-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathtako_vm.yaml.example
More file actions
137 lines (108 loc) · 5.04 KB
/
tako_vm.yaml.example
File metadata and controls
137 lines (108 loc) · 5.04 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Tako VM Configuration Example
# Copy this file to tako_vm.yaml and customize as needed.
# All values shown are defaults.
# =============================================================================
# Mode
# =============================================================================
# Strict mode requiring pre-built images for job types
production_mode: false
# =============================================================================
# Server
# =============================================================================
server_host: "0.0.0.0"
server_port: 8000
log_level: INFO # DEBUG, INFO, WARNING, ERROR, CRITICAL
# API protection (front-door safeguards)
api_max_payload_bytes: 2097152 # 2MB max HTTP request body (1KB-100MB)
api_rate_limit_enabled: true # Enable per-client-IP rate limiting
api_rate_limit_requests: 120 # Requests allowed per window (1-100000)
api_rate_limit_window_seconds: 60 # Rate limit window in seconds (1-3600)
# =============================================================================
# Workers & Queue
# =============================================================================
max_workers: 4 # Concurrent job workers (1-64)
max_queue_size: 100 # Max pending jobs (1-10000)
# =============================================================================
# Execution Limits
# =============================================================================
default_timeout: 30 # Default job timeout in seconds (1-3600)
max_timeout: 300 # Maximum allowed timeout (1-86400)
# =============================================================================
# Output Limits
# =============================================================================
max_stdout_bytes: 65536 # 64KB (1KB-100MB)
max_stderr_bytes: 65536 # 64KB (1KB-100MB)
max_artifact_bytes: 10485760 # 10MB per artifact (1KB-1GB)
max_total_artifacts_bytes: 52428800 # 50MB total (1KB-10GB)
# =============================================================================
# Input Limits
# =============================================================================
max_input_bytes: 1048576 # 1MB (1KB-100MB)
max_code_bytes: 102400 # 100KB (1KB-10MB)
# =============================================================================
# Docker & Security
# =============================================================================
docker_image: "code-executor:latest"
enable_seccomp: true # Use seccomp profile for syscall filtering
enable_userns: false # Run as non-root user (disable if using gosu)
# Container runtime: 'runsc' (gVisor) for strong isolation, 'runc' for standard Docker
# gVisor is REQUIRED by default for running untrusted code
container_runtime: runsc
# Security mode:
# - 'permissive' (default): Falls back to runc if gVisor is unavailable.
# - 'strict': Fails if gVisor is unavailable. Use this for production.
security_mode: permissive
# =============================================================================
# Container Resource Limits
# =============================================================================
container_limits:
pids_limit: 100 # Max processes (10-1000)
nofile_soft: 256 # File descriptors soft limit (64-65536)
nofile_hard: 256 # File descriptors hard limit (64-65536)
nproc_soft: 50 # Process limit soft (10-1000)
nproc_hard: 50 # Process limit hard (10-1000)
fsize: 104857600 # Max file size: 100MB (1MB-1GB)
tmpfs_size: "100m" # /tmp size (10m-2g)
# =============================================================================
# Paths
# =============================================================================
# data_dir: ~/.tako_vm # Data directory
# database_url: postgresql://postgres:postgres@localhost:5432/tako_vm
# seccomp_profile_path: null # Uses built-in profile
# =============================================================================
# Retry Configuration
# =============================================================================
max_retry_attempts: 2 # Retries for transient failures (1-10)
retry_base_delay: 1.0 # Base delay between retries in seconds (0.1-60)
# =============================================================================
# Retention
# =============================================================================
execution_record_ttl_days: 30 # Days to keep execution records (1-3650)
# =============================================================================
# Job Types
# =============================================================================
job_types:
# Data processing with pandas/numpy
- name: data-processing
requirements:
- pandas
- numpy
memory_limit: "1g"
cpu_limit: 2.0
timeout: 60
# ML inference
- name: ml-inference
requirements:
- numpy
- scikit-learn
memory_limit: "2g"
cpu_limit: 2.0
timeout: 120
# API client with network access
- name: api-client
requirements:
- requests
- httpx
network_enabled: true
memory_limit: "512m"
timeout: 30