search

pangeo-data / helm-chart

Pangeo helm charts
https://pangeo-data.github.io/helm-chart/
21 stars 26 forks source link

Can we move hub/extraConfig/customPodHook to helm chart? #52

Closed jhamman closed 6 years ago

jhamman commented 6 years ago

Is there a reason we don't have the following block of code in this helm chart?

hub:
    extraConfig:
      customPodHook: |
        from kubernetes import client
        def modify_pod_hook(spawner, pod):
            pod.spec.containers[0].security_context = client.V1SecurityContext(
                privileged=True,
                capabilities=client.V1Capabilities(
                    add=['SYS_ADMIN']
                )
            )
            return pod
        c.KubeSpawner.modify_pod_hook = modify_pod_hook
mrocklin commented 6 years ago

It provides elevated privileges, which we only need for the FUSE system, and which are somewhat dangerous.

On Mon, Jul 23, 2018 at 2:16 PM, Joe Hamman notifications@github.com wrote:

Is there a reason we don't have the following block of code in this helm chart?

hub: extraConfig: customPodHook: | from kubernetes import client def modify_pod_hook(spawner, pod): pod.spec.containers[0].security_context = client.V1SecurityContext( privileged=True, capabilities=client.V1Capabilities( add=['SYS_ADMIN'] ) ) return pod c.KubeSpawner.modify_pod_hook = modify_pod_hook

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/pangeo-data/helm-chart/issues/52, or mute the thread https://github.com/notifications/unsubscribe-auth/AASszNcTFQG8MdHrM76VPVe9YuySqQWwks5uJhMPgaJpZM4VbdZV .

jhamman commented 6 years ago

Okay, I didn't realize this was just for fuse. Thanks.