From f859bc209b7eea94fd4acdf71aef10f5d92e4380 Mon Sep 17 00:00:00 2001 From: Narek Amirbekian Date: Fri, 6 Jan 2023 13:59:20 +1300 Subject: [PATCH 1/3] Get JUPYTERHUB_API_TOKEN from secret --- kubespawner/objects.py | 18 ++++++++++++++++++ kubespawner/spawner.py | 2 ++ 2 files changed, 20 insertions(+) diff --git a/kubespawner/objects.py b/kubespawner/objects.py index 75c7c69f..4c9603f8 100644 --- a/kubespawner/objects.py +++ b/kubespawner/objects.py @@ -9,6 +9,7 @@ from typing import Dict, List, Optional from urllib.parse import urlparse +from kubernetes.client import V1EnvVarSource, V1SecretKeySelector from kubernetes_asyncio.client.models import ( V1Affinity, V1Container, @@ -69,6 +70,7 @@ def make_pod( port, image, image_pull_policy, + user_secret_name, image_pull_secrets=None, node_selector=None, uid=None, @@ -468,6 +470,15 @@ def _get_env_var_deps(env): if not "name" in env: env["name"] = key env = get_k8s_model(V1EnvVar, env) + elif key == "JUPYTERHUB_API_TOKEN": + env = V1EnvVar( + name="JUPYTERHUB_API_TOKEN", + value_from=V1EnvVarSource( + secret_key_ref=V1SecretKeySelector( + name=user_secret_name, key="JUPYTERHUB_API_TOKEN" + ) + ), + ) else: env = V1EnvVar(name=key, value=env) @@ -922,6 +933,7 @@ def make_secret( owner_references, labels=None, annotations=None, + jupyterhub_api_token="", ): """ Make a k8s secret specification using pre-existing ssl credentials for a given user. @@ -941,6 +953,8 @@ def make_secret( Labels to add to the secret. annotations: Annotations to add to the secret. + jupyterhub_api_token: + The JupyterHub API token for the user. """ secret = V1Secret() @@ -972,6 +986,10 @@ def make_secret( "notebooks-ca_trust.crt" ] + encoded.decode("utf-8") + secret.data["notebooks-ca_trust.crt"] = base64.b64encode( + jupyterhub_api_token + ).decode("utf-8"), + return secret diff --git a/kubespawner/spawner.py b/kubespawner/spawner.py index bfda7fa4..0c2c0632 100644 --- a/kubespawner/spawner.py +++ b/kubespawner/spawner.py @@ -2045,6 +2045,7 @@ async def get_pod_manifest(self): port=self.port, image=self.image, image_pull_policy=self.image_pull_policy, + user_secret_name=self.secret_name, image_pull_secrets=self.image_pull_secrets, node_selector=self.node_selector, uid=uid, @@ -2106,6 +2107,7 @@ def get_secret_manifest(self, owner_reference): owner_references=[owner_reference], labels=labels, annotations=annotations, + jupyterhub_api_token=self.api_token, ) def get_service_manifest(self, owner_reference): From f9a10e168499ed1bd0cb46092b858d6eab31898e Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Fri, 6 Jan 2023 01:05:09 +0000 Subject: [PATCH 2/3] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- kubespawner/objects.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/kubespawner/objects.py b/kubespawner/objects.py index 4c9603f8..0470c24b 100644 --- a/kubespawner/objects.py +++ b/kubespawner/objects.py @@ -986,9 +986,9 @@ def make_secret( "notebooks-ca_trust.crt" ] + encoded.decode("utf-8") - secret.data["notebooks-ca_trust.crt"] = base64.b64encode( - jupyterhub_api_token - ).decode("utf-8"), + secret.data["notebooks-ca_trust.crt"] = ( + base64.b64encode(jupyterhub_api_token).decode("utf-8"), + ) return secret From 09bc729f16eb91f4c0f419bf62ccdb4a945218d7 Mon Sep 17 00:00:00 2001 From: Narek Amirbekian Date: Wed, 18 Jan 2023 07:23:57 +1300 Subject: [PATCH 3/3] Update kubespawner/objects.py Co-authored-by: Maxim Martynov --- kubespawner/objects.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kubespawner/objects.py b/kubespawner/objects.py index 0470c24b..d55971f1 100644 --- a/kubespawner/objects.py +++ b/kubespawner/objects.py @@ -986,7 +986,7 @@ def make_secret( "notebooks-ca_trust.crt" ] + encoded.decode("utf-8") - secret.data["notebooks-ca_trust.crt"] = ( + secret.data["jupyterhub_api.token"] = ( base64.b64encode(jupyterhub_api_token).decode("utf-8"), )