Commit c690bae6 authored by Will JALLET's avatar Will JALLET 💸

Upgrade jupyterhub chart

parent d1c9fce2
Pipeline #4516 passed with stage
in 13 seconds
appVersion: v0.8.1
appVersion: 0.9.3
description: Multi-user Jupyter installation
home: https://z2jh.jupyter.org
icon: https://jupyter.org/assets/hublogo.svg
......@@ -6,5 +6,5 @@ kubeVersion: '>=1.8.0-0'
name: jupyterhub
sources:
- https://github.com/jupyterhub/zero-to-jupyterhub-k8s
tillerVersion: '>=2.7.0-0'
version: v0.7-560a7cd
tillerVersion: '>=2.9.1-0'
version: 0.8-c0b4dcf
This diff is collapsed.
......@@ -9,7 +9,7 @@
generate some output based on one single dictionary of input that we call the
helpers scope. When you are in helm, you access your current scope with a
single a single punctuation (.).
When you ask a helper to render its content, one often forward the current
scope to the helper in order to allow it to access .Release.Name,
.Values.rbac.enabled and similar values.
......@@ -27,7 +27,7 @@
To let a helper access the current scope along with additional values we have
opted to create dictionary containing additional values that is then populated
with additional values from the current scope through a the merge function.
#### Example - Passing a new scope augmented with the old
{{- $_ := merge (dict "appLabel" "kube-lego") . }}
{{- include "jupyterhub.matchLabels" $_ | nindent 6 }}
......@@ -55,7 +55,7 @@
## Example usage
```yaml
# Excerpt from proxy/autohttps/deployment.yaml
apiVersion: apps/v1beta2
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "jupyterhub.nameField" . }}
......@@ -97,7 +97,7 @@
Used by "jupyterhub.labels" and "jupyterhub.nameField".
NOTE: The component label is determined by either...
- 1: The provided scope's .componentLabel
- 1: The provided scope's .componentLabel
- 2: The template's filename if living in the root folder
- 3: The template parent folder's name
- : ...and is combined with .componentPrefix and .componentSuffix
......@@ -163,12 +163,77 @@ component: {{ include "jupyterhub.componentLabel" . }}
{{- /*
jupyterhub.podCullerSelector:
Used to by the pod-culler to select singleuser-server pods. It simply
reformats "jupyterhub.matchLabels" and sets the componentLabel value so
`component=singleuser-server` is output.
jupyterhub.dockerconfigjson:
Creates a base64 encoded docker registry json blob for use in a image pull
secret, just like the `kubectl create secret docker-registry` command does
for the generated secrets data.dockerconfigjson field. The output is
verified to be exactly the same even if you have a password spanning
multiple lines as you may need to use a private GCR registry.
- https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
*/}}
{{- define "jupyterhub.podCullerSelector" -}}
{{- $_ := merge (dict "componentLabel" "singleuser-server") . -}}
{{ include "jupyterhub.matchLabels" $_ | replace ": " "=" | replace "\n" "," | quote }}
{{- define "jupyterhub.dockerconfigjson" -}}
{{ include "jupyterhub.dockerconfigjson.yaml" . | b64enc }}
{{- end }}
{{- define "jupyterhub.dockerconfigjson.yaml" -}}
{{- with .Values.singleuser.imagePullSecret -}}
{
"auths": {
{{ .registry | default "https://index.docker.io/v1/" | quote }}: {
"username": {{ .username | quote }},
"password": {{ .password | quote }},
{{- if .email }}
"email": {{ .email | quote }},
{{- end }}
"auth": {{ (print .username ":" .password) | b64enc | quote }}
}
}
}
{{- end }}
{{- end }}
{{- /*
jupyterhub.resources:
The resource request of a singleuser.
