Zero-to-jupyterhub-k8s: Run JH on K8S on closed network

I think the central part may be to get the pods to be able to access all images they need. Perhaps replacing all image requests to go to a docker reigistry where you have pulled all images ahead of time? Id recommend looking for how to do something like that across the kubernetes community.

Perhaps you have a image registry setup? Then pull all needed images to there, which you find by inspecting the generated helm templates using the 'helm template' command perhaps. Then, make sure your pod definitions reference the images so they are pulled from your own reigstry.

We use the Network Policies of Kubernetes to limit what networks a single user pod can access. I'd look into that as well.

I think the central part may be to get the pods to be able to access all images they need. Perhaps replacing all image requests to go to a docker reigistry where you have pulled all images ahead of time? Id recommend looking for how to do something like that across the kubernetes community.

Perhaps you have a image registry setup? Then pull all needed images to there, which you find by inspecting the generated helm templates using the 'helm template' command perhaps. Then, make sure your pod definitions reference the images so they are pulled from your own reigstry.

@consideRatio I want to focus first on running users on JH - (after the hub is already installed and deployed). After the hub is up and running I want to disable the option for the users to run commands that have outside connections (from the jupyterlab)

We use the Network Policies of Kubernetes to limit what networks a single user pod can access. I'd look into that as well.

@betatim Can you attach the configuration you used for this ? It would be extremely helpful !

Oh, if you only want your users to not have access, thats relatively easy. Not having internet access at all is another question. For the easier option of blocking just users internet acces, you just need to configure a networkpolicy though the helm chart (singleuser.networkpolicy.egress) and ensure your kubernetes cluster can enforce the networkpolicy by having a network policy controller installed.

I can not provide further assistance atm, but if you ping me in some weeks on our discourse forum i may have a link to additional documentation about it in case it isnt already in the z2jh.jupyter.org docs.

Closing the issue for now in order to let github be more focused on issues to fix!

Oh, if you only want your users to not have access, thats relatively easy. Not having internet access at all is another question. For the easier option of blocking just users internet acces, you just need to configure a networkpolicy though the helm chart (singleuser.networkpolicy.egress) and ensure your kubernetes cluster can enforce the networkpolicy by having a network policy controller installed.

I can not provide further assistance atm, but if you ping me in some weeks on our discourse forum i may have a link to additional documentation about it in case it isnt already in the z2jh.jupyter.org docs.

Closing the issue for now in order to let github be more focused on issues to fix!

How can I install network policy controller on my kubernetes cluster ?

It's specific to your Kubernetes cluster. If you need more help please could you post on the Jupyter community forum:
https://discourse.jupyter.org/
More people will see your post there and may be able to help, and as @consideRatio pointed out we'd like to keep GitHub Issues for managing development.