Skip to content

new privileges for sandbox-device-plugin #2078

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rajatchopra wants to merge 1 commit into
base: main
Choose a base branch
from
Open

new privileges for sandbox-device-plugin #2078

rajatchopra wants to merge 1 commit into from

Conversation

@rajatchopra
Copy link
Contributor

@rajatchopra rajatchopra commented Jan 28, 2026
edited
Loading

Description

sandbox-device-plugin will launch the GFD job within the sandbox env, so we need new privileges for it to do so
Changes:

  • add CRUD privileges for jobs to Role
  • add NODE_NAME/POD_NAMESPACE info so that the device plugin can launch job on its own node

GFD launch PR in sandbox-device-plugin: NVIDIA/sandbox-device-plugin#30

Checklist

  • No secrets, sensitive information, or unrelated changes
  • Lint checks passing (make lint)
  • Generated assets in-sync (make validate-generated-assets)
  • Go mod artifacts in-sync (make validate-modules)
  • Test cases are added for new code paths

Testing

Manual testing on cluster

@copy-pr-bot
Copy link

copy-pr-bot bot commented Jan 28, 2026

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

tariq1890
tariq1890 reviewed Jan 28, 2026
View reviewed changes
assets/state-sandbox-device-plugin/0200_role.yaml
resources:
- jobs
verbs:
- create
Copy link
Contributor

@tariq1890 tariq1890 Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need all of these permissions? I prefer starting with a minimal list. It seems that create, get, watch and delete would suffice here, yes?

Copy link
Contributor Author

@rajatchopra rajatchopra Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can skip update I think. I always assumed watch requires list/get.
Fixed.

@rajatchopra
feat: sandbox device plugin will launch a GFD job, so we need new pri…
0bbce4b 
…vileges and info

Signed-off-by: Rajat Chopra <rajatc@nvidia.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tariq1890 tariq1890 tariq1890 left review comments

@ArangoGutierrez ArangoGutierrez Awaiting requested review from ArangoGutierrez ArangoGutierrez is a code owner

@cdesiniotis cdesiniotis Awaiting requested review from cdesiniotis cdesiniotis is a code owner

@elezar elezar Awaiting requested review from elezar elezar is a code owner

@shivamerla shivamerla Awaiting requested review from shivamerla shivamerla is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rajatchopra @tariq1890