From 55209bf6602b5d7ae7bf2a19aeeed43887e8a3d3 Mon Sep 17 00:00:00 2001 From: Yaron Date: Wed, 7 Aug 2024 14:23:25 +0300 Subject: [PATCH 1/3] small-fixes --- docs/Researcher/overview-researcher.md | 2 +- docs/admin/overview-administrator.md | 10 +++++----- docs/platform-admin/overview.md | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/Researcher/overview-researcher.md b/docs/Researcher/overview-researcher.md index dd9171286d..36cac23598 100644 --- a/docs/Researcher/overview-researcher.md +++ b/docs/Researcher/overview-researcher.md @@ -3,7 +3,7 @@ title: Researcher Documentation Overview --- # Overview: Researcher Documentation -Researchers use Run:ai to submit jobs. +_Researchers_, or _AI practitioners_, use Run:ai to submit Workloads. As part of the Researcher documentation you will find: diff --git a/docs/admin/overview-administrator.md b/docs/admin/overview-administrator.md index 1820605a17..169d70e289 100644 --- a/docs/admin/overview-administrator.md +++ b/docs/admin/overview-administrator.md @@ -6,9 +6,9 @@ The Infrastructure Administrator is an IT person, responsible for the installati As part of the Infrastructure Administrator documentation you will find: * Install Run:ai - * How to set up and modify a GPU cluster with Run:ai. + * Set up a Run:ai Cluster. * Set up Researchers to work with Run:ai. -* Configure the Run:ai system -* Setup users by connecting Run:ai to an identity provider. -* IT maintenance of the Run:ai system -* Troubleshooting Run:ai and understanding cluster health. +* IT Configuration of the Run:ai system +* Connect Run:ai to an identity provider. +* Maintenance & monitoring of the Run:ai system +* Troubleshooting. diff --git a/docs/platform-admin/overview.md b/docs/platform-admin/overview.md index dede4460b3..23e18f4f9e 100644 --- a/docs/platform-admin/overview.md +++ b/docs/platform-admin/overview.md @@ -7,7 +7,7 @@ The Platform Administrator is responsible for the day-to-day administration of t As part of the Platform Administrator documentation you will find: -* Provide the right access to system users. +* Provide the right access level to users. * Configure Run:ai meta-data such as Projects, Departments, Node pools etc. * Setup Workload Policies and Assets * Analyze system performance and perform suggested actions. \ No newline at end of file From a676bacb88f44f2239ca97d83c41f040946a823e Mon Sep 17 00:00:00 2001 From: Yaron Date: Wed, 7 Aug 2024 14:24:55 +0300 Subject: [PATCH 2/3] small-fixes --- docs/home/overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/home/overview.md b/docs/home/overview.md index 408d4a41ae..e46bfc9ce5 100644 --- a/docs/home/overview.md +++ b/docs/home/overview.md @@ -45,7 +45,7 @@ Run:ai cloud availability is monitored at [status.run.ai](https://status.run.ai) As an IT Administrator, you can collect Run:ai logs to send to support: -* Install the [Run:ai Administrator command-line interface](admin/runai-setup/config/cli-admin-install.md). +* Install the [Run:ai Administrator command-line interface](../admin/runai-setup/config/cli-admin-install.md). * Run `runai-adm collect-logs`. The command will generate a compressed file containing all of the existing Run:ai log files. !!! Note From 7603c572d10871901a0ea74ff38aa688e09a5675 Mon Sep 17 00:00:00 2001 From: Yaron Date: Wed, 7 Aug 2024 14:56:24 +0300 Subject: [PATCH 3/3] config-articles --- .../best-practices/researcher-notifications.md | 2 +- .../cli-reference/runai-submit-dist-TF.md | 4 ++-- .../cli-reference/runai-submit-dist-mpi.md | 4 ++-- .../cli-reference/runai-submit-dist-pytorch.md | 4 ++-- .../cli-reference/runai-submit-dist-xgboost.md | 4 ++-- docs/Researcher/cli-reference/runai-submit.md | 4 ++-- .../config => authentication}/img/uid-explicit.png | Bin .../non-root-containers.md | 6 +++--- docs/admin/runai-setup/config/overview.md | 9 ++++++--- docs/snippets/common-submit-cli-commands.md | 4 ++-- docs/snippets/snippets-policies.md | 4 ++-- graveyard/reference/distributed.md | 4 ++-- graveyard/reference/inference.md | 2 +- graveyard/reference/interactive.md | 4 ++-- graveyard/reference/training.md | 4 ++-- graveyard/whats-new-2020.md | 2 +- mkdocs.yml | 6 ++++-- 17 files changed, 36 insertions(+), 31 deletions(-) rename docs/admin/{runai-setup/config => authentication}/img/uid-explicit.png (100%) rename docs/admin/{runai-setup/config => authentication}/non-root-containers.md (90%) diff --git a/docs/Researcher/best-practices/researcher-notifications.md