From 1c9c91674bc5122cc25ca68c6588239545ac6828 Mon Sep 17 00:00:00 2001 From: Paolo Di Tommaso Date: Sat, 20 Jan 2024 19:05:39 +0100 Subject: [PATCH] Add docs Signed-off-by: Paolo Di Tommaso --- docs/config.md | 5 +++++ docs/kubernetes.md | 17 +++++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/docs/config.md b/docs/config.md index a0f6e51a84..26db447620 100644 --- a/docs/config.md +++ b/docs/config.md @@ -1006,6 +1006,11 @@ The following settings are available: ::: : If you trace the hostname, activate this option (default: `false`). +`k8s.fuseDevicePlugin` +: :::{versionadded} 24.01.0-edge + ::: +: The FUSE device plugin to be used when enabling Fusion in unprivileged mode (default: `['nextflow.io/fuse': 1]`). + `k8s.httpConnectTimeout` : :::{versionadded} 22.10.0 ::: diff --git a/docs/kubernetes.md b/docs/kubernetes.md index e6f38a9542..357d97f207 100644 --- a/docs/kubernetes.md +++ b/docs/kubernetes.md @@ -120,6 +120,23 @@ Then the pipeline execution can be launched using the usual run command and spec nextflow run -work-dir s3:///scratch ``` +:::{note} +When using Fusion, pods will run as *privileged* by default. +::: + +To use Fusion with without the need for escalating privileges, it is required to install in the Kubernetes cluster the +Nextflow [FUSE device plugin](https://github.com/nextflow-io/k8s-fuse-plugin) and add in your Nextflow configuration the following +setting: + +``` +fusion { + privileged = false +} +``` + +To use a custom FUSE device plugin, specify it via the setting `k8s.fuseDevicePlugin`. See +the {ref}`Kubernetes configuration section` for details. + ### Running in a pod Nextflow can be executed directly from a pod running in a Kubernetes cluster. In these cases you will need to use the plain Nextflow `run` command and specify the `k8s` executor and the required persistent volume claim in the `nextflow.config` file as shown below: