How to set PAM auth for jupyterhub on Kubernetes cluster?

12/18/2018

I have been trying to deploy JupyterHub on my Kubernetes cluster (on 3 virtualbox nodes) and willing to use PAM authentication but unfortunately there is nothing in the documents. I would appreciate if somebody explain the steps briefly, or at least give me some hint to follow.

I'll give more information if needed.

Thanks,

-- Fatemeh Rouzbeh
authentication
jupyterhub
kubernetes
pam

1 Answer

12/18/2018

Basically, the PAM authenticator would be configured the same way that you would on any Linux machine except that in this case, you would be doing it in the containers in running in your JupyterHub on your Kubernetes cluster.

You could build you customer container base on the base for JupyterHub and then add users as you build the container:

Dockerfile:

FROM jupyterhub/jupyterhub
RUN adduser -q –gecos "" –disabled-password <username1>
RUN adduser -q –gecos "" –disabled-password <username2>
...

Build the container:

$ docker build -t myjupyterhub .

Alternatively, you could create an entrypoint.sh script that creates the users. Something like this:

#!/bin/bash
adduser -q –gecos "" –disabled-password <username1>
adduser -q –gecos "" –disabled-password <username2>
...
<start-jupyterhub>

Make it executable:

$ chmod +x entrypoint.sh

Then on your Dockerfile, something like this:

FROM jupyterhub/jupyterhub
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
...
ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]

You could also play around with ConfigMaps and see if you can use them to add the users but that means that you will have to understand more on how PAM is configured and what the adduser -q –gecos "" –disabled-password <username1> actually does for example.

-- Rico
Source: StackOverflow