jfraeysd/fetch_ml
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
fetch_ml/deployments/configs/worker/docker-hipaa.yaml
Jeremie Fraeys b3a0c78903
config: add Plugin GPU Quota, plugins, and audit logging to configs 
- Add Plugin GPU Quota config section to scheduler.yaml.example

- Add audit logging config to homelab-secure.yaml (HIPAA-compliant)

- Add Jupyter and vLLM plugin configs to all worker configs:

  - Security settings (passwords, trusted channels, blocked packages)

  - Resource limits (GPU, memory, CPU)

  - Model cache paths and quantization options for vLLM

- Disable plugins in HIPAA deployment mode for compliance

- Update deployments README with plugin services and GPU quotas
2026-02-26 14:34:42 -05:00

62 lines
1.7 KiB
YAML
Raw Blame History

# HIPAA compliance mode worker configuration
# Strict validation, no network, PHI protection
host: localhost
port: 22
user: hipaa-worker
base_path: /var/lib/fetchml/secure
train_script: train.py
# Redis configuration (must use env var for password)
redis_url: redis://redis:6379
redis_password: ${REDIS_PASSWORD}
# HIPAA mode - strict compliance
compliance_mode: hipaa
max_workers: 1
# Sandbox settings (strict isolation required by HIPAA)
sandbox:
# Network must be disabled for HIPAA compliance
network_mode: none
# Seccomp profile must be set
seccomp_profile: default-hardened
# No new privileges must be enforced
no_new_privileges: true
# Only approved secrets allowed (no PHI fields)
allowed_secrets:
- HF_TOKEN
- WANDB_API_KEY
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
# PHI fields are EXPLICITLY DENIED:
# - PATIENT_ID
# - SSN
# - MEDICAL_RECORD_NUMBER
# - DIAGNOSIS_CODE
# - DOB
# - INSURANCE_ID
# GPU configuration
gpu_vendor: none
# Artifact handling (strict limits for HIPAA)
max_artifact_files: 100
max_artifact_total_bytes: 104857600 # 100MB
# Provenance (strictly required for HIPAA)
provenance_best_effort: false
# SSH key must use environment variable
ssh_key: ${SSH_KEY_PATH}
# Config hash computation enabled (required for audit)
# This is automatically computed by Validate()
# Plugin Configuration (DISABLED for HIPAA compliance)
# Jupyter and vLLM services are disabled in HIPAA mode to ensure
# no unauthorized network access or data processing
plugins:
jupyter:
enabled: false # Disabled: HIPAA requires strict network isolation
vllm:
enabled: false # Disabled: External model downloads violate PHI controls
Reference in a new issue View git blame Copy permalink