jos*_*ibe 4 docker kubernetes polynote
我希望运行Polynote,尤其是针对我的 Kubernetes 集群。不幸的是,我没有任何运气,错误消息并不是特别有用,而且据我所知,它已经足够新了,还没有一个参考 Kubernetes 配置可以用来完成这项工作。
使用下面的 YAML 文件,我可以成功启动它。但是,当我向前移植并尝试访问 pod 时,它使 pod 崩溃,然后重新启动,不幸的是Killed,我收到的错误消息是字面意思,这不是很有指导意义。我从裸 Docker 镜像开始,然后添加了他们在存储库中的 Docker 注释中建议的配置。
---
apiVersion: v1
kind: ConfigMap
metadata:
name: polynote-config
namespace: dev
labels:
app: polynote
data:
config.yml: |-
listen:
host: 0.0.0.0
storage:
dir: /opt/notebooks
mounts:
examples:
dir: examples
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: polynote
namespace: dev
spec:
replicas: 1
template:
metadata:
labels:
app: polynote
spec:
containers:
- name: polynote
image: polynote/polynote:latest
resources:
limits:
memory: "100Mi"
requests:
memory: "100Mi"
ports:
- containerPort: 8192
volumeMounts:
- name: config
mountPath: /opt/config/config.yml
readOnly: true
subPath: config.yml
volumes:
- name: config
configMap:
defaultMode: 0600
name: polynote-config
编辑:为清楚起见,以下是 pod 的完整日志记录:
[INFO] Loading configuration from config.yml
[INFO] Loaded configuration: PolynoteConfig(Listen(8192,127.0.0.1),Storage(tmp,notebooks,Map()),List(),List(),Map(),Map(),Behavior(true,Always,List()),Security(None),UI(/))
[WARN] Polynote allows arbitrary remote code execution, which is necessary for a notebook tool to function.
While we'll try to improve safety by adding security measures, it will never be completely safe to
run Polynote on your personal computer. For example:
- It's possible that other websites you visit could use Polynote as an attack vector. Browsing the web
while running Polynote is unsafe.
- It's possible that remote attackers could use Polynote as an attack vector. Running Polynote on a
computer that's accessible from the internet is unsafe.
- Even running Polynote inside a container doesn't guarantee safety, as there will always be
privilege escalation and container escape vulnerabilities which an attacker could leverage.
Please be diligent about checking for new releases, as they could contain fixes for critical security
flaws.
Please be mindful of the security issues that Polynote causes; consult your company's security team
before running Polynote. You are solely responsible for any breach, loss, or damage caused by running
this software insecurely.
[zio-default-async-1-1076496284] INFO org.http4s.blaze.channel.nio1.NIO1SocketServerGroup - Service bound to address /127.0.0.1:8192
[zio-default-async-1-1076496284] INFO org.http4s.server.blaze.BlazeServerBuilder -
_____ _ _
| __ \ | | | |
| |__) |__ | |_ _ _ __ ___ | |_ ___
| ___/ _ \| | | | | '_ \ / _ \| __/ _ \
| | | (_) | | |_| | | | | (_) | || __/
|_| \___/|_|\__, |_| |_|\___/ \__\___|
__/ |
|___/
Server running at http://127.0.0.1:8192
[zio-default-async-1-1076496284] INFO org.http4s.server.blaze.BlazeServerBuilder - http4s v0.20.6 on blaze v0.14.6 started at http://127.0.0.1:8192/
Killed
结果证明这个问题是两件事。首先,我设置的内存限制确实太低了。它需要大约 2 GB 的内存才能成功启动。其次,事实证明我没有为笔记本文件安装任何存储空间。
这是我提出的清单,它确实有效。我知道我为笔记本安装存储的方式可能不是最佳的,但现在我知道它正在工作,我觉得调整它很舒服。
---
apiVersion: v1
kind: ConfigMap
metadata:
name: polynote-config
namespace: dev
labels:
app: polynote
data:
config.yml: |-
listen:
host: 0.0.0.0
storage:
dir: /opt/notebooks
mounts:
examples:
dir: examples
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: polynote
namespace: dev
spec:
replicas: 1
template:
metadata:
labels:
app: polynote
spec:
containers:
- name: polynote
image: polynote/polynote:latest
resources:
limits:
memory: "2000Mi"
ephemeral-storage: "100Mi"
requests:
memory: "2000Mi"
ephemeral-storage: "100Mi"
ports:
- containerPort: 8192
volumeMounts:
- name: config
mountPath: /opt/config/config.yml
readOnly: true
subPath: config.yml
- name: data
mountPath: /opt/notebooks/
volumes:
- name: config
configMap:
defaultMode: 0600
name: polynote-config
- name: data
emptyDir: {}
| 归档时间: |
|
| 查看次数: |
373 次 |
| 最近记录: |