apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: "{{ namespace }}" resources: - rendered.yaml - weights-pvc.yaml patches: - target: group: apps version: v1 kind: Deployment name: "{{ name }}" patch: | apiVersion: apps/v1 kind: Deployment metadata: name: "{{ name }}" labels: app.kubernetes.io/component: ide app.kubernetes.io/part-of: ocdp-workload spec: template: metadata: labels: app.kubernetes.io/component: ide app.kubernetes.io/part-of: ocdp-workload spec: imagePullSecrets: - name: harbor-regcred schedulerName: hami-scheduler securityContext: fsGroup: 1000 volumes: - name: identity emptyDir: {} - name: data persistentVolumeClaim: claimName: "{{ name }}" - name: model-weights persistentVolumeClaim: claimName: "{{ name }}-weights" initContainers: - name: prepare-identity image: harbor.bwgdi.com/library/earth2studio-demo:v6 imagePullPolicy: IfNotPresent command: - /bin/bash - -lc args: - | set -euo pipefail cp /etc/passwd /identity/passwd cp /etc/group /identity/group if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/passwd; then printf 'coder:x:1000:1000:OCDP code-server user:/workspace:/bin/bash\n' >> /identity/passwd fi if ! awk -F: '$3 == 1000 { found=1 } END { exit !found }' /identity/group; then printf 'coder:x:1000:\n' >> /identity/group fi volumeMounts: - name: identity mountPath: /identity containers: - name: code-server image: harbor.bwgdi.com/library/earth2studio-demo:v6 imagePullPolicy: IfNotPresent securityContext: runAsUser: 1000 runAsGroup: 1000 command: - code-server args: - --bind-addr - 0.0.0.0:8080 - --auth - none - /workspace ports: - name: http containerPort: 8080 protocol: TCP env: - name: HOME value: /workspace - name: SHELL value: /bin/bash - name: XDG_CONFIG_HOME value: /workspace/.config - name: MODEL_ROOT value: /models readinessProbe: httpGet: path: /healthz port: http initialDelaySeconds: 5 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 resources: requests: cpu: "{{ cpuRequestMillicores }}m" memory: "{{ memoryRequestMiB }}Mi" limits: cpu: "{{ cpuLimitMillicores }}m" memory: "{{ memoryLimitMiB }}Mi" nvidia.com/gpu: "{{ gpuCount }}" nvidia.com/gpumem: "{{ gpuMemoryMiB }}" volumeMounts: - name: identity mountPath: /etc/passwd subPath: passwd readOnly: true - name: identity mountPath: /etc/group subPath: group readOnly: true - name: data mountPath: /workspace - name: model-weights mountPath: /models - target: version: v1 kind: Secret name: "{{ name }}" patch: | apiVersion: v1 kind: Secret metadata: name: "{{ name }}" labels: app.kubernetes.io/component: auth app.kubernetes.io/part-of: ocdp-workload annotations: {} type: Opaque data: password: dW51c2Vk - target: version: v1 kind: Service name: "{{ name }}" patch: | apiVersion: v1 kind: Service metadata: name: "{{ name }}" labels: app.kubernetes.io/component: ide app.kubernetes.io/part-of: ocdp-workload spec: type: NodePort ports: - name: http port: 80 targetPort: http protocol: TCP