diff --git a/CHANGELOG.md b/CHANGELOG.md index 38a64e7f8..119dbd046 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/). ### Added - Added support for configuring admission Pod Disruption Budget via Helm values (`admission.podDisruptionBudget`) [#1490](https://github.com/kai-scheduler/KAI-Scheduler/pull/1490) [dttung2905](https://github.com/dttung2905) - Added an opt-in `hamicore` binder plugin (depends on `gpusharing`) to write the HAMI-core GPU memory limit (`CUDA_DEVICE_MEMORY_LIMIT`) for fractional GPU pods. +- Added `global.podSecurityContext`, `global.resourceReservation.namespaceLabels`, `nodescaleadjuster.labels`, `crdupgrader.resources`, `topologyMigration.resources`, and `postCleanup.resources` to the Helm. chart. ### Changed - Removed redundant `PodDisruptionBudgetImplemented` guard from operator PDB creation helper [#1613](https://github.com/kai-scheduler/KAI-Scheduler/pull/1613) [dttung2905](https://github.com/dttung2905) diff --git a/deployments/kai-scheduler/templates/hooks/post/post-delete-job.yaml b/deployments/kai-scheduler/templates/hooks/post/post-delete-job.yaml index b0ca03b1e..5ca301ae0 100644 --- a/deployments/kai-scheduler/templates/hooks/post/post-delete-job.yaml +++ b/deployments/kai-scheduler/templates/hooks/post/post-delete-job.yaml @@ -25,6 +25,11 @@ spec: runAsUser: 10000 runAsNonRoot: true fsGroup: 10000 + {{- else }} + {{- with .Values.global.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} restartPolicy: Never {{- if .Values.global.nodeSelector }} @@ -43,6 +48,10 @@ spec: - name: deleter image: "{{ .Values.global.registry }}/{{ .Values.postCleanup.image.name }}:{{ .Values.postCleanup.image.tag | default .Values.global.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.postCleanup.image.pullPolicy }} + {{- with .Values.postCleanup.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.global.securityContext }} securityContext: {{- toYaml .Values.global.securityContext | nindent 12 }} diff --git a/deployments/kai-scheduler/templates/hooks/pre/crd-upgrader.yaml b/deployments/kai-scheduler/templates/hooks/pre/crd-upgrader.yaml index dff5ffbdb..819ae3339 100644 --- a/deployments/kai-scheduler/templates/hooks/pre/crd-upgrader.yaml +++ b/deployments/kai-scheduler/templates/hooks/pre/crd-upgrader.yaml @@ -31,11 +31,20 @@ spec: runAsUser: 10000 runAsNonRoot: true fsGroup: 10000 + {{- else }} + {{- with .Values.global.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} containers: - name: upgrader image: "{{ .Values.crdupgrader.image.registry | default .Values.global.registry }}/{{ .Values.crdupgrader.image.name }}:{{ .Values.crdupgrader.image.tag | default .Values.global.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.crdupgrader.image.pullPolicy }} + {{- with .Values.crdupgrader.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- if (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "clusterversions.config.openshift.io") }} securityContext: runAsUser: 10000 diff --git a/deployments/kai-scheduler/templates/hooks/pre/topology-migration/job.yaml b/deployments/kai-scheduler/templates/hooks/pre/topology-migration/job.yaml index e1e504ca0..24f0823fa 100644 --- a/deployments/kai-scheduler/templates/hooks/pre/topology-migration/job.yaml +++ b/deployments/kai-scheduler/templates/hooks/pre/topology-migration/job.yaml @@ -32,11 +32,20 @@ spec: runAsUser: 10000 runAsNonRoot: true fsGroup: 10000 + {{- else }} + {{- with .Values.global.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} containers: - name: migration image: "{{ .Values.global.registry }}/{{ .Values.topologyMigration.image.name }}:{{ .Values.topologyMigration.image.tag | default .Values.global.