Skip to content

feat: The pod is in privileged mode and has declared HAMi-related resources. Its creation is denied.#789

Open
chaunceyjiang wants to merge 748 commits intoProject-HAMi:masterfrom
chaunceyjiang:privileged
Open

feat: The pod is in privileged mode and has declared HAMi-related resources. Its creation is denied.#789
chaunceyjiang wants to merge 748 commits intoProject-HAMi:masterfrom
chaunceyjiang:privileged

Conversation

@chaunceyjiang
Copy link
Copy Markdown
Collaborator

@chaunceyjiang chaunceyjiang commented Jan 8, 2025
edited
Loading

What type of PR is this?
/kind feature

What this PR does / why we need it:

Pods with containers in privileged mode and declaring HAMi-related resources should be prevented from being created.

Which issue(s) this PR fixes:
Fixes #790

Test:

image

image

Does this PR introduce a user-facing change?:

limengxuan and others added 30 commits April 17, 2024 18:33
Merge pull request Project-HAMi#273 from chaunceyjiang/bind
4e9dedb 
fix: When a node cannot bind, it should stop scheduling pods to that node
@chaunceyjiang
Support GPU Utilization Metrics
b918011 
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@archlitchi
support new cambricon devices
68e3e3a
@archlitchi
remove unused files
182fe85
@archlitchi
update mlu-related docs and examples
d9a8726
Merge pull request Project-HAMi#280 from chaunceyjiang/device_util
c3c1d15 
Support GPU Utilization Metrics
@archlitchi
update libvgpu
1e781d7
@archlitchi
Merge branch 'master' of github.com:Project-HAMi/HAMi
103b2b6
@lengrongfu
add scheduler policy design doc
0e2a6e4 
Signed-off-by: rongfu.leng <lenronfu@gmail.com>
@lengrongfu
scheduler server add leader elect
d472283 
Signed-off-by: rongfu.leng <lenronfu@gmail.com>
Merge pull request Project-HAMi#196 from lengrongfu/feat/add-leader-e…
e4a4600 
…lect-param

scheduler server add leader elect
Merge pull request Project-HAMi#152 from lengrongfu/add_scheduler_policy
4f1a323 
KEP: add scheduler policy design doc and code
@wawa0210
fix nvidia device plugin nodename init sort error
c30db33
@archlitchi
fix metrics error
4dd84d3
@archlitchi
Merge branch 'master' of github.com:Project-HAMi/HAMi
e892934
@wawa0210
fix RegistrInAnnotation log time error
90af849
fix device plugin crash whrn numa get err (Project-HAMi#290)
54715cd
@archlitchi
update
d59ef57
@archlitchi
Merge branch 'master' of github.com:Project-HAMi/HAMi
f859cf9
@wawa0210
To avoid swallowing exception information during device stop, it shou…
d770a47 
…ld be thrown
@lengrongfu @wawa0210
add break change document
de36c8c 
Signed-off-by: rongfu.leng <lenronfu@gmail.com>
@totapotato
Replace project architecture diagram (Project-HAMi#296)
7a5b7ea 
* update architect png
@wawa0210
fix gpu type matching mechanism
e678dbe
@wawa0210
triv:Remove the build double quotes
fd8deca
@archlitchi
add support for 910B devices
3648648
@archlitchi
Merge branch 'master' of github.com:Project-HAMi/HAMi
17bf9e5
@archlitchi
update webhook and charts
548892a
@wawa0210
remove github robot
c0ce784 
Signed-off-by: calvin <wen.chen@daocloud.io>
@archlitchi
update docs for v2.3.11
50cc567 
Signed-off-by: limengxuan <391013634@qq.com>
@archlitchi
Merge branch 'master' of github.com:Project-HAMi/HAMi
dda23af
yt-huang and others added 25 commits December 22, 2024 10:21
@yt-huang @wawa0210
add ut for github.com/Project-HAMi/HAMi/pkg/scheduler/pod.go
659bef8 
Signed-off-by: yintong.huang <yintong.huang@daocloud.io>
@archlitchi
Add design document to 'dynamic-mig' feature (Project-HAMi#725)
28a0528 
* update documents

Signed-off-by: limengxuan <391013634@qq.com>
@wawa0210
fix(doc): fix a typo and resolve markdown warnings in the tasklist
a0a007b 
Signed-off-by: elrondwong <gfengwong@gmail.com>
@learner0810
add-nodelock-ut (Project-HAMi#719)
6d70d6c 
add-nodelock-ut

Signed-off-by: learner0810 <zhongjun.li@daocloud.io>
test: add ut about pkg/version/version.go (Project-HAMi#677)
88c6b62 
Signed-off-by: penguin <lihan.zhou@daocloud.io>
@archlitchi
Update on mig mode (Project-HAMi#726)
cd12260 
* update nodelock for mig instance & add document for mig monitor

Signed-off-by: limengxuan <391013634@qq.com>
@archlitchi
Update documents for config & config_cn (Project-HAMi#729)
311d18b 
* update documents for config

Signed-off-by: limengxuan <391013634@qq.com>
@jingzhe6414
set PASS_DEVICE_SPECS ENV to device-plugin (Project-HAMi#690)
7527b2b 
* Setting devicePlugin.compatWithCPUManager=true will set PASS_DEVICE_SPECS=true as an environment variable.

