in src/rest-server/src/models/v2/job/k8s.js [413:598]
name: convertName(taskRole),
taskNumber: config.taskRoles[taskRole].instances || 1,
task: {
retryPolicy,
podGracefulDeletionTimeoutSec:
launcherConfig.podGracefulDeletionTimeoutSec,
pod: {
metadata: {
labels: {
userName: jobInfo.userName,
virtualCluster: jobInfo.virtualCluster,
type: 'kube-launcher-task',
},
annotations: {
'container.apparmor.security.beta.kubernetes.io/app': 'unconfined',
'rest-server/port-scheduling-spec': JSON.stringify(randomPorts),
},
},
spec: {
privileged: false,
restartPolicy: 'Never',
serviceAccountName: 'runtime-account',
initContainers: [
{
name: 'init',
imagePullPolicy: 'Always',
image: launcherConfig.runtimeImage,
env: [
{
name: 'USER_CMD',
value: config.taskRoles[taskRole].entrypoint,
},
{
name: 'KUBE_APISERVER_ADDRESS',
value: apiserver.uri,
},
{
name: 'REST_SERVER_URI',
value: launcherConfig.restServerUri,
},
{
name: 'GANG_ALLOCATION',
value: gangAllocation,
},
...frameworkEnvList,
...taskRoleEnvList,
],
volumeMounts: [
{
name: 'pai-vol',
mountPath: '/usr/local/pai',
},
{
name: 'host-log',
subPath: `${jobInfo.userName}/${
jobInfo.logPathInfix
}/${convertName(taskRole)}`,
mountPath: '/usr/local/pai/logs',
},
{
name: 'job-exit-spec',
mountPath: '/usr/local/pai-config',
},
],
},
],
containers: [
{
name: 'app',
imagePullPolicy: 'Always',
image:
config.prerequisites.dockerimage[
config.taskRoles[taskRole].dockerImage
].uri,
command: ['/usr/local/pai/runtime'],
resources: {
limits: {
cpu: config.taskRoles[taskRole].resourcePerInstance.cpu,
memory: `${config.taskRoles[taskRole].resourcePerInstance.memoryMB}Mi`,
'github.com/fuse': 1,
[launcherConfig.defaultComputingDeviceType]:
config.taskRoles[taskRole].resourcePerInstance.gpu,
...(infinibandDevice && { 'rdma/hca': 1 }),
},
},
env: [
...frameworkEnvList,
...taskRoleEnvList,
// backward compatibility
{
name: 'PAI_TASK_INDEX',
valueFrom: {
fieldRef: {
fieldPath: `metadata.annotations['FC_TASK_INDEX']`,
},
},
},
],
securityContext: {
capabilities: {
add: ['SYS_ADMIN', 'IPC_LOCK', 'DAC_READ_SEARCH'],
drop: ['MKNOD'],
},
},
terminationMessagePath: '/tmp/pai-termination-log',
volumeMounts: [
{
name: 'dshm',
mountPath: '/dev/shm',
},
{
name: 'pai-vol',
mountPath: '/usr/local/pai',
},
{
name: 'host-log',
subPath: `${jobInfo.userName}/${
jobInfo.logPathInfix
}/${convertName(taskRole)}`,
mountPath: '/usr/local/pai/logs',
},
{
name: 'job-ssh-secret-volume',
readOnly: true,
mountPath: '/usr/local/pai/ssh-secret',
},
],
},
],
volumes: [
{
name: 'dshm',
emptyDir: {
medium: 'Memory',
sizeLimit: `${shmMB}Mi`,
},
},
{
name: 'pai-vol',
emptyDir: {},
},
{
name: 'host-log',
hostPath: {
path: `/var/log/pai`,
},
},
{
name: 'job-ssh-secret-volume',
secret: {
secretName: 'job-ssh-secret',
},
},
{
name: 'job-exit-spec',
configMap: {
name: 'runtime-exit-spec-configuration',
},
},
],
affinity: {
nodeAffinity: {
requiredDuringSchedulingIgnoredDuringExecution: {
nodeSelectorTerms: [
{
matchExpressions: [
{
key: 'pai-worker',
operator: 'In',
values: ['true'],
},
],
},
],
},
},
},
imagePullSecrets: [
{
name: launcherConfig.runtimeImagePullSecrets,
},
],
hostNetwork: true,
},
},
},