From 4c8fdebdf92ccb85d249d4bd7472b321afffd9cf Mon Sep 17 00:00:00 2001
From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Date: Thu, 7 May 2026 10:08:18 -0400
Subject: [PATCH 1/5] Add kata, coco, and osc to the support matrix
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
---
gpu-operator/platform-support.rst | 40 +++++++++++++++++++++++++++++++
1 file changed, 40 insertions(+)
diff --git a/gpu-operator/platform-support.rst b/gpu-operator/platform-support.rst
index 93edc6fe1..a721bd48a 100644
--- a/gpu-operator/platform-support.rst
+++ b/gpu-operator/platform-support.rst
@@ -559,6 +559,46 @@ KubeVirt and OpenShift Virtualization with NVIDIA vGPU is supported on the follo
KubeVirt with NVIDIA vGPU is supported on ``nodes`` with Linux kernel < 6.0, such as Ubuntu 22.04 ``LTS``.
+***************************
+Support for Kata Containers
+***************************
+
+The GPU Operator supports running GPU workloads in lightweight virtual machines using
+`Kata Containers `__ for GPU passthrough workloads.
+Refer to :doc:`deploy-kata-containers` for installation details.
+
+.. list-table::
+ :header-rows: 1
+ :widths: 40 60
+
+ * - Component
+ - Support
+ * - Kata Containers
+ - 3.29.0 and higher (installed with the upstream ``kata-deploy`` Helm chart)
+ * - Container runtime
+ - containerd only
+ * - Kubernetes
+ - 1.32---1.35
+
+Refer to the Limitations and Restrictions section of the :doc:`Kata Containers documentation ` for more information on the limitations and restrictions of using Kata Containers with the GPU Operator.
+
+***********************************
+Support for Confidential Containers
+***********************************
+
+The GPU Operator supports deploying Confidential Containers using Kata Containers and the NVIDIA Reference Architecture for Confidential Containers.
+This is a dedicated architecture for deploying Confidential Containers on Kubernetes clusters.
+
+For additional details on the NVIDIA Reference Architecture for Confidential Containers, including supported GPUs, host CPU platforms, operating systems, and software component, refer to the :doc:`NVIDIA Confidential Containers documentation `.
+
+******************************************
+Support for OpenShift Sandboxed Containers
+******************************************
+
+The GPU Operator offers Technology Preview support for
+`Red Hat OpenShift Sandboxed Containers `__ v1.12
+to deploy both Kata Containers and Confidential Containers workloads.
+
**************************
Support for GPUDirect RDMA
**************************
From 7a06c99cc4b02fd1179abaec6753761226efce1d Mon Sep 17 00:00:00 2001
From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Date: Sun, 10 May 2026 22:37:46 -0400
Subject: [PATCH 2/5] Combine sections
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
---
gpu-operator/platform-support.rst | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/gpu-operator/platform-support.rst b/gpu-operator/platform-support.rst
index a721bd48a..a9c64edc3 100644
--- a/gpu-operator/platform-support.rst
+++ b/gpu-operator/platform-support.rst
@@ -559,9 +559,11 @@ KubeVirt and OpenShift Virtualization with NVIDIA vGPU is supported on the follo
KubeVirt with NVIDIA vGPU is supported on ``nodes`` with Linux kernel < 6.0, such as Ubuntu 22.04 ``LTS``.
-***************************
-Support for Kata Containers
-***************************
+**************************************************************
+Support for Kata Containers and OpenShift Sandboxed Containers
+**************************************************************
+
+Red Hat OpenShift Sandboxed Containers is based on Kata Containers.
The GPU Operator supports running GPU workloads in lightweight virtual machines using
`Kata Containers `__ for GPU passthrough workloads.
@@ -580,7 +582,7 @@ Refer to :doc:`deploy-kata-containers` for installation details.
* - Kubernetes
- 1.32---1.35
-Refer to the Limitations and Restrictions section of the :doc:`Kata Containers documentation ` for more information on the limitations and restrictions of using Kata Containers with the GPU Operator.
+Refer to the Limitations and Restrictions section of the :doc:`Kata Containers documentation ` for more information on using Kata Containers with the GPU Operator.
***********************************
Support for Confidential Containers
@@ -591,13 +593,9 @@ This is a dedicated architecture for deploying Confidential Containers on Kubern
For additional details on the NVIDIA Reference Architecture for Confidential Containers, including supported GPUs, host CPU platforms, operating systems, and software component, refer to the :doc:`NVIDIA Confidential Containers documentation `.
