Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
kubernetes-helm-state
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Binet Réseau
kubernetes-helm-state
Commits
c690bae6
Commit
c690bae6
authored
Sep 21, 2018
by
Wilson JALLET
💸
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Upgrade jupyterhub chart
parent
d1c9fce2
Pipeline
#4516
passed with stage
in 13 seconds
Changes
30
Pipelines
1
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
30 changed files
with
1185 additions
and
159 deletions
+1185
-159
charts/jupyterhub/Chart.yaml
charts/jupyterhub/Chart.yaml
+3
-3
charts/jupyterhub/schema.yaml
charts/jupyterhub/schema.yaml
+365
-34
charts/jupyterhub/templates/_helpers.tpl
charts/jupyterhub/templates/_helpers.tpl
+76
-11
charts/jupyterhub/templates/hub/configmap.yaml
charts/jupyterhub/templates/hub/configmap.yaml
+74
-8
charts/jupyterhub/templates/hub/deployment.yaml
charts/jupyterhub/templates/hub/deployment.yaml
+5
-18
charts/jupyterhub/templates/hub/netpol.yaml
charts/jupyterhub/templates/hub/netpol.yaml
+1
-1
charts/jupyterhub/templates/hub/pdb.yaml
charts/jupyterhub/templates/hub/pdb.yaml
+1
-1
charts/jupyterhub/templates/hub/rbac.yaml
charts/jupyterhub/templates/hub/rbac.yaml
+2
-2
charts/jupyterhub/templates/image-puller/_daemonset-helper.yaml
.../jupyterhub/templates/image-puller/_daemonset-helper.yaml
+27
-5
charts/jupyterhub/templates/image-puller/job.yaml
charts/jupyterhub/templates/image-puller/job.yaml
+5
-5
charts/jupyterhub/templates/image-puller/rbac.yaml
charts/jupyterhub/templates/image-puller/rbac.yaml
+10
-10
charts/jupyterhub/templates/proxy/autohttps/deployment.yaml
charts/jupyterhub/templates/proxy/autohttps/deployment.yaml
+6
-16
charts/jupyterhub/templates/proxy/autohttps/rbac.yaml
charts/jupyterhub/templates/proxy/autohttps/rbac.yaml
+6
-6
charts/jupyterhub/templates/proxy/deployment.yaml
charts/jupyterhub/templates/proxy/deployment.yaml
+20
-18
charts/jupyterhub/templates/proxy/netpol.yaml
charts/jupyterhub/templates/proxy/netpol.yaml
+5
-4
charts/jupyterhub/templates/proxy/pdb.yaml
charts/jupyterhub/templates/proxy/pdb.yaml
+1
-1
charts/jupyterhub/templates/proxy/service.yaml
charts/jupyterhub/templates/proxy/service.yaml
+5
-1
charts/jupyterhub/templates/scheduling/_scheduling-helpers.tpl
...s/jupyterhub/templates/scheduling/_scheduling-helpers.tpl
+158
-0
charts/jupyterhub/templates/scheduling/priorityclass.yaml
charts/jupyterhub/templates/scheduling/priorityclass.yaml
+17
-0
charts/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml
...jupyterhub/templates/scheduling/user-placeholder/pdb.yaml
+17
-0
charts/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml
.../templates/scheduling/user-placeholder/priorityclass.yaml
+13
-0
charts/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml
...ub/templates/scheduling/user-placeholder/statefulset.yaml
+50
-0
charts/jupyterhub/templates/scheduling/user-scheduler/_helpers.tpl
...pyterhub/templates/scheduling/user-scheduler/_helpers.tpl
+12
-0
charts/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml
...terhub/templates/scheduling/user-scheduler/configmap.yaml
+73
-0
charts/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml
...erhub/templates/scheduling/user-scheduler/deployment.yaml
+54
-0
charts/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml
...s/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml
+13
-0
charts/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
.../jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
+60
-0
charts/jupyterhub/templates/singleuser/image-credentials-secret.yaml
...terhub/templates/singleuser/image-credentials-secret.yaml
+30
-0
charts/jupyterhub/templates/singleuser/netpol.yaml
charts/jupyterhub/templates/singleuser/netpol.yaml
+7
-2
charts/jupyterhub/values.yaml
charts/jupyterhub/values.yaml
+69
-13
No files found.
charts/jupyterhub/Chart.yaml
View file @
c690bae6
appVersion
:
v0.8.1
appVersion
:
0.9.3
description
:
Multi-user Jupyter installation
home
:
https://z2jh.jupyter.org
icon
:
https://jupyter.org/assets/hublogo.svg
...
