Name code-server runtime user
This commit is contained in:
@ -31,6 +31,8 @@ patches:
|
|||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: identity
|
||||||
|
emptyDir: {}
|
||||||
- name: data
|
- name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: "{{ name }}"
|
claimName: "{{ name }}"
|
||||||
@ -38,6 +40,26 @@ patches:
|
|||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: "{{ name }}-weights"
|
claimName: "{{ name }}-weights"
|
||||||
initContainers:
|
initContainers:
|
||||||
|
- name: prepare-identity
|
||||||
|
image: harbor.bwgdi.com/library/earth2studio-demo:v4
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -lc
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
set -euo pipefail
|
||||||
|
cp /etc/passwd /identity/passwd
|
||||||
|
cp /etc/group /identity/group
|
||||||
|
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then
|
||||||
|
printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd
|
||||||
|
fi
|
||||||
|
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then
|
||||||
|
printf 'coder:x:1000:\n' >> /identity/group
|
||||||
|
fi
|
||||||
|
volumeMounts:
|
||||||
|
- name: identity
|
||||||
|
mountPath: /identity
|
||||||
- name: seed-workspace
|
- name: seed-workspace
|
||||||
image: harbor.bwgdi.com/library/earth2studio-demo:v4
|
image: harbor.bwgdi.com/library/earth2studio-demo:v4
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
@ -52,7 +74,7 @@ patches:
|
|||||||
cp -an /workspace/. /workspace-volume/
|
cp -an /workspace/. /workspace-volume/
|
||||||
touch "$marker"
|
touch "$marker"
|
||||||
fi
|
fi
|
||||||
chown -R 1000:0 /workspace-volume
|
chown -R 1000:1000 /workspace-volume
|
||||||
chmod -R g+rwX /workspace-volume
|
chmod -R g+rwX /workspace-volume
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
@ -63,6 +85,7 @@ patches:
|
|||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
command:
|
command:
|
||||||
- code-server
|
- code-server
|
||||||
args:
|
args:
|
||||||
@ -100,6 +123,14 @@ patches:
|
|||||||
nvidia.com/gpu: "{{ gpuCount }}"
|
nvidia.com/gpu: "{{ gpuCount }}"
|
||||||
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: identity
|
||||||
|
mountPath: /etc/passwd
|
||||||
|
subPath: passwd
|
||||||
|
readOnly: true
|
||||||
|
- name: identity
|
||||||
|
mountPath: /etc/group
|
||||||
|
subPath: group
|
||||||
|
readOnly: true
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /workspace
|
mountPath: /workspace
|
||||||
- name: model-weights
|
- name: model-weights
|
||||||
|
|||||||
@ -31,18 +31,42 @@ patches:
|
|||||||
securityContext:
|
securityContext:
|
||||||
fsGroup: 1000
|
fsGroup: 1000
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: identity
|
||||||
|
emptyDir: {}
|
||||||
- name: data
|
- name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: "{{ name }}"
|
claimName: "{{ name }}"
|
||||||
- name: model-weights
|
- name: model-weights
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: "{{ name }}-weights"
|
claimName: "{{ name }}-weights"
|
||||||
|
initContainers:
|
||||||
|
- name: prepare-identity
|
||||||
|
image: harbor.bwgdi.com/library/earth2studio-demo:v6
|
||||||
|
imagePullPolicy: IfNotPresent
|
||||||
|
command:
|
||||||
|
- /bin/bash
|
||||||
|
- -lc
|
||||||
|
args:
|
||||||
|
- |
|
||||||
|
set -euo pipefail
|
||||||
|
cp /etc/passwd /identity/passwd
|
||||||
|
cp /etc/group /identity/group
|
||||||
|
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then
|
||||||
|
printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd
|
||||||
|
fi
|
||||||
|
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then
|
||||||
|
printf 'coder:x:1000:\n' >> /identity/group
|
||||||
|
fi
|
||||||
|
volumeMounts:
|
||||||
|
- name: identity
|
||||||
|
mountPath: /identity
|
||||||
containers:
|
containers:
|
||||||
- name: code-server
|
- name: code-server
|
||||||
image: harbor.bwgdi.com/library/earth2studio-demo:v6
|
image: harbor.bwgdi.com/library/earth2studio-demo:v6
|
||||||
imagePullPolicy: IfNotPresent
|
imagePullPolicy: IfNotPresent
|
||||||
securityContext:
|
securityContext:
|
||||||
runAsUser: 1000
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
command:
|
command:
|
||||||
- code-server
|
- code-server
|
||||||
args:
|
args:
|
||||||
@ -80,6 +104,14 @@ patches:
|
|||||||
nvidia.com/gpu: "{{ gpuCount }}"
|
nvidia.com/gpu: "{{ gpuCount }}"
|
||||||
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
- name: identity
|
||||||
|
mountPath: /etc/passwd
|
||||||
|
subPath: passwd
|
||||||
|
readOnly: true
|
||||||
|
- name: identity
|
||||||
|
mountPath: /etc/group
|
||||||
|
subPath: group
|
||||||
|
readOnly: true
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /workspace
|
mountPath: /workspace
|
||||||
- name: model-weights
|
- name: model-weights
|
||||||
|
|||||||
Reference in New Issue
Block a user