github.com/sentienttechnologies/studio-go-runner@v0.0.0-20201118202441-6d21f2ced8ee/examples/local/deployment.yaml (about) 1 # Copyright (c) 2020 Cognizant Digital Business, Evolutionary AI. All rights reserved. Issued under the Apache 2.0 License. 2 --- 3 apiVersion: v1 4 kind: Namespace 5 metadata: 6 name: {{ default "local-go-runner" .Namespace }} 7 --- 8 apiVersion: v1 9 kind: ConfigMap 10 metadata: 11 name: studioml-env 12 namespace: {{ default "local-go-runner" .Namespace }} 13 data: 14 LOGXI_FORMAT: "happy,maxcol=1024" 15 LOGXI: "*=DBG" 16 MESSAGE_CRYPT: "./certs/message" 17 RABBITMQ_DEFAULT_USER: "UserUser" 18 RABBITMQ_DEFAULT_PASS: "PasswordPassword" 19 MINIO_ACCESS_KEY: "UserUser" 20 MINIO_SECRET_KEY: "PasswordPassword" 21 MINIO_TEST_SERVER: "${MINIO_SERVICE_SERVICE_HOST}:${MINIO_SERVICE_SERVICE_PORT}" 22 AMQP_URL: "amqp://${RABBITMQ_DEFAULT_USER}:${RABBITMQ_DEFAULT_PASS}@${RABBITMQ_SERVICE_SERVICE_HOST}:${RABBITMQ_SERVICE_SERVICE_PORT}/%2f?connection_attempts=2&retry_delay=.5&socket_timeout=5" 23 CACHE_SIZE: "10Gib" 24 CACHE_DIR: "/tmp/cache" 25 CLEAR_TEXT_MESSAGES: "true" 26 --- 27 apiVersion: v1 28 kind: ServiceAccount 29 metadata: 30 name: studioml-account 31 namespace: {{ default "local-go-runner" .Namespace }} 32 --- 33 apiVersion: rbac.authorization.k8s.io/v1 34 kind: ClusterRole 35 metadata: 36 name: studioml-role 37 rules: 38 - apiGroups: 39 - "" 40 resources: 41 - configmaps 42 verbs: 43 - get 44 - list 45 - watch 46 --- 47 apiVersion: rbac.authorization.k8s.io/v1 48 kind: RoleBinding 49 metadata: 50 name: studioml-role-bind 51 subjects: 52 - kind: ServiceAccount 53 name: studioml-account 54 namespace: {{ default "local-go-runner" .Namespace }} 55 roleRef: 56 kind: ClusterRole 57 name: studioml-role 58 apiGroup: rbac.authorization.k8s.io 59 --- 60 # This secret is an open abitrary secret used to confirm the functional encryption and 61 # MUST never be used for a production system. 62 apiVersion: v1 63 kind: Secret 64 metadata: 65 name: studioml-runner-passphrase-secret 66 namespace: {{ default "local-go-runner" .Namespace }} 67 type: Opaque 68 data: 69 ssh-passphrase: UGFzc1BocmFzZQ== 70 --- 71 # This secret is an open abitrary secret used to confirm the functional encryption and 72 # MUST never be used for a production system. 