securityContext duplicated in binderhub/helm-chart/binderhub/templates/container-builder/daemonset.yaml

jupyterhub / binderhub

Run your code in the cloud, with technology so advanced, it feels like magic!

https://binderhub.readthedocs.io

BSD 3-Clause "New" or "Revised" License

2.54k stars 388 forks source link

securityContext duplicated in binderhub/helm-chart/binderhub/templates/container-builder/daemonset.yaml #1704

Open rgaiacs opened 1 year ago

rgaiacs commented 1 year ago

securityContext is declared at

https://github.com/jupyterhub/binderhub/blob/7b6d423e606afac183e2f69ba5108761aea20e13/helm-chart/binderhub/templates/container-builder/daemonset.yaml#L62

and

https://github.com/jupyterhub/binderhub/blob/7b6d423e606afac183e2f69ba5108761aea20e13/helm-chart/binderhub/templates/container-builder/daemonset.yaml#L80

Should we remove the first occurence?

sgaist commented 1 year ago

Hi,

No, it's on purpose. Each security context applies to the corresponding builder. In this case, you can see that the Podman builder has an additional requirement which might change in the future and does not concern the Docker builder. It's better to have that field tailored to the container definition rather than making it generic for all. This can of course change in a future revision if all builders make use of the same security context.

Best regards