Privileged access to the filestore

Currently, we do not have any way to make containers with privileged filesystem access available from JupyterHub.

In order to get privileged access to the filestore, you will need access to kubectl with admin privileges to Kubernetes cluster you want to work on.


Save the following file as copier.yaml. You may need to edit it to point to the correct filestore. If you need multiple filestores present (for instance, for copying data between environments), then you will need to create multiple Volume/VolumeMount pairs so multiple filestores are present within the container.

apiVersion: v1
kind: Pod
  name: copier
  namespace: copier
  - name: main
    image: ubuntu:latest
    args: [ "tail", "-f", "/dev/null" ]
    - mountPath: /mnt
      name: share
  - name: share
      path: /share1
      # is IDF dev
      # is IDF int
      # is IDF prod

Spin up this Pod and log into its shell:

kubectl create ns copier
kubectl apply -f copier.yaml
kubectl exec -it -n copier copier -- /bin/bash -l

Once you do that, you have a root prompt and the instance filestore is mounted at /mnt. With great power comes great responsibility.

When you’re done, delete the namespace. This will also destroy the privileged pod:

kubectl delete ns copier


  • Get usage data by username, sorted by usage, largest at the bottom:

    du -s -BM /mnt/home/* \
    | sed -e 's/\s\+/,/' \
    | sed -e 's|/mnt/home/||' \
    | sort -nr
  • Make an archival copy of user foo’s previous .local file for analysis:

    tar cvpfz /tmp/foo-local.tgz /mnt/home/foo/.local.20210804223021