b/docs/Researcher/best-practices/researcher-notifications.md index 36b2234537..de067d8678 100644 --- a/docs/Researcher/best-practices/researcher-notifications.md +++ b/docs/Researcher/best-practices/researcher-notifications.md @@ -11,7 +11,7 @@ date: 2024-Jul-4 Managing numerous data science workloads requires monitoring various stages, including submission, scheduling, initialization, execution, and completion. Additionally, handling suspensions and failures is crucial for ensuring timely workload completion. Email Notifications address this need by sending alerts for critical workload life cycle changes. This empowers data scientists to take necessary actions and prevent delays. -Once the system administrator configures the email notifications, users will receive notifications about their jobs that transition from one status to another. In addition, the user will get warning notifications before workload termination due to project-defined timeouts. Details included in the email are: +Once the system administrator [configures the email notifications](../../admin/runai-setup/notifications/notifications.md), users will receive notifications about their jobs that transition from one status to another. In addition, the user will get warning notifications before workload termination due to project-defined timeouts. Details included in the email are: * Workload type * Project and cluster information diff --git a/docs/Researcher/cli-reference/runai-submit-dist-TF.md b/docs/Researcher/cli-reference/runai-submit-dist-TF.md index 55673681da..377c66ac58 100644 --- a/docs/Researcher/cli-reference/runai-submit-dist-TF.md +++ b/docs/Researcher/cli-reference/runai-submit-dist-TF.md @@ -75,7 +75,7 @@ runai submit-dist tf --name distributed-job --workers=2 -g 1 \ #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/authentication/non-root-containers.md). #### -e ` | --environment `` @@ -335,7 +335,7 @@ runai submit-dist tf --name distributed-job --workers=2 -g 1 \ #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/Researcher/cli-reference/runai-submit-dist-mpi.md b/docs/Researcher/cli-reference/runai-submit-dist-mpi.md index 5fb9ff7f7e..0271f00943 100644 --- a/docs/Researcher/cli-reference/runai-submit-dist-mpi.md +++ b/docs/Researcher/cli-reference/runai-submit-dist-mpi.md @@ -78,7 +78,7 @@ You can start an unattended mpi training Job of name dist1, based on Project *te #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/authentication/non-root-containers.md). #### -e ` | --environment `` @@ -334,7 +334,7 @@ You can start an unattended mpi training Job of name dist1, based on Project *te #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/Researcher/cli-reference/runai-submit-dist-pytorch.md b/docs/Researcher/cli-reference/runai-submit-dist-pytorch.md index e6f4d17f3c..c65f3a7835 100644 --- a/docs/Researcher/cli-reference/runai-submit-dist-pytorch.md +++ b/docs/Researcher/cli-reference/runai-submit-dist-pytorch.md @@ -82,7 +82,7 @@ runai submit-dist pytorch --name distributed-job --workers=2 -g 1 \ #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/authentication/non-root-containers.md). #### -e ` | --environment `` @@ -342,7 +342,7 @@ runai submit-dist pytorch --name distributed-job --workers=2 -g 1 \ #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/Researcher/cli-reference/runai-submit-dist-xgboost.md b/docs/Researcher/cli-reference/runai-submit-dist-xgboost.md index db0f01da73..4d8f467404 100644 --- a/docs/Researcher/cli-reference/runai-submit-dist-xgboost.md +++ b/docs/Researcher/cli-reference/runai-submit-dist-xgboost.md @@ -70,7 +70,7 @@ runai submit-dist xgboost --name distributed-job --workers=2 -g 1 \ #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/authentication/non-root-containers.md). #### -e ` | --environment `` @@ -326,7 +326,7 @@ runai submit-dist xgboost --name distributed-job --workers=2 -g 1 \ #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/Researcher/cli-reference/runai-submit.md b/docs/Researcher/cli-reference/runai-submit.md index dbf88b582c..c378b6915d 100644 --- a/docs/Researcher/cli-reference/runai-submit.md +++ b/docs/Researcher/cli-reference/runai-submit.md @@ -144,7 +144,7 @@ runai submit --job-name-prefix -i gcr.io/run-ai-demo/quickstart -g 1 #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../../admin/authentication/non-root-containers.md). #### -e `` | --environment `` @@ -400,7 +400,7 @@ runai submit --job-name-prefix -i gcr.io/run-ai-demo/quickstart -g 1 #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is *root* (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is *root* (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/admin/runai-setup/config/img/uid-explicit.png b/docs/admin/authentication/img/uid-explicit.png similarity index 100% rename from docs/admin/runai-setup/config/img/uid-explicit.png rename to docs/admin/authentication/img/uid-explicit.png diff --git a/docs/admin/runai-setup/config/non-root-containers.md b/docs/admin/authentication/non-root-containers.md similarity index 90% rename from docs/admin/runai-setup/config/non-root-containers.md rename to docs/admin/authentication/non-root-containers.md index 54890b6e8e..56d2dd1627 100644 --- a/docs/admin/runai-setup/config/non-root-containers.md +++ b/docs/admin/authentication/non-root-containers.md @@ -18,7 +18,7 @@ then run `id`, you will see the **root** user. ## Use Run:ai flags to limit root access -There are two [runai submit](../../../Researcher/cli-reference/runai-submit.md) flags which control user identity at the Researcher level: +There are two [runai [submit](../../Researcher/cli-reference/runai-submit.md) flags that control user identity at the Researcher level: * The flag `--run-as-user` starts the container with a specific user. The user is the current Linux user (see below for other behaviors if used in conjunction with Single sign-on). * The flag `--prevent-privilege-escalation` prevents the container from elevating its own privileges into `root` (e.g. running `sudo` or changing system files.). @@ -50,7 +50,7 @@ then verify that you cannot run `su` to become root within the container. ### Setting a Cluster-Wide Default -The two flags are voluntary. They are not enforced by the system. It is however possible to enforce them using [Policies](../../workloads/policies/policies.md). Polices allow an Administrator to force compliance on both the User Interface and Command-line interface. +The two flags are voluntary. They are not enforced by the system. It is however possible to enforce them using [Policies](../workloads/policies/policies.md). Policies allow an Administrator to force compliance on both the User Interface and Command-line interface. ## Passing user identity @@ -60,7 +60,7 @@ A best practice is to store the user identifier (UID) and the group identifier ( To perform this, you must: -* Set up [single sign-on](../../authentication/authentication-overview.md). Perform the steps for UID/GID integration. +* Set up [single sign-on](authentication-overview.md). Perform the steps for UID/GID integration. * Run: `runai login` and enter your credentials * Use the flag --run-as-user diff --git a/docs/admin/runai-setup/config/overview.md b/docs/admin/runai-setup/config/overview.md index 4e79fd8708..2128fa1dc4 100644 --- a/docs/admin/runai-setup/config/overview.md +++ b/docs/admin/runai-setup/config/overview.md @@ -9,9 +9,12 @@ This section provides a list of installation-related articles dealing with a wid | Article | Purpose | |---------------------------------------------------------|-----------| | [Designating Specific Role Nodes](node-roles.md) | Set one or more designated Run:ai system nodes or limit Run:ai monitoring and scheduling to specific nodes in the cluster. | -| [Setup Project-based Researcher Access Control](../../authentication/researcher-authentication.md) | Enable Run:ai access control is at the __Project__ level. | -| [Single sign-on](../../authentication/authentication-overview.md) | Integrate with the organization's Identity Provider to provide single sign-on for Run:ai | | [Review Kubernetes Access provided to Run:ai](access-roles.md) | In Restrictive Kubernetes environments such as when using OpenShift, understand and control what Kubernetes roles are provided to Run:ai | | [External access to Containers](allow-external-access-to-containers.md) | Understand the available options for Researchers to access containers from the outside | -| [User Identity in Container](non-root-containers.md) | The identity of the user in the container determines its access to cluster resources. The document explains multiple way on how to propagate the user identity into the container. | | [Install the Run:ai Administrator Command-line Interface](cli-admin-install.md) | The Administrator command-line is useful in a variety of flows such as cluster upgrade, node