Passwords not being persisted with NativeAuthenticator

JupyterHub Zero to JupyterHub on Kubernetes
, ,
1

I’m using jupyterHub in K8s using helm chart version 3.3.7 and I’ve set the authentication method to NativeAuthenticator. Like this:

config:
    JupyterHub:
      admin_access: true
      # authenticator_class: dummy
      # authenticator_class: azuread
      authenticator_class: nativeauthenticator.NativeAuthenticator
    NativeAuthenticator:
      open_signup: false 
    Authenticator:
      admin_users:
        - pmesserschmidt

Also, for hub database, I’ve created a persistentVolume using a bucket. Like this:


  db:
    type: sqlite-pvc
    upgrade:
    pvc:
      annotations: {}
      selector: {}
      accessModes:
        - ReadWriteMany
      storage: 1Gi
      subPath: "hub-dir"

One point, is that I’ve to create an PVC with name “hub-dir” to ensure that the helm chart would use my PVC that points to a bucket.

image
image1719×157 11.2 KB

The thing is, that every time I perform some helm upgrade that recreates the hub pod, all credentials are missed and I have to recreate my user, and the users that are not admins. I’m not sure why, because the sqlite db in bucket is updated properly, what means that the file is persisted, even if the pod restarts.

I saw that every time hub pod starts, it runs this command jupyterhub --config /usr/local/etc/jupyterhub/jupyterhub_config.py --upgrade-db, not sure what it does.

How can I solve it? To persist users and credentials even if the hub pod restarts? Do I need to set a diffrent database for NativeAuthenticator?

I’ve also noticed that if the hub pod is recreated, but a users’s pod is running, that credential is not missed from the database.

Thanks!

Update 1:
I’ve updated to use postgreSQL instead sqlite.

JupyterHub:
      admin_access: true
      authenticator_class: nativeauthenticator.NativeAuthenticator
      db_url: postgresql+psycopg2://user:password@xx.xxx.xxx.xx:5432/jupyter_hub
....
  db: 
    type: postgres
    upgrade: 
    pvc:
      annotations: {}
      selector: {}
      accessModes:
        - ReadWriteMany
      storage: 1Gi
      subPath: "hub-dir"

But it seems that it still cleaning the database credentials table.

Update 2: I’ve checked here, and It seems that is the “cull” activity that is deleting the users from database. Is it correct? I thought “cull” would only delete the idle pods (finish user’s session)

3

I’ve checked here, and It seems that is the “cull” activity that is deleting the users from database. Is it correct? I thought “cull” would only delete the idle pods (finish user’s session)

JupyterHub Idle culler is capable of culling idle notebooks and users. Check the docs. You will have to modify the cull configuration in your helm chart to prevent culling users.

1 Like
4

Thanks, @mahendrapaipuri ! That was the problem. I was overlooking the culling documentation. I thought the “users” and “adminUsers” referred to the pod’s user, and not the user itself. I’ve deactivated the flags, and now it’s working. In case someone else needs it, here’s the solution:

cull:
  enabled: true
  users: false # --cull-users
  adminUsers: false # --cull-admin-users
1 Like