Using Kubernetes resources for runs

This page describes the Kubernetes-related options you can pass to function.run() (or to task specs). To better understand the Kubernetes configuration options, refer to the Kubernetes documentation.

Quick checklist

You need to manage resource limits (more cpu/memory) -> Set resource requests/limits
You need a GPU -> Request a GPU profile
You need to mount a volume -> Declare a volume
You need to set environment variables -> Inject secrets and envs
You need to expose a service -> Configure service ports
You need to configure security settings -> Set security context
You need to scale your application -> Set replicas
You need to control pod placement -> Set node selector

Resources

Declare hardware requests/limits using the resources map. Supported keys: cpu and mem. Each is an object with optional requests and limits strings.

The SDK validates resource strings with a simple pattern (digits or digits+unit). Examples:

resources = {
    "cpu": {"requests": "2", "limits": "4"},
    "mem": {"requests": "4Gi", "limits": "8Gi"}
}

For GPU selection you need to use a profile (see below) depending on your cluster setup.

Profile

Profiles are templates administrators provide to request specific hardware (for example GPUs). Ask your administrator for available profiles.

# Request 1 GPU A100
profile = "1xa100"

Volumes

Supported volume types: persistent_volume_claim, empty_dir, ephemeral. Each volume requires volume_type, name, mount_path and optionally a spec.

Persistent volume claims (PVC)

Mount a PVC into the container by declaring a persistent_volume_claim volume and an optional spec.size.

volumes = [{
    "volume_type": "persistent_volume_claim",
    "name": "my-pvc",
    "mount_path": "/data",
    "spec": {"size": "1Gi"}
}]

EmptyDir

Use empty_dir for ephemeral in-memory or node-local storage. Provide spec.size_limit (optional) and spec.medium where supported.

volumes = [{
    "volume_type": "empty_dir",
    "name": "my-empty-dir",
    "mount_path": "/data",
    "spec": {"size_limit": "1Gi"}
}]

Ephemeral volumes

The SDK also supports ephemeral volumes (model name: SpecEphemeral). Use this when the runtime exposes ephemeral volume handling; spec.size is optional.

volumes = [{
    "volume_type": "ephemeral",
    "name": "tmp-ephemeral",
    "mount_path": "/tmp",
    "spec": {"size": "500Mi"}
}]

Secrets and Envs

Inject secret names into the pod environment via secrets (list of strings). It uses existing digitalhub Secrets as reference. Set environment variables as a list of {name, value} objects.

secrets = ["my-secret"]
envs = [{"name": "ENV_NAME", "value": "value"}]

Service port and type

Expose services using service_ports (list of {port, target_port}) and service_type (ClusterIP, LoadBalancer, NodePort, ExternalName).

service_ports = [{"port": 80, "target_port": 80}]
service_type = "NodePort"

Security context

Set run_as_user and run_as_group (integers) to control the UID/GID the container runs as. Set fs_group (integer) to control the GID for the filesystem.

run_as_user = 1000
run_as_group = 1000
fs_group = 1000

Replicas

Specify the number of replicas for pod/deployment (integer). Some runtimes use this to create a deployment instead of a single pod.

replicas = 3

Node selector

Request a node selector for the pod launched by the task. The SDK accepts a list of objects with key/value.

node_selector = [{"key": "kubernetes.io/arch", "value": "amd64"}]

Affinity

Please see Kubernetes documentation on affinity and anti-affinity.

Tolerations

Please see Kubernetes documentation on taints and tolerations.

Runtime class and priority class

TODO.