Pod Security Context

we want to use NFS shares for data of Experiments and access this data from
within a Container in the z2jh kubernetes deployment.
Is there currently any way to change the k8s security context so the pod runs as
a UID that matches the UID from the NFS share?
Using security policies
would be a great enhancement to z2jh.

You can set the uid and fsGid: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/2d435d64d4978380f68a1bda185add4376c29272/jupyterhub/values.yaml#L188-L189

yes I am aware of that but could I also set it dynamically? So that every user get a pod which runs under their “real” UID? Then we could very easily allow NFS shares…

If you’re using an image based on the standard Jupyter docker stacks you can start them as root, pass in the UID as an environment variable, and the jupyter user will then have access to their external NFS shares. See this example which uses LDAP, though you can use any authenticator that returns you the UID, the most relevant bit is the pre_spawn_start method: