def mcs_selinux_profile(spawner, pod): # Apply profile from singleuser-profiles apply_pod_profile(spawner, pod) if spawner.gpu_mode and spawner.gpu_mode == "selinux" and \ spawner.extra_resource_limits and "nvidia.com/gpu" in spawner.extra_resource_limits: # Currently a bug in RHEL Docker 1.13 whereby /dev IPC dirs get inconsistent MCS pod.spec.security_context.se_linux_options = V1SELinuxOptions( type='nvidia_container_t', level='s0') return pod
def apply_pod_profile(self, spawner, pod, profile): if profile.get('env'): for k, v in profile['env'].items(): update = False for e in pod.spec.containers[0].env: if e.name == k: e.value = v update = True break if not update: pod.spec.containers[0].env.append(V1EnvVar(k, v)) if pod.spec.containers[0].resources and profile.get('resources'): if profile['resources'].get('mem_limit'): _LOGGER.info("Setting a memory limit for %s in %s to %s" % (spawner.user.name, spawner.singleuser_image_spec, profile['resources']['mem_limit'])) pod.spec.containers[0].resources.limits['memory'] = profile[ 'resources']['mem_limit'] if profile['resources'].get('cpu_limit'): _LOGGER.info("Setting a cpu limit for %s in %s to %s" % (spawner.user.name, spawner.singleuser_image_spec, profile['resources']['cpu_limit'])) pod.spec.containers[0].resources.limits['cpu'] = profile[ 'resources']['cpu_limit'] for c in pod.spec.containers: update = False if type(c) is dict: env = c['env'] else: env = c.env for e in env: if type(e) is dict: if e['name'] == _JUPYTERHUB_USER_NAME_ENV: e['value'] = spawner.user.name update = True break else: if e.name == _JUPYTERHUB_USER_NAME_ENV: e.value = spawner.user.name update = True break if not update: env.append( V1EnvVar(_JUPYTERHUB_USER_NAME_ENV, spawner.user.name)) #FIXME classmethod, so no self.gpu_mode if spawner.gpu_mode and spawner.gpu_mode == self.GPU_MODE_SELINUX and spawner.extra_resource_limits and "nvidia.com/gpu" in spawner.extra_resource_limits: pod.spec.security_context.capabilities = V1Capabilities( drop=['ALL']) pod.spec.security_context.se_linux_options = V1SELinuxOptions( type='nvidia_container_t') return pod
def apply_gpu_config(self, gpu_mode, gpu_count, pod): if int(gpu_count) > 0: pod.spec.containers[0].resources.limits[_GPU_KEY] = str(gpu_count) pod.spec.containers[0].resources.requests[_GPU_KEY] = str(gpu_count) if gpu_mode: if gpu_mode == self.GPU_MODE_SELINUX: pod.spec.security_context.capabilities = V1Capabilities(drop=['ALL']) pod.spec.security_context.se_linux_options = V1SELinuxOptions(type='nvidia_container_t') if gpu_mode == self.GPU_MODE_PRIVILEGED: pod.spec.security_context.privileged = True return pod
def apply_gpu_config(self, gpu_mode, profile, gpu_types, pod, selected_gpu_type): gpu_count = profile.get('gpu', 0) node_tolerations = [] node_affinity = {} if int(gpu_count) > 0: pod.spec.containers[0].resources.limits[_GPU_KEY] = str(gpu_count) pod.spec.containers[0].resources.requests[_GPU_KEY] = str( gpu_count) if gpu_mode: if gpu_mode == self.GPU_MODE_SELINUX: pod.spec.security_context.capabilities = V1Capabilities( drop=['ALL']) pod.spec.security_context.se_linux_options = V1SELinuxOptions( type='nvidia_container_t') if gpu_mode == self.GPU_MODE_PRIVILEGED: pod.spec.security_context.privileged = True if gpu_types: # We currently do not have a way to select the type of GPU in the notebook spawner # Our workaround for the time being is to apply all possible gpu tolerations if selected_gpu_type == "ALL": for gpu_type in gpu_types: node_tolerations.extend( gpu_type.get('node_tolerations', [])) else: for gpu_type in gpu_types: if selected_gpu_type == gpu_type.get('type'): node_tolerations.extend( gpu_type.get('node_tolerations', [])) break self.apply_pod_schedulers(node_tolerations, node_affinity, pod) return None