Single User Container Not Creating due to Pod Policies

akash-goel · March 24, 2022, 1:06pm

Hi Team,

Single User Container are not creating due to strict pod Policies and getting the error message

{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"pods \"jupyter-jovyan\" is forbidden: PodSecurityPolicy: unable to admit pod: [spec.initContainers[0].securityContext.runAsUser: Invalid value: 0: running with the root UID is forbidden spec.initContainers[0].securityContext.privileged: Invalid value: true: Privileged containers are not allowed spec.initContainers[0].securityContext.capabilities.add: Invalid value: \"NET_ADMIN\": capability may not be added]","reason":"Forbidden","details":{"name":"jupyter-jovyan","kind":"pods"},"code":403}

As Kuberenetes Policies we cannot change so can you please suggest how we can handle this in Jupyterhub

manics · March 24, 2022, 8:42pm

If your K8s cluster supports NetworkPolicies you can set singleuser.cloudMetadata.blockWithIptables: False:
https://zero-to-jupyterhub.readthedocs.io/en/latest/administrator/security.html#block-metadata-iptables

Topic		Replies	Views
Spawn failures owing to pod security policies Zero to JupyterHub on Kubernetes	6	1337	January 24, 2023
Singleuser's hosts can not be modified Zero to JupyterHub on Kubernetes help-wanted	0	426	April 7, 2021
Issue using "sudo" in container: 'The "no new privileges" flag is set' Zero to JupyterHub on Kubernetes	4	15207	March 4, 2024
Pod Security Context Zero to JupyterHub on Kubernetes	3	1905	August 23, 2019
Restrict singleuser pods from accessing each other (network policy configuration) Zero to JupyterHub on Kubernetes	13	1896	October 23, 2021

Single User Container Not Creating due to Pod Policies

Related topics