mirror of
https://github.com/bitnami/charts.git
synced 2026-03-09 15:38:00 +08:00
[bitnami/pytorch] feat: ✨ Add support for PSA restricted policy (#20531)
Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
committed by
GitHub
GitHub
parent
783964021f
commit
a74999c09b
@@ -33,4 +33,4 @@ maintainers:
|
||||
name: pytorch
|
||||
sources:
|
||||
- https://github.com/bitnami/charts/tree/main/bitnami/pytorch
|
||||
version: 3.3.6
|
||||
version: 3.4.0
|
||||
|
||||
@@ -83,80 +83,83 @@ The command removes all the Kubernetes components associated with the chart and
|
||||
|
||||
### PyTorch parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
|
||||
| `image.registry` | PyTorch image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | PyTorch image repository | `REPOSITORY_NAME/pytorch` |
|
||||
| `image.digest` | PyTorch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | PyTorch image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `worldSize` | Number of nodes that will run the code | `1` |
|
||||
| `containerPorts.pytorch` | PyTorch master port. `MASTER_PORT` will be set to this value | `49875` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `true` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Pytorch pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Pytorch pods' Security Context fsGroup | `1001` |
|
||||
| `podSecurityContext.runAsUser` | Set Pytorch pods' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled Pytorch containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set Pytorch containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set Pytorch containers' Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set Pytorch containers' Security Context runAsNonRoot | `false` |
|
||||
| `resources.limits` | The resources limits for the Pytorch containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Pytorch containers | `{}` |
|
||||
| `entrypoint.file` | Main entrypoint to your application | `""` |
|
||||
| `entrypoint.args` | Args required by your entrypoint | `[]` |
|
||||
| `architecture` | Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` | `standalone` |
|
||||
| `hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `podLabels` | Extra labels for Pytorch pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Pytorch pods | `{}` |
|
||||
| `existingConfigmap` | Config map that contains the files you want to load in PyTorch | `""` |
|
||||
| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` |
|
||||
| `cloneFilesFromGit.repository` | Repository that holds the files | `""` |
|
||||
| `cloneFilesFromGit.revision` | Revision from the repository to checkout | `""` |
|
||||
| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
||||
| `updateStrategy.type` | Pytorch statefulset strategy type | `RollingUpdate` |
|
||||
| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` |
|
||||
| `priorityClassName` | Pytorch pods' priorityClassName | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) for Pytorch pods | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `lifecycleHooks` | for the Pytorch container(s) to automate configuration before or after startup | `{}` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Pytorch nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Pytorch nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Pytorch nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Pytorch pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pytorch container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Pytorch pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
|
||||
| Name | Description | Value |
|
||||
| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- |
|
||||
| `image.registry` | PyTorch image registry | `REGISTRY_NAME` |
|
||||
| `image.repository` | PyTorch image repository | `REPOSITORY_NAME/pytorch` |
|
||||
| `image.digest` | PyTorch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
|
||||
| `image.pullPolicy` | PyTorch image pull policy | `IfNotPresent` |
|
||||
| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` |
|
||||
| `worldSize` | Number of nodes that will run the code | `1` |
|
||||
| `containerPorts.pytorch` | PyTorch master port. `MASTER_PORT` will be set to this value | `49875` |
|
||||
| `livenessProbe.enabled` | Enable livenessProbe | `true` |
|
||||
| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
|
||||
| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` |
|
||||
| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
|
||||
| `readinessProbe.enabled` | Enable readinessProbe | `true` |
|
||||
| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` |
|
||||
| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` |
|
||||
| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` |
|
||||
| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
|
||||
| `startupProbe.enabled` | Enable startupProbe | `true` |
|
||||
| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` |
|
||||
| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` |
|
||||
| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` |
|
||||
| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` |
|
||||
| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
|
||||
| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
|
||||
| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
|
||||
| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
|
||||
| `podSecurityContext.enabled` | Enabled Pytorch pods' Security Context | `true` |
|
||||
| `podSecurityContext.fsGroup` | Set Pytorch pods' Security Context fsGroup | `1001` |
|
||||
| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` |
|
||||
| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
|
||||
| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` |
|
||||
| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` |
|
||||
| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` |
|
||||
| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` |
|
||||
| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
|
||||
| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
|
||||
| `resources.limits` | The resources limits for the Pytorch containers | `{}` |
|
||||
| `resources.requests` | The requested resources for the Pytorch containers | `{}` |
|
||||
| `entrypoint.file` | Main entrypoint to your application | `""` |
|
||||
| `entrypoint.args` | Args required by your entrypoint | `[]` |
|
||||
| `architecture` | Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` | `standalone` |
|
||||
| `hostAliases` | Deployment pod host aliases | `[]` |
|
||||
| `command` | Override default container command (useful when using custom images) | `[]` |
|
||||
| `args` | Override default container args (useful when using custom images) | `[]` |
|
||||
| `podLabels` | Extra labels for Pytorch pods | `{}` |
|
||||
| `podAnnotations` | Annotations for Pytorch pods | `{}` |
|
||||
| `existingConfigmap` | Config map that contains the files you want to load in PyTorch | `""` |
|
||||
| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` |
|
||||
| `cloneFilesFromGit.repository` | Repository that holds the files | `""` |
|
||||
| `cloneFilesFromGit.revision` | Revision from the repository to checkout | `""` |
|
||||
| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` |
|
||||
| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` |
|
||||
| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
|
||||
| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` |
|
||||
| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` |
|
||||
| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` |
|
||||
| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` |
|
||||
| `updateStrategy.type` | Pytorch statefulset strategy type | `RollingUpdate` |
|
||||
| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` |
|
||||
| `priorityClassName` | Pytorch pods' priorityClassName | `""` |
|
||||
| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
|
||||
| `schedulerName` | Name of the k8s scheduler (other than default) for Pytorch pods | `""` |
|
||||
| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` |
|
||||
| `lifecycleHooks` | for the Pytorch container(s) to automate configuration before or after startup | `{}` |
|
||||
| `extraEnvVars` | Array with extra environment variables to add to Pytorch nodes | `[]` |
|
||||
| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Pytorch nodes | `""` |
|
||||
| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Pytorch nodes | `""` |
|
||||
| `extraVolumes` | Optionally specify extra list of additional volumes for the Pytorch pod(s) | `[]` |
|
||||
| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pytorch container(s) | `[]` |
|
||||
| `sidecars` | Add additional sidecar containers to the Pytorch pod(s) | `[]` |
|
||||
| `initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` |
|
||||
|
||||
### Traffic Exposure Parameters
|
||||
|
||||
|
||||
@@ -165,24 +165,32 @@ customStartupProbe: {}
|
||||
## runAsUser: 1001
|
||||
## @param podSecurityContext.enabled Enabled Pytorch pods' Security Context
|
||||
## @param podSecurityContext.fsGroup Set Pytorch pods' Security Context fsGroup
|
||||
## @param podSecurityContext.runAsUser Set Pytorch pods' Security Context runAsUser
|
||||
##
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
runAsUser: 1001
|
||||
## Configure Container Security Context
|
||||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
|
||||
## @param containerSecurityContext.enabled Enabled Pytorch containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set Pytorch containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set Pytorch containers' Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set Pytorch containers' Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.enabled Enabled containers' Security Context
|
||||
## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
|
||||
## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
|
||||
## @param containerSecurityContext.privileged Set container's Security Context privileged
|
||||
## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
|
||||
## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
|
||||
## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
|
||||
## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
|
||||
##
|
||||
containerSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1001
|
||||
runAsNonRoot: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ["ALL"]
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
## Pytorch resource requests and limits
|
||||
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
|
||||
## @param resources.limits The resources limits for the Pytorch containers
|
||||
|
||||
Reference in New Issue
Block a user