Hello all! I just found this forum today and wanted to thank you all for maintaining the JupyterHub on Kubernetes.
As I am a bit of a novice when it comes to Kubernetes I was hoping to get some advice on my specific setup. I currently have a dockerized auth application that I am trying to stand up in front my JupyterHub installation. What the auth application does is:
- Check if cookie is set and is valid. If cookie is set and is valid, continue to JupyterHub. If not, go to step 2.
- Redirect to URL to set cookie and go back to step 1.
I did a proof of concept and stood this auth application up in front of a “React Hello World” application. The config files looked like this:
---
apiVersion: v1
kind: Service
metadata:
labels:
tier: primary
name: docker-react
spec:
ports:
- name: auth-port
port: 8080
targetPort: 8080
- name: port-80
port: 80
protocol: TCP
targetPort: 80
selector:
tier: primary
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
tier: primary
name: docker-react
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
tier: primary
template:
metadata:
labels:
sdr.appname: docker-react-primary
tier: primary
spec:
containers:
- image: REACT HELLO WORLD DOCKER IMAGE
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
timeoutSeconds: 30
name: docker-react
ports:
- containerPort: 80
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
timeoutSeconds: 30
resources:
limits:
cpu: "2"
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
- args:
- -e=http://localhost:80
- -p=8080
env:
- name: APC_APP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: APC_APP_ADMIN_PASSWORD
name: docker-react-auth-primary-secrets
envFrom:
- configMapRef:
name: docker-react-auth-primary-env-config
image: DOCKER AUTH IMAGE
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /__health
port: 8080
timeoutSeconds: 30
name: docker-react-auth
ports:
- containerPort: 8080
protocol: TCP
resources: {}
priorityClassName: p4
restartPolicy: Always
So essentially what this proof of concept did was:
user → auth → react hello world
I am currently trying to stand this auth application in front of a JupyterHub installation. I was able to deploy the auth application along side the hub using the extraContainers property here: zero-to-jupyterhub-k8s/schema.yaml at a9ae11913d7052d2ca59383200c434e695172fc5 · jupyterhub/zero-to-jupyterhub-k8s · GitHub
I am now trying to figure out how to tell the proxy-public service to route to the auth application rather than directly to the hub.
This is my current config file:
hub:
extraContainers:
- args:
- -e=http://localhost:80
- -p=8080
env:
- name: APC_APP_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
key: APC_APP_ADMIN_PASSWORD
name: docker-react-auth-primary-secrets
envFrom:
- configMapRef:
name: docker-react-auth-primary-env-config
image: <DOCKER AUTH IMAGE>
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /__health
port: 8080
timeoutSeconds: 30
name: docker-react-auth
ports:
- containerPort: 8080
protocol: TCP
resources: {}
proxy:
secretToken: "token"
service:
type: ClusterIP
extraPorts:
- name: auth-port
port: 8080
targetPort: 8080
debug:
enabled: true
Any and all help is very, very appreciated! Thank you all so much.