Skip to content

Special use

Our cluster combines various hardware resources from multiple universities and other organizations. By default you can only use the nodes having NO tolerations (see the resources page of the portal).

All tolerations

Here's the full list of taints on the nodes. Some are set automatically on deployed jobs, some can only be used by privileged users. Please refer to this list and only set the ones you were allowed to use by cluster admins.

Taint Purpose Normal users can set manually Don't run any user jobs on ceph storage nodes No Private Hao Su cluster. No Node accepts 4- and 8-GPU jobs only. Set automatically. No Ceph is not working on the node. Otherwise the node is fine. Yes Node can only access the science DMZ network, and not the public Internet. Yes Private OSG nodes No Node is broken No Fence GPU nods from CPU jobs (Preferred! Jobs can still go on the node if there are no free CPU nodes) No

Priorities in group namespaces

Our cluster contains several sets of nodes dedicated to certain groups. All nodes of group group1 are labelled with and some are tainted with

For such group's namespaces the pods will be automatically changed to have the corresponding toleration to be scheduled on such nodes. If user is targeting ONLY THE GROUP NODES by using the nodeAffinity such as:

        - matchExpressions:
          - key:
            operator: In
            - group1

the pods will also automatically get the higher non-preemtible owner-no-preempt (+10) priority. This means such pods will have priority for scheduling on ALL group nodes (tainted and untainted on the image above). General users have lower priority on untainted nodes and not able to run on tainted nodes.

Non-preemtible priority means that the lower priority pods will not be killed right away when the higher-priority pod appears, but higher priority will be considered when choosing candidate pods for a free resource.

Other tolerations

Some nodes in the cluster don't have access to public Internet, and can only access educational network. They still can pull images from Docker Hub using a proxy.

If your workload is not using the public Internet resources, you might tolerate the and get access to additional nodes.