def mcs_selinux_profile(spawner, pod):
# Apply profile from singleuser-profiles
apply_pod_profile(spawner, pod)
if spawner.gpu_mode and spawner.gpu_mode == "selinux" and \
spawner.extra_resource_limits and "nvidia.com/gpu" in spawner.extra_resource_limits:
# Currently a bug in RHEL Docker 1.13 whereby /dev IPC dirs get inconsistent MCS
pod.spec.security_context.se_linux_options = V1SELinuxOptions(
type='nvidia_container_t', level='s0')
return pod
def apply_pod_profile(self, spawner, pod, profile):
if profile.get('env'):
for k, v in profile['env'].items():
update = False
for e in pod.spec.containers[0].env:
if e.name == k:
e.value = v
update = True
break
if not update:
pod.spec.containers[0].env.append(V1EnvVar(k, v))
if pod.spec.containers[0].resources and profile.get('resources'):
if profile['resources'].get('mem_limit'):
_LOGGER.info("Setting a memory limit for %s in %s to %s" %
(spawner.user.name, spawner.singleuser_image_spec,
profile['resources']['mem_limit']))
pod.spec.containers[0].resources.limits['memory'] = profile[
'resources']['mem_limit']
if profile['resources'].get('cpu_limit'):
_LOGGER.info("Setting a cpu limit for %s in %s to %s" %
(spawner.user.name, spawner.singleuser_image_spec,
profile['resources']['cpu_limit']))
pod.spec.containers[0].resources.limits['cpu'] = profile[
'resources']['cpu_limit']
for c in pod.spec.containers:
update = False
if type(c) is dict:
env = c['env']
else:
env = c.env
for e in env:
if type(e) is dict:
if e['name'] == _JUPYTERHUB_USER_NAME_ENV:
e['value'] = spawner.user.name
update = True
break
else:
if e.name == _JUPYTERHUB_USER_NAME_ENV:
e.value = spawner.user.name
update = True
break
if not update:
env.append(
V1EnvVar(_JUPYTERHUB_USER_NAME_ENV, spawner.user.name))
#FIXME classmethod, so no self.gpu_mode
if spawner.gpu_mode and spawner.gpu_mode == self.GPU_MODE_SELINUX and spawner.extra_resource_limits and "nvidia.com/gpu" in spawner.extra_resource_limits:
pod.spec.security_context.capabilities = V1Capabilities(
drop=['ALL'])
pod.spec.security_context.se_linux_options = V1SELinuxOptions(
type='nvidia_container_t')
return pod
def apply_gpu_config(self, gpu_mode, gpu_count, pod):
if int(gpu_count) > 0:
pod.spec.containers[0].resources.limits[_GPU_KEY] = str(gpu_count)
pod.spec.containers[0].resources.requests[_GPU_KEY] = str(gpu_count)
if gpu_mode:
if gpu_mode == self.GPU_MODE_SELINUX:
pod.spec.security_context.capabilities = V1Capabilities(drop=['ALL'])
pod.spec.security_context.se_linux_options = V1SELinuxOptions(type='nvidia_container_t')
if gpu_mode == self.GPU_MODE_PRIVILEGED:
pod.spec.security_context.privileged = True
return pod
def apply_gpu_config(self, gpu_mode, profile, gpu_types, pod,
selected_gpu_type):
gpu_count = profile.get('gpu', 0)
node_tolerations = []
node_affinity = {}
if int(gpu_count) > 0:
pod.spec.containers[0].resources.limits[_GPU_KEY] = str(gpu_count)
pod.spec.containers[0].resources.requests[_GPU_KEY] = str(
gpu_count)
if gpu_mode:
if gpu_mode == self.GPU_MODE_SELINUX:
pod.spec.security_context.capabilities = V1Capabilities(
drop=['ALL'])
pod.spec.security_context.se_linux_options = V1SELinuxOptions(
type='nvidia_container_t')
if gpu_mode == self.GPU_MODE_PRIVILEGED:
pod.spec.security_context.privileged = True
if gpu_types:
# We currently do not have a way to select the type of GPU in the notebook spawner
# Our workaround for the time being is to apply all possible gpu tolerations
if selected_gpu_type == "ALL":
for gpu_type in gpu_types:
node_tolerations.extend(
gpu_type.get('node_tolerations', []))
else:
for gpu_type in gpu_types:
if selected_gpu_type == gpu_type.get('type'):
node_tolerations.extend(
gpu_type.get('node_tolerations', []))
break
self.apply_pod_schedulers(node_tolerations, node_affinity, pod)
return None