From 0bbce4be8d081f30e0bf4986b8057589747c4201 Mon Sep 17 00:00:00 2001 From: Rajat Chopra Date: Wed, 28 Jan 2026 10:31:51 -0800 Subject: [PATCH] feat: sandbox device plugin will launch a GFD job, so we need new privileges and info Signed-off-by: Rajat Chopra --- assets/state-sandbox-device-plugin/0200_role.yaml | 10 ++++++++++ .../state-sandbox-device-plugin/0500_daemonset.yaml | 11 +++++++++++ deployments/gpu-operator/templates/role.yaml | 10 ++++++++++ 3 files changed, 31 insertions(+) diff --git a/assets/state-sandbox-device-plugin/0200_role.yaml b/assets/state-sandbox-device-plugin/0200_role.yaml index 2f5085e51..55cb782a3 100644 --- a/assets/state-sandbox-device-plugin/0200_role.yaml +++ b/assets/state-sandbox-device-plugin/0200_role.yaml @@ -12,3 +12,13 @@ rules: - use resourceNames: - privileged +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - list + - watch + - delete diff --git a/assets/state-sandbox-device-plugin/0500_daemonset.yaml b/assets/state-sandbox-device-plugin/0500_daemonset.yaml index 13e91d5d1..dc62b58c9 100644 --- a/assets/state-sandbox-device-plugin/0500_daemonset.yaml +++ b/assets/state-sandbox-device-plugin/0500_daemonset.yaml @@ -62,6 +62,17 @@ spec: imagePullPolicy: IfNotPresent name: nvidia-sandbox-device-plugin-ctr command: ["nvidia-kubevirt-gpu-device-plugin"] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace securityContext: privileged: true volumeMounts: diff --git a/deployments/gpu-operator/templates/role.yaml b/deployments/gpu-operator/templates/role.yaml index dc4674c57..68bf62a51 100644 --- a/deployments/gpu-operator/templates/role.yaml +++ b/deployments/gpu-operator/templates/role.yaml @@ -93,3 +93,13 @@ rules: - watch - create - update +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - delete