forked from guysalton21/security-best-practices-ai-k8s
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pod-bob.yaml
39 lines (39 loc) · 869 Bytes
/
pod-bob.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
apiVersion: v1
kind: Pod
metadata:
name: tensorflow-notebook
namespace: bob
spec:
securityContext:
runAsNonRoot: true
runAsUser: 501
seccompProfile:
type: RuntimeDefault
containers:
- name: tensorflow-notebook
image: jupyter/tensorflow-notebook:tensorflow-2.4.3
command:
- "sleep"
- "infinity"
workingDir: /
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /workspace/mydir
name: bob-nfs
- mountPath: /home/bob
name: bob-home-dir
env:
- name: "HOME"
value: /home/bob
nodeSelector:
resourcetype: gpu
volumes:
- name: bob-nfs
persistentVolumeClaim:
claimName: nfs-pvc-bob
- name: bob-home-dir
emptyDir: {}