...
@@ -6,5 +6,5 @@ kubeVersion: '>=1.8.0-0'
name
:
jupyterhub
sources
:
-
https://github.com/jupyterhub/zero-to-jupyterhub-k8s
tillerVersion
:
'
>=2.
7.0
-0'
version
:
v0.7-560a7cd
tillerVersion
:
'
>=2.
9.1
-0'
version
:
0.8-c0b4dcf
charts/jupyterhub/schema.yaml
View file @
c690bae6
This diff is collapsed.
Click to expand it.
charts/jupyterhub/templates/_helpers.tpl
View file @
c690bae6
...
...
@@ -9,7 +9,7 @@
generate
some
output
based
on
one
single
dictionary
of
input
that
we
call
the
helpers
scope
.
When
you
are
in
helm
,
you
access
your
current
scope
with
a
single
a
single
punctuation
(.).
When
you
ask
a
helper
to
render
its
content
,
one
often
forward
the
current
scope
to
the
helper
in
order
to
allow
it
to
access
.
Release
.
Name
,
.
Values
.
rbac
.
enabled
and
similar
values
.
...
...
@@ -27,7 +27,7 @@
To let a helper access the current scope along with additional values we have
opted to create dictionary containing additional values that is then populated
with additional values from the current scope through a the merge function.
#### Example - Passing a new scope augmented with the old
{{- $_ := merge (dict "appLabel" "kube-lego") . }}
{{- include "jupyterhub.matchLabels" $_ | nindent 6 }}
...
...
@@ -55,7 +55,7 @@
## Example usage
```yaml
# Excerpt from proxy/autohttps/deployment.yaml
apiVersion: apps/v1
beta2
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jupyterhub.nameField" . }}
...
...
@@ -97,7 +97,7 @@
Used by "jupyterhub.labels" and "jupyterhub.nameField".
NOTE: The component label is determined by either...
- 1: The provided scope's .componentLabel
- 1: The provided scope's .componentLabel
- 2: The template's filename if living in the root folder
- 3: The template parent folder's name
- : ...and is combined with .componentPrefix and .componentSuffix
...
...
@@ -163,12 +163,77 @@ component: {{ include "jupyterhub.componentLabel" . }}
{{- /*
jupyterhub.podCullerSelector:
Used to by the pod-culler to select singleuser-server pods. It simply
reformats "jupyterhub.matchLabels" and sets the componentLabel value so
`component=singleuser-server` is output.
jupyterhub.dockerconfigjson:
Creates a base64 encoded docker registry json blob for use in a image pull
secret, just like the `kubectl create secret docker-registry` command does
for the generated secrets data.dockerconfigjson field. The output is
verified to be exactly the same even if you have a password spanning
multiple lines as you may need to use a private GCR registry.
- https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
*/}}
{{- define "jupyterhub.podCullerSelector" -}}
{{- $_ := merge (dict "componentLabel" "singleuser-server") . -}}
{{ include "jupyterhub.matchLabels" $_ | replace ": " "=" | replace "\n" "," | quote }}
{{- define "jupyterhub.dockerconfigjson" -}}
{{ include "jupyterhub.dockerconfigjson.yaml" . | b64enc }}
{{- end }}
{{- define "jupyterhub.dockerconfigjson.yaml" -}}
{{- with .Values.singleuser.imagePullSecret -}}
{
"auths": {
{{ .registry | default "https://index.docker.io/v1/" | quote }}: {
"username": {{ .username | quote }},
"password": {{ .password | quote }},
{{- if .email }}
"email": {{ .email | quote }},
{{- end }}
"auth": {{ (print .username ":" .password) | b64enc | quote }}
}
}
}
{{- end }}
{{- end }}
{{- /*
jupyterhub.resources:
The resource request of a singleuser.
