Name code-server runtime user
This commit is contained in:
@ -31,6 +31,8 @@ patches:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
volumes:
|
||||
- name: identity
|
||||
emptyDir: {}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: "{{ name }}"
|
||||
@ -38,6 +40,26 @@ patches:
|
||||
persistentVolumeClaim:
|
||||
claimName: "{{ name }}-weights"
|
||||
initContainers:
|
||||
- name: prepare-identity
|
||||
image: harbor.bwgdi.com/library/earth2studio-demo:v4
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
- -lc
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
cp /etc/passwd /identity/passwd
|
||||
cp /etc/group /identity/group
|
||||
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then
|
||||
printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd
|
||||
fi
|
||||
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then
|
||||
printf 'coder:x:1000:\n' >> /identity/group
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: identity
|
||||
mountPath: /identity
|
||||
- name: seed-workspace
|
||||
image: harbor.bwgdi.com/library/earth2studio-demo:v4
|
||||
imagePullPolicy: IfNotPresent
|
||||
@ -52,7 +74,7 @@ patches:
|
||||
cp -an /workspace/. /workspace-volume/
|
||||
touch "$marker"
|
||||
fi
|
||||
chown -R 1000:0 /workspace-volume
|
||||
chown -R 1000:1000 /workspace-volume
|
||||
chmod -R g+rwX /workspace-volume
|
||||
volumeMounts:
|
||||
- name: data
|
||||
@ -63,6 +85,7 @@ patches:
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
command:
|
||||
- code-server
|
||||
args:
|
||||
@ -100,6 +123,14 @@ patches:
|
||||
nvidia.com/gpu: "{{ gpuCount }}"
|
||||
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
||||
volumeMounts:
|
||||
- name: identity
|
||||
mountPath: /etc/passwd
|
||||
subPath: passwd
|
||||
readOnly: true
|
||||
- name: identity
|
||||
mountPath: /etc/group
|
||||
subPath: group
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /workspace
|
||||
- name: model-weights
|
||||
|
||||
@ -31,18 +31,42 @@ patches:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
volumes:
|
||||
- name: identity
|
||||
emptyDir: {}
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: "{{ name }}"
|
||||
- name: model-weights
|
||||
persistentVolumeClaim:
|
||||
claimName: "{{ name }}-weights"
|
||||
initContainers:
|
||||
- name: prepare-identity
|
||||
image: harbor.bwgdi.com/library/earth2studio-demo:v6
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/bash
|
||||
- -lc
|
||||
args:
|
||||
- |
|
||||
set -euo pipefail
|
||||
cp /etc/passwd /identity/passwd
|
||||
cp /etc/group /identity/group
|
||||
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then
|
||||
printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd
|
||||
fi
|
||||
if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then
|
||||
printf 'coder:x:1000:\n' >> /identity/group
|
||||
fi
|
||||
volumeMounts:
|
||||
- name: identity
|
||||
mountPath: /identity
|
||||
containers:
|
||||
- name: code-server
|
||||
image: harbor.bwgdi.com/library/earth2studio-demo:v6
|
||||
imagePullPolicy: IfNotPresent
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
command:
|
||||
- code-server
|
||||
args:
|
||||
@ -80,6 +104,14 @@ patches:
|
||||
nvidia.com/gpu: "{{ gpuCount }}"
|
||||
nvidia.com/gpumem: "{{ gpuMemoryMiB }}"
|
||||
volumeMounts:
|
||||
- name: identity
|
||||
mountPath: /etc/passwd
|
||||
subPath: passwd
|
||||
readOnly: true
|
||||
- name: identity
|
||||
mountPath: /etc/group
|
||||
subPath: group
|
||||
readOnly: true
|
||||
- name: data
|
||||
mountPath: /workspace
|
||||
- name: model-weights
|
||||
|
||||
Reference in New Issue
Block a user