73 apiVersion: v1 74 kind: Secret 75 metadata: 76 name: studioml-runner-key-secret 77 namespace: {{ default "local-go-runner" .Namespace }} 78 type: Opaque 79 data: 80 ssh-privatekey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpQcm9jLVR5cGU6IDQsRU5DUllQVEVECkRFSy1JbmZvOiBBRVMtMTI4LUNCQyw5MjVGMkVCOTgwNjM4OTFENUM0Q0U4MzhFNUEzODdERQoKOG1UOFlNY2RxS2o5M0F6TmRrUGd0R25LQkhwMzB1NlFENWUydC9FbXRLQ2dtQzcyVUVyR1N1a3dJamMvRENPNgptWWRIaU5BYnAxVEloY0ZyNms4eDVFUHRMRjlsUlhnV1FQT1lIUFh5K3NDTXpnNmRDSDZqVXNIQzUrbFFtRGY5ClRvUTdYdVdpUUVFbVhVdUcwNS9kMjYyWHFocktIR0hGOEMwUGdBQ0xoV1g0MW1mMEhpY05DY015WXJ1eURySWkKcDg5SjUrSEZRYzA1QkxuYnBHMDUyNWhyZDhuYWwyTHNUVjExaVpZaGxHVDlUWWM1b3dOUmEvWjlldml6QWdSOApkSkRoR2Q1bkVvN0NjaGI4VzczYVdPbjVrRmtscVk0NzRQMnZzOE13RDFXMjZCYTF2Z25ydWlHeWhoanorWXJsCnZ5MDNueUx1R3BPb24rNFRvTFlhWFRlY0VaYUtIMmNISFZBU0JkL3ZOaFEwTkIvTGgzNmhCTGJjc1kxaDZSM1EKMmxWZGVzRG5LREFEM2JSM3dhaXJGc2tYald2a2Y5UzFBeWN5NldlSGErck15NmlIRy9mdXdFUDlvai9ZR2grZgpmUm83M3RpbVRYWW5NRU8zME02SVBVSkM2T2RCQkphVkg5TzZ1cGRTKzBkU0o4RmZSZXNXRmJheCt3aHFldnFkCkpVeGdHdXp0N2xWanF0Q2Z2b2pnM3gyanB4UnpyRVhKWlRzajlDck51STk0R2lBOVc0aTl1YVR5cmo5empOTlAKa29pQU0rbTFtUGU1VC9ETTVLb3UwR2lvUVBtYlF6Zjh6aGFDR1doVVRvbUVEUWJSbTJhMlUzTllWa0xrQzhJVgpJY3BPOEplSUlxcHJsRW9JVTVGRGQxMU8yMkZSNExyS3VIS0dGaHlxY0F2MGU2SGxDcnZYMW1qZlllUVlUQnoyCkhvV0ErQnNuQXdaWHhwbzdMVzhaMU42S0ZlWFdPc0xyTlpUY3pFY0ZROWZzblk3aUtyTHN2N2tyUHArMHFoNWMKUXBuUDdkSGsycENHWmVXVnBrSU43NXk5QjNQcjd4YmdoalR5SW01cjhQcHNjVXRSdzVmaEVrSkVtWUVFQ3pIRQptN2ZTVzNMU2tuaFZBbXpNUzMyd3ppVjZrWWhiWWgxMmNYSHAvTVZKd3NUSXg1WkpXSURzaWJSS3h1RVhGYTFBCnNwMXY1Wk9Xek9aVDMrZ3NDVitFWExON2o5aG84bkxWRGxFYWJ2UG92NDhFVHBnV3lMV2JsRm5oVnI0Q3psNHcKN1B5cm5hVk5mdUNtS1BFcXVaZ3V3djVuSHdWOUdYOE5vNFZISEpPRCt5YnFZQ2VOMTA0T1NnSi9kaTFTdS9mYgpwQmo3SDFaS3FVRnY0ckYyQklUcFZON2g1emhWN0w2N0Jzd3pNYnRZMTJGRDVvMzhPM0NMK1dsZHZINDB6NW5nClc4UDhyeU5rVW45OU5oZ0VDNHFQVk40clJIYTAzV2pFalY5MXhFcWJZTVErVTc4L0o0Y1FnT3pjV3E3TzJCUXAKUkJLMDM5d1FYd1IrdTJlRFpUY1lnYVorN3haWU9NUVdybVpnVzB5S3I3eXVKQS8yWVVnQTNzM2ZrWVRWL0cxVwpCc0FYZ25yajhKQlE5R3lvMDFhaWs5SDJUYkVmakhSOW04WEJ0VTY4QWdLUlg1b0dZWlJ6STZwdmo2V0xrVmVLClJoc2MvRXRYVnM2b3N6TjF1KzR1SlMyRWtFT21Wbm4xQWRhUnZTb2FWMCtzMEdkMS84L1hqSW5UbUk3KzR6T1EKM1FKektEQ1A4dHQwaC8ycTNkM3ZsK1psblVUQ1g0UUVlZ2RZNU9vZFhsL3ZIc1g3UDJCaGNHLy8xdjNuMXE5dApCL1grejRMTVJhWk9YbzBRcXpVRTZBcGx3eEVqdEZVbGU1UUYvclJUZGV1MytOWUlIZ2JtNHF3VHk3RDAwYzA2CjlMMm5OSmFLTk8wVldhZHBxS3