Working SSO on Zero-to-jupyterhub-k8s!

Hello,

Our consultancy Cogito Group recently deployed Zero-to-jupyterhub-k8s and Enterprise Gateway to several on-premise installations of Kubernetes. Once we got the stack working we made some enhancements to allow it to integrate with their existing Windows infrastructure; Active Directory (AD) and Distributed File System (DFS) and would like to share our findings with others. Some of the enhancements made:

  • Notebook users login with AD with “Single Sign On” experience:
    • Kerberos tickets are then stored in encrypted k8s secrets with “X” hour expiration.
    • Credentials are passed-through to JupyterLab notebooks and Enterprise kernels so they can execute pre-authenticated Python scripts as that AD user
    • AD user home drives hosted in DFS are mounted into Jupyter Notebook home
  • Repeatable deployments of entire Jupyter stack
    • Less than 1 minute to deploy Jupyter stack; JupyterHub/EnterpriseGateway/JupyterLab/Ingress
    • Each new stack is deployed into a new k8s namespace eg. jupter-dev.ad.domain -> jupyter.jupyter-dev.svc.cluster.local

To demonstrate the power and flexibility of zero-to-jupyterhub-k8s we’d like to host a free webinar and invite the Jupyter community, what would be the best way to do that?

Kind regards,
George