github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/examples/aws/cpu/deployment.yaml (about) 1 # Copyright (c) 2019-2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 License. 2 --- 3 apiVersion: batch/v1beta1 4 kind: CronJob 5 metadata: 6 annotations: 7 name: studioml-go-runner-ecr-cred 8 spec: 9 concurrencyPolicy: Allow 10 failedJobsHistoryLimit: 1 11 jobTemplate: 12 metadata: 13 creationTimestamp: null 14 spec: 15 template: 16 metadata: 17 creationTimestamp: null 18 spec: 19 containers: 20 - name: studioml-go-runner-ecr-cred 21 command: 22 - /bin/sh 23 - -c 24 - |- 25 TOKEN=`aws ecr get-login --region {{expandenv "$AWS_REGION"}} --registry-ids {{expandenv "$AWS_ACCOUNT"}} | cut -d' ' -f6` 26 echo "ENV variables setup done." 27 kubectl delete secret --ignore-not-found studioml-go-docker-key 28 kubectl create secret docker-registry studioml-go-docker-key \ 29 --docker-server=https://{{expandenv "$AWS_ACCOUNT"}}.dkr.ecr.{{expandenv "$AWS_REGION"}}.amazonaws.com \ 30 --docker-username={{expandenv "$AWS_ACCOUNT"}} \ 31 --docker-password="${TOKEN}" \ 32 --docker-email="{{expandenv "$EMAIL"}}" 33 echo "Secret created by name. studioml-go-docker-key" 34 kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"'studioml-go-docker-key'"}]}' 35 echo "All done." 36 env: 37 - name: AWS_DEFAULT_REGION 38 value: {{expandenv "$AWS_REGION"}} 39 - name: AWS_ACCESS_KEY_ID 40 value: {{expandenv "$AWS_ACCESS_KEY"}} 41 - name: AWS_SECRET_ACCESS_KEY 42 value: {{expandenv "$AWS_SECRET_ACCESS_KEY"}} 43 image: odaniait/aws-kubectl:latest 44 imagePullPolicy: IfNotPresent 45 resources: {} 46 securityContext: 47 capabilities: {} 48 terminationMessagePath: /dev/termination-log 49 terminationMessagePolicy: File 50 dnsPolicy: Default 51 hostNetwork: true 52 restartPolicy: Never 53 schedulerName: default-scheduler 54 securityContext: {} 55 terminationGracePeriodSeconds: 30 56 schedule: 0 */6 * * * 57 successfulJobsHistoryLimit: 3 58 suspend: false 59 --- 60 apiVersion: v1 61 kind: ConfigMap 62 metadata: 63 name: studioml-env 64 data: 65 LOGXI_FORMAT: "happy,maxcol=1024" 66 LOGXI: "*=DBG" 67 QUEUE_MATCH: "^sqs_.*$" 68 SQS_CERTS: "./certs/aws-sqs" 69 MESSAGE_CRYPT: "./certs/message" 70 CACHE_SIZE: "10Gib" 71 CACHE_DIR: "/tmp/cache" 72 CLEAR_TEXT_MESSAGES: "true" 73 --- 74 apiVersion: v1 75 kind: ServiceAccount 76 metadata: 77 name: studioml-account 78 --- 79 apiVersion: rbac.authorization.k8s.io/v1 80 kind: ClusterRole 81 metadata: 82 name: studioml-role 83 rules: 84 - apiGroups: 85 - "" 86 resources: 87 - configmaps 88 verbs: 89 - get 90 - list 91 - watch 92 --- 93 apiVersion: rbac.authorization.k8s.io/v1 94 kind: RoleBinding 95 metadata: 96 name: studioml-role-bind 97 subjects: 98 - kind: ServiceAccount 99 name: studioml-account 100 roleRef: 101 kind: ClusterRole 102 name: studioml-role 103 apiGroup: rbac.authorization.k8s.io 104 --- 105 apiVersion: v1 106 kind: Secret 107 metadata: 108 name: studioml-signing 109 type: Opaque 110 data: 111 info: RHVtbXkgU2VjcmV0IHNvIHJlc291cmNlIHJlbWFpbnMgcHJlc2VudA== 112 --- 113 apiVersion: apps/v1beta2 114 kind: Deployment 115 metadata: 116 name: studioml-go-runner-deployment 117 labels: 118 app: studioml-go-runner 119 spec: 120 progressDeadlineSeconds: 360 121 selector: 122 matchLabels: 123 app: studioml-go-runner 124 replicas: 1 125 strategy: 126 type: RollingUpdate 127 template: 128 metadata: 129 labels: 130 app: studioml-go-runner 131 spec: 132 serviceAccountName: studioml-account 133 automountServiceAccountToken: true 134 imagePullSecrets: 135 - name: studioml-go-docker-key 136 containers: 137 - name: studioml-go-runner 138 envFrom: 139 - configMapRef: 140 name: studioml-env 141 image: {{expandenv "$AWS_IMAGE"}} 142 imagePullPolicy: Always 143 resources: 144 limits: 145 memory: "8Gi" 146 cpu: "2" 147 volumeMounts: 148 - name: aws-sqs 149 mountPath: "/runner/certs/aws-sqs/default" 150 readOnly: true 151 - name: message-encryption 152 mountPath: "/runner/certs/message/encryption" 153 readOnly: true 154 - name: encryption-passphrase 155 mountPath: "/runner/certs/message/passphrase" 156 readOnly: true 157 - name: queue-signing 158 mountPath: "/runner/certs/queues/signing" 159 readOnly: true 160 - name: tmp-volume 161 mountPath: /tmp 162 - name: nvidia 163 mountPath: /usr/local/nvidia 164 - name: libcuda 165 mountPath: /usr/lib/x86_64-linux-gnu/libcuda.so.1 166 nodeSelector: 167 beta.kubernetes.io/os: linux 168 volumes: 169 - name: aws-sqs 170 secret: 171 optional: true 172 secretName: studioml-runner-aws-sqs 173 items: 174 - key: credentials 175 path: credentials 176 - key: config 177 path: config 178 - name: message-encryption 179 secret: 180 optional: false 181 secretName: studioml-runner-key-secret 182 items: 183 - key: ssh-privatekey 184 path: ssh-privatekey 185 - key: ssh-publickey 186 path: ssh-publickey 187 - name: encryption-passphrase 188 secret: 189 optional: false 190 secretName: studioml-runner-passphrase-secret 191 items: 192 - key: ssh-passphrase 193 path: ssh-passphrase 194 - name: queue-signing 195 secret: 196 optional: false 197 secretName: studioml-signing 198 - name: tmp-volume 199 awsElasticBlockStore: 200 volumeID: {{expandenv "$AWS_VOLUME_ID"}} 201 fsType: ext4 202 - name: nvidia 203 hostPath: 204 path: /usr/local/nvidia 205 - name: libcuda 206 hostPath: 207 path: /usr/lib/x86_64-linux-gnu/libcuda.so.1