p0ZTF4SWdRUTNobE1UQ2JwU3VBRnNVN2hpUGEzdXphaDQ2ODl3V2hjZWMzQ3gKUHpaejc5b3FobVhsZGxJUFFjbGt1RWFOWEdWQnBCSXBmT0x3YlRaM0VTSFYzOEFWdGR1RHJ3S3U0ZXRDS1NzRQpjd29MRDRreXp0SUVWMkxxd1E0enBGZ1VrWHRpT0RVWnBxVUJyOVJoU0hUSG4zS3dHSmI4NzBJRGJhMVR2Y3R4CmhlamovME1tVEhuWEcxZlU5MmRqYUh6ejBiZWkram0wVDRScTh6M3lITWcwSzhSRTE3NDg3ZkRzYWxWR3JUdTEKMDZUUnQvZFRNUGZ4Uy8vajVuVDA0VFpraVAweUVSZTNPNkFvRVZhdUdSRHNSaE9nSWw1MXdiK0pkbGI1cTdMaQprdjcyRWxhaHBTVFFFbVIxUU1EeTVDV3U4VlQrTkZXSUZNK1N6SUcraStQaXhaVmtIU3VKak80Q0FmRWI5VitpCkQybFpOa1IyRkdkdGV6cjRTM0N6Y1dLdHdOcmtVbytWeDVCSlNsYThNZDd2THlGdEVqZ1lhbVlrdVErOGdmUG0KbnhkRHc2ZTcvdU1ldTRBQ3ZDUTBZbG5pdEc2TWE4UFZRUC90WDRFMy9iMEdhSVZEdDMrOWlVYjlLcFVoU0h2aQpsQXdpck0vVXhxV09SM3BUL1BkMWFPczJEMS8xdGdVZnJIMGswemJiQTN2SDNzSlg0d0VKQjExd0J1V1dicXJNCmhzRFRESGVheEFuRVRSdVZiODM2aUl2WFo5ODgrYUtXb2VuSWw3eXlmei9UbnBuYkhBRWJ2MkFIN0xHUld4cHgKUzZRK0FFT0tFdVp6NzRLY1dFeVpJajRSTGRLRytCVHdJSnE2YkZSQVpiQUxqcmdVQ2ZFWmVkN0dvNTVoU0JregpBQTFXbzJQazRWMC9kV1VuSUtXdURzZHdka0pSVEgyc0FudlNNbm85bmVLUWR2WHNxaXl4bGhDZnQ1bGRhempyCjYyUllpSXBZRE9QWllUc1ZNY1ZMNWZlM0pNbFpvc3JYZVBSdUdZaHhIVUhaeHFpZXVtK3N2UXpLNHIwQXBGNVIKTGhzM0RSSkJwMEZ2c1dtNFk4emlXWXBmT09JQ1Z2TlRuVUFRU2dGRW5PSWNxYk1uRDQ2aWFtU3RxQ1lBZ0YxdQpHRW1TNU9ydUFoVEh5TTcyVlhNdWRNeUZHVXQ4TFc0OWcwOExPQmNka254ZUpOcHdpNEtqcitJQmNDSU1NR2V4CmM3T1AvTEZxdi9XdHU1cDVLUFV0K3RYeEcwcWJLaEs4UXNlMkg4Nmk3M3Y0bG9TempDOWs3TnZreHd1SVM2Mm4KNjNjb2wxdmVacDlQSytkdUpmK1pRTXVIMkR6UmF3Nk9ucnMzTW53QjZlNXNQSnNFeDZybEZOUTN4V3ljV0QzeApkenJWRWk0MHIwUTNVcGhNUHg2V1lCcUtHVXlRajVKSXpHVjh1R1dTNENrdllvdlBIdTVmcjY1SUI4UEtXTyt6CjhZakpiNmlzbkpyTEdrTXpYL1RPZWpsbkFURmtHRFdaV2RKdlJwOWQ0VHE5THNNVXhuaHltbkNmZmI4cXVaKzUKL3JvdFN6RFp6eFFkSjY0K0NEZXVmU2taOXJaR0M3alQ0T09Nc2QyWGpTQzJpdmJQTDNqdkVrQUFWNlNSZE1COAorMG5BTnRZQXFiVlFBam85aER0NlNPQ2FoQ3FWTnRuRnBUUjd2c1dvRG1CbENUL2wrK0lqWTg3OVZrN0RYdG04Ckh5SHlWU0k2REM2bkdWdzlPNENJaXVZTllEc1dEcHRyS3pLNUcrWHN1ZmxlS3dzRCtTRHYvbzJJMlg5b2FtZUgKZWJPK2NkV0ozais4VXhjaVQvQ0N5MUMzYXRwQTFHUEttcXMzUGZXRjI5WkFqaDY1S244b0ZPM3duZ0VyMkI3TApPcENlWkFoVzJob0FTOTJBWFlSTmJUa1lRSzBnVm5kOEZJWUk3a0txcjRGM0xBdXhyYlVwd2VqOVlZSnZvb0VwCm91cUpIdG90NkVmVG11OEY4dXlWRmJOUlhYVld2RkltRmtTYkVPY25SRnFhcDdEa0hFcFRmVHE2ZGF0VWxLRjcKNDh0N2lJRnNXR3RNVDNOdTZRZXJBVVV3WWNKcVhOK3R5eS9ieGpwaFRYRVQ1RitZc0dQb05pQ1V5Mmltek4vOQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= 81 