feat: add bare-metal GPU clusterGroup with NVIDIA confidential container support

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: butler54

charts/all/nvidia-gpu/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+description: NVIDIA GPU operator configuration for confidential containers (ClusterPolicy, IOMMU, VFIO).
+keywords:
+- pattern
+- nvidia
+- gpu
+- confidential-computing
+name: nvidia-gpu
+version: 0.0.1

charts/all/nvidia-gpu/templates/cluster-policy.yaml

@@ -0,0 +1,35 @@
+apiVersion: nvidia.com/v1
+kind: ClusterPolicy
+metadata:
+  name: gpu-cluster-policy
+spec:
+  ccManager:
+    defaultMode: {{ .Values.ccManager.defaultMode | quote }}
+    enabled: {{ .Values.ccManager.enabled }}
+  cdi:
+    enabled: true
+    default: false
+  driver:
+    enabled: false
+  devicePlugin:
+    enabled: false
+  gfd:
+    enabled: true
+  kataManager:
+    enabled: false
+  sandboxDevicePlugin:
+    enabled: true
+    env:
+      - name: P_GPU_ALIAS
+        value: {{ .Values.sandboxDevicePlugin.pgpuAlias }}
+      - name: NVSWITCH_ALIAS
+        value: {{ .Values.sandboxDevicePlugin.nvswitchAlias }}
+  sandboxWorkloads:
+    defaultWorkload: vm-passthrough
+    enabled: true
+    mode: kata
+  vfioManager:
+    enabled: true
+    env:
+      - name: BIND_NVSWITCHES
+        value: {{ .Values.vfioManager.bindNvSwitches | quote }}

charts/all/nvidia-gpu/templates/iommu-mco.yaml

@@ -0,0 +1,16 @@
+{{- range list "master" "worker" }}
+---
+apiVersion: machineconfiguration.openshift.io/v1
+kind: MachineConfig
+metadata:
+  labels:
+    machineconfiguration.openshift.io/role: {{ . }}
+  name: 100-iommu-kernel-args-{{ . }}
+spec:
+  config:
+    ignition:
+      version: 3.2.0
+  kernelArguments:
+  - intel_iommu=on
+  - amd_iommu=on
+{{- end }}

charts/all/nvidia-gpu/values.yaml

@@ -0,0 +1,10 @@
+ccManager:
+  enabled: true
+  defaultMode: "on"
+
+sandboxDevicePlugin:
+  pgpuAlias: pgpu
+  nvswitchAlias: nvswitch
+
+vfioManager:
+  bindNvSwitches: "true"

charts/coco-supported/gpu-workload/Chart.yaml

@@ -0,0 +1,9 @@
+apiVersion: v2
+description: Sample GPU workload for confidential containers (NVIDIA GPU verification in a CoCo pod).
+keywords:
+- pattern
+- nvidia
+- gpu
+- confidential-computing
+name: gpu-workload
+version: 0.0.1

charts/coco-supported/gpu-workload/templates/gpu-verification-pod.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: gpu-cc-verify
+  labels:
+    app: gpu-cc-verify
+  annotations:
+    io.katacontainers.config.hypervisor.default_memory: {{ .Values.gpuMemory | quote }}
+spec:
+  runtimeClassName: {{ .Values.runtimeClassName }}
+  restartPolicy: OnFailure
+  containers:
+    - name: cuda-vectoradd
+      image: nvcr.io/nvidia/k8s/cuda-sample:vectoradd-cuda12.5.0
+      resources:
+        limits:
+          nvidia.com/pgpu: 1
+      securityContext:
+        privileged: false
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+        seccompProfile:
+          type: RuntimeDefault

charts/coco-supported/gpu-workload/values.yaml

@@ -0,0 +1,3 @@
+runtimeClassName: "kata-cc-nvidia-gpu"
+
+gpuMemory: "32768"

