-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
container has runAsNonRoot and image will run as root #31
Comments
Ah, that's strange - we do set UID to be non root in the dockerfile, but that doesn't seem to pass through here. We could set runAsUser explicitly to 1000 in https://github.com/yuvipanda/jupyterhub-ssh/blob/main/helm-chart/jupyterhub-ssh/templates/ssh/deployment.yaml#L36 to fix that. Would love if you could make a PR :D |
I assume that runAsNonRoot as a pod security policy doesn't know that the container will start as non-root, and requires it to be explicitly set. I suggest a containerSecurityContext configuration option is added , of which runAsUser is a k8s native option that can be set in the default values.yaml. |
containerSecurityContext:
runAsUser: 1000 like this? |
@yobome yepp like that. As this Helm chart contain two separate k8s Deployments with their associated pods, could you add the logic for both?
|
That's why I love open source :) 😄, thanks for guiding me. (Actually I don't quite understand what "Bonus" means because of my English. I mean that I know what "bonus" is, but I don't know what this word means in your context. I'm still new to this project, but I'll try to make a PR if I could. Thank you all again. 👍 |
I'm not an english native myself either, I'm not sure it is a sensible way to use the word "bonus" like that ;D What I meant with I appreciate your positive spirit @yobome, thanks for your contributions ❤️ 🎉! |
I tried these:
containerSecurityContext:
runAsUser: 1000
{{- with .Values.ssh.containerSecurityContext }}
securityContext:
{{- . | toYaml | trimSuffix "\n" | nindent 12 }}
{{- end }} before last line both in sftp and ssh deployment.yaml But still Sad :( |
@yobome if you run your |
When I'm debugging rendering of templates, I typically do...
|
First I tried
and I get an Error:
Refer to this issue #24 , I tried to git clone the repo to my host and use this command:
(I changed sftp.enable to false in "values.yaml")
and I get this:
then I check the pod and get the Error event:
I think the user should not be given root privileges in jhub pod, what should I do?
I would appreciate it if you could help me.😄
The text was updated successfully, but these errors were encountered: