Chapter 7. Deleting users and user resources
Users assigned the cluster-admin
role in OpenShift can revoke user access to Jupyter and delete user resources from Red Hat OpenShift Data Science.
To completely remove a user from OpenShift Data Science, you must remove them from the allowed group in your OpenShift identity provider.
7.1. Backing up storage data
Red Hat recommends that you back up the data on your persistent volume claims (PVCs) regularly. Backing up your data is particularly important before deleting a user and before uninstalling OpenShift Data Science, as all PVCs are deleted when OpenShift Data Science is uninstalled.
See the documentation for your cluster platform for more information about backing up your PVCs.
Additional resources
7.2. Revoking user access to Jupyter
You can revoke a user’s access to Jupyter to prevent them from running notebook servers and consuming resources in your cluster through Jupyter, while still allowing them access to OpenShift Data Science and other services that use OpenShift’s identity provider for authentication.
Follow these steps only if you have restricted access to OpenShift Data Science using specialized user groups. To completely remove a user from OpenShift Data Science, you must remove them from the allowed group in your OpenShift identity provider.
Prerequisites
- You have stopped any notebook servers owned by the user you want to delete.
-
You are assinged the
cluster-admin
role in OpenShift Container Platform. - If you are using specialized OpenShift Data Science user groups, the user is part of the OpenShift Data Science user group, administrator group, or both.
Procedure
-
In the OpenShift Container Platform web console, click User Management
Groups. Click the name of the group that you want to remove the user from.
-
For administrative users, click the name of your administrator group, for example,
rhods-admins
. -
For normal users, click the name of your user group, for example,
rhods-users
.
The Group details page for the group appears.
-
For administrative users, click the name of your administrator group, for example,
- In the Users section on the Details tab, locate the user that you want to remove.
- Click the action menu (⋮) beside the user that you want to remove and click Remove user.
Verification
- Check the Users section on the Details tab and confirm that the user that you removed is not visible.
-
In the
rhods-notebooks
project, check under WorkloadPods and ensure that there is no notebook server pod for this user. If you can see a pod named jupyter-nb-<username>-*
for the user that you have removed, delete that pod to ensure that the deleted user is not consuming resources on the cluster. - In the data science dashboard, check the list of data science projects. Delete any projects that belong to the user.
7.3. Cleaning up after deleting users
After removing a user’s access to Red Hat OpenShift Data Science or Jupyter, you must also delete their associated configuration files from OpenShift Container Platform. It is recommended that you back up the user’s data before removing their configuration files.
Prerequisites
- (Optional) If you want to completely remove the user’s access to OpenShift Data Science, you have removed their credentials from your identity provider.
- You have revoked the user’s access to Jupyter.
- You have backed up the user’s storage data.
-
If you are using specialized OpenShift Data Science groups, you are part of the administrator group (for example,
rhods-admins
). If you are not using specialized groups, you are part of the OpenShift Dedicated administrator group. See Adding administrative users for OpenShift Container Platform for more information. - You have logged in to the OpenShift Container Platform web console.
- You have logged in to OpenShift Data Science.
Procedure
Delete the user’s persistent volume claim (PVC).
-
Click Storage
PersistentVolumeClaims. -
If it is not already selected, select the
rhods-notebooks
project from the project list. Locate the
jupyter-nb-<username>
PVC.Replace
<username>
with the relevant user name.Click the action menu (⋮) and select Delete PersistentVolumeClaim from the list.
The Delete PersistentVolumeClaim dialog appears.
- Inspect the dialog and confirm that you are deleting the correct PVC.
- Click Delete.
-
Click Storage
Delete the user’s ConfigMap.
-
Click Workloads
ConfigMaps. -
If it is not already selected, select the
rhods-notebooks
project from the project list. Locate the
jupyterhub-singleuser-profile-<username>
ConfigMap.Replace
<username>
with the relevant user name.Click the action menu (⋮) and select Delete ConfigMap from the list.
The Delete ConfigMap dialog appears.
- Inspect the dialog and confirm that you are deleting the correct ConfigMap.
- Click Delete.
-
Click Workloads
Verification
- The user cannot access Jupyter any more, and sees an "Access permission needed" message if they try.
- The user’s single-user profile, persistent volume claim (PVC), and ConfigMap are not visible in OpenShift Container Platform.