-******************************************
-Support for OpenShift Sandboxed Containers
-******************************************
-
The GPU Operator offers Technology Preview support for
`Red Hat OpenShift Sandboxed Containers `__ v1.12
-to deploy both Kata Containers and Confidential Containers workloads.
+to deploy Confidential Containers workloads.
**************************
Support for GPUDirect RDMA
From 159c8b1e2b7a31bf56bcb9d62ef07cf90f89194b Mon Sep 17 00:00:00 2001
From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Date: Tue, 12 May 2026 07:37:15 -0400
Subject: [PATCH 3/5] Update support matrix
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
---
gpu-operator/platform-support.rst | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/gpu-operator/platform-support.rst b/gpu-operator/platform-support.rst
index a9c64edc3..e6d811253 100644
--- a/gpu-operator/platform-support.rst
+++ b/gpu-operator/platform-support.rst
@@ -563,12 +563,13 @@ KubeVirt and OpenShift Virtualization with NVIDIA vGPU is supported on the follo
Support for Kata Containers and OpenShift Sandboxed Containers
**************************************************************
-Red Hat OpenShift Sandboxed Containers is based on Kata Containers.
-
The GPU Operator supports running GPU workloads in lightweight virtual machines using
-`Kata Containers `__ for GPU passthrough workloads.
+`Kata Containers `__ for single and multi GPU passthrough workloads.
Refer to :doc:`deploy-kata-containers` for installation details.
+`Red Hat OpenShift Sandboxed Containers `__ is based on Kata Containers.
+The Operator offers Technology Preview support for Red Hat OpenShift Sandboxed Containers v1.12.
+
.. list-table::
:header-rows: 1
:widths: 40 60
@@ -591,7 +592,7 @@ Support for Confidential Containers
The GPU Operator supports deploying Confidential Containers using Kata Containers and the NVIDIA Reference Architecture for Confidential Containers.
This is a dedicated architecture for deploying Confidential Containers on Kubernetes clusters.
-For additional details on the NVIDIA Reference Architecture for Confidential Containers, including supported GPUs, host CPU platforms, operating systems, and software component, refer to the :doc:`NVIDIA Confidential Containers documentation `.
+For additional details on the NVIDIA Reference Architecture for Confidential Containers, including supported GPUs, host CPU platforms, operating systems, and software component, refer to the NVIDIA Confidential Containers :doc:`support matrix documentation `.
The GPU Operator offers Technology Preview support for
`Red Hat OpenShift Sandboxed Containers `__ v1.12
From 7757119aba1ce845acf8775185424c236c31dead Mon Sep 17 00:00:00 2001
From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Date: Thu, 14 May 2026 09:53:30 -0400
Subject: [PATCH 4/5] add a line for osp in the table
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
---
gpu-operator/platform-support.rst | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/gpu-operator/platform-support.rst b/gpu-operator/platform-support.rst
index e6d811253..000970acd 100644
--- a/gpu-operator/platform-support.rst
+++ b/gpu-operator/platform-support.rst
@@ -567,9 +567,6 @@ The GPU Operator supports running GPU workloads in lightweight virtual machines
`Kata Containers `__ for single and multi GPU passthrough workloads.
Refer to :doc:`deploy-kata-containers` for installation details.
-`Red Hat OpenShift Sandboxed Containers `__ is based on Kata Containers.
-The Operator offers Technology Preview support for Red Hat OpenShift Sandboxed Containers v1.12.
-
.. list-table::
:header-rows: 1
:widths: 40 60
@@ -582,9 +579,13 @@ The Operator offers Technology Preview support for Red Hat OpenShift Sandboxed C
- containerd only
* - Kubernetes
- 1.32---1.35
+ * - OpenShift Sandboxed Containers
+ - 1.12 (Technology Preview support)
Refer to the Limitations and Restrictions section of the :doc:`Kata Containers documentation ` for more information on using Kata Containers with the GPU Operator.
+Refer to the `Red Hat OpenShift Sandboxed Containers `__ documentation for more details.
+
***********************************
Support for Confidential Containers
***********************************
From 2d234b7cb71b8834198f3f930b85841411bf9ca7 Mon Sep 17 00:00:00 2001
From: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
Date: Thu, 14 May 2026 16:32:01 -0400
Subject: [PATCH 5/5] Combine coco, kata, osc section
Signed-off-by: Abigail McCarthy <20771501+a-mccarthy@users.noreply.github.com>
---
gpu-operator/deploy-kata-containers.rst | 25 +++++++++++++++++++++++++
gpu-operator/platform-support.rst | 18 +++++++++---------
2 files changed, 34 insertions(+), 9 deletions(-)
diff --git a/gpu-operator/deploy-kata-containers.rst b/gpu-operator/deploy-kata-containers.rst
index 6cd877c40..3d9801d06 100644
--- a/gpu-operator/deploy-kata-containers.rst
+++ b/gpu-operator/deploy-kata-containers.rst
@@ -225,6 +225,31 @@ Kubernetes Cluster
Refer to the `Kata Containers documentation `_ for more details on the Kata runtime and VFIO cold-plug.
