Skip to content

Add fabric manager configuration support #2045

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
mresvanis wants to merge 8 commits into
base: main
Choose a base branch
from
+1,127 −55
Draft

Add fabric manager configuration support #2045

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
c221ff7
Add Fabric Manager configuration API types and CRD manifests
mresvanis Jan 8, 2026
54dd493
Implement controller support for Fabric Manager configuration when vm…
mresvanis Jan 8, 2026
18b975c
Adjust driver startup probe for vm-passthrough with shared NVSwitch mode
mresvanis Jan 29, 2026
a147468
Add FM env var to driver container when shared-nvswitch
mresvanis Jan 20, 2026
dd94930
Support vfio-manager with shared-nvswitch fabric manager mode
mresvanis Jan 21, 2026
742581a
Add wait for vfio-pci sandbox validation
mresvanis Jan 22, 2026
822538b
Add driver validation in sandbox when FM shared-nvswitch mode
mresvanis Jan 22, 2026
116e9bf
Enable FM in sandbox device plugin when FM shared-nvswitch mode
mresvanis Jan 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions api/nvidia/v1/clusterpolicy_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,8 @@ type ClusterPolicySpec struct {
CCManager CCManagerSpec `json:"ccManager,omitempty"`
// HostPaths defines various paths on the host needed by GPU Operator components
HostPaths HostPathsSpec `json:"hostPaths,omitempty"`
// FabricManager component spec
FabricManager FabricManagerSpec `json:"fabricManager,omitempty"`
}

// Runtime defines container runtime type
Expand Down Expand Up @@ -1724,6 +1726,38 @@ type CDIConfigSpec struct {
Default *bool `json:"default,omitempty"`
}

// FabricMode defines the Fabric Manager mode
type FabricMode string

const (
// FabricModeFullPassthrough indicates Full-passthrough mode (FABRIC_MODE=0)
FabricModeFullPassthrough FabricMode = "full-passthrough"
// FabricModeSharedNVSwitch indicates Shared NVSwitch Virtualization mode (FABRIC_MODE=1)
FabricModeSharedNVSwitch FabricMode = "shared-nvswitch"
)

func (f FabricMode) String() string {
switch f {
case FabricModeFullPassthrough:
return "full-passthrough"
case FabricModeSharedNVSwitch:
return "shared-nvswitch"
default:
return ""
}
}

// FabricManagerSpec defines the properties for NVIDIA Fabric Manager configuration
type FabricManagerSpec struct {
// Mode indicates the Fabric Manager mode
// +kubebuilder:validation:Enum=full-passthrough;shared-nvswitch
// +kubebuilder:default=full-passthrough
// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors=true
// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors.displayName="Fabric Manager Mode"
// +operator-sdk:gen-csv:customresourcedefinitions.specDescriptors.x-descriptors="urn:alm:descriptor:com.tectonic.ui:select:full-passthrough,urn:alm:descriptor:com.tectonic.ui:select:shared-nvswitch"
Mode FabricMode `json:"mode,omitempty"`
}

// MIGStrategy indicates MIG mode
type MIGStrategy string

Expand Down Expand Up @@ -2218,3 +2252,18 @@ func (c *MIGPartedConfigSpec) GetName() string {
func (c *VGPUDevicesConfigSpec) GetName() string {
return ptr.Deref(c, VGPUDevicesConfigSpec{}).Name
}

// IsSharedNVSwitchMode returns true if Fabric Manager is configured for Shared NVSwitch mode
func (f *FabricManagerSpec) IsSharedNVSwitchMode() bool {
return f.Mode == FabricModeSharedNVSwitch
}

// ValidateFabricManagerConfig validates the Fabric Manager configuration
func (c *ClusterPolicySpec) ValidateFabricManagerConfig() error {
if c.SandboxWorkloads.DefaultWorkload == "vm-passthrough" &&
c.FabricManager.IsSharedNVSwitchMode() &&
!c.Driver.IsEnabled() {
return fmt.Errorf("driver must be enabled when using vm-passthrough with Fabric Manager Shared NVSwitch mode")
}
return nil
}
16 changes: 16 additions & 0 deletions api/nvidia/v1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 8 additions & 2 deletions assets/state-driver/0400_configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,14 @@ data:
fi

if ! nvidia-smi; then
echo "nvidia-smi failed"
exit 1
# For vm-passthrough with shared-nvswitch mode, nvidia-smi may fail due to unbound devices
# Fall back to checking if nvidia module is loaded when FABRIC_MANAGER_FABRIC_MODE=1
Comment on lines +25 to +26
Copy link
Contributor

