EksContainerDefinitionProps

class aws_cdk.aws_batch.EksContainerDefinitionProps(*, image, args=None, command=None, cpu_limit=None, cpu_reservation=None, env=None, gpu_limit=None, gpu_reservation=None, image_pull_policy=None, memory_limit=None, memory_reservation=None, name=None, privileged=None, readonly_root_filesystem=None, run_as_group=None, run_as_root=None, run_as_user=None, volumes=None)

Bases: object

Props to configure an EksContainerDefinition.

Parameters:

  • image (ContainerImage) – The image that this container will run.

  • args (Optional[Sequence[str]]) – An array of arguments to the entrypoint. If this isn’t specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container’s environment. If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to “$(NAME1)” and the NAME1 environment variable doesn’t exist, the command string will remain “$(NAME1).” $$ is replaced with $, and the resulting string isn’t expanded. or example, $$(VAR_NAME) is passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists. Default: - no args

  • command (Optional[Sequence[str]]) – The entrypoint for the container. This isn’t run within a shell. If this isn’t specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container’s environment. If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to "$(NAME1)" and the NAME1 environment variable doesn’t exist, the command string will remain "$(NAME1)." $$ is replaced with $ and the resulting string isn’t expanded. For example, $$(VAR_NAME) will be passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists. The entrypoint can’t be updated. Default: - no command

  • cpu_limit (Union[int, float, None]) – The hard limit of CPUs to present to this container. Must be an even multiple of 0.25. If your container attempts to exceed this limit, it will be terminated. At least one of cpuReservation and cpuLimit is required. If both are specified, then cpuLimit must be at least as large as cpuReservation. Default: - No CPU limit

  • cpu_reservation (Union[int, float, None]) – The soft limit of CPUs to reserve for the container Must be an even multiple of 0.25. The container will given at least this many CPUs, but may consume more. At least one of cpuReservation and cpuLimit is required. If both are specified, then cpuLimit must be at least as large as cpuReservation. Default: - No CPUs reserved

  • env (Optional[Mapping[str, str]]) – The environment variables to pass to this container. Note: Environment variables cannot start with “AWS_BATCH”. This naming convention is reserved for variables that AWS Batch sets. Default: - no environment variables

  • gpu_limit (Union[int, float, None]) – The hard limit of GPUs to present to this container. If your container attempts to exceed this limit, it will be terminated. If both gpuReservation and gpuLimit are specified, then gpuLimit must be equal to gpuReservation. Default: - No GPU limit

  • gpu_reservation (Union[int, float, None]) – The soft limit of CPUs to reserve for the container Must be an even multiple of 0.25. The container will given at least this many CPUs, but may consume more. If both gpuReservation and gpuLimit are specified, then gpuLimit must be equal to gpuReservation. Default: - No GPUs reserved

  • image_pull_policy (Optional[ImagePullPolicy]) – The image pull policy for this container. Default: - ALWAYS if the :latest tag is specified, IF_NOT_PRESENT otherwise

  • memory_limit (Optional[Size]) – The amount (in MiB) of memory to present to the container. If your container attempts to exceed the allocated memory, it will be terminated. Must be larger that 4 MiB At least one of memoryLimit and memoryReservation is required Note: To maximize your resource utilization, provide your jobs with as much memory as possible for the specific instance type that you are using. Default: - No memory limit

  • memory_reservation (Optional[Size]) – The soft limit (in MiB) of memory to reserve for the container. Your container will be given at least this much memory, but may consume more. Must be larger that 4 MiB When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. At least one of memoryLimit and memoryReservation is required. If both are specified, then memoryLimit must be equal to memoryReservation Note: To maximize your resource utilization, provide your jobs with as much memory as possible for the specific instance type that you are using. Default: - No memory reserved

  • name (Optional[str]) – The name of this container. Default: : 'Default'

  • privileged (Optional[bool]) – If specified, gives this container elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation. Note: this is only compatible with Kubernetes < v1.25 Default: false

  • readonly_root_filesystem (Optional[bool]) – If specified, gives this container readonly access to its root file system. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation. Note: this is only compatible with Kubernetes < v1.25 Default: false

  • run_as_group (Union[int, float, None]) – If specified, the container is run as the specified group ID (gid). If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation. Note: this is only compatible with Kubernetes < v1.25 Default: none

  • run_as_root (Optional[bool]) – If specified, the container is run as a user with a uid other than 0. Otherwise, no such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation. Note: this is only compatible with Kubernetes < v1.25 Default: - the container is not required to run as a non-root user

  • run_as_user (Union[int, float, None]) – If specified, this container is run as the specified user ID (uid). This parameter maps to RunAsUser and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation. Note: this is only compatible with Kubernetes < v1.25 Default: - the user that is specified in the image metadata.

  • volumes (Optional[Sequence[EksVolume]]) – The Volumes to mount to this container. Automatically added to the Pod. Default: - no volumes

ExampleMetadata:

infused

Example:

job_defn = batch.EksJobDefinition(self, "eksf2",
    container=batch.EksContainerDefinition(self, "container",
        image=ecs.ContainerImage.from_registry("amazon/amazon-ecs-sample"),
        volumes=[batch.EksVolume.empty_dir(
            name="myEmptyDirVolume",
            mount_path="/mount/path",
            medium=batch.EmptyDirMediumType.MEMORY,
            readonly=True,
            size_limit=cdk.Size.mebibytes(2048)
        )]
    )
)

Attributes

args

An array of arguments to the entrypoint.