*/}}
{{- define "jupyterhub.resources" -}}
{{- $r1 := .Values.singleuser.cpu.guarantee -}}
{{- $r2 := .Values.singleuser.memory.guarantee -}}
{{- $r3 := .Values.singleuser.extraResource.guarantees -}}
{{- $r := or $r1 $r2 $r3 -}}
{{- $l1 := .Values.singleuser.cpu.limit -}}
{{- $l2 := .Values.singleuser.memory.limit -}}
{{- $l3 := .Values.singleuser.extraResource.limits -}}
{{- $l := or $l1 $l2 $l3 -}}
{{- if $r -}}
requests:
{{- if $r1 }}
cpu: {{ .Values.singleuser.cpu.guarantee }}
{{- end }}
{{- if $r2 }}
memory: {{ .Values.singleuser.memory.guarantee }}
{{- end }}
{{- if $r3 }}
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if $l }}
limits:
{{- if $l1 }}
cpu: {{ .Values.singleuser.cpu.limit }}
{{- end }}
{{- if $l2 }}
memory: {{ .Values.singleuser.memory.limit }}
{{- end }}
{{- if $l3 }}
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
charts/jupyterhub/templates/hub/configmap.yaml
View file @
c690bae6
...
...
@@ -12,6 +12,7 @@ data:
cull.timeout
:
{{
.Values.cull.timeout | quote
}}
cull.every
:
{{
.Values.cull.every | quote
}}
cull.concurrency
:
{{
.Values.cull.concurrency | quote
}}
cull.max-age
:
{{
.Values.cull.maxAge | quote
}}
{{
- end
}}
...
...
@@ -67,10 +68,11 @@ data:
auth.gitlab.client-secret
:
{{
.Values.auth.gitlab.clientSecret | quote
}}
auth.gitlab.callback-url
:
{{
.Values.auth.gitlab.callbackUrl | quote
}}
{{
- end
}}
{{
- if eq .Values.auth.type "mediawiki"
}}
auth.mediawiki.client-id
:
{{
.Values.auth.mediawiki.clientId | quote
}}
auth.mediawiki.client-secret
:
{{
.Values.auth.mediawiki.clientSecret | quote
}}
auth.mediawiki.callback-url
:
{{
.Values.auth.mediawiki.callbackUrl | quote
}}
auth.mediawiki.index-url
:
{{
.Values.auth.mediawiki.indexUrl | quote
}}
{{
- end
}}
...
...
@@ -80,7 +82,7 @@ data:
auth.globus.callback-url
:
{{
.Values.auth.globus.callbackUrl | quote
}}
auth.globus.identity-provider
:
{{
.Values.auth.globus.identityProvider | quote
}}
{{
- end
}}
{{
- if eq .Values.auth.type "lti"
}}
auth.lti.consumers
:
|
{{- .Values.auth.lti.consumers | toYaml | trimSuffix "\n" | nindent 4 }}
...
...
@@ -108,7 +110,7 @@ data:
auth.ldap.dn.user.search-base
:
{{
.Values.auth.ldap.dn.user.searchBase | quote
}}
auth.ldap.dn.user.attribute
:
{{
.Values.auth.ldap.dn.user.attribute | quote
}}
{{
- end
}}
{{
- if eq .Values.auth.type "dummy"
}}
{{
- if .Values.auth.dummy.password
}}
auth.dummy.password
:
{{
.Values.auth.dummy.password | quote
}}
...
...
