@dhirschfeld I’d like to understand this better, I think no matter what there is an action point for the Helm chart to either document this better or similar.
Background knowledge
extraFiles work by mounting k8s Secret resources.
An entry is added to the pod’s volumes
An entry is added to the container’s volumeMounts
The volumeMounts entry is not having readOnly explicitly set, which make it default to true for a Secret I think.
The volumeMounts entry always have subPath specified, which makes the file only update during startup of the pod.
If it is functional in k8s at all to do this, we can absolutely support setting readOnly to false if it helps you get write permissions even though the changes won’t persist for that user specifically or any user until the next restart.
Questions
Can you describe if your volumeMount has readOnly explicitly set by inspection using kubectl get pod <podname> -o yaml?
Can you describe output of ls -alh <path to a singleuser.extraFiles file that has been mounted>?
Can you verify that it is the file itself that is readOnly, but not an entire folder or similar.
…which is better since it allows the sysadmin to provide defaults but the user to override them in their own /home/user/.jupyter/jupyter_server_config.py
Can you verify that it is the file itself that is readOnly, but not an entire folder or similar.
I wouldn’t have minded if it was just the mapped-in file itself which was readonly but it definitely appeared that mapping in the file made the whole folder readonly.
Sorry, I’m completely smashed at the moment and won’t realistically have time to investigate the original problem since I’ve now side-stepped it.