跳转至

Container transforms(容器转换(Container transforms))

:::callout{theme="warning" title="Prerequisites"} The following documentation assumes working knowledge of containerized infrastructure and concepts like container images. If you are unfamiliar with these topics, we recommend reviewing the Docker overview documentation ↗. :::

Foundry interacts with containers pushed into the platform in two ways:

  1. Using the transforms sidecar decorator.
  2. Constructing and using container backed model assets.

In both use cases, the first step is to push the image into the Docker registry hosted within Foundry while following the image requirements listed below.

Image requirements

  1. The image has a numeric userID.

  2. The userID defined within the Dockerfile must be numeric and not '0'. Foundry does not allow commands to run within the container as the root user; '0' gets interpreted in some systems as zero, and non-numeric IDs can be set to function as root.

  3. For bring your own container transforms, the userID must be specifically '5001'.

  4. The image is built for linux/amd64 platform.

  5. Foundry supports the execution of containers built for this platform only. The default platform for Docker is linux, so add --platform linux/amd64 for the Docker build command ↗ to set the platform specifically.

  6. The image is pushed with digest or any tag other than latest.

  7. The executed Docker push command should specify the digest of the image or use a tag that is not latest. Foundry will not execute images tagged as latest since there is no mechanism to ensure any given image is actually the latest one.

  8. The maximum image layer size is less than ~10 GB.

  9. It is strongly recommended that each layer is smaller than ~10 GB. If your use case requires a larger layer size, contact your Palantir representative.

  10. Any ports exposed are between 1024 and 65535.

  11. Ports 0 through 1023 are well-known ports and as such are reserved for root. Foundry does not allow commands to run within the container as the root user; therefore, any ports specified in this range will not be available when the image is launched within Foundry.

  12. [Optional] The image has telemetry enabled.

  13. To enable telemetry logging from your container:

  14. The image must have a shell executable in /bin/sh.
  15. The image must support the shell commands set and tee.

中文翻译

容器转换(Container transforms)

:::callout{theme="warning" title="前提条件"} 以下文档假定您已掌握容器化基础设施和容器镜像(container images)等相关概念。如果您不熟悉这些主题,建议先查阅 Docker 概述文档 ↗。 :::

Foundry 通过两种方式与推送到平台中的容器进行交互:

  1. 使用 转换侧车装饰器(transforms sidecar decorator)
  2. 构建并使用 容器支持的模型资产(container backed model assets)

在这两种使用场景中,第一步都是按照下面列出的镜像要求,将镜像推送到 Foundry 内托管的 Docker 注册表(Docker registry)中。

镜像要求(Image requirements)

  1. 镜像必须包含数字类型的 userID

  2. Dockerfile 中定义的 userID 必须为数字且不能为 '0'。Foundry 不允许以 root 用户身份在容器内运行命令;在某些系统中,'0' 会被解释为零,而非数字 ID 可能被设置为以 root 身份运行。

  3. 对于 自带容器转换(bring your own container transforms)userID 必须为 '5001'。

  4. 镜像必须为 linux/amd64 平台构建。

  5. Foundry 仅支持执行为此平台构建的容器。Docker 的默认平台为 linux,因此请在 Docker 构建命令 ↗ 中添加 --platform linux/amd64 以明确指定平台。

  6. 推送镜像时必须使用 digest 或除 latest 之外的任何标签。

  7. 执行 Docker 推送命令时,应指定镜像的摘要(digest)或使用非 latest 的标签。Foundry 不会执行标记为 latest 的镜像,因为没有任何机制能确保某个给定镜像确实是最新版本。

  8. 镜像层的最大大小应小于约 10 GB。

  9. 强烈建议每个镜像层的大小小于约 10 GB。如果您的使用场景需要更大的层大小,请联系您的 Palantir 代表。

  10. 任何暴露的端口必须在 1024 到 65535 之间。

  11. 0 到 1023 端口是知名端口(well-known ports),因此保留给 root 使用。Foundry 不允许以 root 用户身份在容器内运行命令;因此,当镜像在 Foundry 中启动时,此范围内的任何端口都将不可用。

  12. [可选] 镜像已启用遥测功能(telemetry)。

  13. 要从容器中启用遥测日志记录:

  14. 镜像必须在 /bin/sh 中包含可执行的 shell。
  15. 镜像必须支持 settee 这两个 shell 命令。