Documentation Index
Fetch the complete documentation index at: https://docs.coreweave.com/llms.txt
Use this file to discover all available pages before exploring further.
This page collects five complete profile configurations for common use cases, so you can start from a working example rather than build a profile template from scratch. Each example is a full POST /v1beta2/sandbox/profile-templates request body. Paste into curl -d after you set $TOKEN, then adjust the fields you need.
For field-by-field background, see Understanding profiles and the Profile reference.
GPU data-science workbench
A long-lived per-user sandbox with an H100, PyTorch preloaded, generous memory, and internet egress for pulling datasets and packages.
{
"profileTemplate": {
"displayName": "ds-gpu-h100",
"description": "Data-science workbench; H100, PyTorch, per-user namespace, internet egress",
"spec": {
"containerImage": "ghcr.io/myorg/python-ds:3.11-pytorch-2.3",
"runtimeClass": "kata-qemu-nvidia-gpu",
"resourceDefaults": {
"cpuRequest": "4",
"memoryRequest": "16Gi",
"cpuLimit": "8",
"memoryLimit": "32Gi"
},
"instanceTypes": ["h100"],
"nodeSelector": { "gpu": "h100" },
"namespaceConfigJson": "{\"strategy\":\"per-user\",\"namespacePrefix\":\"ds-\"}",
"networkConfigJson": "{\"egress\":{\"default\":\"internet\",\"modes\":{\"internet\":{\"type\":\"internet\"}}}}"
},
"labels": { "team": "ml", "gpu": "h100" }
}
}
CPU agent with allowlisted egress
A multi-tenant agent profile where each agent lands in its own user namespace, can reach only GitHub and the public npm or PyPI CDNs, and is Kata-isolated.
{
"profileTemplate": {
"displayName": "agent-allowlist",
"description": "Per-user agent sandbox with allowlisted egress and Kata isolation",
"spec": {
"runtimeClass": "kata-qemu",
"resourceDefaults": {
"cpuRequest": "1",
"memoryRequest": "2Gi",
"cpuLimit": "2",
"memoryLimit": "4Gi"
},
"namespaceConfigJson": "{\"strategy\":\"per-user\",\"namespacePrefix\":\"agent-\"}",
"networkConfigJson": "{\"egress\":{\"default\":\"allowlist\",\"modes\":{\"allowlist\":{\"type\":\"allowlist\",\"cidrs\":[\"140.82.112.0/20\",\"151.101.0.0/16\"]}}}}"
},
"labels": { "workload": "agent" }
}
}
Ephemeral CI runner
Short-lived, minimal resources, no persistent state, and restricted to a single CI namespace. No GPUs. gVisor is sufficient.
{
"profileTemplate": {
"displayName": "ci-test-runner",
"description": "Ephemeral CI test runner; minimal resources, CI-only namespace, restricted egress",
"spec": {
"runtimeClass": "gvisor",
"resourceDefaults": {
"cpuRequest": "250m",
"memoryRequest": "512Mi",
"cpuLimit": "1",
"memoryLimit": "2Gi"
},
"namespaceConfigJson": "{\"strategy\":\"static\",\"staticNamespace\":\"ci-sandboxes\",\"autoCreate\":false}",
"networkConfigJson": "{\"egress\":{\"default\":\"allowlist\",\"modes\":{\"allowlist\":{\"type\":\"allowlist\",\"cidrs\":[\"140.82.112.0/20\"]}}}}"
},
"labels": { "workload": "ci" }
}
}
Untrusted code execution
Defense-in-depth: Kata VM isolation, per-profile namespace, and zero egress.
{
"profileTemplate": {
"displayName": "untrusted-exec",
"description": "Untrusted code execution; full isolation and no network",
"spec": {
"runtimeClass": "kata-qemu",
"resourceDefaults": {
"cpuRequest": "500m",
"memoryRequest": "512Mi",
"cpuLimit": "2",
"memoryLimit": "2Gi"
},
"namespaceConfigJson": "{\"strategy\":\"per-profile\",\"namespacePrefix\":\"untrusted-\",\"labels\":{\"policy\":\"restricted\"}}",
"networkConfigJson": "{\"egress\":{\"default\":\"none\",\"modes\":{\"none\":{\"type\":\"none\"}}}}"
},
"labels": { "security": "untrusted" }
}
}
Long-running worker with internal service exposure
A background worker that should be reachable by other org sandboxes on a ClusterIP service, with internet egress for outbound API calls.
{
"profileTemplate": {
"displayName": "worker-internal-svc",
"description": "Long-running worker; internet egress + internal service exposure",
"spec": {
"containerImage": "ghcr.io/myorg/worker:latest",
"runtimeClass": "kata-qemu",
"resourceDefaults": {
"cpuRequest": "1",
"memoryRequest": "2Gi",
"cpuLimit": "4",
"memoryLimit": "8Gi"
},
"namespaceConfigJson": "{\"strategy\":\"per-org\"}",
"networkConfigJson": "{\"egress\":{\"default\":\"internet\",\"modes\":{\"internet\":{\"type\":\"internet\"}}},\"ingress\":{\"internal\":{\"scope\":\"org\",\"service\":{\"serviceType\":\"ClusterIP\"}}}}"
},
"labels": { "workload": "worker" }
}
}
Attach templates to a runner
A runner can bind multiple templates at once. The following runner hosts all five preceding profiles, with the CI template as the default:
{
"runnerId": "shared-runner-us-east-1",
"runner": {
"displayName": "Shared multi-profile runner (US East)",
"identity": {
"zone": "us-east-1",
"clusterId": "[YOUR-CKS-CLUSTER-ID]"
},
"managedSpec": { "releaseChannel": "RELEASE_CHANNEL_STABLE" },
"profileBindings": [
{ "profileTemplateId": "[CI-TEST-RUNNER-ID]", "isDefault": true },
{ "profileTemplateId": "[DS-GPU-H100-ID]", "profileName": "gpu" },
{ "profileTemplateId": "[AGENT-ALLOWLIST-ID]", "profileName": "agent" },
{ "profileTemplateId": "[UNTRUSTED-EXEC-ID]", "profileName": "untrusted" },
{ "profileTemplateId": "[WORKER-INTERNAL-SVC-ID]", "profileName": "worker" }
]
}
}
profileName (or get the ci-test-runner default).
Use binding overrides for per-runner tweaks
You can attach the same agent-allowlist template to two runners, but tune the allowlist per region with overridesJson:
Binding override: different allowlist per region
{
"profileTemplateId": "[AGENT-ALLOWLIST-ID]",
"profileName": "agent",
"overridesJson": "{\"networkConfigJson\":\"{\\\"egress\\\":{\\\"default\\\":\\\"allowlist\\\",\\\"modes\\\":{\\\"allowlist\\\":{\\\"type\\\":\\\"allowlist\\\",\\\"cidrs\\\":[\\\"140.82.112.0/20\\\",\\\"10.42.0.0/16\\\"]}}}}\"}"
}
networkConfigJson is itself a string field, and overridesJson is a string-encoded ProfileSpec that contains it. Prefer applying overrides at higher-level fields (nodeSelector, runtimeClass, and resourceDefaults) where they don’t require nested escaping.
See also
