zero-to-jupyterhub-k8s
zero-to-jupyterhub-k8s copied to clipboard
jupyterhub
`singleuser: extraPodConfig:` does not get set by the helm chart
Bug description
I'm trying to set fsGroupChangePolicy: "OnRootMismatch" to the securityContext of my single user containers - as this is required by my cloud provider - like so:
singleuser:
extraPodConfig:
securityContext:
fsGroupChangePolicy: "OnRootMismatch"
However, it doesn't work and the value does not get set once a user starts a session.
Linking also the discourse post regarding this issue: https://discourse.jupyter.org/t/extrapodconfig-values-do-not-get-set/17868
Expected behavior
Once a user starts a notebook, the pod securityContext should contain the above value, like so:
kind: Pod
metadata:
name: user-pod
spec:
containers:
securityContext:
fsGroupChangePolicy: "OnRootMismatch"
Actual behavior
The value does not get set, instead, the standard values are applied, so the values fsGroupChangePolicy: "OnRootMismatch" does not get set at all.
How to reproduce
Default helm installation with just the above config set in it.
Your personal set up
- OS: default images (K8s helm installation)
- Version(s): zero-to-jupyterhub with jupyterhub official release 2.0.0 and 2.0.1-0.dev.git.5994.hdf257a2c both not working as expected
I'm using the terraform helm provider to install the chart but have also tried the same with a regular helm install.
Full environment
n/a
# paste output of `pip freeze` or `conda list` here
Configuration
default
# jupyterhub_config.py
Logs
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Any update on this? I've tried so many ways to get fsGroupChangePolicy set. The only way it works is if I have it in a yaml file that I manually start pods with, but that's not how our system works.