If this isn’t specified, the CMD of the container image is used. This corresponds to the args member in the Entrypoint portion of the Pod in Kubernetes. Environment variable references are expanded using the container’s environment. If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to “$(NAME1)” and the NAME1 environment variable doesn’t exist, the command string will remain “$(NAME1).” $$ is replaced with $, and the resulting string isn’t expanded. or example, $$(VAR_NAME) is passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists.

Default:

  • no args

See:

https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/

command

The entrypoint for the container.

This isn’t run within a shell. If this isn’t specified, the ENTRYPOINT of the container image is used. Environment variable references are expanded using the container’s environment. If the referenced environment variable doesn’t exist, the reference in the command isn’t changed. For example, if the reference is to "$(NAME1)" and the NAME1 environment variable doesn’t exist, the command string will remain "$(NAME1)." $$ is replaced with $ and the resulting string isn’t expanded. For example, $$(VAR_NAME) will be passed as $(VAR_NAME) whether or not the VAR_NAME environment variable exists.

The entrypoint can’t be updated.

Default:

  • no command

See:

https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#entrypoint

cpu_limit

The hard limit of CPUs to present to this container. Must be an even multiple of 0.25.

If your container attempts to exceed this limit, it will be terminated.

At least one of cpuReservation and cpuLimit is required. If both are specified, then cpuLimit must be at least as large as cpuReservation.

Default:

  • No CPU limit

See:

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

cpu_reservation

The soft limit of CPUs to reserve for the container Must be an even multiple of 0.25.

The container will given at least this many CPUs, but may consume more.

At least one of cpuReservation and cpuLimit is required. If both are specified, then cpuLimit must be at least as large as cpuReservation.

Default:

  • No CPUs reserved

See:

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

env

The environment variables to pass to this container.

Note: Environment variables cannot start with “AWS_BATCH”. This naming convention is reserved for variables that AWS Batch sets.

Default:

  • no environment variables

gpu_limit

The hard limit of GPUs to present to this container.

If your container attempts to exceed this limit, it will be terminated.

If both gpuReservation and gpuLimit are specified, then gpuLimit must be equal to gpuReservation.

Default:

  • No GPU limit

See:

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

gpu_reservation

The soft limit of CPUs to reserve for the container Must be an even multiple of 0.25.

The container will given at least this many CPUs, but may consume more.

If both gpuReservation and gpuLimit are specified, then gpuLimit must be equal to gpuReservation.

Default:

  • No GPUs reserved

See:

https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

image

The image that this container will run.

image_pull_policy

The image pull policy for this container.

Default:

  • ALWAYS if the :latest tag is specified, IF_NOT_PRESENT otherwise

See:

https://kubernetes.io/docs/concepts/containers/images/#updating-images

memory_limit

The amount (in MiB) of memory to present to the container.

If your container attempts to exceed the allocated memory, it will be terminated.

Must be larger that 4 MiB

At least one of memoryLimit and memoryReservation is required

Note: To maximize your resource utilization, provide your jobs with as much memory as possible for the specific instance type that you are using.

Default:

  • No memory limit

See:

https://docs.aws.amazon.com/batch/latest/userguide/memory-management.html

memory_reservation

The soft limit (in MiB) of memory to reserve for the container.

Your container will be given at least this much memory, but may consume more.

Must be larger that 4 MiB

When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first.

At least one of memoryLimit and memoryReservation is required. If both are specified, then memoryLimit must be equal to memoryReservation

Note: To maximize your resource utilization, provide your jobs with as much memory as possible for the specific instance type that you are using.

Default:

  • No memory reserved

See:

https://docs.aws.amazon.com/batch/latest/userguide/memory-management.html

name

The name of this container.

Default:

: 'Default'

privileged

If specified, gives this container elevated permissions on the host container instance.

The level of permissions are similar to the root user permissions.

This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation.

Note: this is only compatible with Kubernetes < v1.25

Default:

false

See:

https://kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems

readonly_root_filesystem

If specified, gives this container readonly access to its root file system.

This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation.

Note: this is only compatible with Kubernetes < v1.25

Default:

false

See:

https://kubernetes.io/docs/concepts/security/pod-security-policy/#volumes-and-file-systems

run_as_group

If specified, the container is run as the specified group ID (gid).

If this parameter isn’t specified, the default is the group that’s specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.

Note: this is only compatible with Kubernetes < v1.25

Default:

none

See:

https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

run_as_root

If specified, the container is run as a user with a uid other than 0.

Otherwise, no such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation.

Note: this is only compatible with Kubernetes < v1.25

Default:

  • the container is not required to run as a non-root user

See:

https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

run_as_user

If specified, this container is run as the specified user ID (uid).

This parameter maps to RunAsUser and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.

Note: this is only compatible with Kubernetes < v1.25

Default:

  • the user that is specified in the image metadata.

See:

https://kubernetes.io/docs/concepts/security/pod-security-policy/#users-and-groups

volumes

The Volumes to mount to this container.

Automatically added to the Pod.

Default:

  • no volumes

See:

https://kubernetes.io/docs/concepts/storage/volumes/