forked from richstokes/k8s-folding-at-home
-
Notifications
You must be signed in to change notification settings - Fork 0
/
folding-gpu-cpu.yaml
142 lines (134 loc) · 4.32 KB
/
folding-gpu-cpu.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
# apiVersion: scheduling.k8s.io/v1
# kind: PriorityClass
# metadata:
# name: low-priority-class
# value: 10
# globalDefault: false
# description: "This priority class should be used for low priority fah-gpu-cpu pods only."
# ---
apiVersion: apps/v1
kind: Deployment
metadata:
name: fah-gpu-cpu
labels:
app: fah-gpu-cpu
spec:
selector:
matchLabels:
app: fah-gpu-cpu
replicas: 2 # Set number of replicas to run - one replica per node
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 100%
maxSurge: 100%
template:
metadata:
labels:
app: fah-gpu-cpu
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- fah-gpu-cpu
topologyKey: "kubernetes.io/hostname"
containers:
- name: fah-gpu-cpu
image: "ghcr.io/kaovilai/k8s-fah:master"
# --run-as UID should match runAsUser value in containers securityContext
command:
- "/usr/bin/FAHClient"
- "--config"
- "/var/lib/fahclient/config.xml"
- "--config-rotate=false"
- "--run-as"
- "1234"
- "--pid-file=/var/lib/fahclient/fahclient.pid"
- "--gpu=true"
resources:
limits:
nvidia.com/gpu: "1" # How many gpu's you want to donate per ndoe
cpu: 1000m # How much CPU you wish to donate per node
memory: 512Mi
requests:
nvidia.com/gpu: "1"
cpu: 100m
memory: 512Mi
# Make the container harder to break out of or exploit
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# We make an emptyDir to mount on the work directory /var/lib/fahclient
# so we can make the rest of the container's root filesystem read-only
volumes:
- name: fahclient
emptyDir: {}
# Uncomment if using ConfigMap config.xml
# - name: fah-gpu-cpu-config
# configMap:
# name: foldingathome-config
initContainers:
- name: copy-config
imagePullPolicy: Always
image: "ghcr.io/kaovilai/k8s-fah:master"
command:
- "sh"
- "-c"
- "cp /etc/fahclient/config.xml /var/lib/fahclient/config.xml"
# Use following lines if using ConfigMap config.xml
# - "cp"
# - "/etc/fahclient-config/config.xml"
# - "/var/lib/fahclient/config.xml"
securityContext:
runAsNonRoot: true
runAsUser: 1234
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
volumeMounts:
- mountPath: /var/lib/fahclient
name: fahclient
# Uncomment if using ConfigMap config.xml
# - name: fah-gpu-cpu-config
# mountPath: /etc/fahclient-config
# priorityClassName: low-priority-class
---
apiVersion: v1
kind: ConfigMap
metadata:
name: foldingathome-config
data:
config.xml: |
<config>
<!--
To set your user name, team and passkey just edit the text
in quotes below.
-->
<!-- User Information -->
<user value=""/> <!-- Enter your user name here -->
<team value=""/> <!-- Your team number -->
<passkey value=""/> <!-- 32 hexadecimal characters if provided -->
<power value="full"/> <!-- Throttling this at K8s level -->
<gpu value="true"/> <!-- If true, attempt to autoconfigure GPUs -->
<fold-anon value="true"/>
<!-- Folding Slots
No folding slot configuration is necessary. The client will
automaticlaly choose a good configuration for you. However, here
are some examples:
<slot id="0" type="CPU"/>
or
<slot id="0" type="CPU"/>
<slot id="1" type="GPU"/>
All slots in a configuration MUST have unique ids.
-->
</config>
---