search

jupyterhub / zero-to-jupyterhub-k8s

Helm Chart & Documentation for deploying JupyterHub on Kubernetes
https://zero-to-jupyterhub.readthedocs.io
Other
1.56k stars 799 forks source link

singleuser.extraFiles should allow for referencing secrets/configmaps #3577

Closed Spazzy757 closed 2 days ago

Spazzy757 commented 2 days ago

Proposed change

Currently we have to inject some secret information into each SingleUser container (i.e ssh private keys, credential files etc), by using "extraFiles" setup this keeps all this information in plaintext and available. There should be a way to be able to store this information in a secret/configmap outside of the helm instalation

Alternative options

Potentially we can do this with an initContainer, however this seems slightly excessive.

Who would use this feature?

Anybody that needs to setup a user environment to have access to external servers

(Optional): Suggest a solution

Add a volume mount setup for the extra files that you can reference a secret or configmap. i.e

singleuser:
  extraFiles:
    id_rsa:
      mode: 384
      mountPath: /home/jovyan/.ssh/id_rsa
      remoteRef:
         secretName: xxxx
         key: id_rsa
consideRatio commented 2 days ago

You can use singleuser.extraVilumes and singleuser.extraVolumeMounts for this though right? I figure mixing this into extraFiles is messier than needed with those options available as well

Spazzy757 commented 2 days ago

:laughing: okay that is very valid, and makes sense, thank you!