Last active
October 4, 2023 22:37
-
-
Save tedhtchang/a5205a346bf7b1ab50f0633e792e4131 to your computer and use it in GitHub Desktop.
local_interactive_aw.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: workload.codeflare.dev/v1beta1 | |
kind: AppWrapper | |
metadata: | |
name: hfgputest-1 | |
namespace: default | |
spec: | |
priority: 9 | |
resources: | |
GenericItems: | |
- custompodresources: | |
- limits: | |
cpu: 2 | |
memory: 8G | |
nvidia.com/gpu: 0 | |
replicas: 1 | |
requests: | |
cpu: 2 | |
memory: 8G | |
nvidia.com/gpu: 0 | |
- limits: | |
cpu: 1 | |
memory: 4G | |
nvidia.com/gpu: 0 | |
replicas: 1 | |
requests: | |
cpu: 1 | |
memory: 4G | |
nvidia.com/gpu: 0 | |
generictemplate: | |
apiVersion: ray.io/v1alpha1 | |
kind: RayCluster | |
metadata: | |
labels: | |
appwrapper.mcad.ibm.com: hfgputest-1 | |
controller-tools.k8s.io: '1.0' | |
name: hfgputest-1 | |
namespace: default | |
spec: | |
autoscalerOptions: | |
idleTimeoutSeconds: 60 | |
imagePullPolicy: Always | |
resources: | |
limits: | |
cpu: 500m | |
memory: 512Mi | |
requests: | |
cpu: 500m | |
memory: 512Mi | |
upscalingMode: Default | |
enableInTreeAutoscaling: false | |
headGroupSpec: | |
rayStartParams: | |
block: 'true' | |
dashboard-host: 0.0.0.0 | |
num-gpus: '0' | |
serviceType: ClusterIP | |
template: | |
spec: | |
containers: | |
- env: | |
- name: MY_POD_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
- name: RAY_USE_TLS | |
value: '1' | |
- name: RAY_TLS_SERVER_CERT | |
value: /home/ray/workspace/tls/server.crt | |
- name: RAY_TLS_SERVER_KEY | |
value: /home/ray/workspace/tls/server.key | |
- name: RAY_TLS_CA_CERT | |
value: /home/ray/workspace/tls/ca.crt | |
image: quay.io/project-codeflare/ray:2.5.0-py38-cu116 | |
imagePullPolicy: Always | |
lifecycle: | |
preStop: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- ray stop | |
name: ray-head | |
ports: | |
- containerPort: 6379 | |
name: gcs | |
- containerPort: 8265 | |
name: dashboard | |
- containerPort: 10001 | |
name: client | |
resources: | |
limits: | |
cpu: 2 | |
memory: 8G | |
nvidia.com/gpu: 0 | |
requests: | |
cpu: 2 | |
memory: 8G | |
nvidia.com/gpu: 0 | |
volumeMounts: | |
- mountPath: /home/ray/workspace/ca | |
name: ca-vol | |
readOnly: true | |
- mountPath: /home/ray/workspace/tls | |
name: server-cert | |
readOnly: true | |
imagePullSecrets: [] | |
initContainers: | |
- command: | |
- sh | |
- -c | |
- cd /home/ray/workspace/tls && openssl req -nodes -newkey rsa:2048 | |
-keyout server.key -out server.csr -subj '/CN=ray-head' && printf | |
"authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nsubjectAltName | |
= @alt_names\n[alt_names]\nDNS.1 = 127.0.0.1\nDNS.2 = localhost\nDNS.3 | |
