Daemonset container and initContainer can run only in privleged mode for daemonset-mps-control-daemon

[kndoni]

Notes

Dear team.

I noticed following issue on daemonset-mps-control-daemon.yml. There is one container and initContainer that can run only in privileged mode true. But in security context when implementing security policies like for example with kyverno, privileged should be set to false by default and capabilities might be added.

Can you please take this issue in consideration. I have created one PR but I don't think the PR will solve this issue completely in mps daemonset

https://github.com/NVIDIA/k8s-device-plugin/pull/756

[kndoni]

This issue appears only in mps daemonset, in device-plugin and gdf daemonset I have tested locally and changes in PR are working fine.

Only issue is in mps daemonset that container is running in privileged mode

[kndoni]

I added in the PR a value called devicePluginMps so we can controll weather we want MPS to be enabled or not

[github-actions[bot]]

This issue is stale because it has been open 90 days with no activity. This issue will be closed in 30 days unless new comments are made or the stale label is removed.