V1Environment
polyaxon._flow.environment.V1Environment()
The environment section allows to alter the configuration of the runtime of your jobs, experiments, and services.
Based on this section you can define several information that will be injected into the pod running on Kubernetes, e.g. the node selector.
- Args:
- labels: Dict, optional
- annotations: Dict, optional
- node_selector: Dict, optional
- affinity: V1Affinity, optional
- tolerations: List[V1Toleration], optional
- node_name: str, optional
- service_account_name: str, optional
- host_aliases: V1HostAlias, optional
- security_context: V1SecurityContext, optional
- image_pull_secrets: List[str], optional
- host_network: bool, optional
- host_pid: bool, optional
- dns_policy: str, optional
- dns_config: V1PodDNSConfig, optional
- scheduler_name: str, optional
- priority_class_name: str, optional
- priority: int, optional
- restart_policy: str, optional
YAML usage
environment:
labels:
annotations:
nodeSelector:
affinity:
tolerations:
nodeName:
serviceAccountName:
hostAliases:
securityContext:
imagePullSecrets:
hostNetwork:
hostPID:
dnsPolicy:
dnsConfig:
schedulerName:
priorityClassName:
priority:
restartPolicy:
Python usage
from polyaxon.schemas import V1Environment
from polyaxon import k8s
environment = V1Environment(
labels={
"key1" : "value1",
"key2" : "value2"
},
annotations={
"key1" : "value1",
"key2" : "value2"
},
node_selector={
"node_label": "node_value"
},
affinity=k8s_schemas.V1Affinity(...),
tolerations=k8s_schemas.V1Affinity(...),
node_name="name",
service_account_name="name",
host_aliases=k8s_schemas.V1HostAlias(...),
security_context=k8s_schemas.V1SecurityContext(...),
image_pull_secrets=["secret1", "secret2", ...],
host_network=False,
host_pid=False,
dns_policy="Default",
dns_config=k8s_schemas.V1PodDNSConfig(...),
scheduler_name="name",
priority_class_name="name",
priority=0,
restart_policy="Never",
)
Fields
labels
From Kubernetes docs
Labels are key/value pairs that are attached to objects, such as pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system.
Polyaxon injects several labels to all operations it manages, users can leverage those labels or extend them.
environment:
labels:
key1: "label1"
key2: "label2"
annotations
From Kubernetes docs
You can use Kubernetes annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata.
environment:
annotations:
key1: "value1"
key2: "value2"
nodeSelector
From Kubernetes docs
nodeSelector is the simplest recommended form of node selection constraint. nodeSelector is a field of PodSpec. It specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). The most common usage is one key-value pair.
environment:
nodeSelector:
node_label: node_value
affinity
From Kubernetes docs
The affinity/anti-affinity feature, greatly expands the types of constraints you can express.
The affinity to use for scheduling the job.
environment:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
...
tolerations
From Kubernetes docs
Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.
environment:
tolerations:
- key: "key"
operator: "Exists"
effect: "NoSchedule"
nodeName
From Kubernetes docs
nodeName is the simplest form of node selection constraint, but due to its limitations it is typically not used. nodeName is a field of PodSpec. If it is non-empty, the scheduler ignores the pod and the kubelet running on the named node tries to run the pod. Thus, if nodeName is provided in the PodSpec, it takes precedence over the above methods for node selection.
environment:
nodeName: kube-01
serviceAccountName
From Kubernetes docs
A service account provides an identity for processes that run in a Pod.
environment:
serviceAccountName: build-robot
In order for the custom service account to function correctly with Polyaxon sidecars/initializers, we recommend to include these rules in your custom service accounts:
rules:
- apiGroups: [""]
resources: ["pods", "services", "events", "pods/status", "pods/log"]
verbs: ["get", "watch", "list"]
- apiGroups: ["metrics.k8s.io"]
resources: ["pods", "nodes"]
verbs: ["get", "list", "watch"]
- apiGroups: ["core.polyaxon.com"]
resources: ["operations"]
verbs: ["get", "watch", "list"]
hostAliases
From Kubernetes docs
Adding entries to a Pod’s /etc/hosts file provides Pod-level override of hostname resolution when DNS and other options are not applicable. In 1.7, users can add these custom entries with the HostAliases field in PodSpec.
environment:
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "foo.local"
- "bar.local"
securityContext
From Kubernetes docs
A security context defines privilege and access control settings for a Pod or Container.
environment:
securityContext:
runAsUser: 1000
runAsGroup: 3000
runAsNonRoot: true
imagePullSecrets
From Kubernetes docs
ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.
environment:
imagePullSecrets: ['secret1', 'secret2']
hostNetwork
From Kubernetes docs
Controls whether the pod may use the node network namespace. Gives the pod access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node.
environment:
hostNetwork: false
hostPID
From Kubernetes docs
Controls whether the pod containers can share the host process ID namespace. Note that when paired with ptrace this can be used to escalate privileges outside of the container (ptrace is forbidden by default).
environment:
hostPID: false
dnsPolicy
From Kubernetes docs
Set DNS policy for the pod. Defaults to “ClusterFirst”. Valid values are ‘ClusterFirstWithHostNet’, ‘ClusterFirst’, ‘Default’ or ‘None’. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to ‘ClusterFirstWithHostNet’.
environment:
dnsPolicy: ClusterFirst
dnsConfig
From Kubernetes docs
Pod’s DNS Config allows users more control on the DNS settings for a Pod.
environment:
dnsConfig:
nameservers:
- 1.2.3.4
searches:
- ns1.svc.cluster-domain.example
- my.dns.search.suffix
options:
- name: ndots
value: "2"
- name: edns0
schedulerName
From Kubernetes docs
If specified, the pod will be dispatched by the specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.
environment:
schedulerName: default-scheduler
priorityClassName
From Kubernetes docs
Pods can have priority. Priority indicates the importance of a Pod relative to other Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority Pods to make scheduling of the pending Pod possible.
environment:
priorityClassName: high
priority
From Kubernetes docs
Pods can have priority. Priority indicates the importance of a Pod relative to other Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority Pods to make scheduling of the pending Pod possible.
environment:
priority: 10
restartPolicy
From Kubernetes docs
A PodSpec has a restartPolicy field with possible values Always, OnFailure, and Never. The default value is Always.
environment:
restartPolicy: Never