@@ -127,12 +129,19 @@ data:
{{
- if .Values.singleuser.initContainers
}}
singleuser.init-containers
:
{{
toJson .Values.singleuser.initContainers | quote
}}
{{
- end
}}
{{
- if .Values.singleuser.extraContainers
}}
singleuser.extra-containers
:
{{
toJson .Values.singleuser.extraContainers | quote
}}
{{
- end
}}
singleuser.network-tools.image.name
:
{{
.Values.singleuser.networkTools.image.name | quote
}}
singleuser.network-tools.image.tag
:
{{
.Values.singleuser.networkTools.image.tag | quote
}}
singleuser.cloud-metadata
:
|
{{- .Values.singleuser.cloudMetadata | toYaml | trimSuffix "\n" | nindent 4 }}
singleuser.start-timeout
:
{{
.Values.singleuser.startTimeout | quote
}}
singleuser.image-spec
:
{{
.Values.singleuser.image.name
}}
:{{ .Values.singleuser.image.tag }}
singleuser.image-pull-policy
:
{{
.Values.singleuser.image.pullPolicy | quote
}}
{{
- if .Values.singleuser.imagePullSecret.enabled
}}
singleuser.image-pull-secret-name
:
singleuser-image-credentials
{{
- end
}}
{{
- if .Values.singleuser.cmd
}}
singleuser.cmd
:
{{
.Values.singleuser.cmd | quote
}}
{{
- end
}}
...
...
@@ -146,9 +155,6 @@ data:
singleuser.service-account-name
:
{{
.Values.singleuser.serviceAccountName | quote
}}
{{
- end
}}
singleuser.node-selector
:
{{
toJson .Values.singleuser.nodeSelector | quote
}}
{{
- if .Values.singleuser.schedulerStrategy
}}
singleuser.scheduler-strategy
:
{{
.Values.singleuser.schedulerStrategy | quote
}}
{{
- end
}}
singleuser.storage.type
:
{{
.Values.singleuser.storage.type | quote
}}
singleuser.storage.home_mount_path
:
{{
.Values.singleuser.storage.homeMountPath | quote
}}
singleuser.storage.extra-volumes
:
{{
toJson .Values.singleuser.storage.extraVolumes | quote
}}
...
...
@@ -179,19 +185,77 @@ data:
{{
- if .Values.singleuser.cpu.guarantee
}}
singleuser.cpu.guarantee
:
{{
.Values.singleuser.cpu.guarantee | quote
}}
{{
- end
}}
{{
- if .Values.singleuser.extraResource.limits
}}
singleuser.extra-resource.limits
:
|
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- end
}}
{{
- if .Values.singleuser.extraResource.guarantees
}}
singleuser.extra-resource.guarantees
:
|
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- end
}}
{{
- if .Values.singleuser.extraAnnotations
}}
singleuser.extra-annotations
:
|
{{- range $key, $value := .Values.singleuser.extraAnnotations }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- end
}}
singleuser.extra-labels
:
|
hub.jupyter.org/network-access-hub: "true"
{{- range $key, $value := .Values.singleuser.extraLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- if .Values.singleuser.storage.extraLabels
}}
singleuser.storage-extra-labels
:
|
{{- range $key, $value := .Values.singleuser.storage.extraLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- end
}}
{{
- if .Values.singleuser.extraEnv
}}
singleuser.extra-env
:
|
{{- range $key, $value := .Values.singleuser.extraEnv }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{
- end
}}
singleuser.tolerations
:
|
{{- include "jupyterhub.userTolerations" . | nindent 4 }}
{{
- if include "jupyterhub.userNodeAffinityRequired" .
}}
singleuser.node-affinity-required
:
|
{{- include "jupyterhub.userNodeAffinityRequired" . | nindent 4 }}
{{
- end
}}
{{
- if include "jupyterhub.userNodeAffinityPreferred" .
}}
singleuser.node-affinity-preferred
:
|
{{- include "jupyterhub.userNodeAffinityPreferred" . | nindent 4 }}
{{
- end
}}
{{
- if include "jupyterhub.userPodAffinityRequired" .
}}
singleuser.pod-affinity-required
:
|
{{- include "jupyterhub.userPodAffinityRequired" . | nindent 4 }}
{{
- end
}}
{{
- if include "jupyterhub.userPodAffinityPreferred" .
}}
singleuser.pod-affinity-preferred
:
|
{{- include "jupyterhub.userPodAffinityPreferred" . | nindent 4 }}
{{
- end
}}
{{
- if include "jupyterhub.userPodAntiAffinityRequired" .
