search

jupyterhub / zero-to-jupyterhub-k8s

Helm Chart & Documentation for deploying JupyterHub on Kubernetes
https://zero-to-jupyterhub.readthedocs.io
Other
1.56k stars 799 forks source link

Support subdomain_host (CHP needs --host-routing) #3548

Closed manics closed 4 weeks ago

manics commented 1 month ago

The JupyterHub v5 upgrade doc says

All JupyterHub deployments which care about protecting users from each other are encouraged to enable per-user domains, if possible, as this provides the best isolation between user servers.

which sounds like a strong recommendation. This is not currently supported by Z2JH as CHP needs the --host-routing flag. Since CHP is not managed by JupyterHub this isn't automatically configured https://github.com/jupyterhub/jupyterhub/blob/ab43f6beb8571e2b831801089d61144b15951b85/jupyterhub/proxy.py#L738-L739

https://discourse.jupyter.org/t/user-subdomains-oauth-state-missing/29328/4

The main downsides of using hub.config.subdomain_host as the condition instead of a dedicated parameter such as hub.subdomainHost (analogous to hub.baseUrl qhich also requires configuring multiple chart manifests) are it's not part of the schema so won't appear in the generated chart documentation, and it also adds dependencies across manifests with hub.config which I don't think we have, so this increases the maintenance complexity.

minrk commented 1 month ago

it's not part of the schema so won't appear in the generated chart documentation

Can we add a couple of fields to the schema in hub.config that have significant consequences (with additional_properties: true)?

It probably makes sense to have a prose docs section on enabling this and the consequences.

manics commented 1 month ago

Docs preview https://zero-to-jupyterhub--3548.org.readthedocs.build/en/3548/resources/reference.html#hub-config-jupyterhub

manics commented 1 month ago

Can you think of an easy test we can add?

minrk commented 1 month ago

If we just want a really simple test, I think we can start a cluster with subdomains enabled and make some requests to the cluster ip setting the Host header to the expected domain, e.g. 

# server_url from hub api will have the user's domain in it when subdomains are enabled
# server_url = "http://user.subdomain:port/user/name"
user_host = urlparse(server_url).netloc
user_path = urlparse(server_url).path
requests.get(f"http://{proxy_ip}:{port}{path}", headers={"Host": user_host})

Or if we can expose a localhost port to the service, we could use *.localhost.jovyan.org like we do in the jupyterhub subdomain tests.

manics commented 4 weeks ago

Thanks for the suggestion- I've added a test using the Host header.

manics commented 4 weeks ago

No, I think this is good enough!