Julius von Kohout

icon indicating a website link https://www.linkedin.com/in/juliusvonkohout

icon company Kubeflow Freelancer and DHL Data & Analytics Lead MLOps Engineer icon location Bonn icon location Kubeflow Freelancer and DHL Data & Analytics Lead MLOps Engineer

Results 571 comments of Julius von Kohout

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

@andreas-schliebitz you might want to check out https://github.com/kubeflow/manifests/pull/1875 if you are on Openshift. In the end I just wrote my own jupyterlab with code-server and RStudio all included in one...

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

Definitely for all,because it is not Openshift specific. On a plain Kubernetes with pod security policies you have exactly the same problem.

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

> So a workaround would be to add > > 1. securitycontext 1000:100 > 2. emptydir volume > 3. volume mount to /var/run/s6 > 4. S6_READ_ONLY_ROOT env > > as...

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

``` kind: Deployment apiVersion: apps/v1 metadata: annotations: deployment.kubernetes.io/revision: '1' name: test1 namespace: prod-1 spec: replicas: 1 selector: matchLabels: app: test1 template: metadata: labels: app: test1 sidecar.istio.io/inject: 'false' # it also...

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

> @juliusvonkohout Awesome, thanks for testing that. If you have the time and energy, could you also check if it breaks if you remove the `S6_READ_ONLY_ROOT=1` environment variable? Would like...

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

> Great, then the change necessary to the notebook-controller is very minimal. I'm not sure how the SCC / PSP can best be handled, as this would probably need to...

Jupyterlab, Rstudio and VSCode do not run as non root in Kubeflow 1.8

> @juliusvonkohout Are you in the Kubeflow Slack? I'd like to discuss and coordinate some things with you regarding this and similar problems when using OpenShift. No, how can i...

Kubeflow component integration with ML Metadata

i think it is very dangerous because MLMD is not yet separated per namespace https://github.com/kubeflow/pipelines/issues/4790. It will lower the security standards even more if more components break down the namespace...

Regression in 0.6

[buggy_pipeline.py_1.yaml.txt](https://github.com/kubeflow/kfp-tekton/files/5937377/buggy_pipeline.py_1.yaml.txt) [buggy_pipeline.py_2.yaml.txt](https://github.com/kubeflow/kfp-tekton/files/5937378/buggy_pipeline.py_2.yaml.txt) As you can see in the files, the workspace is missing

Regression in 0.6

> Looks like there's a bug with using newlines. This is fixed in the latest kfp code > [kubeflow/pipelines#4993](https://github.com/kubeflow/pipelines/pull/4993) > > For a quick fix, you can run `pip install...