}}
singleuser.pod-anti-affinity-required
:
|
{{- include "jupyterhub.userPodAntiAffinityRequired" . | nindent 4 }}
{{
- end
}}
{{
- if include "jupyterhub.userPodAntiAffinityPreferred" .
}}
singleuser.pod-anti-affinity-preferred
:
|
{{- include "jupyterhub.userPodAntiAffinityPreferred" . | nindent 4 }}
{{
- end
}}
{{
- if .Values.scheduling.userScheduler.enabled
}}
singleuser.scheduler-name
:
"
{{
.Release.Name
}}-user-scheduler"
{{
- end
}}
{{
- if .Values.scheduling.podPriority.enabled
}}
singleuser.priority_class_name
:
"
{{
.Release.Name
}}-default-priority"
{{
- end
}}
{{
- /* KubeSpawner */
}}
kubespawner.common-labels
:
|
{{- $_ := merge (dict "heritageLabel" "jupyterhub") . }}
...
...
@@ -199,7 +263,9 @@ data:
{{
- /* Hub */
}}
hub.allow-named-servers
:
{{
.Values.hub.allowNamedServers | quote
}}
hub.concurrent-spawn-limit
:
{{
.Values.hub.concurrentSpawnLimit | quote
}}
hub.consecutive-failure-limit
:
{{
.Values.hub.consecutiveFailureLimit | quote
}}
{{
- if .Values.hub.activeServerLimit
}}
hub.active-server-limit
:
{{
.Values.hub.activeServerLimit | quote
}}
{{
- end
}}
...
...
charts/jupyterhub/templates/hub/deployment.yaml
View file @
c690bae6
apiVersion
:
apps/v1
beta2
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
hub
...
...
@@ -30,21 +30,11 @@ spec:
{{
- .Values.hub.annotations | toYaml | trimSuffix "\n" | nindent 8
}}
{{
- end
}}
spec
:
{{
- if .Values.scheduling.podPriority.enabled
}}
priorityClassName
:
{{
.Release.Name
}}
-default-priority
{{
- end
}}
nodeSelector
:
{{
toJson .Values.hub.nodeSelector
}}
affinity
:
podAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
weight
:
1
podAffinityTerm
:
topologyKey
:
kubernetes.io/hostname
labelSelector
:
matchExpressions
:
-
key
:
component
operator
:
In
values
:
[
'
proxy'
]
-
key
:
release
operator
:
In
values
:
[{{
.Release.Name | quote
}}]
{{
- include "jupyterhub.coreAffinity" . | nindent 6
}}
volumes
:
-
name
:
config
configMap
:
...
...
@@ -118,9 +108,6 @@ spec:
{{
- .Values.hub.resources | toYaml | trimSuffix "\n" | nindent 12
}}
imagePullPolicy
:
{{
.Values.hub.imagePullPolicy
}}
env
:
{{
- /* Put this here directly so hub will restart when we change this */
}}
-
name
:
SINGLEUSER_IMAGE
value
:
"
{{
.Values.singleuser.image.name
}}:{{
.Values.singleuser.image.tag
}}"
{{
- if .Values.hub.cookieSecret
}}
-
name
:
JPY_COOKIE_SECRET
valueFrom
:
...
...
charts/jupyterhub/templates/hub/netpol.yaml
View file @
c690bae6
...
...
@@ -2,7 +2,7 @@
apiVersion
:
networking.k8s.io/v1
kind
:
NetworkPolicy
metadata
:
name
:
hub
-network-policy
name
:
hub
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
spec
:
...
...
charts/jupyterhub/templates/hub/pdb.yaml
View file @
c690bae6
...
...
@@ -6,7 +6,7 @@ metadata:
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
spec
:
minAvailable
:
1
minAvailable
:
{{
.Values.hub.pdb.minAvailable
}}
selector
:
matchLabels
:
{{
- include "jupyterhub.matchLabels" . | nindent 6
}}
...
...
charts/jupyterhub/templates/hub/rbac.yaml
View file @
c690bae6
...
...
@@ -7,7 +7,7 @@ metadata:
{{
- include "jupyterhub.labels" . | nindent 4
}}
---
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
hub
labels
:
...
...