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.topologyMigration.image.pullPolicy }} + {{- with .Values.topologyMigration.resources }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- if (lookup "apiextensions.k8s.io/v1" "CustomResourceDefinition" "" "clusterversions.config.openshift.io") }} securityContext: runAsUser: 10000 diff --git a/deployments/kai-scheduler/templates/services/operator.yaml b/deployments/kai-scheduler/templates/services/operator.yaml index cbb9b592d..c52004bb2 100644 --- a/deployments/kai-scheduler/templates/services/operator.yaml +++ b/deployments/kai-scheduler/templates/services/operator.yaml @@ -70,6 +70,10 @@ spec: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + {{- with .Values.global.securityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- if .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml .Values.global.imagePullSecrets | nindent 8 }} @@ -86,3 +90,7 @@ spec: nodeSelector: {{- toYaml .Values.global.nodeSelector | nindent 8 }} {{- end }} + {{- with .Values.global.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/deployments/kai-scheduler/templates/services/resourcereservation-namespace.yaml b/deployments/kai-scheduler/templates/services/resourcereservation-namespace.yaml index 07924668e..890c82382 100644 --- a/deployments/kai-scheduler/templates/services/resourcereservation-namespace.yaml +++ b/deployments/kai-scheduler/templates/services/resourcereservation-namespace.yaml @@ -9,4 +9,8 @@ metadata: name: {{ .Values.global.resourceReservation.namespace }} annotations: helm.sh/resource-policy: keep -{{- end }} \ No newline at end of file + {{- with .Values.global.resourceReservation.namespaceLabels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end }} diff --git a/deployments/kai-scheduler/templates/services/scalingpod-namespace.yaml b/deployments/kai-scheduler/templates/services/scalingpod-namespace.yaml index 505f2bb85..4ed3dd1c4 100644 --- a/deployments/kai-scheduler/templates/services/scalingpod-namespace.yaml +++ b/deployments/kai-scheduler/templates/services/scalingpod-namespace.yaml @@ -6,4 +6,8 @@ apiVersion: v1 kind: Namespace metadata: name: {{ .Values.nodescaleadjuster.scalingPodNamespace }} + {{- with .Values.nodescaleadjuster.labels }} + labels: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} diff --git a/deployments/kai-scheduler/values.yaml b/deployments/kai-scheduler/values.yaml index 245258547..fe8d2ce04 100644 --- a/deployments/kai-scheduler/values.yaml +++ b/deployments/kai-scheduler/values.yaml @@ -6,6 +6,7 @@ global: tag: "" imagePullPolicy: IfNotPresent securityContext: {} + podSecurityContext: {} imagePullSecrets: [] # format: [{name: secret1}, {name: secret2}] leaderElection: false gpuSharing: false @@ -35,6 +36,7 @@ global: namespace: kai-resource-reservation serviceAccount: kai-resource-reservation appLabel: kai-resource-reservation + namespaceLabels: {} operator: image: @@ -186,6 +188,7 @@ nodescaleadjuster: # tag: "" # Optional: Override global.tag or Chart.AppVersion scalingPodNamespace: kai-scale-adjust affinity: {} + labels: {} crdupgrader: image: @@ -193,6 +196,7 @@ crdupgrader: pullPolicy: IfNotPresent # registry: "" # Optional: Override global.registry (e.g. to mirror only the hook image) # tag: "" # Optional: Override global.tag or Chart.AppVersion + resources: {} topologyMigration: # Enable migration of Kueue Topology CRs to KAI Topology CRs @@ -205,6 +209,7 @@ topologyMigration: name: crd-upgrader pullPolicy: IfNotPresent # tag: "" # Optional: Override global.tag or Chart.AppVersion + resources: {} postCleanup: enabled: true @@ -214,6 +219,7 @@ postCleanup: pullPolicy: IfNotPresent # tag: "" # Optional: Override global.tag or Chart.AppVersion serviceAccountName: post-delete-cleanup + resources: {} prometheus: # Enable Prometheus integration for time-aware fairness features.