diff --git a/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml b/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml index 34ba0b6..00979d2 100644 --- a/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml +++ b/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml @@ -31,6 +31,8 @@ patches: securityContext: fsGroup: 1000 volumes: + - name: identity + emptyDir: {} - name: data persistentVolumeClaim: claimName: "{{ name }}" @@ -38,6 +40,26 @@ patches: persistentVolumeClaim: claimName: "{{ name }}-weights" initContainers: + - name: prepare-identity + image: harbor.bwgdi.com/library/earth2studio-demo:v4 + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -lc + args: + - | + set -euo pipefail + cp /etc/passwd /identity/passwd + cp /etc/group /identity/group + if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then + printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd + fi + if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then + printf 'coder:x:1000:\n' >> /identity/group + fi + volumeMounts: + - name: identity + mountPath: /identity - name: seed-workspace image: harbor.bwgdi.com/library/earth2studio-demo:v4 imagePullPolicy: IfNotPresent @@ -52,7 +74,7 @@ patches: cp -an /workspace/. /workspace-volume/ touch "$marker" fi - chown -R 1000:0 /workspace-volume + chown -R 1000:1000 /workspace-volume chmod -R g+rwX /workspace-volume volumeMounts: - name: data @@ -63,6 +85,7 @@ patches: imagePullPolicy: IfNotPresent securityContext: runAsUser: 1000 + runAsGroup: 1000 command: - code-server args: @@ -100,6 +123,14 @@ patches: nvidia.com/gpu: "{{ gpuCount }}" nvidia.com/gpumem: "{{ gpuMemoryMiB }}" volumeMounts: + - name: identity + mountPath: /etc/passwd + subPath: passwd + readOnly: true + - name: identity + mountPath: /etc/group + subPath: group + readOnly: true - name: data mountPath: /workspace - name: model-weights diff --git a/packages/code-server/post-renders/k3s-hami/kustomization.yaml b/packages/code-server/post-renders/k3s-hami/kustomization.yaml index d77dcd2..ccb49e2 100644 --- a/packages/code-server/post-renders/k3s-hami/kustomization.yaml +++ b/packages/code-server/post-renders/k3s-hami/kustomization.yaml @@ -31,18 +31,42 @@ patches: securityContext: fsGroup: 1000 volumes: + - name: identity + emptyDir: {} - name: data persistentVolumeClaim: claimName: "{{ name }}" - name: model-weights persistentVolumeClaim: claimName: "{{ name }}-weights" + initContainers: + - name: prepare-identity + image: harbor.bwgdi.com/library/earth2studio-demo:v6 + imagePullPolicy: IfNotPresent + command: + - /bin/bash + - -lc + args: + - | + set -euo pipefail + cp /etc/passwd /identity/passwd + cp /etc/group /identity/group + if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then + printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd + fi + if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then + printf 'coder:x:1000:\n' >> /identity/group + fi + volumeMounts: + - name: identity + mountPath: /identity containers: - name: code-server image: harbor.bwgdi.com/library/earth2studio-demo:v6 imagePullPolicy: IfNotPresent securityContext: runAsUser: 1000 + runAsGroup: 1000 command: - code-server args: @@ -80,6 +104,14 @@ patches: nvidia.com/gpu: "{{ gpuCount }}" nvidia.com/gpumem: "{{ gpuMemoryMiB }}" volumeMounts: + - name: identity + mountPath: /etc/passwd + subPath: passwd + readOnly: true + - name: identity + mountPath: /etc/group + subPath: group + readOnly: true - name: data mountPath: /workspace - name: model-weights