kubespawner icon indicating copy to clipboard operation
kubespawner copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

Allow creating secrets from auth_state

Open yuvipanda opened this issue 7 years ago • 2 comments

Talking with @foxish, we want to do the following:

  1. Authenticate with Google OAuth to JupyterHub, put the tokens into auth_state
  2. Create a secret with the original token, and mount it in the pod on launch
  3. Have a sidecar that calls out to the Google API and gets a refresh token every time it expires, and puts them in a volume that can be read

Only thing we need to add to kubespawner is ability to create and mount secrets.

This should allow users to thread secrets through for loading data from GCS or S3

yuvipanda avatar Dec 07 '17 23:12 yuvipanda

Currently you can do this by overriding the start method, creating the secret (if it doesn't exist) and then mounting it. We could use an ownerReference to have it be garbage collected when the pod goes away.

I think getting a demo up and running using this flow would let us explore how to properly upstream the 'create arbitrary objects alongside pod' generically

yuvipanda avatar Dec 08 '17 14:12 yuvipanda

This seem like a quite advanced feature to add, I think I consider it out of scope @yuvipanda. What do you think at this point in time?

consideRatio avatar Oct 25 '20 02:10 consideRatio