-
Notifications
You must be signed in to change notification settings - Fork 27
/
folding-minikube.yaml
122 lines (115 loc) · 3.63 KB
/
folding-minikube.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fah-cpu
labels:
app: fah-cpu
spec:
selector:
matchLabels:
app: fah-cpu
replicas: 6 # Set number of replicas to run
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 100%
maxSurge: 100%
template:
metadata:
labels:
app: fah-cpu
spec:
containers:
- name: fah-cpu
image: "ghcr.io/richstokes/k8s-fah:master"
# --run-as UID should match runAsUser value in containers securityContext
command:
- "/usr/bin/FAHClient"
- "--config"
- "/var/lib/fahclient/config.xml"
- "--config-rotate=false"
- "--run-as"
- "1234"
- "--pid-file=/var/lib/fahclient/fahclient.pid"
- "--gpu=false"
resources:
limits:
cpu: 1000m # How much CPU you wish to donate per node
memory: 512Mi
requests:
cpu: 100m
memory: 512Mi
# Make the container harder to break out of or exploit
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# We make an emptyDir to mount on the work directory /var/lib/fahclient
# so we can make the rest of the container's root filesystem read-only
volumes:
- name: fahclient
emptyDir: {}
# Uncomment if using ConfigMap config.xml
# - name: fah-cpu-config
# configMap:
# name: foldingathome-config
initContainers:
- name: copy-config
imagePullPolicy: Always
image: "richstokes20/fah-covid:latest"
command:
- "sh"
- "-c"
- "cp /etc/fahclient/config.xml /var/lib/fahclient/config.xml"
# Use following lines if using ConfigMap config.xml
# - "cp"
# - "/etc/fahclient-config/config.xml"
# - "/var/lib/fahclient/config.xml"
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# Uncomment if using ConfigMap config.xml
# - name: fah-cpu-config
# mountPath: /etc/fahclient-config
# priorityClassName: low-priority-class
---
apiVersion: v1
kind: ConfigMap
metadata:
name: foldingathome-config
data:
config.xml: |
<config>
<!--
To set your user name, team and passkey just edit the text
in quotes below.
-->
<!-- User Information -->
<user value=""/> <!-- Enter your user name here -->
<team value=""/> <!-- Your team number -->
<passkey value=""/> <!-- 32 hexadecimal characters if provided -->
<power value="full"/> <!-- Throttling this at K8s level -->
<gpu value="false"/> <!-- If true, attempt to autoconfigure GPUs -->
<fold-anon value="false"/>
<!-- Folding Slots
No folding slot configuration is necessary. The client will
automaticlaly choose a good configuration for you. However, here
are some examples:
<slot id="0" type="CPU"/>
or
<slot id="0" type="CPU"/>
<slot id="1" type="GPU"/>
All slots in a configuration MUST have unique ids.
-->
</config>
---