ssh-publickey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUNDZ0tDQWdFQXdhbDFTWFlvbW5HR3lKRjRzQ2JzaUFyeW9JemI3RFhNci9PN2xINDJ0eHJSanZmY29tK1IKeHhQVmVyMllyVFpRZ3c0bmJ2OER6VXhKZUQzRjFKWXVudkxkZXBRQTlRcjJjYkFRNVdxdnlJRkhXOFZQK2VsWgpFdTByZ0RBdm42SXppT1plZGw1dS9LQVZSZnNqVSszRU93OFgrdlUvK2lwUmFZRjVPNTlXQkd0cWd6UnVPQjhKCjdFUFVpc3QvUWs1ZkVkSlo4cUlyQUtmTDlaSTNwWjlUOHhuRVVsVXdvMTcyR0o3c0NmZUFZeElaMC9YUkphZVIKa2RwM1lmMi94WFlZdytpcExUQmQ2cFBRWUF5NFcyMHVFOTBRR1JMRHV0eGJnM3NySzRYbWRFWGF0ZmE5MGFvagpscUJXOVcwTFV2djZHYlNydWE5TzBrVWdVN2NqdGpxRWd3ZmJBbHR5MUF3UjFGTzhjUTYyTVp5Wk50bVVsSm1lCmZrTjYzRThuR0FsMkRFU1hrL2xCN3lsTXloOXNwTjFCbVlXOTcxU2ZzZVVsK1dmajZJZzNuZFQ4US9ReWd5dFAKdnV0ZnBpZXEyRWpWdnlBSnF1QzRkQlAxZ0FMMExRNTZmYWY5WjEwa2x1S3duUnJUZEZSMHUxci9UYldVZmZJTApIeU4zZWdzb3Nqd1RhZTRPUW51SjQ2ck8wM1dnNEc0UStZTEYrRWRBeUFWOVNNWlZhSTR0ZlhQMlYwR2dVWkhUCmNnbk1WZFAxTmVvS252aEgwQ0hvTzF1NDZGVGxWOTQ4VTZ5a3ZKSlVSUG5GVXo3T09qKzJqb3ppWkVkLzdqZWsKMCtRb0dzY2h5SXpxRmJDQUtQS3FLMnZKQ1pPUHRRWVR3VVc3bGgrQXFpUU9mdE1xbk1mWXhJRUNBd0VBQVE9PQotLS0tLUVORCBSU0EgUFVCTElDIEtFWS0tLS0tCg== 82 --- 83 apiVersion: v1 84 kind: Secret 85 metadata: 86 name: studioml-signing 87 namespace: {{ default "local-go-runner" .Namespace }} 88 type: Opaque 89 data: 90 info: RHVtbXkgU2VjcmV0IHNvIHJlc291cmNlIHJlbWFpbnMgcHJlc2VudA== 91 --- 92 # This service exposes rabbit MQ to the cluster members 93 apiVersion: v1 94 kind: Service 95 metadata: 96 labels: 97 component: rabbitmq 98 name: rabbitmq-service 99 namespace: {{ default "local-go-runner" .Namespace }} 100 spec: 101 type: NodePort 102 ports: 103 - name: rmq-client 104 port: 5672 105 - name: rmq-admin 106 port: 15672 107 selector: 108 app: taskQueue 109 component: rabbitmq 110 --- 111 # The replication controller encapsulates the pod(s) used to run RabbitMQ 112 apiVersion: v1 113 kind: ReplicationController 114 metadata: 115 labels: 116 component: rabbitmq 117 name: rabbitmq-controller 118 namespace: {{ default "local-go-runner" .Namespace }} 119 spec: 120 replicas: 1 121 template: 122 metadata: 123 labels: 124 app: taskQueue 125 component: rabbitmq 126 spec: 127 containers: 128 - image: rabbitmq 129 name: rabbitmq 130 ports: 131 - containerPort: 5672 132 - containerPort: 15672 133 resources: 134 limits: 135 cpu: 1 136 ephemeral-storage: "4Gi" 137 requests: 138 ephemeral-storage: "4Gi" 139 envFrom: 140 - configMapRef: 141 name: