github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/examples/aws/deployment.yaml (about) 1 # Copyright (c) 2019-2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 License. 2 --- 3 apiVersion: batch/v1beta1 4 kind: CronJob 5 metadata: 6 annotations: 7 name: studioml-go-runner-ecr-cred 8 spec: 9 concurrencyPolicy: Allow 10 failedJobsHistoryLimit: 1 11 jobTemplate: 12 metadata: 13 creationTimestamp: null 14 spec: 15 template: 16 metadata: 17 creationTimestamp: null 18 spec: 19 containers: 20 - name: studioml-go-runner-ecr-cred 21 command: 22 - /bin/sh 23 - -c 24 - |- 25 ACCOUNT=[AWS Account ID] 26 REGION=us-west-2 27 SECRET_NAME=studioml-go-docker-key 28 EMAIL=[email address] 29 TOKEN=`aws ecr get-login --region ${REGION} --registry-ids ${ACCOUNT} | cut -d' ' -f6` 30 echo "ENV variables setup done." 31 kubectl delete secret --ignore-not-found $SECRET_NAME 32 kubectl create secret docker-registry $SECRET_NAME \ 33 --docker-server=https://${ACCOUNT}.dkr.ecr.${REGION}.amazonaws.com \ 34 --docker-username=AWS \ 35 --docker-password="${TOKEN}" \ 36 --docker-email="${EMAIL}" 37 echo "Secret created by name. $SECRET_NAME" 38 kubectl patch serviceaccount default -p '{"imagePullSecrets":[{"name":"'$SECRET_NAME'"}]}' 39 echo "All done." 40 env: 41 - name: AWS_DEFAULT_REGION 42 value: us-west-2 43 - name: AWS_ACCESS_KEY_ID 44 value: [AWS_ACCESS_KEY_ID] 45 - name: AWS_SECRET_ACCESS_KEY 46 value: [AWS_SECRET_ACCESS_KEY] 47 image: odaniait/aws-kubectl:latest 48 imagePullPolicy: IfNotPresent 49 resources: {} 50 securityContext: 51 capabilities: {} 52 terminationMessagePath: /dev/termination-log 53 terminationMessagePolicy: File 54 dnsPolicy: Default 55 hostNetwork: true 56 restartPolicy: Never 57 schedulerName: default-scheduler 58 securityContext: {} 59 terminationGracePeriodSeconds: 30 60 schedule: 0 */6 * * * 61 successfulJobsHistoryLimit: 3 62 suspend: false 63 --- 64 apiVersion: v1 65 kind: ConfigMap 66 metadata: 67 name: studioml-env 68 data: 69 LOGXI_FORMAT: "happy,maxcol=1024" 70 LOGXI: "*=DBG" 71 QUEUE_MATCH: "^sqs_.*$" 72 SQS_CERTS: "./certs/aws-sqs" 73 MESSAGE_CRYPT: "./certs/message" 74 CACHE_SIZE: "10Gib" 75 CACHE_DIR: "/tmp/cache" 76 CLEAR_TEXT_MESSAGES: "true" 77 --- 78 apiVersion: v1 79 kind: ServiceAccount 80 metadata: 81 name: studioml-account 82 --- 83 apiVersion: rbac.authorization.k8s.io/v1 84 kind: ClusterRole 85 metadata: 86 name: studioml-role 87 rules: 88 - apiGroups: 89 - "" 90 resources: 91 - configmaps 92 verbs: 93 - get 94 - list 95 - watch 96 --- 97 apiVersion: rbac.authorization.k8s.io/v1 98 kind: RoleBinding 99 metadata: 100 name: studioml-role-bind 101 subjects: 102 - kind: ServiceAccount 103 name: studioml-account 104 roleRef: 105 kind: ClusterRole 106 name: studioml-role 107 apiGroup: rbac.authorization.k8s.io 108 --- 109 apiVersion: v1 110 kind: Secret 111 metadata: 112 name: studioml-signing 113 type: Opaque 114 data: 115 info: RHVtbXkgU2VjcmV0IHNvIHJlc291cmNlIHJlbWFpbnMgcHJlc2VudA== 116 --- 117 apiVersion: apps/v1beta2 118 kind: Deployment 119 metadata: 120 name: studioml-go-runner-deployment 121 labels: 122 app: studioml-go-runner 123 spec: 124 progressDeadlineSeconds: 360 125 selector: 126 matchLabels: 127 app: studioml-go-runner 128 replicas: 1 129 strategy: 130 type: RollingUpdate 131 template: 132 metadata: 133 labels: 134 app: studioml-go-runner 135 spec: 136 serviceAccountName: studioml-account 137 automountServiceAccountToken: true 138 imagePullSecrets: 139 - name: studioml-go-docker-key 140 containers: 141 - name: studioml-go-runner 142 envFrom: 143 - configMapRef: 144 name: studioml-env 145 image: docker.io/leafai/studio-go-runner:0.9.26-master-aaaagninkqg 146 imagePullPolicy: Always 147 resources: 148 limits: 149 nvidia.com/gpu: 1 150 memory: "32Gi" 151 cpu: "2" 152 volumeMounts: 153 - name: aws-sqs 154 mountPath: "/runner/certs/aws-sqs/default" 155 readOnly: true 156 - name: message-encryption 157 mountPath: "/runner/certs/message/encryption" 158 readOnly: true 159 - name: encryption-passphrase 160 mountPath: "/runner/certs/message/passphrase" 161 readOnly: true 162 - name: queue-signing 163 mountPath: "/runner/certs/queues/signing" 164 readOnly: true 165 - name: tmp-volume 166 mountPath: /tmp 167 - name: nvidia 168 mountPath: /usr/local/nvidia 169 - name: libcuda 170 mountPath: /usr/lib/x86_64-linux-gnu/libcuda.so.1 171 nodeSelector: 172 beta.kubernetes.io/os: linux 173 volumes: 174 - name: aws-sqs 175 secret: 176 optional: true 177 secretName: studioml-runner-aws-sqs 178 items: 179 - key: credentials 180 path: credentials 181 - key: config 182 path: config 183 - name: message-encryption 184 secret: 185 optional: false 186 secretName: studioml-runner-key-secret 187 items: 188 - key: ssh-privatekey 189 path: ssh-privatekey 190 - key: ssh-publickey 191 path: ssh-publickey 192 - name: encryption-passphrase 193 secret: 194 optional: false 195 secretName: studioml-runner-passphrase-secret 196 items: 197 - key: ssh-passphrase 198 path: ssh-passphrase 199 - name: queue-signing 200 secret: 201 optional: false 202 secretName: studioml-signing 203 - name: tmp-volume 204 emptyDir: 205 sizeLimit: 200Gi 206 - name: nvidia 207 hostPath: 208 path: /usr/local/nvidia 209 - name: libcuda 210 hostPath: 211 path: /usr/lib/x86_64-linux-gnu/libcuda.so.1