@@ -21,7 +21,7 @@ rules:
verbs
:
[
"
get"
,
"
watch"
,
"
list"
]
---
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
hub
labels
:
...
...
charts/jupyterhub/templates/image-puller/_daemonset-helper.yaml
View file @
c690bae6
...
...
@@ -4,11 +4,10 @@ Returns an image-puller daemonset. Two daemonsets will be created like this.
- continuous-image-puller
:
for newly added nodes image pulling
*/
}}
{{
- define "jupyterhub.imagePuller.daemonset" -
}}
apiVersion
:
extensions/v1beta
1
apiVersion
:
apps/v
1
kind
:
DaemonSet
metadata
:
{{
- $label
:
= print "-" .Release.Time.Seconds
}}
name
:
{{
print .componentPrefix "image-puller"
}}{{
- if .hook
}}{{
$label
}}{{
- end
}}
name
:
{{
print .componentPrefix "image-puller"
}}
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
{{
- if .hook
}}
...
...
@@ -20,7 +19,7 @@ metadata:
Allows the daemonset to be deleted when the image-awaiter job is completed.
*/
}}
"
helm.sh/hook"
:
pre-install,pre-upgrade
"
helm.sh/hook-delete-policy"
:
hook-succeeded,hook-fail
ed
"
helm.sh/hook-delete-policy"
:
before-hook-creation,hook-succeed
ed
"
helm.sh/hook-weight"
:
"
-10"
{{
- end
}}
spec
:
...
...
@@ -34,11 +33,25 @@ spec:
template
:
metadata
:
labels
:
{{
- /* Changes here will cause the D
eploymen
t to restart the pods. */
}}
{{
- /* Changes here will cause the D
aemonSe
t to restart the pods. */
}}
{{
- include "jupyterhub.matchLabels" . | nindent 8
}}
spec
:
tolerations
:
{{
- include "jupyterhub.userTolerations" . | nindent 8
}}
nodeSelector
:
{{
toJson .Values.singleuser.nodeSelector
}}
{{
- if include "jupyterhub.userNodeAffinityRequired" .
}}
affinity
:
nodeAffinity
:
requiredDuringSchedulingIgnoredDuringExecution
:
nodeSelectorTerms
:
{{
- include "jupyterhub.userNodeAffinityRequired" . | nindent 14
}}
{{
- end
}}
terminationGracePeriodSeconds
:
0
automountServiceAccountToken
:
false
{{
- if .Values.singleuser.imagePullSecret.enabled
}}
imagePullSecrets
:
-
name
:
{{
if .hook -
}}
hook- {{- end -}} singleuser-image-credentials
{{
- end
}}
initContainers
:
-
name
:
image-pull-singleuser
image
:
{{
.Values.singleuser.image.name
}}
:{{ .Values.singleuser.image.tag }}
...
...
@@ -59,6 +72,15 @@ spec:
{{
- range $k
,
$v
:
= .Values.prePuller.extraImages
}}
-
name
:
image-pull-{{ $k }}
image
:
{{
$v.name
}}
:{{ $v.tag }}
imagePullPolicy
:
{{
$v.policy | default "IfNotPresent"
}}
command
:
-
/bin/sh
-
-c
-
echo "Pulling complete"
{{
- end
}}
{{
- range $k
,
$container
:
= .Values.singleuser.extraContainers
}}
-
name
:
image-pull-singleuser-extra-container-{{ $k }}
image
:
{{
$container.image
}}
imagePullPolicy
:
IfNotPresent
command
:
-
/bin/sh
...
...
charts/jupyterhub/templates/image-puller/job.yaml
View file @
c690bae6
...
...
