Singleuser pod fails after 1.0.0 upgrade on supplementaryGroups with psp

spec.securityContext.supplementalGroups: Invalid value: []int64{}: unable to validate empty groups against required ranges
on single user pod deployment by kubespawner with pod security policy.
Have not set anything related in the values.yaml.
The reason seems to be this is generated in the pod spec:
‘security_context’: {‘fsGroup’: 100, ‘supplementalGroups’: []},
but I have no idea where the second part comes from, looks fine here

Anyone an idea where this comes from or why it changed with 1.0.0 ?

seems to come from this change -

  • supplemental_gids must be [] instead of None - but dont see why … well, maybe thats just how the traitlet init works …

Have logged it as an issue on KubeSpawner :


Ah! This is a bug in KubeSpawner. It specifies supplementalGroups even if it is an empty list just because it checks not None.

I’ll fix that in KubeSpawner and make it be part of z2jh 1.1.0.