From 13b0684cf6991a6704e4232bcbdb6b0f89f5163d Mon Sep 17 00:00:00 2001 From: Dinindu Senanayake <dinindusen@gmail.com> Date: Sun, 28 Jul 2024 18:19:15 +1200 Subject: [PATCH] disable escalated privileges --- vars/ondemand-config.yml.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vars/ondemand-config.yml.example b/vars/ondemand-config.yml.example index 748a636..cb19c85 100644 --- a/vars/ondemand-config.yml.example +++ b/vars/ondemand-config.yml.example @@ -118,12 +118,12 @@ ood_apps: k8s_container: ghcr.io/nesi/training-environment-jupyter-introduction-shell-app:v0.3.0 repo: https://github.com/nesi/training-environment-jupyter-introduction-shell-app.git version: 'v0.3.0' - enabled: true + enabled: false pre_pull: false # this is currently required for containers and nextflow apps to run properly (fakeroot) # Note: you should probably set to false unless you are running a containers workshop -enable_privileged_pods: true +enable_privileged_pods: false # pull the images defined in ood_apps onto all k8s worker nodes # Note: make sure the worker nodes have enough `worker_disksize` (especially if many apps are enabled)