@@ -9,24 +9,24 @@ command.
apiVersion
:
batch/v1
kind
:
Job
metadata
:
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
hub.jupyter.org/deletable
:
"
true"
annotations
:
"
helm.sh/hook"
:
pre-install,pre-upgrade
"
helm.sh/hook-delete-policy"
:
hook-succeeded,hook-fail
ed
"
helm.sh/hook-delete-policy"
:
before-hook-creation,hook-succeed
ed
"
helm.sh/hook-weight"
:
"
10"
spec
:
template
:
metadata
:
labels
:
{{
- /* Changes here will cause the
Deployment
to restart the pods. */
}}
{{
- /* Changes here will cause the
Job
to restart the pods. */
}}
{{
- include "jupyterhub.matchLabels" . | nindent 8
}}
spec
:
restartPolicy
:
Never
{{
- if .Values.rbac.enabled
}}
serviceAccountName
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
serviceAccountName
:
hook-image-awaiter
{{
- end
}}
containers
:
-
image
:
{{
.Values.prePuller.hook.image.name
}}
:{{ .Values.prePuller.hook.image.tag }}
...
...
@@ -38,5 +38,5 @@ spec:
-
-auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token
-
-api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT)
-
-namespace={{ .Release.Namespace }}
-
-daemonset=hook-image-puller
-{{ .Release.Time.Seconds }}
-
-daemonset=hook-image-puller
{{
- end
}}
charts/jupyterhub/templates/image-puller/rbac.yaml
View file @
c690bae6
...
...
@@ -9,28 +9,28 @@ This service account...
apiVersion
:
v1
kind
:
ServiceAccount
metadata
:
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
hub.jupyter.org/deletable
:
"
true"
annotations
:
"
helm.sh/hook"
:
pre-install,pre-upgrade
"
helm.sh/hook-delete-policy"
:
hook-succeeded,hook-fail
ed
"
helm.sh/hook-delete-policy"
:
before-hook-creation,hook-succeed
ed
"
helm.sh/hook-weight"
:
"
0"
---
{{
- /*
... will be used by this role...
*/
}}
kind
:
Role
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
hub.jupyter.org/deletable
:
"
true"
annotations
:
"
helm.sh/hook"
:
pre-install,pre-upgrade
"
helm.sh/hook-delete-policy"
:
hook-succeeded,hook-fail
ed
"
helm.sh/hook-delete-policy"
:
before-hook-creation,hook-succeed
ed
"
helm.sh/hook-weight"
:
"
0"
rules
:
-
apiGroups
:
[
"
apps"
]
# "" indicates the core API group
...
...
@@ -41,23 +41,23 @@ rules:
... as declared by this binding.
*/
}}
kind
:
RoleBinding
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
metadata
:
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
hub.jupyter.org/deletable
:
"
true"
annotations
:
"
helm.sh/hook"
:
pre-install,pre-upgrade
"
helm.sh/hook-delete-policy"
:
hook-succeeded,hook-fail
ed
"
helm.sh/hook-delete-policy"
:
before-hook-creation,hook-succeed
ed
"
helm.sh/hook-weight"
:
"
0"
subjects
:
-
kind
:
ServiceAccount
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
namespace
:
{{
.Release.Namespace
}}
roleRef
:
kind
:
Role
name
:
hook-image-awaiter
-{{ .Release.Time.Seconds }}
name
:
hook-image-awaiter
apiGroup
:
rbac.authorization.k8s.io
{{
- end
}}
{{
- end
}}
charts/jupyterhub/templates/proxy/autohttps/deployment.yaml
View file @
c690bae6
{{
- $HTTPS
:
= (and .Values.proxy.https.hosts .Values.proxy.https.enabled)
}}
{{
- $autoHTTPS
:
= (and $HTTPS (eq .Values.proxy.https.type "letsencrypt"))
}}
{{
- if $autoHTTPS -
}}
apiVersion
:
apps/v1
beta2
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
autohttps
...
...
@@ -35,22 +35,12 @@ spec:
{{
- if .Values.rbac.enabled
}}
serviceAccountName
:
autohttps
{{
- end
}}
nodeSelector
:
{{
toJson .Values.proxy.nodeSelector
}}
{{
- if .Values.scheduling.podPriority.enabled
}}
priorityClassName
:
{{
.Release.Name
}}
-default-priority
{{
- end
}}
terminationGracePeriodSeconds
:
60
affinity
:
podAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
weight
:
1
podAffinityTerm
:
topologyKey
:
kubernetes.io/hostname
labelSelector
:
matchExpressions
:
-
key
:
component
operator
:
In
values
:
[
'
hub'
]
-
key
:
release
operator
:
In
values
:
[{{
.Release.Name | quote
}}]
nodeSelector
:
{{
toJson .Values.proxy.nodeSelector
}}
{{
- include "jupyterhub.coreAffinity" . | nindent 6
}}
containers
:
-
name
:
nginx
image
:
"
{{
.Values.proxy.nginx.image.name
}}:{{
.Values.proxy.nginx.image.tag
}}"
...
