jupyterhub / kubespawner

Kubernetes spawner for JupyterHub
https://jupyterhub-kubespawner.readthedocs.io
BSD 3-Clause "New" or "Revised" License
549 stars 305 forks source link

Allow creating secrets from auth_state #110

Open yuvipanda opened 6 years ago

yuvipanda commented 6 years ago

Talking with @foxish, we want to do the following:

  1. Authenticate with Google OAuth to JupyterHub, put the tokens into auth_state
  2. Create a secret with the original token, and mount it in the pod on launch
  3. Have a sidecar that calls out to the Google API and gets a refresh token every time it expires, and puts them in a volume that can be read

Only thing we need to add to kubespawner is ability to create and mount secrets.

This should allow users to thread secrets through for loading data from GCS or S3

yuvipanda commented 6 years ago

Currently you can do this by overriding the start method, creating the secret (if it doesn't exist) and then mounting it. We could use an ownerReference to have it be garbage collected when the pod goes away.

I think getting a demo up and running using this flow would let us explore how to properly upstream the 'create arbitrary objects alongside pod' generically

consideRatio commented 4 years ago

This seem like a quite advanced feature to add, I think I consider it out of scope @yuvipanda. What do you think at this point in time?