-
Notifications
You must be signed in to change notification settings - Fork 27
/
folding-daemonset.yaml
130 lines (123 loc) · 3.98 KB
/
folding-daemonset.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# apiVersion: scheduling.k8s.io/v1
# kind: PriorityClass
# metadata:
# name: low-priority-class
# value: 10
# globalDefault: false
# description: "This priority class should be used for low priority fah pods only."
# ---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fah
labels:
app: fah
spec:
selector:
matchLabels:
app: fah
template:
metadata:
labels:
app: fah
spec:
# tolerations:
# # This toleration is to have the daemonset runnable on master nodes
# # uncomment this section if your masters can run pods
# - key: node-role.kubernetes.io/master
# effect: NoSchedule
containers:
- name: fah-cpu
image: "ghcr.io/richstokes/k8s-fah:master"
# --run-as UID should match runAsUser value in containers securityContext
command:
- "/usr/bin/FAHClient"
- "--config"
- "/var/lib/fahclient/config.xml"
- "--config-rotate=false"
- "--run-as"
- "1234"
- "--pid-file=/var/lib/fahclient/fahclient.pid"
- "--gpu=true"
resources:
limits:
cpu: 1000m # How much CPU you wish to donate per node
memory: 512Mi
# nvidia.com/gpu: "1"
requests:
cpu: 100m
memory: 512Mi
# nvidia.com/gpu: "1"
# Make the container harder to break out of or exploit
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# We make an emptyDir to mount on the work directory /var/lib/fahclient
# so we can make the rest of the container's root filesystem read-only
volumes:
- name: fahclient
emptyDir: {}
# Uncomment if using ConfigMap config.xml
# - name: fah-cpu-config
# configMap:
# name: foldingathome-config
initContainers:
- name: copy-config
imagePullPolicy: Always
image: "richstokes20/fah-covid:latest"
command:
- "sh"
- "-c"
- "cp /etc/fahclient/config.xml /var/lib/fahclient/config.xml"
# Use following lines if using ConfigMap config.xml
# - "cp"
# - "/etc/fahclient-config/config.xml"
# - "/var/lib/fahclient/config.xml"
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# Uncomment if using ConfigMap config.xml
# - name: fah-cpu-config
# mountPath: /etc/fahclient-config
# priorityClassName: low-priority-class
---
apiVersion: v1
kind: ConfigMap
metadata:
name: foldingathome-config
data:
config.xml: |
<config>
<!--
To set your user name, team and passkey just edit the text
in quotes below.
-->
<!-- User Information -->
<user value=""/> <!-- Enter your user name here -->
<team value=""/> <!-- Your team number -->
<passkey value=""/> <!-- 32 hexadecimal characters if provided -->
<power value="full"/> <!-- Throttling this at K8s level -->
<gpu value="false"/> <!-- If true, attempt to autoconfigure GPUs -->
<fold-anon value="false"/>
<!-- Folding Slots
No folding slot configuration is necessary. The client will
automaticlaly choose a good configuration for you. However, here
are some examples:
<slot id="0" type="CPU"/>
or
<slot id="0" type="CPU"/>
<slot id="1" type="GPU"/>
All slots in a configuration MUST have unique ids.
-->
</config>
---