values-baremetal-gpu.yaml

@@ -0,0 +1,220 @@
+# Bare metal deployment for confidential containers with NVIDIA GPU support (Tech Preview).
+# Supports Intel TDX and AMD SEV-SNP via auto-detection (NFD).
+# Adds NVIDIA GPU Operator for GPU passthrough to confidential VMs.
+# Set main.clusterGroupName: baremetal-gpu in values-global.yaml to use.
+
+clusterGroup:
+  name: baremetal-gpu
+  isHubCluster: true
+  namespaces:
+  - open-cluster-management
+  - vault
+  - golang-external-secrets
+  - openshift-sandboxed-containers-operator
+  - trustee-operator-system
+  - cert-manager-operator
+  - cert-manager
+  - hello-openshift
+  - kbs-access
+  - openshift-cnv
+  - openshift-storage
+  - openshift-nfd
+  - baremetal
+  - intel-dcap
+  - nvidia-gpu-operator
+  - gpu-workload
+
+  subscriptions:
+    acm:
+      name: advanced-cluster-management
+      namespace: open-cluster-management
+    sandbox:
+      name: sandboxed-containers-operator
+      namespace: openshift-sandboxed-containers-operator
+      source: redhat-operators
+      channel: stable
+      installPlanApproval: Manual
+      csv: sandboxed-containers-operator.v1.12.0
+    trustee:
+      name: trustee-operator
+      namespace: trustee-operator-system
+      source: redhat-operators
+      channel: stable
+      installPlanApproval: Manual
+      csv: trustee-operator.v1.1.0
+    cert-manager:
+      name: openshift-cert-manager-operator
+      namespace: cert-manager-operator
+      channel: stable-v1
+    lvm-operator:
+      name: lvms-operator
+      namespace: openshift-storage
+      source: redhat-operators
+      channel: stable-4.20
+      installPlanApproval: Automatic
+    cnv:
+      name: kubevirt-hyperconverged
+      namespace: openshift-cnv
+      source: redhat-operators
+      channel: stable
+      installPlanApproval: Automatic
+    nfd:
+      name: nfd
+      namespace: openshift-nfd
+      channel: stable
+    gpu-operator:
+      name: gpu-operator-certified
+      namespace: nvidia-gpu-operator
+      source: certified-operators
+      channel: v24.9
+      installPlanApproval: Automatic
+
+  projects:
+  - hub
+  - vault
+  - trustee
+  - golang-external-secrets
+  - sandbox
+  - workloads
+  - default
+
+  sharedValueFiles:
+  - '/overrides/values-{{ $.Values.global.clusterPlatform }}.yaml'
+  - '/overrides/values-storage-{{ $.Values.global.storageProvider }}.yaml'
+
+  applications:
+    acm:
+      name: acm
+      namespace: open-cluster-management
+      project: hub
+      chart: acm
+      chartVersion: 0.1.*
+
+    vault:
+      name: vault
+      namespace: vault
+      project: vault
+      chart: hashicorp-vault
+      chartVersion: 0.1.*
+
+    secrets-operator:
+      name: golang-external-secrets
+      namespace: golang-external-secrets
+      project: golang-external-secrets
+      chart: golang-external-secrets
+      chartVersion: 0.1.*
+
+    trustee:
+      name: trustee
+      namespace: trustee-operator-system
+      project: trustee
+      chart: trustee
+      chartVersion: 0.2.*
+      overrides:
+        - name: global.coco.secured
+          value: "true"
+        - name: global.coco.bypassAttestation
+          value: "true"
+        - name: kbs.https.enabled
+          value: "false"
+        - name: kbs.secretResources[0].name
+          value: kbsres1
+        - name: kbs.secretResources[0].key
+          value: secret/data/hub/kbsres1
+        - name: kbs.secretResources[1].name
+          value: passphrase
+        - name: kbs.secretResources[1].key
+          value: secret/data/hub/passphrase
+
+    storage:
+      name: storage
+      namespace: openshift-storage
+      project: hub
+      path: charts/hub/storage
+
+    baremetal:
+      name: baremetal
+      namespace: baremetal
+      project: hub
+      path: charts/all/baremetal
+
+    sandbox:
+      name: sandbox
+      namespace: openshift-sandboxed-containers-operator
+      project: sandbox
+      chart: sandboxed-containers
+      chartVersion: 0.2.*
+      overrides:
+        - name: global.secretStore.backend
+          value: vault
+        - name: secretStore.name
+          value: vault-backend
+        - name: secretStore.kind
+          value: ClusterSecretStore
+        - name: enablePeerPods
+          value: "false"
+
+    intel-dcap:
+      name: intel-dcap
+      namespace: intel-dcap
+      project: hub
+      path: charts/all/intel-dcap
+      overrides:
+        - name: secretStore.name
+          value: vault-backend
+        - name: secretStore.kind
+          value: ClusterSecretStore
+
+    nvidia-gpu:
+      name: nvidia-gpu
+      namespace: nvidia-gpu-operator
+      project: hub
+      path: charts/all/nvidia-gpu
+
+    sandbox-policies:
+      name: sandbox-policies
+      namespace: openshift-sandboxed-containers-operator
+      chart: sandboxed-policies
+      chartVersion: 0.1.*
+
+    kbs-access:
+      name: kbs-access
+      namespace: kbs-access
+      project: workloads
+      path: charts/coco-supported/kbs-access
+      overrides:
+        - name: runtimeClassName
+          value: "kata-cc"
+
+    hello-openshift:
+      name: hello-openshift
+      namespace: hello-openshift
+      project: workloads
+      path: charts/coco-supported/hello-openshift
+      overrides:
+        - name: runtimeClassName
+          value: "kata-cc"
+
+    gpu-workload:
+      name: gpu-workload
+      namespace: gpu-workload
+      project: workloads
+      path: charts/coco-supported/gpu-workload
+      overrides:
+        - name: runtimeClassName
+          value: "kata-cc-nvidia-gpu"
+
+  imperative:
+    image: ghcr.io/butler54/imperative-container:latest
+    serviceAccountCreate: true
+    adminServiceAccountCreate: true
+    serviceAccountName: imperative-admin-sa
+    jobs:
+    - name: install-deps
+      playbook: ansible/install-deps.yaml
+      verbosity: -vvv
+      timeout: 3600
+    - name: init-data-gzipper
+      playbook: ansible/init-data-gzipper.yaml
+      verbosity: -vvv
+      timeout: 3600