JupyterHub KubeSpawner non root

[1 1]

Is there any kind of blog or documentation that has a solution for not running juypterhub as root and spawning pods w/ non root UID's?

Still having a hard time making sense of the kubespawner docs.

[MinRK]

When using JupyterHub on kubernetes, it is not typical for anything to run as root. Neither the Hub nor users. KubeSpawner.uid sets the user id of the container, and uses the image's uid by default. If you use zero-to-jupyterhub, nothing should run as root by default.

On Thu, May 25, 2023 at 7:41 PM 1 1 <cdshe...@gmail.com> wrote:

Is there any kind of blog or documentation that has a solution for not running juypterhub as root and spawning pods w/ non root UID's?

Still having a hard time making sense of the kubespawner docs.

--
You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/41702754-8891-4ecb-bb36-a7cebbd0498cn%40googlegroups.com.

[1 1]

The goal is to spawn with uid pulled from ldapauthenticator, every time we run id in the jupyterhub terminal it responds with the default user 1000 gid 100.  We have having problems having this change with the responses from auth_state.

[1 1]

We have no problem authenticating and grabbing the information, but spawning the uid as what is returned is where we're running into the issue.

[MinRK]

I think you'll want to use Authenticator.pre_spawn_start to set spawner.uid (and potentially fs_gid) prior to launch.

If LDAPAuthenticator stores the uid is in the auth_state of the user, you can use c.Spawner.auth_state_hook configuration instead of pre_spawn_start, which is a method.

-Min

To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/4c216164-9ce4-4d27-9dc8-a03f2b2c848cn%40googlegroups.com.