From 57bafec6cf1102cb54e66dd96c62dd09cc65feaf Mon Sep 17 00:00:00 2001 From: Rajat Chopra Date: Mon, 2 Feb 2026 13:34:59 -0800 Subject: [PATCH] feat: sandbox device plugin will launch pods for GFD, so we need new privileges and info Signed-off-by: Rajat Chopra --- assets/state-sandbox-device-plugin/0200_role.yaml | 11 +++++++++++ .../state-sandbox-device-plugin/0500_daemonset.yaml | 11 +++++++++++ deployments/gpu-operator/templates/role.yaml | 1 + 3 files changed, 23 insertions(+) diff --git a/assets/state-sandbox-device-plugin/0200_role.yaml b/assets/state-sandbox-device-plugin/0200_role.yaml index 2f5085e51..6902cf4d4 100644 --- a/assets/state-sandbox-device-plugin/0200_role.yaml +++ b/assets/state-sandbox-device-plugin/0200_role.yaml @@ -12,3 +12,14 @@ rules: - use resourceNames: - privileged +- apiGroups: + - "" + resources: + - pods + - pods/exec + verbs: + - create + - get + - list + - watch + - delete diff --git a/assets/state-sandbox-device-plugin/0500_daemonset.yaml b/assets/state-sandbox-device-plugin/0500_daemonset.yaml index 13e91d5d1..dc62b58c9 100644 --- a/assets/state-sandbox-device-plugin/0500_daemonset.yaml +++ b/assets/state-sandbox-device-plugin/0500_daemonset.yaml @@ -62,6 +62,17 @@ spec: imagePullPolicy: IfNotPresent name: nvidia-sandbox-device-plugin-ctr command: ["nvidia-kubevirt-gpu-device-plugin"] + env: + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace securityContext: privileged: true volumeMounts: diff --git a/deployments/gpu-operator/templates/role.yaml b/deployments/gpu-operator/templates/role.yaml index dc4674c57..22ebe3356 100644 --- a/deployments/gpu-operator/templates/role.yaml +++ b/deployments/gpu-operator/templates/role.yaml @@ -46,6 +46,7 @@ rules: - configmaps - endpoints - pods + - pods/exec - pods/eviction - secrets - services