github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/examples/aws/cpu/deployment.yaml (about)

     1  # Copyright (c) 2019-2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 License.
     2  ---
     3  apiVersion: batch/v1beta1
     4  kind: CronJob
     5  metadata:
     6    annotations:
     7    name: studioml-go-runner-ecr-cred
     8  spec:
     9    concurrencyPolicy: Allow
    10    failedJobsHistoryLimit: 1
    11    jobTemplate:
    12      metadata:
    13        creationTimestamp: null
    14      spec:
    15        template:
    16          metadata:
    17            creationTimestamp: null
    18          spec:
    19            containers:
    20            - name: studioml-go-runner-ecr-cred
    21              command:
    22              - /bin/sh
    23              - -c
    24              - |-
    25                TOKEN=`aws ecr get-login --region {{expandenv "$AWS_REGION"}} --registry-ids {{expandenv "$AWS_ACCOUNT"}} | cut -d' ' -f6`
    26                echo "ENV variables setup done."
    27                kubectl delete secret --ignore-not-found studioml-go-docker-key
    28                kubectl create secret docker-registry studioml-go-docker-key \
    29                --docker-server=https://{{expandenv "$AWS_ACCOUNT"}}.dkr.ecr.{{expandenv "$AWS_REGION"}}.amazonaws.com \
    30                --docker-username={{expandenv "$AWS_ACCOUNT"}} \
    31                --docker-password="${TOKEN}" \
    32                --docker-email="{{expandenv "$EMAIL"}}"
    33                echo "Secret created by name. studioml-go-docker-key"
    34                kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"'studioml-go-docker-key'"}]}'
    35                echo "All done."
    36              env:
    37              - name: AWS_DEFAULT_REGION
    38                value: {{expandenv "$AWS_REGION"}}
    39              - name: AWS_ACCESS_KEY_ID
    40                value: {{expandenv "$AWS_ACCESS_KEY"}}
    41              - name: AWS_SECRET_ACCESS_KEY
    42                value: {{expandenv "$AWS_SECRET_ACCESS_KEY"}}
    43              image: odaniait/aws-kubectl:latest
    44              imagePullPolicy: IfNotPresent
    45              resources: {}
    46              securityContext:
    47                capabilities: {}
    48              terminationMessagePath: /dev/termination-log
    49              terminationMessagePolicy: File
    50            dnsPolicy: Default
    51            hostNetwork: true
    52            restartPolicy: Never
    53            schedulerName: default-scheduler
    54            securityContext: {}
    55            terminationGracePeriodSeconds: 30
    56    schedule: 0 */6 * * *
    57    successfulJobsHistoryLimit: 3
    58    suspend: false
    59  ---
    60  apiVersion: v1
    61  kind: ConfigMap
    62  metadata:
    63   name: studioml-env
    64  data:
    65   LOGXI_FORMAT: "happy,maxcol=1024"
    66   LOGXI: "*=DBG"
    67   QUEUE_MATCH: "^sqs_.*$"
    68   SQS_CERTS: "./certs/aws-sqs"
    69   MESSAGE_CRYPT: "./certs/message"
    70   CACHE_SIZE: "10Gib"
    71   CACHE_DIR: "/tmp/cache"
    72   CLEAR_TEXT_MESSAGES: "true"
    73  ---
    74  apiVersion: v1
    75  kind: ServiceAccount
    76  metadata:
    77    name: studioml-account
    78  ---
    79  apiVersion: rbac.authorization.k8s.io/v1
    80  kind: ClusterRole
    81  metadata:
    82    name: studioml-role
    83  rules:
    84  - apiGroups:
    85    - ""
    86    resources:
    87    - configmaps
    88    verbs:
    89    - get
    90    - list
    91    - watch
    92  ---
    93  apiVersion: rbac.authorization.k8s.io/v1
    94  kind: RoleBinding
    95  metadata:
    96    name: studioml-role-bind
    97  subjects:
    98  - kind: ServiceAccount
    99    name: studioml-account
   100  roleRef:
   101    kind: ClusterRole
   102    name: studioml-role
   103    apiGroup: rbac.authorization.k8s.io
   104  ---
   105  apiVersion: v1
   106  kind: Secret
   107  metadata:
   108    name: studioml-signing
   109  type: Opaque
   110  data:
   111    info: RHVtbXkgU2VjcmV0IHNvIHJlc291cmNlIHJlbWFpbnMgcHJlc2VudA==
   112  ---
   113  apiVersion: apps/v1beta2
   114  kind: Deployment
   115  metadata:
   116   name: studioml-go-runner-deployment
   117   labels:
   118     app: studioml-go-runner
   119  spec:
   120   progressDeadlineSeconds: 360
   121   selector:
   122     matchLabels:
   123       app: studioml-go-runner
   124   replicas: 1
   125   strategy:
   126     type: RollingUpdate
   127   template:
   128     metadata:
   129       labels:
   130         app: studioml-go-runner
   131     spec:
   132        serviceAccountName: studioml-account
   133        automountServiceAccountToken: true
   134        imagePullSecrets:
   135          - name: studioml-go-docker-key
   136        containers:
   137        - name: studioml-go-runner
   138          envFrom:
   139          - configMapRef:
   140              name: studioml-env
   141          image: {{expandenv "$AWS_IMAGE"}}
   142          imagePullPolicy: Always
   143          resources:
   144            limits:
   145              memory: "8Gi"
   146              cpu: "2"
   147          volumeMounts:
   148          - name: aws-sqs
   149            mountPath: "/runner/certs/aws-sqs/default"
   150            readOnly: true
   151          - name: message-encryption
   152            mountPath: "/runner/certs/message/encryption"
   153            readOnly: true
   154          - name: encryption-passphrase
   155            mountPath: "/runner/certs/message/passphrase"
   156            readOnly: true
   157          - name: queue-signing
   158            mountPath: "/runner/certs/queues/signing"
   159            readOnly: true
   160          - name: tmp-volume
   161            mountPath: /tmp
   162          - name: nvidia
   163            mountPath: /usr/local/nvidia
   164          - name: libcuda
   165            mountPath: /usr/lib/x86_64-linux-gnu/libcuda.so.1
   166        nodeSelector:
   167          beta.kubernetes.io/os: linux
   168        volumes:
   169          - name: aws-sqs
   170            secret:
   171              optional: true
   172              secretName: studioml-runner-aws-sqs
   173              items:
   174              - key: credentials
   175                path: credentials
   176              - key: config
   177                path: config
   178          - name: message-encryption
   179            secret:
   180              optional: false
   181              secretName: studioml-runner-key-secret
   182              items:
   183              - key: ssh-privatekey
   184                path: ssh-privatekey
   185              - key: ssh-publickey
   186                path: ssh-publickey
   187          - name: encryption-passphrase
   188            secret:
   189              optional: false
   190              secretName: studioml-runner-passphrase-secret
   191              items:
   192              - key: ssh-passphrase
   193                path: ssh-passphrase
   194          - name: queue-signing
   195            secret:
   196              optional: false
   197              secretName: studioml-signing
   198          - name: tmp-volume
   199            awsElasticBlockStore:
   200              volumeID: {{expandenv "$AWS_VOLUME_ID"}}
   201              fsType: ext4
   202          - name: nvidia
   203            hostPath:
   204              path: /usr/local/nvidia
   205          - name: libcuda
   206            hostPath:
   207              path: /usr/lib/x86_64-linux-gnu/libcuda.so.1