Note
This technote is not yet published.
JupyterHub-plus-KubeSpawner, when used in an environment with per-user namespaces, requires a terrifying amount of privilege. We propose moving the actual creation-of-arbitrary-objects-in-a-K8s-cluster piece of JupyterHub’s job to its own service, which can be substantially simpler and present a much reduced attack surface. Conceptually the proposed spawner service would look much like Moneypenny (and indeed Moneypenny’s functionality could probably be rolled into it). The same spawner could also be used to create Dask objects in the user’s namespace.
In addition to the service itself, it would be necessary to write adaptor libraries for (at least) JupyterHub and Dask. For JupyterHub this would implement a Spawner interface, but the mechanism by which the Spawner did its thing would simply be making web calls to the Spawning Service. A similar approach could be used for Dask, to replace the Kubernetes calls to create Dask pods and services with HTTP calls to the Spawning Service.
1 Service architecture¶