setup etc. | +| [Set Node affinity with cloud node pools](node-affinity-with-cloud-node-pools.md) | Set node affinity when using a cloud provider for your cluster | +| [Local Certificate Authority](org-cert.md) | For self-hosted Run:ai environments, specifically air-gapped installation, setup a local certificate authority to allow customers to safely connect to Run:ai | +| [Backup & Restore](dr.md) | For self-hosted Run:ai environments, set up a scheduled backup of Run:ai data | +| [High Availability](ha.md) | Configure Run:ai such that it will continue to provide service even if parts of the system are down. | +| [Scaling](large-clusters.md) | Scale the Run:ai cluster and the Run:ai control-plane to withstand large transaction loads | +| [Emails and system notification](../notifications/notifications.md) | Configure e-mail notification | diff --git a/docs/snippets/common-submit-cli-commands.md b/docs/snippets/common-submit-cli-commands.md index 3a689895e6..e7412c4fff 100644 --- a/docs/snippets/common-submit-cli-commands.md +++ b/docs/snippets/common-submit-cli-commands.md @@ -37,7 +37,7 @@ #### --create-home-dir -> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../admin/runai-setup/config/non-root-containers.md). +> Create a temporary home directory for the user in the container. Data saved in this directory will not be saved when the container exits. For more information see [non root containers](../admin/authentication/non-root-containers.md). #### -e ` | --environment `` @@ -265,7 +265,7 @@ #### --run-as-user -> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../admin/runai-setup/config/non-root-containers.md). +> Run in the context of the current user running the Run:ai command rather than the root user. While the default container user is _root_ (same as in Docker), this command allows you to submit a Job running under your Linux user. This would manifest itself in access to operating system resources, in the owner of new folders created under shared directories, etc. Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see [non root containers](../admin/authentication/non-root-containers.md). ### Scheduling diff --git a/docs/snippets/snippets-policies.md b/docs/snippets/snippets-policies.md index c4c5a8105f..26bfbc2ee9 100644 --- a/docs/snippets/snippets-policies.md +++ b/docs/snippets/snippets-policies.md @@ -38,8 +38,8 @@ The `defaults` section of the policy file is... | `hostNetwork` | `boolean` or `null` | Enable host networking. Default to `false`. | | `connections` | `array of objects` | List of [connections](#connections-variables) that either expose ports from the container (each port is associated with a tool that the container runs), or URL's to be used for connecting to an external tool that is related to the action of the container (such as Weights & Biases). | | `createHomeDir` | `boolean` or `null` | Create a home directory for the container. | -| `allowPrivilegeEscalation` | `boolean` or `null` | Allow the container running the workload and all launched processes to gain additional privileges after the workload starts. For more information, see [User Identity in Container](../../runai-setup/config/non-root-containers.md). | -| `uidGidSource` | `string` or `null` | Indicate the way to determine the user and group ids of the container. Choose from:
 `fromTheImage`—user and group ids are determined by the docker image that the container runs (Default).
`custom`—user and group ids can be specified in the environment asset and/or the workspace creation request.
`idpToken`—user and group ids are determined according to the identity provider (idp) access token. This option is intended for internal use of the environment UI form. For more information see [User Identity guide](../../runai-setup/config/non-root-containers.md). | +| `allowPrivilegeEscalation` | `boolean` or `null` | Allow the container running the workload and all launched processes to gain additional privileges after the workload starts. For more information, see [User Identity in Container](../../authentication/non-root-containers.md). | +| `uidGidSource` | `string` or `null` | Indicate the way to determine the user and group ids of the container. Choose from:
 `fromTheImage`—user and group ids are determined by the docker image that the container runs (Default).
`custom`—user and group ids can be specified in the environment asset and/or the workspace creation request.
