jupyterhub · consideRatio · Jul 9, 2020 · Jul 2, 2020 · Jul 6, 2020 · Jul 6, 2020
diff --git a/jupyterhub/templates/NOTES.txt b/jupyterhub/templates/NOTES.txt
@@ -35,4 +35,11 @@ custom:
 WARNING: You are using user placeholders without pod priority enabled, either
 enable pod priority or stop using the user placeholders to avoid wasting cloud
 resources.
+{{- end }}
+
+{{- if .Values.hub.uid }}
+
+DEPRECATION: hub.uid is deprecated in jupyterhub chart 0.9. Set the hub.containerSecurityContext.runAsUser value
+directly instead.
+
 {{- end }}
diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml
@@ -133,9 +133,7 @@ spec:
           imagePullPolicy: {{ . }}
           {{- end }}
           securityContext:
-            runAsUser: {{ .Values.hub.uid }}
-            # Don't allow any process to execute as root inside the container
-            allowPrivilegeEscalation: false
+            {{- .Values.hub.containerSecurityContext | toYaml | trimSuffix "\n" | nindent 12 }}
           env:
             - name: PYTHONUNBUFFERED
               value: "1"

diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml
@@ -11,7 +11,6 @@ hub:
   cookieSecret:
   publicURL:
   initContainers: []
-  uid: 1000
   fsGid: 1000
   nodeSelector: {}
   concurrentSpawnLimit: 64
@@ -55,6 +54,10 @@ hub:
     requests:
       cpu: 200m
       memory: 512Mi
+  containerSecurityContext:
+    runAsUser: 1000
+    # Don't allow any process to execute as root inside the container
+    allowPrivilegeEscalation: false
   services: {}
   imagePullSecret:
     enabled: false