`extraFiles` makes folder unwritable?

JupyterHub Zero to JupyterHub on Kubernetes
5

@dhirschfeld I’d like to understand this better, I think no matter what there is an action point for the Helm chart to either document this better or similar.

Background knowledge

  1. extraFiles work by mounting k8s Secret resources.
    1. An entry is added to the pod’s volumes
    2. An entry is added to the container’s volumeMounts
    3. The volumeMounts entry is not having readOnly explicitly set, which make it default to true for a Secret I think.
    4. The volumeMounts entry always have subPath specified, which makes the file only update during startup of the pod.
    5. If it is functional in k8s at all to do this, we can absolutely support setting readOnly to false if it helps you get write permissions even though the changes won’t persist for that user specifically or any user until the next restart.

Questions

  • Can you describe if your volumeMount has readOnly explicitly set by inspection using kubectl get pod <podname> -o yaml?
  • Can you describe output of ls -alh <path to a singleuser.extraFiles file that has been mounted>?
  • Can you verify that it is the file itself that is readOnly, but not an entire folder or similar.