`idpToken`—user and group ids are determined according to the identity provider (idp) access token. This option is intended for internal use of the environment UI form. For more information see [User Identity guide](../../authentication/non-root-containers.md). | | `overrideUidGidInWorkspace` | `boolean` | Allow specifying uid/gid as part of create workspace. This is relevant only for custom uigGidSource. Default: false| | `capabilities` | `array of strings` or `null` | The POSIX capabilities to add when running containers. Defaults to the default set of capabilities granted by the container runtime. Choose from: `AUDIT CONTROL `, `AUDIT READ `, `AUDIT WRITE `, `BLOCK SUSPEND `, `CHOWN `, `DAC OVERRIDE `, `DAC READ SEARCH `, `FOWNER `, `FSETID `, `IPC LOCK `, `IPC OWNER `, `KILL `, `LEASE `, `LINUX IMMUTABLE `, `MAC ADMIN `, `MAC OVERRIDE `, `MKNOD `, `NET ADMIN `, `NET BIND SERVICE `, `NET BROADCAST `, `NET RAW `, `SETGID `, `SETFCAP `, `SETPCAP `, `SETUID `, `SYS ADMIN `, `SYS BOOT `, `SYS CHROOT `, `SYS MODULE `, `SYS NICE `, `SYS PACCT `, `SYS PTRACE `, `SYS RAWIO `, `SYS RESOURCE `, `SYS TIME `, `SYS TTY CONFIG `, `SYSLOG `, `WAKE ALARM`. | | `seccompProfileType` | `string` or `null` | Indicates which kind of seccomp profile will be applied to the container. Choose from: `Runtime` (default)—the container runtime default profile should be used.
`Unconfined`&mdashno profile should be applied.
`Localhost` is not yet supported by Run:ai. | diff --git a/graveyard/reference/distributed.md b/graveyard/reference/distributed.md index 7323f7adc4..15bd871a0a 100644 --- a/graveyard/reference/distributed.md +++ b/graveyard/reference/distributed.md @@ -16,7 +16,7 @@ FIELDS: Allow the container running the workload and all launched processes to gain additional privileges after the workload starts. For more information see the "User Identity in Container" guide at - https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + https://docs.run.ai/admin/authentication/non-root-containers/ annotations Specifies annotations to be set in the container that is running the @@ -240,7 +240,7 @@ FIELDS: Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see the User Identity guide - at https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + at https://docs.run.ai/admin/authentication/non-root-containers/ runPolicy RunPolicy is shared between all distributed jobs. diff --git a/graveyard/reference/inference.md b/graveyard/reference/inference.md index 1c5056f41e..e90095e5ee 100644 --- a/graveyard/reference/inference.md +++ b/graveyard/reference/inference.md @@ -241,7 +241,7 @@ FIELDS: Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see the User Identity guide - at https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + at https://docs.run.ai/admin/authentication/non-root-containers/ s3 Specifies S3 buckets to mount into the container running the workload diff --git a/graveyard/reference/interactive.md b/graveyard/reference/interactive.md index f6c630ab39..55e3b1caef 100644 --- a/graveyard/reference/interactive.md +++ b/graveyard/reference/interactive.md @@ -20,7 +20,7 @@ FIELDS: Allow the container running the workload and all launched processes to gain additional privileges after the workload starts. For more information see the "User Identity in Container" guide at - https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + https://docs.run.ai/admin/authentication/non-root-containers/ annotations Specifies annotations to be set in the container that is running the @@ -250,7 +250,7 @@ FIELDS: Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see the User Identity guide - at https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + at https://docs.run.ai/admin/authentication/non-root-containers/ s3 Specifies S3 buckets to mount into the container running the workload diff --git a/graveyard/reference/training.md b/graveyard/reference/training.md index 2b212106bb..2bc0c8cf85 100644 --- a/graveyard/reference/training.md +++ b/graveyard/reference/training.md @@ -20,7 +20,7 @@ FIELDS: Allow the container running the workload and all launched processes to gain additional privileges after the workload starts. For more information see the "User Identity in