studioml-env 142 lifecycle: 143 postStart: 144 exec: 145 command: 146 - "/bin/bash" 147 - "-c" 148 - > 149 set -euo pipefail ; 150 IFS=$'\n\t' ; 151 echo "Starting the install of the management plugin" ; 152 sleep 30 ; 153 rabbitmq-plugins enable rabbitmq_management ; 154 apt-get -y update ; apt-get install -y wget python ; 155 wget -q -O /usr/local/bin/rabbitmqadmin http://localhost:15672/cli/rabbitmqadmin ; 156 chmod +x /usr/local/bin/rabbitmqadmin 157 --- 158 apiVersion: v1 159 kind: PersistentVolumeClaim 160 metadata: 161 # This name uniquely identifies the PVC. Will be used in deployment below. 162 name: minio-pv-claim 163 namespace: {{ default "local-go-runner" .Namespace }} 164 labels: 165 app: minio-storage-claim 166 spec: 167 # Read more about access modes here: https://kubernetes.io/docs/user-guide/persistent-volumes/#access-modes 168 accessModes: 169 - ReadWriteOnce 170 resources: 171 # This is the request for storage. Should be available in the cluster. 172 requests: 173 storage: 15Gi 174 # Uncomment and add storageClass specific to your requirements below. Read more https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1 175 #storageClassName: 176 --- 177 apiVersion: apps/v1 178 kind: Deployment 179 metadata: 180 # This name uniquely identifies the Deployment 181 name: minio-deployment 182 namespace: {{ default "local-go-runner" .Namespace }} 183 spec: 184 strategy: 185 type: Recreate 186 selector: 187 matchLabels: 188 app: minio 189 template: 190 metadata: 191 labels: 192 # Label is used as selector in the service. 193 app: minio 194 spec: 195 # Refer to the PVC created earlier 196 volumes: 197 - name: storage 198 persistentVolumeClaim: 199 # Name of the PVC created earlier 200 claimName: minio-pv-claim 201 containers: 202 - name: minio 203 # Pulls the default Minio image from Docker Hub 204 image: minio/minio:RELEASE.2020-05-08T02-40-49Z 205 args: 206 - server 207 - /storage 208 envFrom: 209 - configMapRef: 210 name: studioml-env 211 ports: 212 - containerPort: 9000 213 # Mount the volume into the pod 214 volumeMounts: 215 - name: storage # must match the volume name, above 216 mountPath: "/storage" 217 # Readiness probe detects situations when MinIO server instance 218 # is not ready to accept traffic. Kubernetes doesn't forward 219 # traffic to the pod while readiness