forked from NVIDIA/k8s-nim-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdeployment.yaml.j2
More file actions
57 lines (57 loc) · 1.71 KB
/
deployment.yaml.j2
File metadata and controls
57 lines (57 loc) · 1.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ deployment_name }}
namespace: {{ namespace }}
spec:
replicas: 1
selector:
matchLabels:
app: jupyter-notebook
template:
metadata:
labels:
app: jupyter-notebook
annotations:
openshift.io/scc: anyuid
spec:
serviceAccountName: jupyter
securityContext:
fsGroup: 2000 # Allows shared access to config volume for group ID 2000
initContainers:
- name: copy-notebook-config
image: busybox
command:
- sh
- -c
- |
[ ! -f /work/{{ config_name }} ] && cp /config/{{ config_name }} /work/{{ config_name }} && chmod 666 /work/{{ config_name }}
[ ! -f /work/{{ notebook_name }} ] && cp /config/{{ notebook_name }} /work/{{ notebook_name }} && chmod 666 /work/{{ notebook_name }}
volumeMounts:
- name: config-volume
mountPath: /config
- name: notebook-storage
mountPath: /work
containers:
- name: jupyter
image: jupyter/base-notebook:latest
ports:
- containerPort: 8888
env:
- name: JUPYTER_TOKEN
value: "{{ jupyter_token }}"
securityContext:
runAsUser: 1000
runAsGroup: 2000
runAsNonRoot: true
allowPrivilegeEscalation: false
volumeMounts:
- name: notebook-storage
mountPath: {{ mount_path }}
volumes:
- name: notebook-storage
persistentVolumeClaim:
claimName: {{ pvc_name }}
- name: config-volume
configMap:
name: notebook-config