-
Notifications
You must be signed in to change notification settings - Fork 27
/
folding-gpu.yaml
139 lines (130 loc) · 4.14 KB
/
folding-gpu.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# apiVersion: scheduling.k8s.io/v1
# kind: PriorityClass
# metadata:
# name: low-priority-class
# value: 10
# globalDefault: false
# description: "This priority class should be used for low priority fah-gpu pods only."
# ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fah-gpu
labels:
app: fah-gpu
spec:
selector:
matchLabels:
app: fah-gpu
replicas: 2 # Set number of replicas to run - one replica per node
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 100%
maxSurge: 100%
template:
metadata:
labels:
app: fah-gpu
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fah-gpu
topologyKey: "kubernetes.io/hostname"
containers:
- name: fah-gpu
image: "ghcr.io/richstokes/k8s-fah:master"
# --run-as UID should match runAsUser value in containers securityContext
command:
- "/usr/bin/FAHClient"
- "--config"
- "/var/lib/fahclient/config.xml"
- "--config-rotate=false"
- "--run-as"
- "1234"
- "--pid-file=/var/lib/fahclient/fahclient.pid"
- "--gpu=true"
resources:
limits:
nvidia.com/gpu: "1" # How many gpu's you want to donate per ndoe
requests:
nvidia.com/gpu: "1"
# Make the container harder to break out of or exploit
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# We make an emptyDir to mount on the work directory /var/lib/fahclient
# so we can make the rest of the container's root filesystem read-only
volumes:
- name: fahclient
emptyDir: {}
# Uncomment if using ConfigMap config.xml
# - name: fah-gpu-config
# configMap:
# name: foldingathome-config
initContainers:
- name: copy-config
imagePullPolicy: Always
image: "richstokes20/fah-covid:latest"
command:
- "sh"
- "-c"
- "cp /etc/fahclient/config.xml /var/lib/fahclient/config.xml"
# Use following lines if using ConfigMap config.xml
# - "cp"
# - "/etc/fahclient-config/config.xml"
# - "/var/lib/fahclient/config.xml"
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# Uncomment if using ConfigMap config.xml
# - name: fah-gpu-config
# mountPath: /etc/fahclient-config
# priorityClassName: low-priority-class
---
apiVersion: v1
kind: ConfigMap
metadata:
name: foldingathome-config
data:
config.xml: |
<config>
<!--
To set your user name, team and passkey just edit the text
in quotes below.
-->
<!-- User Information -->
<user value=""/> <!-- Enter your user name here -->
<team value=""/> <!-- Your team number -->
<passkey value=""/> <!-- 32 hexadecimal characters if provided -->
<power value="full"/> <!-- Throttling this at K8s level -->
<gpu value="true"/> <!-- If true, attempt to autoconfigure GPUs -->
<fold-anon value="false"/>
<!-- Folding Slots
No folding slot configuration is necessary. The client will
automaticlaly choose a good configuration for you. However, here
are some examples:
<slot id="0" type="CPU"/>
or
<slot id="0" type="CPU"/>
<slot id="1" type="GPU"/>
All slots in a configuration MUST have unique ids.
-->
</config>
---