search

aws-samples / aws-efa-eks

Deploying EFA in EKS utilizing GPUDirectRDMA where supported
MIT No Attribution
35 stars 19 forks source link

Run efa-device-plugin container with non root user #11

Closed DanielJuravski closed 1 year ago

DanielJuravski commented 1 year ago

Issue #, if available: #8

Description of changes: Allow the container to be run as non root user

Kubernetes 1.25 has produced different security restrictions (https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-1.25) As a result, eksctl tool needed to align the used plugins (Nvidia, Neuron, AWS node, etc.) with those security changes (https://github.com/weaveworks/eksctl/pull/6065). Seems that they missed patching efa-k8s-device-plugin. I created a PR for patching it https://github.com/weaveworks/eksctl/pull/6435 Meanwhile, for applying the efa-k8s-device-plugin, use a custom yaml (add runAsUser: 1000 field to the container execution), 

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

DanielJuravski commented 1 year ago

This helm chart resolved the issue https://github.com/aws-samples/efa-device-plugin-helm