# Copyright (c) 2024, Shanghai Iluvatar CoreX Semiconductor Co., Ltd. # All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. apiVersion: v1 kind: ServiceAccount metadata: name: iluvatar-device-plugin-sa namespace: kube-system --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: iluvatar-device-plugin-cluster-role rules: - apiGroups: [""] resources: ["pods"] verbs: ["get", "list", "update", "watch", "patch"] - apiGroups: [""] resources: ["nodes"] verbs: ["get", "patch"] - apiGroups: [""] resources: ["nodes/status"] verbs: ["get", "patch", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "create", "update", "list", "watch", "patch"] - apiGroups: [ "" ] resources: [ "events" ] verbs: [ "create" ] --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: iluvatar-device-plugin-cluster-rolebinding subjects: - kind: ServiceAccount name: iluvatar-device-plugin-sa namespace: kube-system roleRef: kind: ClusterRole name: iluvatar-device-plugin-cluster-role apiGroup: rbac.authorization.k8s.io --- apiVersion: v1 kind: ConfigMap data: ix-config: |- resourceName: "iluvatar.com/gpu" flags: splitboard: false usevolcano: true metadata: name: ix-config namespace: kube-system --- apiVersion: apps/v1 kind: DaemonSet metadata: name: iluvatar-device-plugin namespace: kube-system labels: app.kubernetes.io/name: iluvatar-device-plugin spec: selector: matchLabels: app.kubernetes.io/name: iluvatar-device-plugin template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: app.kubernetes.io/name: iluvatar-device-plugin spec: priorityClassName: "system-node-critical" securityContext: null serviceAccountName: iluvatar-device-plugin-sa containers: - name: iluvatar-device-plugin securityContext: capabilities: drop: - ALL privileged: true image: "ix-device-plugin:4.3.0" imagePullPolicy: IfNotPresent livenessProbe: exec: command: - ls - /var/lib/kubelet/device-plugins/iluvatar-gpu.sock periodSeconds: 5 startupProbe: exec: command: - ls - /var/lib/kubelet/device-plugins/iluvatar-gpu.sock periodSeconds: 5 resources: {} volumeMounts: - mountPath: /var/lib/kubelet/pod-resources name: pod-resources - mountPath: /var/lib/kubelet/device-plugins name: device-plugin - mountPath: /run/udev name: udev-ctl readOnly: true - mountPath: /sys name: sys readOnly: true - mountPath: /dev name: dev - name: ixc mountPath: /ixconfig - name: ix-device-plugin-log mountPath: /var/log/iluvatarcorex/ix-device-plugin env: - name: NODE_NAME valueFrom: fieldRef: fieldPath: spec.nodeName volumes: - hostPath: path: /var/lib/kubelet/pod-resources/ name: pod-resources - hostPath: path: /var/lib/kubelet/device-plugins name: device-plugin - hostPath: path: /run/udev name: udev-ctl - hostPath: path: /sys name: sys - hostPath: path: /etc/udev/ name: udev-etc - hostPath: path: /dev name: dev - name: ixc configMap: name: ix-config - name: ix-device-plugin-log hostPath: path: /var/log/iluvatarcorex/ix-device-plugin type: Directory