Container" guide at - https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + https://docs.run.ai/admin/authentication/non-root-containers/ annotations Specifies annotations to be set in the container that is running the @@ -256,7 +256,7 @@ FIELDS: Alternatively, if your cluster is connected to Run:ai via SAML, you can map the container to use the Linux UID/GID which is stored in the organization's directory. For more information see the User Identity guide - at https://docs.run.ai/admin/runai-setup/config/non-root-containers/ + at https://docs.run.ai/admin/authentication/non-root-containers/ s3 Specifies S3 buckets to mount into the container running the workload diff --git a/graveyard/whats-new-2020.md b/graveyard/whats-new-2020.md index cb79291b3f..634ef81f10 100644 --- a/graveyard/whats-new-2020.md +++ b/graveyard/whats-new-2020.md @@ -59,7 +59,7 @@ There is now an optional second level of Project hierarchy called __Departments_ ## July 28th, 2020 -You can now enforce a cluster-wise setting that mandates all containers running using the Run:ai CLI to run as __non root__. For further information, see [Enforce non-root Containers](../admin/runai-setup/config/non-root-containers.md) +You can now enforce a cluster-wise setting that mandates all containers running using the Run:ai CLI to run as __non root__. For further information, see [Enforce non-root Containers](../admin/authentication/non-root-containers.md) ## July 21th, 2020 diff --git a/mkdocs.yml b/mkdocs.yml index 6ebcd8aa26..08eb8200af 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -98,7 +98,7 @@ plugins: 'admin/runai-setup/advanced/node-roles.md' : 'admin/runai-setup/config/node-roles.md' 'admin/runai-setup/advanced/access-roles.md' : 'admin/runai-setup/config/access-roles.md' 'admin/runai-setup/advanced/allow-external-access-to-containers.md' : 'admin/runai-setup/config/allow-external-access-to-containers.md' - 'admin/runai-setup/advanced/non-root-containers.md' : 'admin/runai-setup/config/non-root-containers.md' + 'admin/runai-setup/advanced/non-root-containers.md' : 'admin/authentication/non-root-containers.md' 'admin/runai-setup/advanced/cli-admin-install.md' : 'admin/runai-setup/config/cli-admin-install.md' 'admin/runai-setup/advanced/dr.md' : 'admin/runai-setup/config/dr.md' 'admin/runai-setup/advanced/node-downtime.md' : 'admin/runai-setup/maintenance/node-downtime.md' @@ -120,6 +120,7 @@ plugins: 'admin/admin-ui-setup/templates.md' : 'admin/workloads/templates.md' 'admin/admin-ui-setup/dashboard-analysis.md' : 'admin/performance/dashboard-analysis.md' 'index.md' : 'home/overview.md' + 'admin/runai-setup/config/non-root-containers.md' : 'admin/authentication/non-root-containers.md' nav: - Home: - 'Overview': 'home/overview.md' @@ -179,7 +180,6 @@ nav: - 'Set Node Roles' : 'admin/runai-setup/config/node-roles.md' - 'Review Kubernetes Access provided to Run:ai' : 'admin/runai-setup/config/access-roles.md' - 'External access to Containers' : 'admin/runai-setup/config/allow-external-access-to-containers.md' - - 'User Identity in Container' : 'admin/runai-setup/config/non-root-containers.md' - 'Install Administrator CLI' : 'admin/runai-setup/config/cli-admin-install.md' - 'Node Affinity with Cloud Node Pools' : 'admin/runai-setup/config/node-affinity-with-cloud-node-pools.md' - 'Local Certificate Authority' : 'admin/runai-setup/config/org-cert.md' @@ -205,6 +205,7 @@ nav: - 'Access Rules' : 'admin/authentication/accessrules.md' - 'Access control' : 'admin/authentication/rbac.md' - 'Researcher Authentication' : 'admin/authentication/researcher-authentication.md' + - 'User Identity in Container' : 'admin/authentication/non-root-containers.md' - 'Troubleshooting' : - 'Cluster Health' : 'admin/troubleshooting/cluster-health-check.md' - 'Troubleshooting' : 'admin/troubleshooting/troubleshooting.md' @@ -220,6 +221,7 @@ nav: - 'Access Rules' : 'admin/authentication/accessrules.md' - 'Access control' : 'admin/authentication/rbac.md' - 'Researcher Authentication' : 'admin/authentication/researcher-authentication.md' + - 'User Identity in Container' : 'admin/authentication/non-root-containers.md' - 'System Configuration' : - 'Administrator Messages' : 'admin/runai-setup/config/admin-messages.md'