synpse.com

Application specification (API reference)

Example

Example of how your application deployment might look like:

name: redis-example-private
description: Multi-container redis example
scheduling:
  type: Conditional
  selectors:
    location: roof
spec:
  containers:
  - name: hello
    image: quay.io/synpse/hello-synpse-redis-go-private:latest
    # set user
    user: root
    # Registry authentication
    auth:
      username:  my_registry
      fromSecret: registry_secret
    # Enable GPUs
    gpus: all
    # Expose a port
    ports:
    - 8090:8090
    # Or set:
    # networkMode: host
    # Optionally mount tty devices into the container
    devices:
      - hostPath: /dev/ttyACM0
        containerPath: /dev/ttyACM0
    # Run container as privileged
    privileged: true
    # Add/drop capabilities
    capAdd:
      - SYS_ADMIN
    capDrop:
      - NET_RAW
    # Configure namespaced kernel parameters (sysctls)
    sysctl:
      "net.ipv4.conf.all.src_valid_mark": "1"
      "net.ipv4.ip_forward": "1"
    files:
      - filepath: /etc/my-app/config.conf
        contents: >
          config file contents here
  - name: redis
    image: docker.io/redis:latest
    # Mount a file type secret directly into 
    # the container
    secrets:
    - name: redis-config
      filepath: /path/to/config.yaml
    env:
    - name: REDIS_PASSWORD
      fromSecret: redis-password
    - name: RANDOM_KEY
      value: random-value
    # Mount a volume from the host machine
    volumes:
    - /tmp/redis:/data
    logging:
      driver: "syslog"
      # type: "your-type"
      # config:
      #  env: os,custom

Spec API

Field	Description	Type
name	Application name	string
description	Application description	string
type	Application type Options: container - container runtime	string
scheduling	Scheduling configuration	See Scheduling
spec	Application deployment specification	See Specification

Scheduling

Field Description Type

type

Field	Description	Type
type	Scheduling type Options: `NoDevices` - defaults when no type and no selectors are specified `AllDevices` - schedule on all available devices `Conditional` - defaults when no type but selectors are specified	string
selectors	Label based device selector use with Conditional type, where if label matches with device labels - application is scheduled.	key value pair

Scheduling type

Options:
NoDevices - defaults when no type and no selectors are specified

AllDevices - schedule on all available devices
Conditional - defaults when no type but selectors are specified

string

selectors Label based device selector use with Conditional type, where if label matches with device labels - application is scheduled. key value pair

Specification

Field	Description	Type
containers	List of containers specification	[]Container See Container
execs	List of exec specifications	[]Exec See Exec
selectors	Label based device selector use with Conditional type, where if label matches with device labels - application is scheduled.	key value pair

Field

Description

Type

containers

List of containers specification

[]Container

See Container

execs

List of exec specifications

[]Exec
See Exec

selectors

Label based device selector use with Conditional type, where if label matches with device labels - application is scheduled.

key value pair

Container

Field	Description	Type
Field	Description	Type
name	Container name	string
image	Image of the application Exampe: quay.io/synpse/hello-synpse:latest	string
args	Arguments to star the application	[]string
gpus	Expose GPUs to your application. Currently the only valid value is "all"	string
auth	Container registry authentication	See Auth
capAdd	Add Linux capabilities, for example: `capAdd: - NET_ADMIN`	[]string
capDrop	Remove Linux capabilities, for example: `capAdd: - MKNOD`	[]string
command	Command to execute inside the container	string
hostname	Container hostname inside the application. If multiple container provided, this acts as a local dns Default: If not specified is set to Name value	string
networkMode	Network mode for the application Options: host - host network isolated - isolated network bridge bridge - shared bridge for the application	string
ports	Port mapping for the application. Format: <host_port>:<container_port> Example: 8080:8080 - map port 8080 to container port 8080 8080 - same as above 8080:80 - host 8080 port to container port 80	[]string
forcePull	Boolean if image should be force pulled. Options: false - don't force pull (ignored if image tag is latest) true - always pull image
privileged	Run as privileged container	bool
imagePullTimeout	Image pull timeout Example: "8h"	duration
user	Sets the username or UID used and optionally the groupname or GID for the specified command. Example: user user:group uid uid:gid user:gid uid:group	string
volumes	Volumes to mount from device for persistence. Format: <hostpath>:<container_path> Example: /tmp/redis:/tmp	[]string
environment	List of environment variables to expose into container	[]Environment See Environment
secrets	Secrets to mount as files into the container	[]SecretRef See SecretRef

Exec

Field	Description	Type
name	Exec application name	string
command	Command to be executed Example: /usr/bin/firefox	string
args	Command arguments Example: - https://synpse.net - –kiosk	[]string
user	Unix uset to be used. User must exist. Default: root Example: demo .	string
ports	Port mapping for the application. Format: <host_port>:<exec_port> Example: 8080:8080 - map port 8080 to container port 8080 8080 - same as above 8080:80 - host 8080 port to container port 80	[]string
environment	List of environment variables to expose into container	[]Environment See Environment
secrets	Secrets to mount as files into the container	[]SecretRef See SecretRef

Auth

Field	Description	Type
username	Username for docker registry	string
password	Password for docker registry	string
fromSecret	Use secret value instead of specifying password in plain-text (recommended)	string
email	(Optional) Email used in authentication. Needed for some registries	string
serverAddress	(Optional) Server address for the registry. Needed for some registries	string

Synpse allows adding host device to the container, similarly how Docker API works. It is often necessary to directly expose devices to a container. The devices config enables that. For example, a specific block storage device or loop device or audio device can be added to an otherwise unprivileged container and have the application directly access it.

Field	Description	Type
hostPath	Path to the device on the host machine (for example /dev/ttyACM0)	string
containerPath	Path to the device on the container. Usually this would match the path on the host machine for easier configuration of your application.	string

Environment

Field	Description	Type
name	Name of the variable	string
value	Value of the variable	string
fromSecret	(optional) Secret name to used as value of the variable	string

Secret (file)

ℹ️ Info: Secrets has its own API. This documentation is here for convenience as it is very closely tied to Application API

Field	Description	Type
name	Secret name	string
filepath	Full path to the file which will have the secret contents written into it	string