= ${FQ_RAY_IP}\nDNS.4 = $(awk 'END{print $1}' /etc/hosts)\nDNS.5 | |
= rayclient-hfgputest-1-$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).cataract1.fyre.ibm.com">./domain.ext | |
&& cp /home/ray/workspace/ca/* . && openssl x509 -req -CA ca.crt | |
-CAkey ca.key -in server.csr -out server.crt -days 365 -CAcreateserial | |
-extfile domain.ext | |
image: rayproject/ray:2.5.0 | |
name: create-cert | |
volumeMounts: | |
- mountPath: /home/ray/workspace/ca | |
name: ca-vol | |
readOnly: true | |
- mountPath: /home/ray/workspace/tls | |
name: server-cert | |
readOnly: false | |
volumes: | |
- name: ca-vol | |
optional: false | |
secret: | |
secretName: ca-secret-hfgputest-1 | |
- emptyDir: {} | |
name: server-cert | |
rayVersion: 2.5.0 | |
workerGroupSpecs: | |
- groupName: small-group-hfgputest-1 | |
maxReplicas: 1 | |
minReplicas: 1 | |
rayStartParams: | |
block: 'true' | |
num-gpus: '0' | |
replicas: 1 | |
template: | |
metadata: | |
annotations: | |
key: value | |
labels: | |
key: value | |
spec: | |
containers: | |
- env: | |
- name: MY_POD_IP | |
valueFrom: | |
fieldRef: | |
fieldPath: status.podIP | |
- name: RAY_USE_TLS | |
value: '1' | |
- name: RAY_TLS_SERVER_CERT | |
value: /home/ray/workspace/tls/server.crt | |
- name: RAY_TLS_SERVER_KEY | |
value: /home/ray/workspace/tls/server.key | |
- name: RAY_TLS_CA_CERT | |
value: /home/ray/workspace/tls/ca.crt | |
image: quay.io/project-codeflare/ray:2.5.0-py38-cu116 | |
lifecycle: | |
preStop: | |
exec: | |
command: | |
- /bin/sh | |
- -c | |
- ray stop | |
name: machine-learning | |
resources: | |
limits: | |
cpu: 1 | |
memory: 4G | |
nvidia.com/gpu: 0 | |
requests: | |
cpu: 1 | |
memory: 4G | |
nvidia.com/gpu: 0 | |
volumeMounts: | |
- mountPath: /home/ray/workspace/ca | |
name: ca-vol | |
readOnly: true | |
- mountPath: /home/ray/workspace/tls | |
name: server-cert | |
readOnly: true | |
imagePullSecrets: [] | |
initContainers: | |
- command: | |
- sh | |
- -c | |
- until nslookup $RAY_IP.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; | |
do echo waiting for myservice; sleep 2; done | |
image: busybox:1.28 | |
name: init-myservice | |
- command: | |
- sh | |
- -c | |
- cd /home/ray/workspace/tls && openssl req -nodes -newkey rsa:2048 | |
-keyout server.key -out server.csr -subj '/CN=ray-head' && printf | |
"authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nsubjectAltName | |
= @alt_names\n[alt_names]\nDNS.1 = 127.0.0.1\nDNS.2 = localhost\nDNS.3 | |
= ${FQ_RAY_IP}\nDNS.4 = $(awk 'END{print $1}' /etc/hosts)">./domain.ext | |
&& cp /home/ray/workspace/ca/* . && openssl x509 -req -CA ca.crt | |
-CAkey ca.key -in server.csr -out server.crt -days 365 -CAcreateserial | |
