You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We would like to have the ability to inject secrets into the JupyterHub container as environment variables.
Alternative options
It looks like it's possible to do this today with mounting the secrets as volumes. I think doing this via environment variables is more straightforward to reference from the jupyterhub_config.py and this feature would provide symmetry to the volume mounts.
Who would use this feature?
We use flux to deploy our Helm charts and locally have a strict policy of keeping any secrets or private content as a kubernetes secret. That is, we treat the helm chart as if our git repo was accidentally leaked to the internet. [Secrets are separately encrypted using bitnami's SealedSecrets operator.]
We've been struggling with adhering to this policy with the Z2JH Helm chart. The current problem is the client secret for OAuth2 is kept in the helm chart. We would like to:
Inject this as an environment variable based on a secret.
Use hub.extraConfig to read the environment variable and configure the authenticator object appropriately.
(Optional): Suggest a solution
Add a new key to values.yaml (hub.extraEnvYaml?) that is referenced from the hub's deployment.yaml template.
The text was updated successfully, but these errors were encountered:
Thank you for opening your first issue in this project! Engagement like this is essential for open source projects! 🤗
If you haven't done so already, check out Jupyter's Code of Conduct. Also, please try to follow the issue template as it helps other other community members to contribute more effectively.
You can meet the other Jovyans by joining our Discourse forum. There is also an intro thread there where you can stop by and say Hi! 👋
We would like to have the ability to inject secrets into the JupyterHub container as environment variables.
If you have created the k8s secret, you can reference it on the hub pod or the user pods for example. Here is the reference documentation for the user pods.
Dang, I overlooked that part when I was examining the code. I can confirm this was exactly what I'm aiming for! (Wasn't obvious from the documentation).
Proposed change
We would like to have the ability to inject secrets into the JupyterHub container as environment variables.
Alternative options
It looks like it's possible to do this today with mounting the secrets as volumes. I think doing this via environment variables is more straightforward to reference from the
jupyterhub_config.py
and this feature would provide symmetry to the volume mounts.Who would use this feature?
We use flux to deploy our Helm charts and locally have a strict policy of keeping any secrets or private content as a kubernetes secret. That is, we treat the helm chart as if our git repo was accidentally leaked to the internet. [Secrets are separately encrypted using bitnami's SealedSecrets operator.]
We've been struggling with adhering to this policy with the Z2JH Helm chart. The current problem is the client secret for OAuth2 is kept in the helm chart. We would like to:
hub.extraConfig
to read the environment variable and configure the authenticator object appropriately.(Optional): Suggest a solution
Add a new key to
values.yaml
(hub.extraEnvYaml
?) that is referenced from the hub'sdeployment.yaml
template.The text was updated successfully, but these errors were encountered: