Kubernetes Setup (Alice O2)

The following two things differ for each user and thus cannot be part of the container:

• ssh keys
• git config

The kubernetes naative solution for these are secrets and config maps. They are created by the following terminal commands.

• kubectl create secret generic ssh-secret --type=kubernetes.io/ssh-auth --from-file=ssh-privatekey=$HOME/.ssh/id_ecdsa
• kubectl create configmap gitconfig --from-file=.gitconfig=/path/to/gitconfig

where "/path/to/gitconfig" is a file containing the git config. Then we can "kubectl apply" the following yaml file:

apiVersion: v1
kind: Pod
metadata:
  name: o2-standalone
spec:
  containers:
  - name: o2-standalone
    image: oliverrietmann/o2-standalone:latest
    command: ["sh", "-c", "cp /root/secret/ssh-privatekey /root/.ssh/id_ecdsa && sleep infinity"]
    resources:
      limits:
        nvidia.com/gpu: 1
    securityContext:
      runAsUser: 0
      runAsGroup: 0
    volumeMounts:
    - name: ssh-volume
      mountPath: /root/secret
    - name: gitconfig
      mountPath: /root/.gitconfig
      subPath: .gitconfig
    - name: o2-alice-volume
      mountPath: /root/alice
    - name: o2-standalone-volume
      mountPath: /root/standalone
  volumes:
  - name: ssh-volume
    secret:
      secretName: ssh-secret
      defaultMode: 0600
  - name: gitconfig
    configMap:
      name: gitconfig
  - name: o2-alice-volume
    persistentVolumeClaim:
      claimName: o2-alice-pvc
  - name: o2-standalone-volume
    persistentVolumeClaim:
      claimName: o2-standalone-pvc
  nodeSelector:
    nvidia.com/gpu.product: NVIDIA-H100-NVL

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: o2-alice-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
  storageClassName: shared

---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: o2-standalone-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: shared