diff --git a/charts/intel-gaudi-resource-driver/Chart.yaml b/charts/intel-gaudi-resource-driver/Chart.yaml index f255737..ee24a42 100644 --- a/charts/intel-gaudi-resource-driver/Chart.yaml +++ b/charts/intel-gaudi-resource-driver/Chart.yaml @@ -3,20 +3,20 @@ name: intel-gaudi-resource-driver description: A Helm chart for a Dynamic Resource Allocation (DRA) Intel Gaudi Resource Driver type: application -version: 0.3.0 -appVersion: "v0.3.0" +version: 0.4.1 +appVersion: "v0.4.1" home: https://github.com/intel/intel-resource-drivers-for-kubernetes/charts dependencies: - name: node-feature-discovery alias: nfd - version: "0.17.1" + version: "0.17.2" condition: nfd.enabled repository: https://kubernetes-sigs.github.io/node-feature-discovery/charts annotations: org.opencontainers.image.url: "https://github.com/intel/intel-resource-drivers-for-kubernetes" org.opencontainers.image.source: "https://github.com/intel/intel-resource-drivers-for-kubernetes" - org.opencontainers.image.version: "0.3.0" + org.opencontainers.image.version: "0.4.1" org.opencontainers.image.title: "Intel Gaudi Resource Driver" org.opencontainers.image.description: "This chart installs the Intel Gaudi resource driver on Kubernetes." diff --git a/charts/intel-gaudi-resource-driver/README.md b/charts/intel-gaudi-resource-driver/README.md index c296a6f..7e40c94 100644 --- a/charts/intel-gaudi-resource-driver/README.md +++ b/charts/intel-gaudi-resource-driver/README.md @@ -9,25 +9,39 @@ More info: [Intel Resource Drivers for Kubernetes](https://github.com/intel/inte ## Installing the chart -``` -helm install intel-gaudi-resource-driver oci://ghcr.io/intel/intel-resource-drivers-for-kubernetes/intel-gaudi-resource-driver \ - --create-namespace \ +```console +helm install \ --namespace intel-gaudi-resource-driver + --create-namespace \ + intel-gaudi-resource-driver oci://ghcr.io/intel/intel-resource-drivers-for-kubernetes/intel-gaudi-resource-driver \ ``` -## Uninstalling the chart + +> [!NOTE] +> For Kubernetes clusters using [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/), +> pre-create the namespace with the respective label allowing to use HostPath Volumes. + +```console +kubectl create namespace intel-gaudi-resource-driver +kubectl label --overwrite namespace intel-gaudi-resource-driver pod-security.kubernetes.io/enforce=privileged +helm install \ + --namespace "intel-gaudi-resource-driver" \ + intel-gaudi-resource-driver oci://ghcr.io/intel/intel-resource-drivers-for-kubernetes/intel-gaudi-resource-driver ``` + +## Uninstalling the chart +```console helm uninstall intel-gaudi-resource-driver --namespace intel-gaudi-resource-driver ``` (Optional) Delete the namespace: -``` +```console kubectl delete ns intel-gaudi-resource-driver ``` ## Configuration See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments: -``` +```console helm show values oci://ghcr.io/intel/intel-resource-drivers-for-kubernetes/intel-gaudi-resource-driver ``` @@ -38,7 +52,7 @@ You may also run `helm show values` on this chart's dependencies for additional | image.repository | string | `intel` | | image.name | string | `"intel-gaudi-resource-driver"` | | image.pullPolicy | string | `"IfNotPresent"` | -| image.tag | string | `"v0.3.0"` | +| image.tag | string | `"v0.4.1"` | > [!Note] > If you change the image tag to be used in Helm chart deployment, ensure that the version of the container image is consistent with deployment YAMLs - they might change between releases. diff --git a/charts/intel-gaudi-resource-driver/templates/_helpers.tpl b/charts/intel-gaudi-resource-driver/templates/_helpers.tpl index 4904972..a5c7dbd 100644 --- a/charts/intel-gaudi-resource-driver/templates/_helpers.tpl +++ b/charts/intel-gaudi-resource-driver/templates/_helpers.tpl @@ -22,10 +22,6 @@ intel-gaudi-resource-driver {{- end -}} {{- end }} -{{- define "intel-gaudi-resource-driver.namespace" -}} -{{- default .Release.Namespace .Values.namespaceOverride }} -{{- end }} - {{/* Labels for templates */}} {{- define "intel-gaudi-resource-driver.labels" -}} helm.sh/chart: {{ include "intel-gaudi-resource-driver.chart" . }} diff --git a/charts/intel-gaudi-resource-driver/templates/clusterrole.yaml b/charts/intel-gaudi-resource-driver/templates/clusterrole.yaml index 3dea9b1..40a3a79 100644 --- a/charts/intel-gaudi-resource-driver/templates/clusterrole.yaml +++ b/charts/intel-gaudi-resource-driver/templates/clusterrole.yaml @@ -2,7 +2,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: {{ include "intel-gaudi-resource-driver.clusterRoleName" . }} - namespace: {{ include "intel-gaudi-resource-driver.namespace" . }} + namespace: {{ .Release.Namespace }} rules: - apiGroups: [""] resources: ["nodes"] diff --git a/charts/intel-gaudi-resource-driver/templates/clusterrolebinding.yaml b/charts/intel-gaudi-resource-driver/templates/clusterrolebinding.yaml index a3cdfda..9ea66d1 100644 --- a/charts/intel-gaudi-resource-driver/templates/clusterrolebinding.yaml +++ b/charts/intel-gaudi-resource-driver/templates/clusterrolebinding.yaml @@ -2,11 +2,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "intel-gaudi-resource-driver.clusterRoleBindingName" . }} - namespace: {{ include "intel-gaudi-resource-driver.namespace" . }} + namespace: {{ .Release.Namespace }} subjects: - kind: ServiceAccount name: {{ include "intel-gaudi-resource-driver.serviceAccountName" . }} - namespace: {{ include "intel-gaudi-resource-driver.namespace" . }} + namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole name: {{ include "intel-gaudi-resource-driver.clusterRoleName" . }} diff --git a/charts/intel-gaudi-resource-driver/templates/resource-driver-namespace.yaml b/charts/intel-gaudi-resource-driver/templates/resource-driver-namespace.yaml deleted file mode 100644 index 01b1ec8..0000000 --- a/charts/intel-gaudi-resource-driver/templates/resource-driver-namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: intel-gaudi-resource-driver diff --git a/charts/intel-gaudi-resource-driver/templates/resource-driver.yaml b/charts/intel-gaudi-resource-driver/templates/resource-driver.yaml index e53872c..8c1ae0d 100644 --- a/charts/intel-gaudi-resource-driver/templates/resource-driver.yaml +++ b/charts/intel-gaudi-resource-driver/templates/resource-driver.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: name: intel-gaudi-resource-driver-kubelet-plugin - namespace: {{ include "intel-gaudi-resource-driver.namespace" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "intel-gaudi-resource-driver.labels" . | nindent 4 }} spec: @@ -45,8 +45,7 @@ spec: - name: sysfs mountPath: "/sysfs" securityContext: - privileged: false - allowPrivilegeEscalation: false + privileged: true capabilities: drop: ["ALL"] readOnlyRootFilesystem: true diff --git a/charts/intel-gaudi-resource-driver/templates/serviceaccount.yaml b/charts/intel-gaudi-resource-driver/templates/serviceaccount.yaml index e6c3278..a1aa9d6 100644 --- a/charts/intel-gaudi-resource-driver/templates/serviceaccount.yaml +++ b/charts/intel-gaudi-resource-driver/templates/serviceaccount.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "intel-gaudi-resource-driver.serviceAccountName" . }} - namespace: {{ include "intel-gaudi-resource-driver.namespace" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "intel-gaudi-resource-driver.labels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/intel-gaudi-resource-driver/values.yaml b/charts/intel-gaudi-resource-driver/values.yaml index 6415fdb..c700797 100644 --- a/charts/intel-gaudi-resource-driver/values.yaml +++ b/charts/intel-gaudi-resource-driver/values.yaml @@ -1,6 +1,5 @@ # Default values for intel-gaudi-resource-driver. nameOverride: "" -namespaceOverride: "intel-gaudi-resource-driver" fullnameOverride: "" selectorLabelsOverride: {} @@ -9,7 +8,7 @@ image: repository: intel name: intel-gaudi-resource-driver pullPolicy: IfNotPresent - tag: "v0.3.0" + tag: "v0.4.1" serviceAccount: create: true diff --git a/doc/gaudi/README.md b/doc/gaudi/README.md index 774bc70..75ee748 100644 --- a/doc/gaudi/README.md +++ b/doc/gaudi/README.md @@ -5,7 +5,7 @@ CAUTION: This is an beta / non-production software, do not use on production clu ## About resource driver With structured parameters (K8s v1.31+), the DRA driver publishes ResourceSlice, scheduler allocates -the resoruces and resource driver's kubelet-plugin ensures that the allocated devices are prepared +the resources and resource driver's kubelet-plugin ensures that the allocated devices are prepared and available for Pods. DRA API graduated to v1beta1 in K8s v1.32. Latest DRA drivers support only K8s v1.32+. diff --git a/doc/gaudi/USAGE.md b/doc/gaudi/USAGE.md index 3530c2c..14ace40 100644 --- a/doc/gaudi/USAGE.md +++ b/doc/gaudi/USAGE.md @@ -265,3 +265,7 @@ Unlike with normal Gaudi ResourceClaims: * Monitor deployment gets access to all Gaudi devices on a node * `adminAccess` ResourceClaim allocations are not counted by scheduler as consumed resource, and can be allocated to workloads +### Helm Chart + +The [Intel Gaudi Resource Driver Helm Chart](../../charts/intel-gaudi-resource-driver) is published +as a package to GitHub OCI registry, and can be installed directly with Helm.