease: kube-system/nvidia-device-plugin ClusterRole: kube-system/nvidia-device-plugin-role

+++ HelmRelease: kube-system/nvidia-device-plugin ClusterRole: kube-system/nvidia-device-plugin-role

@@ -1,20 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: nvidia-device-plugin-role
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: nvidia-device-plugin
-    app.kubernetes.io/instance: nvidia-device-plugin
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - nodes
-  verbs:
-  - get
-  - list
-  - watch
-
--- HelmRelease: kube-system/nvidia-device-plugin ClusterRoleBinding: kube-system/nvidia-device-plugin-role-binding

+++ HelmRelease: kube-system/nvidia-device-plugin ClusterRoleBinding: kube-system/nvidia-device-plugin-role-binding

@@ -1,19 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: nvidia-device-plugin-role-binding
-  namespace: kube-system
-  labels:
-    app.kubernetes.io/name: nvidia-device-plugin
-    app.kubernetes.io/instance: nvidia-device-plugin
-    app.kubernetes.io/managed-by: Helm
-subjects:
-- kind: ServiceAccount
-  name: nvidia-device-plugin-service-account
-  namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: nvidia-device-plugin-role
-  apiGroup: rbac.authorization.k8s.io
-
--- HelmRelease: kube-system/nvidia-device-plugin DaemonSet: kube-system/nvidia-device-plugin

+++ HelmRelease: kube-system/nvidia-device-plugin DaemonSet: kube-system/nvidia-device-plugin

@@ -31,22 +31,21 @@

         name: nvidia-device-plugin-ctr
         command:
         - nvidia-device-plugin
         env:
         - name: MPS_ROOT
           value: /run/nvidia/mps
-        - name: NVIDIA_MIG_MONITOR_DEVICES
-          value: all
         - name: NVIDIA_VISIBLE_DEVICES
           value: all
         - name: NVIDIA_DRIVER_CAPABILITIES
           value: compute,utility
         securityContext:
+          allowPrivilegeEscalation: false
           capabilities:
-            add:
-            - SYS_ADMIN
+            drop:
+            - ALL
         volumeMounts:
         - name: device-plugin
           mountPath: /var/lib/kubelet/device-plugins
         - name: mps-shm
           mountPath: /dev/shm
         - name: mps-root
--- HelmRelease: kube-system/nvidia-device-plugin DaemonSet: kube-system/nvidia-device-plugin-mps-control-daemon

+++ HelmRelease: kube-system/nvidia-device-plugin DaemonSet: kube-system/nvidia-device-plugin-mps-control-daemon

@@ -46,14 +46,12 @@

         env:
         - name: NODE_NAME
           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: spec.nodeName
-        - name: NVIDIA_MIG_MONITOR_DEVICES
-          value: all
         - name: NVIDIA_VISIBLE_DEVICES
           value: all
         - name: NVIDIA_DRIVER_CAPABILITIES
           value: compute,utility
         securityContext:
           privileged: true

@bot-akira
Copy link
Contributor Author

bot-akira bot commented Jun 25, 2024
edited
Loading 

--- kubernetes/apps/kube-system/nvidia-device-plugin/app Kustomization: flux-system/cluster-apps-nvidia-plugin HelmRelease: kube-system/nvidia-device-plugin

+++ kubernetes/apps/kube-system/nvidia-device-plugin/app Kustomization: flux-system/cluster-apps-nvidia-plugin HelmRelease: kube-system/nvidia-device-plugin

@@ -13,13 +13,13 @@

       chart: nvidia-device-plugin
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: nvidia-device-plugin
         namespace: flux-system
-      version: 0.15.0
+      version: 0.16.2
   interval: 15m
   values:
     image:
       repository: nvcr.io/nvidia/k8s-device-plugin
       tag: v0.15.0
     nodeSelector:
--- kubernetes/apps/kube-system/nvidia-device-plugin/app Kustomization: flux-system/cluster-apps-nvidia HelmRelease: kube-system/nvidia-device-plugin

+++ kubernetes/apps/kube-system/nvidia-device-plugin/app Kustomization: flux-system/cluster-apps-nvidia HelmRelease: kube-system/nvidia-device-plugin

@@ -13,13 +13,13 @@

       chart: nvidia-device-plugin
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: nvidia-device-plugin
         namespace: flux-system
-      version: 0.15.0
+      version: 0.16.2
   interval: 15m
   values:
     image:
       repository: nvcr.io/nvidia/k8s-device-plugin
       tag: v0.15.0
     nodeSelector:

@axeII
Copy link
Owner

axeII commented Jun 25, 2024
edited
Loading

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@bot-akira bot-akira bot force-pushed the renovate/nvidia-device-plugin-0.x branch from ab48648 to 974cd3c Compare July 16, 2024 14:10
@bot-akira bot-akira bot changed the title fix(helm): update nvidia-device-plugin ( 0.15.0 → 0.15.1 ) feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.0 ) Jul 16, 2024
@bot-akira bot-akira bot force-pushed the renovate/nvidia-device-plugin-0.x branch from 974cd3c to 67407ca Compare July 26, 2024 19:11
@bot-akira bot-akira bot changed the title feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.0 ) feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.1 ) Jul 26, 2024
@bot-akira bot-akira bot force-pushed the renovate/nvidia-device-plugin-0.x branch from 67407ca to 2eeacba Compare August 8, 2024 11:12
@bot-akira bot-akira bot changed the title feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.1 ) feat(helm): update nvidia-device-plugin ( 0.15.0 → 0.16.2 ) Aug 8, 2024
@axeII axeII merged commit 0c84595 into main Aug 25, 2024
9 checks passed
@bot-akira bot-akira bot deleted the renovate/nvidia-device-plugin-0.x branch August 25, 2024 00:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes renovate/helm type/patch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@axeII