@cdesiniotis cdesiniotis Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question (for my understanding) -- GPUs may not be bound to the nvidia driver since there is a chance that the vfio-manager ran already and unbound the devices? Am I understanding this correct?

if [ "${FABRIC_MANAGER_FABRIC_MODE:-}" = "1" ]; then
echo "nvidia-smi failed but nvidia module is loaded (vm-passthrough with shared-nvswitch mode)"
else
echo "nvidia-smi failed"
exit 1
fi
fi

GPU_DIRECT_RDMA_ENABLED="${GPU_DIRECT_RDMA_ENABLED:-false}"
Expand Down
7 changes: 7 additions & 0 deletions assets/state-sandbox-validation/0200_role.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,10 @@ rules:
- use
resourceNames:
- privileged
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
33 changes: 33 additions & 0 deletions assets/state-sandbox-validation/0500_daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,36 @@ spec:
priorityClassName: system-node-critical
serviceAccountName: nvidia-sandbox-validator
initContainers:
- name: driver-validation
image: "FILLED BY THE OPERATOR"
command: ["sh", "-c"]
args: ["nvidia-validator"]
env:
- name: WITH_WAIT
value: "true"
- name: COMPONENT
value: driver
- name: OPERATOR_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
privileged: true
seLinuxOptions:
level: "s0"
volumeMounts:
- name: host-root
mountPath: /host
readOnly: true
mountPropagation: HostToContainer
- name: driver-install-path
mountPath: /run/nvidia/driver
mountPropagation: HostToContainer
- name: run-nvidia-validations
mountPath: /run/nvidia/validations
mountPropagation: Bidirectional
- name: host-dev-char
mountPath: /host-dev-char
- name: cc-manager-validation
image: "FILLED BY THE OPERATOR"
command: ['sh', '-c']
Expand Down Expand Up @@ -145,3 +175,6 @@ spec:
- name: host-root
hostPath:
path: /
- name: host-dev-char
hostPath:
path: /dev/char
7 changes: 7 additions & 0 deletions assets/state-vfio-manager/0500_daemonset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,9 @@ spec:
readOnly: true
- name: host-root
mountPath: /host
- name: run-nvidia-validations
mountPath: /run/nvidia/validations
mountPropagation: Bidirectional
securityContext:
privileged: true
seLinuxOptions:
Expand All @@ -102,6 +105,10 @@ spec:
hostPath:
path: /run/nvidia
type: DirectoryOrCreate
- name: run-nvidia-validations
hostPath:
path: /run/nvidia/validations
type: DirectoryOrCreate
- name: host-root
hostPath:
path: "/"
11 changes: 11 additions & 0 deletions bundle/manifests/nvidia.com_clusterpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1057,6 +1057,17 @@ spec:
type: string
type: object
type: object
fabricManager:
description: FabricManager component spec
properties:
mode:
default: full-passthrough
description: Mode indicates the Fabric Manager mode
enum:
- full-passthrough
- shared-nvswitch
type: string
type: object
gdrcopy:
description: GDRCopy component spec
properties:
Expand Down
24 changes: 14 additions & 10 deletions cmd/nvidia-validator/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1624,18 +1624,22 @@ func (v *VfioPCI) validate() error {
return err
}

err = v.runValidation()
if err != nil {
return err
}
log.Info("Validation completed successfully - all devices are bound to vfio-pci")
for {
log.Info("Attempting to validate that all device are bound to vfio-pci")
err := v.runValidation()
if err != nil {
if !withWaitFlag {
return fmt.Errorf("error validating vfio-pci: %w", err)
}
log.Warningf("failed to validate vfio-pci, retrying after %d seconds\n", sleepIntervalSecondsFlag)
time.Sleep(time.Duration(sleepIntervalSecondsFlag) * time.Second)
continue
}

// delete status file is already present
err = createStatusFile(outputDirFlag + "/" + vfioPCIStatusFile)
if err != nil {
return err
log.Info("Validation completed successfully - all devices are bound to vfio-pci")

return createStatusFile(outputDirFlag + "/" + vfioPCIStatusFile)
}
return nil
}

func (v *VfioPCI) runValidation() error {
Expand Down
11 changes: 11 additions & 0 deletions config/crd/bases/nvidia.com_clusterpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1057,6 +1057,17 @@ spec:
type: string
type: object
type: object
fabricManager:
description: FabricManager component spec
properties:
mode:
default: full-passthrough
description: Mode indicates the Fabric Manager mode
enum:
- full-passthrough
- shared-nvswitch
type: string
type: object
gdrcopy:
description: GDRCopy component spec
properties:
Expand Down
Loading