Custom kernel launch control

46 views
Skip to first unread message

Amar Nath Vishwakarma

unread,
Aug 18, 2019, 12:36:24 PM8/18/19
to Project Jupyter
Hello,

I have a custom kernel performing some data science.  The kernels are being launched in kubernetes cluster comprising of normal CPU machines and GPU machines through enterprise gateway. I want to launch the kernel based on user selection (i.e. CPU/GPU). e.g. If user selects GPU then users kernel docker should be launched on GPU machine otherwise on normal machine. 

Also, I want to add custom kernels at regularly and restrict access to some of them for certain user.

Therefore, I wanted to know that whether this is possible through enterprise gateway? If yes, what are the steps or any suggested link.

Regards,
Amar Nath

Kevin Bates

unread,
Aug 19, 2019, 10:24:18 AM8/19/19
to Project Jupyter
Hi Amar - great questions.

Yes, you should be able to accomplish both of these requests using Enterprise Gateway.

1. You could create different kernel specifications, one that is CPU-based, another that is GPU-based.  Since each will have its own copy of kernel-pod.yaml file, you can modify the pod's yaml to have the appropriate node affinity, etc., relative to GPU allocation.  See Kernelspec Modifications for how to go about exposing the kernelspecs so you can customize the kernel-pod.yaml file.

Once parameterized kernels are "a thing", you'd likely be able to do this with a single kernelspec where the parameters dictate how configurations are applied - but those aren't a thing at the moment.

2. Enterprise Gateway provides some basic application-level authorization such that you can specify lists of authorized (and unauthorized users) within a kernel specification.  These lists are checked prior to the kernel's launch.  If authorized users exist in the list, then the invoking user must be in that list (i.e., non-existence is an implied denial).

Authorization can be applied at the global level (such that the values span all kernelspecs) and at the kernel level (as mentioned previously).  The more specific authorization settings will be applied unless the user resides in the global unauthorized_users list - in which case that user is not permitted to start any kernels.

Regards,
Kevin.

Amar Nath Vishwakarma

unread,
Aug 21, 2019, 11:19:51 PM8/21/19
to Project Jupyter
Thanks Kevin. 
Reply all
Reply to author
Forward
0 new messages