...
charts/jupyterhub/templates/proxy/autohttps/rbac.yaml
View file @
c690bae6
...
...
@@ -11,7 +11,7 @@ metadata:
labels
:
{{
- include "jupyterhub.labels" . | nindent 4
}}
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRole
metadata
:
name
:
nginx-{{ .Release.Name }}
...
...
@@ -74,7 +74,7 @@ rules:
verbs
:
-
update
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
ClusterRoleBinding
metadata
:
name
:
nginx-{{ .Release.Name }}
...
...
@@ -89,7 +89,7 @@ subjects:
name
:
autohttps
namespace
:
{{
.Release.Namespace
}}
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
Role
metadata
:
name
:
nginx
...
...
@@ -129,7 +129,7 @@ rules:
-
get
-
update
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
Role
metadata
:
name
:
kube-lego
...
...
@@ -166,7 +166,7 @@ rules:
-
create
-
update
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
RoleBinding
metadata
:
name
:
nginx
...
...
@@ -181,7 +181,7 @@ subjects:
name
:
autohttps
namespace
:
{{
.Release.Namespace
}}
---
apiVersion
:
rbac.authorization.k8s.io/v1
beta1
apiVersion
:
rbac.authorization.k8s.io/v1
kind
:
RoleBinding
metadata
:
name
:
kube-lego
...
...
charts/jupyterhub/templates/proxy/deployment.yaml
View file @
c690bae6
{{
- $manualHTTPS
:
= (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manual")) -
}}
apiVersion
:
apps/v1beta2
{{
- $manualHTTPSwithsecret
:
= (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "secret")) -
}}
apiVersion
:
apps/v1
kind
:
Deployment
metadata
:
name
:
proxy
...
...
@@ -28,22 +29,18 @@ spec:
{{
- .Values.proxy.annotations | toYaml | trimSuffix "\n" | nindent 8
}}
{{
- end
}}
spec
:
nodeSelector
:
{{
toJson .Values.proxy.nodeSelector
}}
terminationGracePeriodSeconds
:
60
affinity
:
podAffinity
:
preferredDuringSchedulingIgnoredDuringExecution
:
-
weight
:
1
podAffinityTerm
:
topologyKey
:
kubernetes.io/hostname
labelSelector
:
matchExpressions
:
-
key
:
component
operator
:
In
values
:
[
'
hub'
]
-
key
:
release
operator
:
In
values
:
[{{
.Release.Name | quote
}}]
{{
- if .Values.scheduling.podPriority.enabled
}}
priorityClassName
:
{{
.Release.Name
}}
-default-priority
{{
- end
}}
nodeSelector
:
{{
toJson .Values.proxy.nodeSelector
}}
{{
- include "jupyterhub.coreAffinity" . | nindent 6
}}
{{
- if $manualHTTPSwithsecret
}}
volumes
:
-
name
:
tls-secret
secret
:
secretName
:
{{
.Values.proxy.https.secret.name
}}
{{
- end
}}
{{
- if $manualHTTPS
}}
volumes
:
-
name
:
tls-secret
...
...
@@ -65,13 +62,18 @@ spec:
-
--redirect-port=8000
-
--ssl-key=/etc/chp/tls/tls.key
-
--ssl-cert=/etc/chp/tls/tls.crt
{{
- else if $manualHTTPSwithsecret
}}
-
--port=8443
-
--redirect-port=8000
-
--ssl-key=/etc/chp/tls/{{ .Values.proxy.https.secret.key }}
-
--ssl-cert=/etc/chp/tls/{{ .Values.proxy.https.secret.crt }}
{{
- else
}}
-
--port=8000
{{
- end
}}