Signed-off-by: 张 驰 <919474320@qq.com>

* Change the parameter compatWithCPUManager for setting the PASS_DEVICE_SPECS ENV to passDeviceSpecsEnabled, and set the default value to true.

Signed-off-by: 张 驰 <919474320@qq.com>

---------

Signed-off-by: 张 驰 <919474320@qq.com>
@learner0810
fix device-plugin-version (Project-HAMi#743)
6353e9e 
Signed-off-by: learner0810 <zhongjun.li@daocloud.io>
@chaunceyjiang
feat: Return the nodes that failed to be scheduled back to the schedu…
35813b5 
…ler. (Project-HAMi#746)

Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@elrondwong
fix(log): fix missing log output in nvidiadeviceplugin server (Projec…
b6ad0c6 
…t-HAMi#735)

Signed-off-by: elrondwong <gfengwong@gmail.com>
@flpanbin @wawa0210
support configuration resources limits and requests
5839076 
Signed-off-by: bin <bin.pan@daocloud.io>
@elrondwong @wawa0210
feat(test): add TestMarshalNodeDevices scenarios
96adaec 
Signed-off-by: elrondwong <gfengwong@gmail.com>
@flpanbin @wawa0210
print flags for device-plugin and scheduler
ac1d91d 
Signed-off-by: bin <bin.pan@daocloud.io>
@yangshiqi
Fix typos, add more contributors and maintainers. (Project-HAMi#765)
1d2d2a2 
* add star history to readme, fix typos and add more contributors and maintainers.

Signed-off-by: yangshiqi <yangshiqi1089@gmail.com>

* add spaces

Signed-off-by: yangshiqi <yangshiqi1089@gmail.com>

---------

Signed-off-by: yangshiqi <yangshiqi1089@gmail.com>
@oceanweave
Add a mind map to help understand this project (Project-HAMi#764)
9fdbd5f 
Signed-off-by: Fengyang <495160589@qq.com>
@windsonsea
update config pages (Project-HAMi#760)
f92c7ca 
Signed-off-by: windsonsea <haifeng.yao@daocloud.io>
@KubeKyrie @wawa0210
add ut for device-map
f8c97ee 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
@yxxhero @wawa0210
refactor(ci): use go.mod file for Go version in workflows
b8548c3 
Signed-off-by: yxxhero <aiopsclub@163.com>
@flpanbin
support set log level for device plugin (Project-HAMi#771)
abf6ed2 
Signed-off-by: bin <bin.pan@daocloud.io>
@chaunceyjiang
feat: Restart/Upgrade device-plugin will not affect services. (Projec…
28d21fe 
…t-HAMi#767)

Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@KubeKyrie @wawa0210
add ut for Nvml-Devices
c6b969b 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
@KubeKyrie @wawa0210
add ut for device-map
ee7447a 
Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
@learner0810 @wawa0210
Optimize the time format layout
cbccbd4 
Signed-off-by: learner0810 <zhongjun.li@daocloud.io>
@chaunceyjiang
fix: nvidia-device-plugin no version info (Project-HAMi#779)
d04fc8b 
Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Jan 8, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
unittests 47.24% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
pkg/device/ascend/device.go 87.30% <ø> (ø)
pkg/device/cambricon/device.go 88.62% <ø> (ø)
pkg/device/devices.go 0.00% <ø> (ø)
pkg/device/hygon/device.go 23.22% <ø> (ø)
pkg/device/iluvatar/device.go 29.86% <ø> (ø)
pkg/device/metax/device.go 26.85% <ø> (ø)
pkg/device/mthreads/device.go 21.30% <ø> (ø)
pkg/device/nvidia/device.go 37.76% <ø> (ø)
pkg/k8sutil/client.go 0.00% <ø> (ø)
pkg/k8sutil/pod.go 100.00% <ø> (ø)
... and 19 more
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@chaunceyjiang
feat: The pod is in privileged mode and has declared HAMi-related res…
5d79563 
…ources. Its creation is denied.

Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com>
@lengrongfu
Copy link
Copy Markdown
Member

lengrongfu commented Mar 25, 2025

/lgtm

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pods in privileged mode keep encountering the UnexpectedAdmissionError error.