eliott/Olares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eade1b318ea2ab9a6a5de4e9e3d689d581da3877
Olares/apps/nitro/config/cluster/deploy/nitro_deploy.yaml
eball 31faed5bfb feat: force all pods running as user 1000 (#346) 
* feat: force all pods running as user 1000

* fix: run wise as root

* fix: remove orinx gpu

* download root change

* aria2-pro root change

* change aria2 security

---------

Co-authored-by: liuyu <>
Co-authored-by: simon <ljx1680535@163.com>
2024-08-19 20:45:31 +08:00

264 lines
6.5 KiB
YAML
Raw Blame History

{{ $nitro_appcache_rootpath := "/terminus/userdata/Cache/nitro" }}
{{ $client_id := randAlphaNum 8 }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nitro-nginx-config
namespace: {{ .Release.Namespace }}
annotations:
kubesphere.io/creator: bytetrade.io
data:
default.conf: |-
server {
listen 80;
server_name _;
location /nitro/model_server/ {
# proxy_pass http://127.0.0.1:3928/;
proxy_pass http://nitro:3928/;
include proxy.conf;
}
location /wasm/model_server/ {
proxy_pass http://nitro:8081/;
include proxy.conf;
}
location /nitro/ {
proxy_pass http://127.0.0.1:3900/;
include proxy.conf;
}
location / {
proxy_pass http://127.0.0.1:3900;
include proxy.conf;
}
}
nginx.conf: |-
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
client_max_body_size 15M;
include /etc/nginx/conf.d/*.conf;
}
proxy.conf: |-
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
---
kind: Service
apiVersion: v1
metadata:
name: nitro
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
ports:
- name: nginx-port
protocol: TCP
port: 80
targetPort: 80
- name: ui-port
protocol: TCP
port: 3900
targetPort: 3900
- name: nitro-port
protocol: TCP
port: 3928
targetPort: 3928
selector:
app: nitro
---
# create statefulset
apiVersion: apps/v1
kind: Deployment
metadata:
name: nitro
namespace: {{ .Release.Namespace }}
labels:
app: nitro
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: nitro
name: nitro
template:
metadata:
labels:
app: nitro
name: nitro
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
{{- if and .Values.gpu (not (eq .Values.gpu "none" )) }}
initContainers:
- name: init-data
image: busybox:1.28
securityContext:
privileged: true
runAsNonRoot: false
runAsUser: 0
volumeMounts:
- name: model-vol
mountPath: /model
- name: custom-model-config-vol
mountPath: /custom_model_config
- name: model-parent
mountPath: /model_parent
command:
- sh
- -c
- |
chown -R 1000:1000 /model_parent
{{- end }}
containers:
- name: nginx
image: 'beclab/nginx-lua:n0.0.4'
imagePullPolicy: IfNotPresent
securityContext:
runAsNonRoot: false
runAsUser: 0
ports:
- containerPort: 80
name: nginx-port
protocol: TCP
volumeMounts:
- name: nitro-nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
- name: nitro-nginx-config
mountPath: /etc/nginx/proxy.conf
subPath: proxy.conf
- name: nitro-nginx-config
mountPath: /etc/nginx/conf.d/default.conf
subPath: default.conf
{{- if and .Values.gpu (not (eq .Values.gpu "none" )) }}
- name: nitro
image: 'beclab/nitro:v0.0.10'
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
ports:
- name: nitro-port
containerPort: 3928
protocol: TCP
- name: ui-port
containerPort: 3900
protocol: TCP
env:
- name: DIFY_HOST
value: 'http://difyfusion'
- name: LLM_HOST
value: 'http://nitro'
- name: LOG_SIZE
value: '15M'
- name: LLM_UTIL
value: 'NITRO'
- name: PREFIX
value: '/nitro'
- name: NGL_VALUE
value: '33'
- name: C_VALUE
value: '1024'
- name: OTHER_VALUES
- name: PGID
value: '1000'
- name: PUID
value: '1000'
- name: TZ
value: Etc/UTC
{{- if (eq .Values.gpu "virtaitech" ) }}
- name: ORION_VGPU
value: "1"
- name: ORION_CLIENT_ID
value: {{ .Release.Namespace }}-{{ $client_id }}
- name: ORION_TASK_NAME
value: {{ .Release.Namespace }}-{{ $client_id }}-nitro
- name: ORION_GMEM
value: "8000"
- name: ORION_RESERVED
value: "0"
{{- end }}
resources:
limits:
{{ .Values.gpu }}.com/gpu: '1'
volumeMounts:
- name: model-vol
mountPath: /model
- name: custom-model-config-vol
mountPath: /custom_model_config
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullPolicy: IfNotPresent
{{- end }}
volumes:
- name: custom-model-config-vol
hostPath:
type: DirectoryOrCreate
path: {{ $nitro_appcache_rootpath }}/volumes/app/custom_model_config
- name: model-vol
hostPath:
type: DirectoryOrCreate
path: {{ $nitro_appcache_rootpath }}/volumes/app/model
- name: model-parent
hostPath:
type: DirectoryOrCreate
path: {{ $nitro_appcache_rootpath }}/volumes
- name: nitro-nginx-config
configMap:
name: nitro-nginx-config
items:
- key: nginx.conf
path: nginx.conf
- key: proxy.conf
path: proxy.conf
- key: default.conf
path: default.conf
defaultMode: 420
Reference in New Issue View Git Blame Copy Permalink