-
Notifications
You must be signed in to change notification settings - Fork 390
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add capabilities
/privileged
to build container to support running on K8s without Docker
#1512
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot for working on this, @manics!
@@ -382,6 +393,13 @@ def submit(self): | |||
client.V1EnvVar(name="GIT_CREDENTIAL_ENV", value=self.git_credentials) | |||
) | |||
|
|||
if "privileged" in self.build_capabilities: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just ask for something like build_security_context
or something and just pass it on directly through?
Part of the complexity here is that we want this to be not kubernetes specific. However, I think the way to do that is to refactor out the current class to be a KubeBuilder or something, and use traitlets directly. But until then, I think we should pass config through directly as much as possible.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not easily, we'd need to recurse through the JSON dict by copying this KubeSpawner code:
https://github.com/jupyterhub/kubespawner/blob/63aaccc567d03110fb83c19cbdbfdc1a30eb5406/kubespawner/utils.py#L92-L188
Good point about the long-term plan to make this into a traitlets Configurable.... let me see if I can come up with something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@yuvipanda I've added a new traitlets based build class in #1518
I thought it'd be interesting to get BinderHub running on K8S without Docker. This is the first step:
build_docker_host
is optionalI've only added one new config,
build_capabilities
, and overloaded it to setprivileged=True
. Alternatives include:capabilities
andprivileged