diff --git a/contrib/terraform/openstack/modules/compute/main.tf b/contrib/terraform/openstack/modules/compute/main.tf index 89fe24e7e5d..7a1c710bfb2 100644 --- a/contrib/terraform/openstack/modules/compute/main.tf +++ b/contrib/terraform/openstack/modules/compute/main.tf @@ -596,6 +596,7 @@ resource "openstack_compute_instance_v2" "k8s_nodes" { user_data = each.value.cloudinit != null ? templatefile("${path.module}/templates/cloudinit.yaml.tmpl", { extra_partitions = each.value.cloudinit.extra_partitions }) : data.cloudinit_config.cloudinit.rendered + security_groups = var.port_security_enabled ? local.worker_sec_groups : null dynamic "block_device" { for_each = !local.k8s_nodes_settings[each.key].use_local_disk ? [local.k8s_nodes_settings[each.key].image_id] : [] diff --git a/inventory/kubejetstream/cluster.tfvars b/inventory/kubejetstream/cluster.tfvars index 03f6b439afe..6a4233f218c 100644 --- a/inventory/kubejetstream/cluster.tfvars +++ b/inventory/kubejetstream/cluster.tfvars @@ -41,6 +41,50 @@ number_of_k8s_nodes_no_floating_ip = 0 flavor_k8s_node = "4" +# # Uncomment when all nodes will be GPU nodes +# # If you wish to use this var for another reason, add the ansible groups as a comma seperated list +# # E.g "additional-group-1,additional-group2,etc" +# supplementary_node_groups = "gpu-node" + +# BEGIN HYBRID CLUSTER CONFIG + +# # Set to true by default, but we make it explicit here +# port_security_enabled = true + +# # Must be uncommented and set to 0 to use the k8s_nodes variable +# number_of_k8s_nodes = 0 +# number_of_k8s_nodes_no_floating_ip = 0 + +# # "-k8s-node-" will be prepended to each key name and used to create the instance name. +# # E.g the first item below would result in an instanced named "-k8s-node-nf-cpu-1" +# # For a full list of options see ./contrib/terraform/openstack/README.md#k8s_nodes +# k8s_nodes = { +# "nf-cpu-1" = { +# "az" = "nova" +# "flavor": "4" +# "floating_ip": false +# }, +# "nf-cpu-2" = { +# "az" = "nova" +# "flavor": "4" +# "floating_ip": false +# }, +# "nf-gpu-1" = { +# "az" = "nova" +# "flavor": "10" +# "floating_ip": false +# "extra_groups": "gpu-node" +# }, +# "nf-gpu-2" = { +# "az" = "nova" +# "flavor": "10" +# "floating_ip": false +# "extra_groups": "gpu-node" +# }, +# } + +# END HYBRID CLUSTER CONFIG + # GlusterFS # either 0 or more than one #number_of_gfs_nodes_no_floating_ip = 0 diff --git a/inventory/kubejetstream/group_vars/gpu-node/containderd.yml b/inventory/kubejetstream/group_vars/gpu-node/containderd.yml new file mode 100644 index 00000000000..4c661d1dd5a --- /dev/null +++ b/inventory/kubejetstream/group_vars/gpu-node/containderd.yml @@ -0,0 +1,54 @@ +--- +# Please see roles/container-engine/containerd/defaults/main.yml for more configuration options + +# containerd_storage_dir: "/var/lib/containerd" +# containerd_state_dir: "/run/containerd" +# containerd_oom_score: 0 + +containerd_default_runtime: "nvidia" +# containerd_snapshotter: "native" + +containerd_runc_runtime: + name: nvidia + type: "io.containerd.runc.v2" + engine: "" + root: "" + options: + BinaryName : '"/usr/bin/nvidia-container-runtime"' + + +# containerd_additional_runtimes: +# Example for Kata Containers as additional runtime: +# - name: kata +# type: "io.containerd.kata.v2" +# engine: "" +# root: "" + +# containerd_grpc_max_recv_message_size: 16777216 +# containerd_grpc_max_send_message_size: 16777216 + +# containerd_debug_level: "info" + +# containerd_metrics_address: "" + +# containerd_metrics_grpc_histogram: false + +## An obvious use case is allowing insecure-registry access to self hosted registries. +## Can be ipaddress and domain_name. +## example define mirror.registry.io or 172.19.16.11:5000 +## set "name": "url". insecure url must be started http:// +## Port number is also needed if the default HTTPS port is not used. +# containerd_insecure_registries: +# "localhost": "http://127.0.0.1" +# "172.19.16.11:5000": "http://172.19.16.11:5000" + +# containerd_registries: +# "docker.io": "https://registry-1.docker.io" + +# containerd_max_container_log_line_size: -1 + +# containerd_registry_auth: +# - registry: 10.0.0.2:5000 +# username: user +# password: pass +