From c518f79d8ebea35f07eb4ff8d30fcba1d16ac073 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20T=C3=BCrkal?= Date: Thu, 2 May 2024 13:26:25 +0300 Subject: [PATCH] Add nvidia-container-toolkit MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Furkan Türkal Co-authored-by: Batuhan Signed-off-by: Furkan Türkal --- generated.tf | 9 +++ images/nvidia-container-toolkit/README.md | 28 ++++++++ .../nvidia-container-toolkit/config/main.tf | 66 +++++++++++++++++++ images/nvidia-container-toolkit/generated.tf | 13 ++++ images/nvidia-container-toolkit/main.tf | 37 +++++++++++ images/nvidia-container-toolkit/metadata.yaml | 12 ++++ .../tests/EXAMPLE_TEST.sh | 5 ++ images/nvidia-container-toolkit/tests/main.tf | 18 +++++ 8 files changed, 188 insertions(+) create mode 100644 images/nvidia-container-toolkit/README.md create mode 100644 images/nvidia-container-toolkit/config/main.tf create mode 100644 images/nvidia-container-toolkit/generated.tf create mode 100644 images/nvidia-container-toolkit/main.tf create mode 100644 images/nvidia-container-toolkit/metadata.yaml create mode 100644 images/nvidia-container-toolkit/tests/EXAMPLE_TEST.sh create mode 100644 images/nvidia-container-toolkit/tests/main.tf diff --git a/generated.tf b/generated.tf index 9a70a33e8d..1ba6746b1f 100644 --- a/generated.tf +++ b/generated.tf @@ -978,6 +978,11 @@ module "ntpd-rs" { target_repository = "${var.target_repository}/ntpd-rs" } +module "nvidia-container-toolkit" { + source = "./images/nvidia-container-toolkit" + target_repository = "${var.target_repository}/nvidia-container-toolkit" +} + module "nvidia-device-plugin" { source = "./images/nvidia-device-plugin" target_repository = "${var.target_repository}/nvidia-device-plugin" @@ -2279,6 +2284,10 @@ output "summary_ntpd-rs" { value = module.ntpd-rs.summary } +output "summary_nvidia-container-toolkit" { + value = module.nvidia-container-toolkit.summary +} + output "summary_nvidia-device-plugin" { value = module.nvidia-device-plugin.summary } diff --git a/images/nvidia-container-toolkit/README.md b/images/nvidia-container-toolkit/README.md new file mode 100644 index 0000000000..71668de58e --- /dev/null +++ b/images/nvidia-container-toolkit/README.md @@ -0,0 +1,28 @@ + +# nvidia-container-toolkit +| | | +| - | - | +| **OCI Reference** | `cgr.dev/chainguard/nvidia-container-toolkit` | + + +* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/nvidia-container-toolkit/overview/) +* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags. +* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.* + +--- + + + +The NVIDIA Container Toolkit allows users to build and run GPU accelerated containers. + + + +## Download this Image +The image is available on `cgr.dev`: + +``` +docker pull cgr.dev/chainguard/nvidia-container-toolkit:latest +``` + + + diff --git a/images/nvidia-container-toolkit/config/main.tf b/images/nvidia-container-toolkit/config/main.tf new file mode 100644 index 0000000000..80dc527bb4 --- /dev/null +++ b/images/nvidia-container-toolkit/config/main.tf @@ -0,0 +1,66 @@ +terraform { + required_providers { + apko = { source = "chainguard-dev/apko" } + } +} + +module "accts" { + source = "../../../tflib/accts" + run-as = 0 # This image needs to run as root +} + +variable "extra_repositories" { + description = "The additional repositores to install from (e.g. extras)." + default = ["https://packages.cgr.dev/extras"] +} + +variable "extra_keyring" { + description = "The additional keys to use (e.g. extras)." + default = ["https://packages.cgr.dev/extras/chainguard-extras.rsa.pub"] +} + +variable "extra_packages" { + description = "Additional packages to install." + type = list(string) + default = [ + "nvidia-container-toolkit", + "nvidia-container-toolkit-nvidia-container-runtime", + "nvidia-container-toolkit-nvidia-container-runtime-cdi", + "nvidia-container-toolkit-nvidia-container-runtime-hook", + "nvidia-container-toolkit-nvidia-container-runtime-legacy", + "nvidia-container-toolkit-nvidia-ctk", + "nvidia-container-runtime-containerd", + "nvidia-container-runtime-crio", + "nvidia-container-runtime-docker", + "nvidia-container-runtime-nvidia-toolkit", + "nvidia-container-runtime-operator", + "nvidia-container-runtime-toolkit", + "libnvidia-container", + "nvidia-cuda-cudart-12", + "nvidia-cuda-nvml-dev-12", + ] +} + +output "config" { + value = jsonencode({ + contents = { + packages = concat(var.extra_packages) + repositories = concat(var.extra_repositories) + keyring = concat(var.extra_keyring) + } + accounts = module.accts.block + environment = { + PATH = "/work:/usr/local/nvidia/bin:/usr/local/cuda/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/cuda-12.3/", + CUDA_VERSION = "12.3", + LD_LIBRARY_PATH = "/usr/local/nvidia/lib:/usr/local/nvidia/lib64:/usr/lib/:/usr/lib64:/usr/local/cuda-12.3/include:/usr/local/cuda-12.3/lib:/usr/local/cuda-12.3/lib64:/usr/local/cuda-12.3/lib64/stubs" + NVIDIA_VISIBLE_DEVICES = "all" + NVIDIA_DRIVER_CAPABILITIES = "utility" + NVIDIA_REQUIRE_CUDA = "cuda>=11.2 brand=tesla,driver>=418,driver<419 brand=tesla,driver>=440,driver<441 driver>=450" + NVIDIA_DISABLE_REQUIRE = "true" + }, + work-dir = "/work" + entrypoint = { + command = "nvidia-toolkit" + } + }) +} diff --git a/images/nvidia-container-toolkit/generated.tf b/images/nvidia-container-toolkit/generated.tf new file mode 100644 index 0000000000..556d70180e --- /dev/null +++ b/images/nvidia-container-toolkit/generated.tf @@ -0,0 +1,13 @@ +# DO NOT EDIT - this file is autogenerated by tfgen + +output "summary" { + value = merge( + { + basename(path.module) = { + "ref" = module.nvidia-container-toolkit.image_ref + "config" = module.nvidia-container-toolkit.config + "tags" = ["latest"] + } + }) +} + diff --git a/images/nvidia-container-toolkit/main.tf b/images/nvidia-container-toolkit/main.tf new file mode 100644 index 0000000000..59f0328902 --- /dev/null +++ b/images/nvidia-container-toolkit/main.tf @@ -0,0 +1,37 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + } +} + +variable "target_repository" { + description = "The docker repo into which the image and attestations should be published." +} + +module "config" { source = "./config" } + +module "nvidia-container-toolkit" { + source = "../../tflib/publisher" + name = basename(path.module) + target_repository = var.target_repository + config = module.config.config + # build-dev = true +} + +# module "test" { +# source = "./tests" +# digest = module.nvidia-container-toolkit.image_ref +# } + +resource "oci_tag" "latest" { + # depends_on = [module.test] + digest_ref = module.nvidia-container-toolkit.image_ref + tag = "latest" +} + +# resource "oci_tag" "latest-dev" { +# depends_on = [module.test] +# digest_ref = module.nvidia-container-toolkit.dev_ref +# tag = "latest-dev" +# } + diff --git a/images/nvidia-container-toolkit/metadata.yaml b/images/nvidia-container-toolkit/metadata.yaml new file mode 100644 index 0000000000..3f891ccf92 --- /dev/null +++ b/images/nvidia-container-toolkit/metadata.yaml @@ -0,0 +1,12 @@ +name: nvidia-container-toolkit +image: cgr.dev/chainguard/nvidia-container-toolkit +logo: https://storage.googleapis.com/chainguard-academy/logos/nvidia-container-toolkit.svg +endoflife: "" +console_summary: "Build and run containers leveraging NVIDIA GPUs" +short_description: The NVIDIA Container Toolkit allows users to build and run GPU accelerated containers. +compatibility_notes: "" +readme_file: README.md +upstream_url: https://github.com/NVIDIA/nvidia-container-toolkit +keywords: + - nvidia + - gpu diff --git a/images/nvidia-container-toolkit/tests/EXAMPLE_TEST.sh b/images/nvidia-container-toolkit/tests/EXAMPLE_TEST.sh new file mode 100644 index 0000000000..348ce1cc10 --- /dev/null +++ b/images/nvidia-container-toolkit/tests/EXAMPLE_TEST.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o errtrace -o pipefail -x + +# TODO: Implement this test. diff --git a/images/nvidia-container-toolkit/tests/main.tf b/images/nvidia-container-toolkit/tests/main.tf new file mode 100644 index 0000000000..139178af93 --- /dev/null +++ b/images/nvidia-container-toolkit/tests/main.tf @@ -0,0 +1,18 @@ +terraform { + required_providers { + oci = { source = "chainguard-dev/oci" } + } +} + +variable "digest" { + description = "The image digest to run tests over." +} + +// Invoke a script with the test. +// $IMAGE_NAME is populated with the image name by digest. +// TODO: Update or remove this test as appropriate. +data "oci_exec_test" "manifest" { + digest = var.digest + script = "./EXAMPLE_TEST.sh" + working_dir = path.module +}