-extfile domain.ext | |
image: rayproject/ray:2.5.0 | |
name: create-cert | |
volumeMounts: | |
- mountPath: /home/ray/workspace/ca | |
name: ca-vol | |
readOnly: true | |
- mountPath: /home/ray/workspace/tls | |
name: server-cert | |
readOnly: false | |
volumes: | |
- name: ca-vol | |
optional: false | |
secret: | |
secretName: ca-secret-hfgputest-1 | |
- emptyDir: {} | |
name: server-cert | |
replicas: 1 | |
- generictemplate: | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
name: ray-dashboard-hfgputest-1 | |
namespace: default | |
spec: | |
rules: | |
- host: ray-dashboard-raytest.cataract1.fyre.ibm.com | |
http: | |
paths: | |
- backend: | |
service: | |
name: hfgputest-1-head-svc | |
port: | |
number: 8265 | |
path: / | |
pathType: Prefix | |
replicas: 1 | |
- generictemplate: | |
apiVersion: networking.k8s.io/v1 | |
kind: Ingress | |
metadata: | |
annotations: | |
kubernetes.io/ingress.class: nginx | |
nginx.ingress.kubernetes.io/ssl-passthrough: "true" | |
nginx.ingress.kubernetes.io/backend-protocol: "GRPC" | |
labels: | |
odh-ray-cluster-service: hfgputest-1-head-svc | |
name: rayclient-hfgputest-1 | |
namespace: default | |
spec: | |
rules: | |
- host: rayclient-hfgputest-1-default.cataract1.fyre.ibm.com | |
http: | |
paths: | |
- backend: | |
service: | |
name: hfgputest-1-head-svc | |
port: | |
number: 10001 | |
# tls: | |
# termination: passthrough | |
path: / | |
pathType: Prefix | |
replicas: 1 | |
- generictemplate: | |
apiVersion: v1 | |
data: | |
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNzRENDQVppZ0F3SUJBZ0lVVS9qKzhEeThrMnFwbFZnSk5GTEpRWDZYYVJzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0VqRVFNQTRHQTFVRUF3d0hjbTl2ZEMxallUQWVGdzB5TXpBNE1qRXhOekkwTXpsYUZ3MHlOREE0TWpFeApOekkwTXpsYU1CSXhFREFPQmdOVkJBTU1CM0p2YjNRdFkyRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRRGxkTnpRbU9SaUw2Mk13RlIyTERFN0lBejRlMzVEZG5ZdVNMNEJqdVRWeUlLRkw3c3YKbVh1UWFwbmNsWVhDMERHUktTL29QZnI0Qjl4Q0M3c1JBSW4waXpVUzlSbEU3UzE4NGhDTTZpYkFmSGR4MGF3dgp5QjJ6T0RoMkVaaFBPVUpCZzE1TEc1MEx2VnBGME1aWVFUc2luOW4vR2N2SytjL3d4WVNpTno1MnlObW5yN3F6CjNNbzFBd3UxZnRzWXF4aG5rUnRVUEdiRUJpL2QrbW1lbjd2VE1FZ0tYUiswM2ZuZk1aZWNiQms5Nm02RHdlZWsKV2syVGY2NTFVa0ZRcW44WkFXQUZCcVEzZnBrMnVZaktYdVB4b3JyakJHVEFJK2dnMlgxaHJXN0dnL3dSVXNocQpha0l0RWZjU0pRZmtWUWh0SHhYODBlajRoUXExNWhlYlZHUnZBZ01CQUFFd0RRWUpLb1pJaHZjTkFRRUxCUUFECmdnRUJBTi91NW9tcmNKQWZZTHVUZTdHVEtsVWdRSUJ3dTNXTjFFNFE0RXJKUm5RSDVzWjRSUW90MUlscG44MVAKVXZrMyt0cXRPcXlZNDA3MTFhZEg0bGVlVThXVUtVL3dweUtJVWNCdDlUMFRSZ0tXTGlIZ3FIZzZFdzdtdUNIOAp3K3ZvODRkbHRtaDhTMFhwK1VhbmpQQ0hRTlBvSGR4SVlNeXBJYTZ0dE92SjVUNm5TTHhGSFl6K3VPejJFYzR5ClZSRjNoQi9rTTQ0ajV5VnBvY2RUcnFjNlVFamprbGw1K3kwUDhWWEt0QXl4bFNNN05FWVpaRTBlbThQNDRrNXoKejlaUFVUM3NMd1dsZXlpRXA0ZGNFdURGSE41N0xnK0RDSUJKSWs3YVRhQlJHSGtEaHZ0QjM1UkZ3YVN3Um1ZZgpyME5qeVdUSCs2dkpTeE43SGxYMjdkcUhUL1k9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K | |