checks fail. 220 readinessProbe: 221 httpGet: 222 path: /minio/health/ready 223 port: 9000 224 initialDelaySeconds: 120 225 periodSeconds: 20 226 # Liveness probe detects situations where MinIO server instance 227 # is not working properly and needs restart. Kubernetes automatically 228 # restarts the pods if liveness checks fail. 229 livenessProbe: 230 httpGet: 231 path: /minio/health/live 232 port: 9000 233 initialDelaySeconds: 120 234 periodSeconds: 20 235 --- 236 apiVersion: v1 237 kind: Service 238 metadata: 239 name: minio-service 240 namespace: {{ default "local-go-runner" .Namespace }} 241 spec: 242 type: NodePort 243 ports: 244 - port: 9000 245 targetPort: 9000 246 protocol: TCP 247 selector: 248 app: minio 249 --- 250 apiVersion: apps/v1 251 kind: Deployment 252 metadata: 253 name: studioml-go-runner-deployment 254 namespace: {{ default "local-go-runner" .Namespace }} 255 labels: 256 app: studioml-go-runner 257 spec: 258 progressDeadlineSeconds: 360 259 selector: 260 matchLabels: 261 app: studioml-go-runner 262 replicas: 1 263 strategy: 264 type: RollingUpdate 265 template: 266 metadata: 267 labels: 268 app: studioml-go-runner 269 spec: 270 serviceAccountName: studioml-account 271 automountServiceAccountToken: true 272 containers: 273 - name: studioml-go-runner 274 envFrom: 275 - configMapRef: 276 name: studioml-env 277 image: {{ .Image }} 278 imagePullPolicy: Always 279 resources: 280 limits: 281 memory: "8Gi" 282 cpu: "2" 283 volumeMounts: 284 - name: message-encryption 285 mountPath: "/runner/certs/message/encryption" 286 readOnly: true 287 - name: encryption-passphrase 288 mountPath: "/runner/certs/message/passphrase" 289 readOnly: true 290 - name: queue-signing 291 mountPath: "/runner/certs/queues/signing" 292 readOnly: true 293 nodeSelector: 294 beta.kubernetes.io/os: linux 295 volumes: 296 - name: message-encryption 297 secret: 298 optional: false 299 secretName: studioml-runner-key-secret 300 items: 301 - key: ssh-privatekey 302 path: ssh-privatekey 303 - key: ssh-publickey 304 path: ssh-publickey 305 - name: encryption-passphrase 306 secret: 307 optional: false 308 secretName: studioml-runner-passphrase-secret 309 items: 310 - key: ssh-passphrase 311 path: ssh-passphrase 312 - name: queue-signing 313 secret: 314 optional: false 315 secretName: studioml-signing