So we are up and running, and currently we have the nice problem that we need to give access to our system around us. Is there some way to get access to the user that spawned the instance or is this hidden by default? We wan’t to use this user to go forward and not use username/password in the pod at all.
The solution now is a ~/.env file and I hope we can do better with ServiceAccount or mounting something.
Hi! Can you give us a bit more information please? Where do you want to get the information on the user, and what’s using it? Is this going to be used in the singleuser-server backend (jupyter-server), in the frontend (JupyterLab), in the pod separate from Jupyter, before the pod is created, from outside the pod in some external infrastructure, etc?
Hi, so this is the user pods that we spin up, base image and tensorflow as of now. Once we started it we are user jovyan. We need to securely give rights to the pod equal to the user, concerning but not limited to ldap access. This can be other systems in our infrastructure or systems that provides passwords and secrets (PAM). We don’t wan’t the user to have user and password stored in the pod, nor use it as plain text in the pod. We wan’t the token for authenticating to be given to the pod or a service user connected to the pod so he can fetch and evaluate data from other systems in a secure way.
Be it databases, api:s, file storage, secrets or other options he has access to.
Your can use a combination of auth_state to pass information from the authenticator to the spawned server, using a pre_spawn_start hook:
https://jupyterhub.readthedocs.io/en/stable/reference/authenticators.html#authentication-state
For a Z2JH example of passing information using environment variables see: