JupyterHub on Host Network with HTTPS failing with 503: Service Unavailable

Hi All,

Hope everyone is well!

I have been working on a small project for an internal network to get JupyterHub running. I have gotten pretty far in the development, but now stuck on getting HTTPS working with the host network option.

JupyterHub is running on internal VMs and thus have no LoadBalancer. I have been using MetalLB to get around this and it has been working well. Now that I am trying to get HTTPS to work with a certificate crafted for the head node however, I am running into issues. This deployment will only be available to my internal network, and HTTPS is a requirement.

Enabling “host network” on the Proxy pod and Hub pod do not work as I thought they would, and deploying the use of the Ingress-Nginx controller only leads to “503 Service Unavailable” which is at least telling me it is trying to redirect somewhere. I am still pretty new to Kubernetes and JupyterHub and would love to learn from these struggles. Please let me know what I can upload/provide to help get a better understanding of the environment :slight_smile:


Hi! Could you explain exactly how you setup your K8S cluster, and how you’ve configured/deployed Z2JH? Can you share your config with secrets redacted? What exactly is the problem when you try to enable HTTPS?

What’s the reason for using the host network? It shouldn’t be necessary for JupyterHub, and may cause other problems- this setup isn’t tested.

1 Like

Hello! I figured out what was going wrong thankfully, but leaving notes here for anyone else who is in my position :slight_smile: I setup the K8s cluster using kubectl and the Flannel plugin for networking. I used the normal Helm v3 command that is listed in Z2JH as follows:

  1. helm upgrade --cleanup-on-fail jupyter1 jupyterhub/jupyterhub --namespace jupyter --version=1.2.0 --values config.yaml

A snippet of my config.yaml that actually has to do with my issue :

enabled: true

The issue I was experiencing was when trying to configure the Proxy pod. When using MetalLB and giving out my addresses it could use, it would give the proxy pod an address but always lead to “503 service unavailable”. This was due to me not properly setting up Ingress instead of the proxy. Once I switched over to use Ingress, everything worked as expected.

Originally I was attempting to use the Host Network since it was not properly connecting, but glad to know this hasn’t been tested yet and to stay away from it :slight_smile:

Much appreciated for the help, I will go ahead and close this discussion!