Native user sessions

[ableuler]

With the introduction of Amalthea, the jupyter servers running as part of user sessions are not responsible for any authentication or authorization anymore, which is instead taken care of by the oauth2 proxy in collaboration with Keycloak.

This gives us essentially the freedom to run anything we want inside user sessions. This is particularly interesting for the case of running "native" Rstudio sessions (ie running without any jupyter-server and the necessary jupyter proxies) is particularly interesting.

See also these slides for a little more detail.

In particular, we have to define the interface that we require sessions to adhere to:

• File structure within image volume specific mount points of volumes (can mount points be picked up from the image?)
• Linux user- and group IDs (could potentially be picked up from the image)
• Entrypoint (has to be picked up from the image)
• Exposed port (8888)
• No root, cap-drop all, etc
• How to provide configuration (atm very jupyter specific)
• Healthchecks (we have suffered from that!!!)
• Activity monitoring for culling (can maybe be handled outside of the user-controlled image)
• Git (we kind of need git inside the image)
• Renku-CLI (should probably be there too…)
• Anonymous sessions?