ca.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRGxkTnpRbU9SaUw2Mk0Kd0ZSMkxERTdJQXo0ZTM1RGRuWXVTTDRCanVUVnlJS0ZMN3N2bVh1UWFwbmNsWVhDMERHUktTL29QZnI0Qjl4QwpDN3NSQUluMGl6VVM5UmxFN1MxODRoQ002aWJBZkhkeDBhd3Z5QjJ6T0RoMkVaaFBPVUpCZzE1TEc1MEx2VnBGCjBNWllRVHNpbjluL0djdksrYy93eFlTaU56NTJ5Tm1ucjdxejNNbzFBd3UxZnRzWXF4aG5rUnRVUEdiRUJpL2QKK21tZW43dlRNRWdLWFIrMDNmbmZNWmVjYkJrOTZtNkR3ZWVrV2syVGY2NTFVa0ZRcW44WkFXQUZCcVEzZnBrMgp1WWpLWHVQeG9ycmpCR1RBSStnZzJYMWhyVzdHZy93UlVzaHFha0l0RWZjU0pRZmtWUWh0SHhYODBlajRoUXExCjVoZWJWR1J2QWdNQkFBRUNnZ0VBVGpkYjNpK0FDb2crSExDakdmVk9ndDBXRHMzcDZJMUZFOW53Q3cvdXFZRkUKSEtwOG9Ha3RXYms4NFppR2xEWHI3NU9lcFFnYnVOalZHQjV2a2dnZy9wOUZaRVR3YkRKOVF3aThvNHhkMFZlYwpUOHd0YWN4SmM0SkNuTnk2a3FidUV1NzVBWmxVRzJCY21WZmxoTWdYcEdIaEtiaGRZNzlzUnFMTjU0MzFXUC9SCkRtWkZFVDNpVlJ1ZlE3dHdXSUFzbS9DVWsza2Z4T1g0ZUhXMFVtcTNIR0VJeDhlZVpuMkhtM0tVeVBFZTZ0TDkKR2kxeE52V2twY2VPNGpsSjl4c1Y4UTlpY1dseitMYmNXelZDcVB3dThSSXhsM1BSZlp4YzF1ZUJkb0txMjNhYgpMdmp5cDJRTUdaYXNMbmhBZnEzYkR0RTZPNmxFdVp3MnByMXNPTERFd1FLQmdRRDI2SGtZMGRBemEvZytwcjVMClpUUnlsWmU3Szl1QUo3NmJsUUNLZE1WZFdROFJuZkxZOG1PQ0tud3NXazAyN2NwWDZGWTlNNzVFdUlGdjB1ZGYKdTdxbkR4SlJaaE9uUWMvaTRqMHFVcGdxZm5aUGFLQ3lHUk9wRXZLb3h0Slk0WHcvK0J5cGdERk9QYW9NUnpLdgo2eGk2U2tCS1ZvVFRScTl5VCs3RDNxaU55UUtCZ1FEdDUrRHNVL2RmRHhyTE8wWmIzQ2tybmdidi9tc0tIR3VMCnI0alVIWWlyZm1RVFdVdm9RK3hOaGt2bVBwMTgxSktYRXpXaGZ6NmZoMHJVcnovNXU3K3o5cDhJQXVBS28rQnUKNUdWS28vbjRtVmZBVGJwZGJOUkRhczg0WG55bFA2SWhKcStkdmdFc3pOdmRXWEw1YklqaENVbzV2WFJjMkwxQQp1VmZIdWZTY2R3S0JnRUorNVc0cnczaTEwVXQrT0syeGVlaUtKUzBCYU1JZzhoS1FsRzYxZUJubHpFc2dVTERnCnhxL2RwVWVFb2xyeXU1WGxPcVNNOU9jcEVhTCtGOVlPaHZ4SzhOSC9QYmZEMzZybzV6UW92bFpqYkpXQ1JoVHcKNy95TzM4OVlqSG5uY0VFQ0h5WC9Ja2hDRHpQelVORlQ3WHJ1V0ZZczZ1VERtcWljb2w4WjdpY1JBb0dBRjlwMgovOXNQWTNXVlB5bExUYXlPYURRcEIra2ZmRjBMSDI5VExjbGtTYVdialNFWDdrclpKNUMralhCYnhBZGdSMHVDCnhoV0hCdUcrekFKaVRMelpaTWJtZlJ3a3NJeHIxVktMSVdlOWlZSitmT2FPT0EzUVhvNFlCdFBhZFlzaXkyWWcKbDVWVWN0UjdldjhiK3d3NTBTNW9SYy9NR2Y4VlFxY1N1UkRaQ05NQ2dZRUE5aGZlYXJrSWVncjg1S3BqS3FFMwpobVo3dTFqYnU2ZWxwUHJaY0R3cDFoRGFWN2JDMGJWa1BtNllBdGVVdDdYTnhpdk92R3dVZGtWV3dFR25CUXExCnJaTlQrOGhtNHBBMldGbDBwOEd0Y1FpVjFlcnFsZHBRaGpBVFVmNGpuNnMwZEhNNzNUNHkwYkhkY3o4WWQzN1YKdTl6Vmg5aXM4ZFZCUmVWczVvdnFFTmc9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K | |
kind: Secret | |
metadata: | |
labels: | |
odh-ray-cluster-service: hfgputest-1-head-svc | |
name: ca-secret-hfgputest-1 | |
namespace: default | |
replicas: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment