Add `capabilities`/`privileged` to build container to support running on K8s without Docker - Githubissues

jupyterhub / binderhub

Run your code in the cloud, with technology so advanced, it feels like magic!

https://binderhub.readthedocs.io

BSD 3-Clause "New" or "Revised" License

2.54k stars 388 forks source link

Add `capabilities`/`privileged` to build container to support running on K8s without Docker #1512

Open manics opened 2 years ago

manics commented 2 years ago

I thought it'd be interesting to get BinderHub running on K8S without Docker. This is the first step:

build_docker_host is optional
support for adding capabilities to the build container, or running it as privileged (https://github.com/kubernetes-client/python/blob/master/kubernetes/docs/V1SecurityContext.md)

I've only added one new config, build_capabilities, and overloaded it to set privileged=True. Alternatives include:

separate config for capabilities and privileged
allowing the full security_context to be specified- this would be the most flexible, but looking at https://github.com/kubernetes-client/python/issues/977 it doesn't sound like it's possible to construct the a Kubernetes object form JSON... unless someone knows a way to do so?