Hello,
I’m facing an issue with a deployed z2jh helm chart running in a cluster that apply restricted policy PSS/PSP.
I’ve added necessary security context to helm values for the hub the hub and the proxy, it works fine :
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
I’m stuck with the spawned notebook since the helm values doesn’t provide a way to apply same container security contexts (the drop all capabilities). I’ve try to add it through extraPodConfig with no luck :
extraPodConfig:
enableServiceLinks: false
containers:
- name: notebook
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
Is there another way to apply this container security context to the spwaned notebooks ?
Thanks for your help