K8, Helm config.yaml for HTTPS, ngnix on Azure

Byron_Chigoy · May 3, 2024, 9:30pm

Hi I am running JHUB on Azure K8s. I have been able to set up the server and can access via IP4. My goal is to have a:

HTTPS connection via a domain which I determine
Have the HTTPS certs stored on Azure AD
Create a domain name and service on Azure AD

I have tried to little success to follow the guidance to use a domain name with letsencrypt for HTTPS.

So I have struggled for an alternative. The one I landed on is to use Azure AD and nginx. After getting through the basic helm chart setup to get the domain and HTTPS certs I am running:

az network dns zone create --name mydomain.com --resource-group myresourcegroup
az network dns record-set a add-record --resource-group myresourcegroup --zone-name mydomain.com --record-set-name @ --ipv4-address XX.XXX.XXX.XX
az ad app credential reset --id mycredentials
az ad app credential list --id mycredentials
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem 
cat cert.pem key.pem > jupyterhubv1.pem 
--az keyvault create --name mykeyvault --resource-group myresourcegroup --location eastus
az keyvault certificate import --vault-name mykeyvault --name jupyter-hub-cert -f jupyterhubv1.pem
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml
az keyvault secret download --vault-name mykeyvault --name jupyter-hub-cert --file kv.pfx
kubectl create secret tls tls-secret -n myrelease --key=jupyterhubv1.pem --cert=jupyterhubv1.pem --dry-run=client -o yaml | kubectl apply -f -

I then setup this config.yaml

proxy:
  secretToken: "mytoken"
  https:
    hosts:
      - mydomain.com
    letsencrypt:
      contactEmail: myemail
hub:
  config:
    JupyterHub:
      authenticator_class: dummy
      admin_access: true
      admin_users:
        - someone
      allowed_users:
        - someone1
        - someone2
      DummyAuthenticator:
        password: apassword
        networkPolicy:
        enabled: true
        ingress: []
        egress: []
        egressAllowRules:
        cloudMetadataServer: true
        dnsPortsCloudMetadataServer: true

And run

helm upgrade --cleanup-on-fail   --install myrelease jupyterhub/jupyterhub   --namespace da-analytics-jupyter-hub   --create-namespace   --version=3.3.7   --values config.yaml

Which it does successfully. BUT:

It does not apply my domain
HTTP and IP4 Address still works
HTTPS does not work

Can anyone help with the config.yaml or other setting I should supply?

Topic		Replies	Views
HTTPS and Domain Config Zero to JupyterHub on Kubernetes help-wanted	1	85	May 5, 2024
Not able to setup HTTPS on jupyterhub on kubernetes Zero to JupyterHub on Kubernetes	2	629	January 18, 2021
HTTPS with Let's Encrypt on JupyterHub in Kubernetes Zero to JupyterHub on Kubernetes	5	3393	July 23, 2019
Setting Up HTTPS for Jupyterhub on Kubernetes JupyterHub	7	1049	April 18, 2019
JupyterHub on Host Network with HTTPS failing with 503: Service Unavailable Zero to JupyterHub on Kubernetes jupyterhub , help-wanted	2	762	January 28, 2022

K8, Helm config.yaml for HTTPS, ngnix on Azure

Related Topics