From 990c318452e53966027962609bd4b28b843843a9 Mon Sep 17 00:00:00 2001 From: Joseffus Santos Date: Tue, 19 Nov 2024 21:36:53 -0600 Subject: [PATCH] 462 nachet detector command args (#473) * 462 nachet detector command args fix security context --- .../base/nachet-rcnn-model-deployment.yaml | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml b/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml index e5053b6e..0df089d2 100644 --- a/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml +++ b/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml @@ -19,15 +19,6 @@ spec: labels: app: nachet-rcnn-detector spec: - securityContext: - runAsNonRoot: false - runAsUser: 1000 - runAsGroup: 1000 - readOnlyRootFilesystem: false - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: @@ -51,7 +42,7 @@ spec: image: ghcr.io/ai-cfia/nachet-backend:29-azureml-seed-detector imagePullPolicy: Always command: ["/bin/sh", "-c"] - args: ['azmlinfsrv --entry_script /app/scoring_file_v_1_0_0.py'] + args: ['cp -r /project/* /app/ && azmlinfsrv --entry_script /artifacts/scoring_file_v_1_0_0.py'] envFrom: - secretRef: name: nachet-rcnn-detector-secrets @@ -61,7 +52,7 @@ spec: - name: logs mountPath: /app/logs - name: tmp - mountPath: /tmp + mountPath: /app livenessProbe: httpGet: path: /score @@ -76,7 +67,10 @@ spec: cpu: "500m" memory: "2Gi" securityContext: - readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 1000 + runAsGroup: 1000 + readOnlyRootFilesystem: false allowPrivilegeEscalation: false capabilities: drop: