search

jupyterhub / kubespawner

Kubernetes spawner for JupyterHub
https://jupyterhub-kubespawner.readthedocs.io
BSD 3-Clause "New" or "Revised" License
545 stars 304 forks source link

Passwordless sudo #709

Closed 5uperpalo closed 1 year ago

5uperpalo commented 1 year ago

Hi, I am sorry if this was described somewhere but I spent whole day and could not find it. I am using Z2JH on k8s. I am using jupyterhub in a research institution environment and I need to grant sudo access to users within their spawned machines. The sudo command became available after I included c.KubeSpawner.allow_privilege_escalation = True in the config; but I am still being asked for password when I do sudo. I tried to include GRANT_SUDO env variable as it worked for singleuser, but nothing happened. Could anybody please help me? This is my config.yaml:


hub:
...
  extraConfig:
    spawner_config: |
      c.JupyterHub.allow_named_servers = True
      c.JupyterHub.spawner_class = "kubespawner.KubeSpawner"
      c.KubeSpawner.allow_privilege_escalation = True
      c.KubeSpawner.environment = {
        'GRANT_SUDO': 'yes',
      }
      c.KubeSpawner.profile_list = [
        {
          'display_name': 'Python DataScience',
          'slug': 'datascience-small',
          'profile_options': {
            'memory': {
              'display_name': 'CPUs',
              'choices': {
                '2': {
                  'display_name': '2 CPUs',
                  'kubespawner_override': {
                    'cpu_limit': 2,
                    'cpu_guarantee': 2,
                    'mem_guarantee': '8G',
                    'mem_limit': '8G',
                  }
                },
                '4': {
                  'display_name': '4 CPUs',
                  'kubespawner_override': {
                    'cpu_limit': 4,
                    'cpu_guarantee': 4,
                    'mem_guarantee': '8G',
                    'mem_limit': '8G',
                    'environment': {
                      'GRANT_SUDO': 'yes',
                    },
                  }
                }
              }
            },
          },
          'kubespawner_override': {
            'image': 'jupyter/datascience-notebook:python-3.10',
          }
        },
      ]
welcome[bot] commented 1 year ago

Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! :hugs:
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively. welcome You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! :wave:
Welcome to the Jupyter community! :tada:

manics commented 1 year ago

Support for sudo is handled by the container image, the KubeSpawner configuration only affects whether privilege escalation is allowed. With the docker-stacks image you'll need to start the image as root (UID 0) for sudo to work.

If you need more help please use the Jupyter community forum where more people can help https://discourse.jupyter.org/