V1Environment

polyaxon.polyflow.environment.V1Environment(labels=None, annotations=None, node_selector=None, affinity=None, tolerations=None, node_name=None, service_account_name=None, host_aliases=None, security_context=None, image_pull_secrets=None, host_network=None, host_pid=None, dns_policy=None, dns_config=None, scheduler_name=None, priority_class_name=None, priority=None, restart_policy=None)

The environment section allows to alter the configuration of the runtime of your jobs, experiments, and services.

Based on this section you can define several information that will be injected into the pod running on Kubernetes, e.g. the node selector.

  • Args:

    • labels: Dict, optional
    • annotations: Dict, optional
    • node_selector: Dict, optional
    • affinity: V1Affinity, optional
    • tolerations: V1Affinity, optional
    • node_name: str, optional
    • service_account_name: str, optional
    • host_aliases: V1HostAlias, optional
    • security_context: V1SecurityContext, optional
    • image_pull_secrets: List[str], optional
    • host_network: bool, optional
    • host_pid: bool, optional
    • dns_policy: str, optional
    • dns_config: V1PodDNSConfig, optional
    • scheduler_name: str, optional
    • priority_class_name: str, optional
    • priority: int, optional
    • restart_policy: str, optional

YAML usage

environment:
  labels:
  annotations:
  nodeSelector:
  affinity:
  tolerations:
  nodeName:
  serviceAccountName:
  hostAliases:
  securityContext:
  imagePullSecrets:
  hostNetwork:
  hostPID:
  dnsPolicy:
  dnsConfig:
  schedulerName:
  priorityClassName:
  priority:
  restartPolicy:

Python usage

from polyaxon.polyflow import V1Environment
environment = V1Environment(
    labels={
        "key1" : "value1",
        "key2" : "value2"
    },
    annotations={
        "key1" : "value1",
        "key2" : "value2"
    },
    node_selector={
        "node_label": "node_value"
    },
    affinity=V1Affinity(...),
    tolerations=V1Affinity(...),
    node_name="name",
    service_account_name="name",
    host_aliases=V1HostAlias(...),
    security_context=V1SecurityContext(...),
    image_pull_secrets=["secret1", "secret2", ...],
    host_network=False,
    host_pid=False,
    dns_policy="Default",
    dns_config=V1PodDNSConfig(...),
    scheduler_name="name",
    priority_class_name="name",
    priority=0,
    restart_policy="Never",
)

Fields

labels

From Kubernetes docs

Labels are key/value pairs that are attached to objects, such as pods. Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system.

Polyaxon injects several labels to all operations it manages, users can leverage those labels or extend them.

environment:
  labels:
    key1: "label1"
    key2: "label2"

annotations

From Kubernetes docs

You can use Kubernetes annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata.

environment:
  annotations:
    key1: "value1"
    key2: "value2"

nodeSelector

From Kubernetes docs

nodeSelector is the simplest recommended form of node selection constraint. nodeSelector is a field of PodSpec. It specifies a map of key-value pairs. For the pod to be eligible to run on a node, the node must have each of the indicated key-value pairs as labels (it can have additional labels as well). The most common usage is one key-value pair.

environment:
  nodeSelector:
    node_label: node_value

affinity

From Kubernetes docs

The affinity/anti-affinity feature, greatly expands the types of constraints you can express.

The affinity to use for scheduling the job.

environment:
  affinity:
    podAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        ...

tolerations

From Kubernetes docs

Tolerations are applied to pods, and allow (but do not require) the pods to schedule onto nodes with matching taints.

environment:
  tolerations:
    - key: "key"
      operator: "Exists"
      effect: "NoSchedule"

nodeName

From Kubernetes docs

nodeName is the simplest form of node selection constraint, but due to its limitations it is typically not used. nodeName is a field of PodSpec. If it is non-empty, the scheduler ignores the pod and the kubelet running on the named node tries to run the pod. Thus, if nodeName is provided in the PodSpec, it takes precedence over the above methods for node selection.

environment:
  nodeName: kube-01

serviceAccountName

From Kubernetes docs

A service account provides an identity for processes that run in a Pod.

environment:
  serviceAccountName: build-robot

In order for the custom service account to function correctly with Polyaxon sidecars/initializers, we recommend to include these rules in your custom service accounts:

rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "watch", "list"]
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes", "apis"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["", "*"]
    resources: ["events", "pods/status", "pods/log"]
    verbs: ["watch", "get", "list"]

hostAliases

From Kubernetes docs

Adding entries to a Pod’s /etc/hosts file provides Pod-level override of hostname resolution when DNS and other options are not applicable. In 1.7, users can add these custom entries with the HostAliases field in PodSpec.

environment:
  hostAliases:
  - ip: "127.0.0.1"
    hostnames:
    - "foo.local"
    - "bar.local"

securityContext

From Kubernetes docs

A security context defines privilege and access control settings for a Pod or Container.

environment:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
    fsGroup: 2000

imagePullSecrets

From Kubernetes docs

ImagePullSecrets is a list of references to secrets in the same namespace to use for pulling any images in pods that reference this ServiceAccount. ImagePullSecrets are distinct from Secrets because Secrets can be mounted in the pod, but ImagePullSecrets are only accessed by the kubelet.

environment:
  imagePullSecrets: ['secret1', 'secret2']

hostNetwork

From Kubernetes docs

Controls whether the pod may use the node network namespace. Doing so gives the pod access to the loopback device, services listening on localhost, and could be used to snoop on network activity of other pods on the same node.

environment:
  hostNetwork: false

hostPID

From Kubernetes docs

Controls whether the pod containers can share the host process ID namespace. Note that when paired with ptrace this can be used to escalate privileges outside of the container (ptrace is forbidden by default).

environment:
  hostPID: false

dnsPolicy

From Kubernetes docs

Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'.

environment:
  dnsPolicy: ClusterFirst

dnsConfig

From Kubernetes docs

Pod’s DNS Config allows users more control on the DNS settings for a Pod.

environment:
  dnsConfig:
    nameservers:
      - 1.2.3.4
    searches:
      - ns1.svc.cluster-domain.example
      - my.dns.search.suffix
    options:
      - name: ndots
        value: "2"
      - name: edns0

schedulerName

From Kubernetes docs

If specified, the pod will be dispatched by the specified scheduler. Or it will be dispatched by workflow scope scheduler if specified. If neither specified, the pod will be dispatched by default scheduler.

environment:
  schedulerName: default-scheduler

priorityClassName

From Kubernetes docs

Pods can have priority. Priority indicates the importance of a Pod relative to other Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority Pods to make scheduling of the pending Pod possible.

environment:
  priorityClassName: high

priority

From Kubernetes docs

Pods can have priority. Priority indicates the importance of a Pod relative to other Pods. If a Pod cannot be scheduled, the scheduler tries to preempt (evict) lower priority Pods to make scheduling of the pending Pod possible.

environment:
  priority: 10

restartPolicy

From Kubernetes docs

A PodSpec has a restartPolicy field with possible values Always, OnFailure, and Never. The default value is Always.

environment:
  restartPolicy: Never