Skip to content

feat: optional /dev/fuse injection via CW_INJECT_FUSE_DEVICE#13

Open
wimarkuske wants to merge 1 commit into
coreweave:coreweavefrom
wimarkuske:feat/inject-fuse-device
Open

feat: optional /dev/fuse injection via CW_INJECT_FUSE_DEVICE#13
wimarkuske wants to merge 1 commit into
coreweave:coreweavefrom
wimarkuske:feat/inject-fuse-device

Conversation

@wimarkuske

Copy link
Copy Markdown

What

Adds an opt-in flag — CW_INJECT_FUSE_DEVICE=true / chart value injectFuseDevice: true — that injects /dev/fuse (with the device-cgroup rw rule) into device-plugin allocations. This lets rootless apptainer / squashfuse run in non-privileged GPU pods (e.g. SUNK slurmd) without a privileged securityContext or a separate fuse device plugin.

Default behavior is unchanged (flag off).

Why

On cgroup v2 + containerd 2.x, mounting /dev/fuse into a container as a hostPath is not sufficientopen("/dev/fuse") is gated by the per-container device cgroup, which denies char 10:229 even for root. Only the kubelet can populate that allow-list at pod creation, via one of: privileged: true (all devices), a DRA driver, or a device plugin DeviceSpec.

Since slurmd already requests this plugin's sunk.coreweave.com/accelerator resource (and the plugin already returns GPU DeviceSpecs under PASS_DEVICE_SPECS), the cheapest path is to append a /dev/fuse DeviceSpec to that same allocation. The kubelet then creates the node and adds the cgroup rule — non-privileged.

Note: cdi.k8s.io/* pod annotations do not work here — containerd 2.x only consumes CDI from the CDIDevices CRI field, not annotations.

Change

  • internal/plugin/server.goapiDeviceSpecs() appends a /dev/fuse DeviceSpec (HostPath/ContainerPath /dev/fuse, rw) when CW_INJECT_FUSE_DEVICE=true.
  • deployments/helm/nvidia-device-plugin/values.yaml — new injectFuseDevice: false.
  • deployments/helm/nvidia-device-plugin/templates/daemonset-device-plugin.yml — renders the env on the plugin container when the value is set.

Scope / follow-up

Covers the PassDeviceSpecs (volume-mounts) device-list strategy, which is what SUNK uses. CDI device-list strategies allocate via updateResponseForCDI() and are not covered by this PR — adding a fuse CDI device through cdiHandler is a clean follow-up.

Validation (live, CoreWeave SUNK test cluster cw1690 / wm-usw09b, k8s 1.35, containerd 2.1.4)

A patched build of this image was deployed as the sunk-nvidia-device-plugin with CW_INJECT_FUSE_DEVICE=true. On a slurmd pod requesting only sunk.coreweave.com/accelerator: 8 (no extra resource, no privileged):

  • /dev/fuse present as crw-rw-rw- (character device)
  • unprivileged (uid 65534) open() on /dev/fuse succeeds (was EPERM before)
  • apptainer exec docker://alpine … mounts via squashfuse + user namespaces successfully

Helm render verified: env absent by default, present only with injectFuseDevice=true.

Enablement (downstream)

Via SUNK chart values (subchart passthrough), once the SUNK nvidia-device-plugin dependency is bumped to a release containing this change:

nvidia-device-plugin:
  enabled: true
  injectFuseDevice: true

🤖 Generated with Claude Code

Add an opt-in flag that injects /dev/fuse (with the device-cgroup rw rule)
into device-plugin allocations, so rootless apptainer/squashfuse works in
NON-privileged GPU pods (e.g. SUNK slurmd) without a privileged
securityContext or a separate fuse device plugin.

On cgroup-v2 + containerd 2.x, a plain hostPath mount of /dev/fuse is
insufficient: open() is gated by the per-container device cgroup, which only
the kubelet can populate at pod creation (via a device plugin, DRA, or
privileged). This appends a /dev/fuse DeviceSpec to apiDeviceSpecs() when
CW_INJECT_FUSE_DEVICE=true, so the kubelet adds the node + cgroup allow rule.

- internal/plugin/server.go: env-gated DeviceSpec append (PassDeviceSpecs path)
- chart: injectFuseDevice value renders CW_INJECT_FUSE_DEVICE on the container

Default behavior unchanged (flag off). Covers the PassDeviceSpecs / volume-mounts
device-list strategy; CDI strategies (updateResponseForCDI) are a follow-up.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@wimarkuske wimarkuske changed the title feat: optional /dev/fuse injection via CW_INJECT_FUSE_DEVICE (non-privileged apptainer FUSE) feat: optional /dev/fuse injection via CW_INJECT_FUSE_DEVICE Jun 4, 2026
@wimarkuske wimarkuske marked this pull request as ready for review June 4, 2026 20:53
@wimarkuske wimarkuske requested a review from a team as a code owner June 4, 2026 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant