NAS-121481 / 23.10 / Set nvidia caps to void when no gpu is passed, also adds render group when a gpu is selected and other small fixes (#1124)

* Set nvidia caps to void when no gpu is passed * add tests to init containers too * Additionally add `render` group when gpu is added * Correctly handle "0" gpu * handle fsGroup 0 properly * fix gh highlight * Correct nvidia variable and add additional check for runtime * cast both sides of the comparison * fix externalinterfaces nesting * Add dnsConfig missing docs
2026-06-28 00:06:45 +08:00 · 2023-04-20 01:27:23 +03:00
parent bebaa5040f
commit 63326effb3
17 changed files with 408 additions and 100 deletions
--- a/library/common/templates/lib/pod/_podSecurityContext.tpl
+++ b/library/common/templates/lib/pod/_podSecurityContext.tpl
@@ -39,7 +39,7 @@ objectData: The object data to be used to render the Pod.
  {{- end -}}

  {{- if $gpuAdded -}}
-    {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 44)) -}}
+    {{- $_ := set $secContext "supplementalGroups" (concat $secContext.supplementalGroups (list 44 107)) -}}
  {{- end -}}

  {{- $portRange := fromJson (include "ix.v1.common.lib.helpers.securityContext.getPortRange" (dict "rootCtx" $rootCtx "objectData" $objectData)) -}}
@@ -47,7 +47,7 @@ objectData: The object data to be used to render the Pod.
    {{- $_ := set $secContext "sysctls" (mustAppend $secContext.sysctls (dict "name" "net.ipv4.ip_unprivileged_port_start" "value" (printf "%v" $portRange.low))) -}}
  {{- end -}}

-  {{- if not $secContext.fsGroup -}}
+  {{- if or (kindIs "invalid" $secContext.fsGroup) (eq (toString $secContext.fsGroup) "") -}}
    {{- fail "Pod - Expected non-empty <fsGroup>" -}}
  {{- end -}}

--- a/library/common/templates/lib/pod/_runtimeClassName.tpl
+++ b/library/common/templates/lib/pod/_runtimeClassName.tpl
@@ -25,19 +25,28 @@ objectData: The object data to be used to render the Pod.

      {{- range $rootCtx.Values.scaleGPU -}}
        {{- if .gpu -}} {{/* Make sure it has a value... */}}
+          {{- $gpuAssigned := false -}}

-          {{- if (kindIs "map" .targetSelector) -}}
-            {{- range $podName, $containers := .targetSelector -}}
-              {{- if eq $objectData.shortName $podName -}} {{/* If the pod is selected */}}
-                {{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
-              {{- end -}}
+          {{- range $k, $v := .gpu -}}
+            {{- if $v -}} {{/* Consider assigned only if value is not "0" or "" */}}
+              {{- $gpuAssigned = true -}}
            {{- end -}}
+          {{- end -}}

-          {{- else if $objectData.primary -}}
+          {{- if $gpuAssigned -}} {{/* If GPU is actually assigned */}}
+            {{- if (kindIs "map" .targetSelector) -}}
+              {{- range $podName, $containers := .targetSelector -}}
+                {{- if eq $objectData.shortName $podName -}} {{/* If the pod is selected */}}
+                  {{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
+                {{- end -}}
+              {{- end -}}

-            {{/* If the pod is primary and no targetSelector is given, assign to primary */}}
-            {{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
+            {{- else if $objectData.primary -}}

+              {{/* If the pod is primary and no targetSelector is given, assign to primary */}}
+              {{- $runtime = $rootCtx.Values.global.ixChartContext.nvidiaRuntimeClassName -}}
+
+            {{- end -}}
          {{- end -}}
        {{- end -}}
      {{- end -}}