How do you configure Binder when running locally with minikube?

I have installed binder locally following the contributor instructions. I have created a config.yaml file like so:

    private_token: ...
    access_token: ...

However, I can’t figure out how to get binder to read the values. I’ve tried updating the helm args in testing/minikube/install-hub to include -f config.yaml or --values=config.yaml but that didn’t help. I also tried passing -f config.yaml to the python3 -m binderhub command.

I confirmed it’s not reading the values by adding print(api_url) and print(self.private_token) to GitLabRepoProvider.get_resolved_ref(). It prints out the api_url value, but I get a blank line for the private_token.

It seems I’m either not passing the config correctly, or I’m missing a step when starting binder.

1 Like

How do you start your BinderHub?

In the contributing docs this is step 9. So you don’t have to set things in a config.yaml, instead I’d modify the testing/minikube/ it references. I think it would be something like c.GitLabRepoProvider.access_token. I haven’t tried doing this in a while though :-/

testing/minikube/install-hub only installs the JupyterHub that BinderHub uses, it doesn’t install or configure BinderHub.

You could also try what happens if you follow the zero2binderhub guide’s instructions on installing a full BinderHub on a cloud service. It would take a bit of pondering/experience though to know which parts to remove/skip :-/

I followed step 9 exactly the first time: python3 -m binderhub -f testing/minikube/

The thing I expected to work was python3 -m binderhub -f testing/minikube/ -f config.yaml. Everything else I tried was because that didn’t work. I thought I tried editing testing/minikube/ but maybe I didn’t restart properly or something. I’ll try that again.

My goal is to find out if private gitlab repos already work with binderhub (seems like no), and if not then create a pull request to allow it. I would prefer to be able to test the whole process with a config file just like we’d do in production.

1 Like

If you want to use a config.yaml you need to use helm to deploy your hub to the kubernetes cluster.

The developer docs don’t go into detail on how to run your locally checked out BinderHub code inside the kubernetes cluster because it is a bit tedious (docker images need building, etc).

I think configuring GitLab access should be doable via config options only. So you can do what you want (local deploy + use helm for configuration). However I don’t know of a written guide explaining how to do this off the top of my head. Maybe @sgibson91 has a link/input on that?

python3 -m binderhub -f testing/minikube/ -f config.yaml won’t work because the config.yaml file is not meant for BinderHub to read in but for helm.

Thanks for explaining @betatim :slightly_smiling_face:. Looking again it seem like it should work if I add a git_credentials property to my config formatted like "username\npassword". I’ll be sure to try that next.

Unfortunately, I struggled to get a local deployment working. I had problems with minikube not exposing the external IPs for JupyterHub/Binder services (seems to be a long-standing issue with minikube, kubernetes/minikube#2834). It’s something I’m personally interested in though as I move away from the main Turing BinderHub project. Your “Binder at Home” idea might be better suited to those who wish to play locally though?


I got it working by adding the following lines to testing/minikube/

c.GitLabRepoProvider.private_token = 'my_api_token'
c.GitLabRepoProvider.git_credentials = 'username=my_username\npassword=my_api_token'

But I had to add make the git_credentials property configurable in binderhub/

diff --git a/binderhub/ b/binderhub/
index 722de8b..41e5f25 100644
--- a/binderhub/
+++ b/binderhub/
@@ -181,6 +181,10 @@ class GitLabRepoProvider(RepoProvider):

+    git_credentials = Unicode(config=True,
+        help="""Username and password for private repos"""
+    )
     access_token = Unicode(config=True,
         help="""GitLab OAuth2 access token for authentication with the GitLab API

Is there another way or should I submit a PR for that?

1 Like

My expectation was that git_credentials would have been inherited from the RepoProvider base class:

We should figure out why that doesn’t work/do what I think it should do.

If not a PR to add your above finding, do you want to make a PR that adds some more information on how to setup and configure private repos to the BinderHub documentation (maybe here?)? It is quite sparse and the Binder team doesn’t use that feature all that much :-/

It didn’t work until I added it to GitLabRepoProvider with config=True. I’m not sure why it’s not configurable in RepoProvider, but I thought maybe there was a reason for it. Anyway I’ll submit a PR and I’m sure someone will tell me the right way to do it.

1 Like

Here’s my pull request:

1 Like

Private Gitlab Access for BinderHub is a related discussion on the topic. It contains some explanation on how the git credentials are passed around.