+* Increase kubelet image pull timeouts configuration to 20 minutes to avoid timeouts when pulling large images.
+ Kubelet can de-allocate your pod if the image pull exceeds the configured timeout before the container transitions to the running state.
+
+ Increase ``runtimeRequestTimeout`` in your `kubelet configuration `_ to ``20m`` to match the default values for the Kata shim configurations in Kata Containers.
+ The default timeout is 2 minutes.
+
+ Add or update the ``runtimeRequestTimeout`` field in your kubelet configuration (typically ``/var/lib/kubelet/config.yaml``):
+
+ .. code-block:: yaml
+ :emphasize-lines: 3
+
+ apiVersion: kubelet.config.k8s.io/v1beta1
+ kind: KubeletConfiguration
+ runtimeRequestTimeout: 20m
+
+ Restart the kubelet service to apply the change:
+
+ .. code-block:: console
+
+ $ sudo systemctl restart kubelet
+
+ If you need a timeout of more than 1200 seconds (20 minutes), you will also need to adjust the Kata Agent's ``image_pull_timeout``, which defaults to 1200s.
+ This setting also sets the confidential data hub's image pull API timeout in seconds.
+ To do this, add the ``agent.image_pull_timeout`` kernel parameter to your shim configuration, or pass an explicit value in a pod annotation in the ``io.katacontainers.config.hypervisor.kernel_params: "..."`` annotation.
+
.. _label-nodes-kata-containers:
Label Nodes to use Kata Containers
diff --git a/gpu-operator/platform-support.rst b/gpu-operator/platform-support.rst
index 000970acd..67949a47c 100644
--- a/gpu-operator/platform-support.rst
+++ b/gpu-operator/platform-support.rst
@@ -559,13 +559,13 @@ KubeVirt and OpenShift Virtualization with NVIDIA vGPU is supported on the follo
KubeVirt with NVIDIA vGPU is supported on ``nodes`` with Linux kernel < 6.0, such as Ubuntu 22.04 ``LTS``.
-**************************************************************
-Support for Kata Containers and OpenShift Sandboxed Containers
-**************************************************************
+****************************************************************************************
+Support for Kata Containers, Confidential Containers, and OpenShift Sandboxed Containers
+****************************************************************************************
The GPU Operator supports running GPU workloads in lightweight virtual machines using
`Kata Containers `__ for single and multi GPU passthrough workloads.
-Refer to :doc:`deploy-kata-containers` for installation details.
+Confidential Containers are also supported through Kata Containers and the NVIDIA Reference Architecture for Confidential Containers.
.. list-table::
:header-rows: 1
@@ -575,14 +575,13 @@ Refer to :doc:`deploy-kata-containers` for installation details.
- Support
* - Kata Containers
- 3.29.0 and higher (installed with the upstream ``kata-deploy`` Helm chart)
- * - Container runtime
- - containerd only
- * - Kubernetes
- - 1.32---1.35
+ * - NVIDIA Reference Architecture for Confidential Containers
+ - Refer to the NVIDIA Confidential Containers :doc:`support matrix documentation `.
* - OpenShift Sandboxed Containers
- 1.12 (Technology Preview support)
-Refer to the Limitations and Restrictions section of the :doc:`Kata Containers documentation ` for more information on using Kata Containers with the GPU Operator.
+For deatils on installing Kata Containers with the GPU Operator, refer to the :doc:`deploy-kata-containers` page.
+This page includes additional limitations and restrictions for using Kata Containers with the GPU Operator.
Refer to the `Red Hat OpenShift Sandboxed Containers `__ documentation for more details.
@@ -592,6 +591,7 @@ Support for Confidential Containers
The GPU Operator supports deploying Confidential Containers using Kata Containers and the NVIDIA Reference Architecture for Confidential Containers.
This is a dedicated architecture for deploying Confidential Containers on Kubernetes clusters.
+It supports everything listed in the
For additional details on the NVIDIA Reference Architecture for Confidential Containers, including supported GPUs, host CPU platforms, operating systems, and software component, refer to the NVIDIA Confidential Containers :doc:`support matrix documentation `.