BwUniCluster2.0/Containers: Difference between revisions
(Created page with " == Containers on HPC systems == To date, only few container runtime environments integrate well with HPC environments due to security concerns and differing assumptions in...") |
No edit summary |
||
Line 1: | Line 1: | ||
= Using Containers = |
|||
== Containers on HPC systems == |
== Containers on HPC systems == |
Revision as of 15:27, 24 June 2021
Using Containers
Containers on HPC systems
To date, only few container runtime environments integrate well with HPC environments due to security concerns and differing assumptions in some areas.
For example native Docker environments require elevated privileges, which is not an option on shared HPC resources. Docker's "rootless mode" is also currently not supported on our HPC systems because it does not support necessary features such as cgroups resource controls, security profiles, overlay networks, furthermore GPU passthrough is difficult. Necessary subuid (newuidmap) and subgid (newgidmap) settings may impose security issues.
On HoreKa Enroot and Singularity are supported.
Further rootless container runtime environments (Podman, …) might be supported in the future, depending on how support for e.g. network interconnects, security features and HPC file systems develops.