*/}}
{{- define "jupyterhub.resources" -}}
{{- $r1 := .Values.singleuser.cpu.guarantee -}}
{{- $r2 := .Values.singleuser.memory.guarantee -}}
{{- $r3 := .Values.singleuser.extraResource.guarantees -}}
{{- $r := or $r1 $r2 $r3 -}}
{{- $l1 := .Values.singleuser.cpu.limit -}}
{{- $l2 := .Values.singleuser.memory.limit -}}
{{- $l3 := .Values.singleuser.extraResource.limits -}}
{{- $l := or $l1 $l2 $l3 -}}
{{- if $r -}}
requests:
{{- if $r1 }}
cpu: {{ .Values.singleuser.cpu.guarantee }}
{{- end }}
{{- if $r2 }}
memory: {{ .Values.singleuser.memory.guarantee }}
{{- end }}
{{- if $r3 }}
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if $l }}
limits:
{{- if $l1 }}
cpu: {{ .Values.singleuser.cpu.limit }}
{{- end }}
{{- if $l2 }}
memory: {{ .Values.singleuser.memory.limit }}
{{- end }}
{{- if $l3 }}
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
......@@ -12,6 +12,7 @@ data:
cull.timeout: {{ .Values.cull.timeout | quote }}
cull.every: {{ .Values.cull.every | quote }}
cull.concurrency: {{ .Values.cull.concurrency | quote }}
cull.max-age: {{ .Values.cull.maxAge | quote }}
{{- end }}
......@@ -67,10 +68,11 @@ data:
auth.gitlab.client-secret: {{ .Values.auth.gitlab.clientSecret | quote }}
auth.gitlab.callback-url: {{ .Values.auth.gitlab.callbackUrl | quote }}
{{- end }}
{{- if eq .Values.auth.type "mediawiki" }}
auth.mediawiki.client-id: {{ .Values.auth.mediawiki.clientId | quote }}
auth.mediawiki.client-secret: {{ .Values.auth.mediawiki.clientSecret | quote }}
auth.mediawiki.callback-url: {{ .Values.auth.mediawiki.callbackUrl | quote }}
auth.mediawiki.index-url: {{ .Values.auth.mediawiki.indexUrl | quote }}
{{- end }}
......@@ -80,7 +82,7 @@ data:
auth.globus.callback-url: {{ .Values.auth.globus.callbackUrl | quote }}
auth.globus.identity-provider: {{ .Values.auth.globus.identityProvider | quote }}
{{- end }}
{{- if eq .Values.auth.type "lti" }}
auth.lti.consumers: |
{{- .Values.auth.lti.consumers | toYaml | trimSuffix "\n" | nindent 4 }}
......@@ -108,7 +110,7 @@ data:
auth.ldap.dn.user.search-base: {{ .Values.auth.ldap.dn.user.searchBase | quote }}
auth.ldap.dn.user.attribute: {{ .Values.auth.ldap.dn.user.attribute | quote }}
{{- end }}
{{- if eq .Values.auth.type "dummy" }}
{{- if .Values.auth.dummy.password }}
auth.dummy.password: {{ .Values.auth.dummy.password | quote }}
......@@ -127,12 +129,19 @@ data:
{{- if .Values.singleuser.initContainers }}
singleuser.init-containers: {{ toJson .Values.singleuser.initContainers | quote }}
{{- end }}
{{- if .Values.singleuser.extraContainers }}
singleuser.extra-containers: {{ toJson .Values.singleuser.extraContainers | quote }}
{{- end }}
singleuser.network-tools.image.name: {{ .Values.singleuser.networkTools.image.name | quote }}
singleuser.network-tools.image.tag: {{ .Values.singleuser.networkTools.image.tag | quote }}
singleuser.cloud-metadata: |
{{- .Values.singleuser.cloudMetadata | toYaml | trimSuffix "\n" | nindent 4 }}
singleuser.start-timeout: {{ .Values.singleuser.startTimeout | quote }}
singleuser.image-spec: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}
singleuser.image-pull-policy: {{ .Values.singleuser.image.pullPolicy | quote }}
{{- if .Values.singleuser.imagePullSecret.enabled }}
singleuser.image-pull-secret-name: singleuser-image-credentials
{{- end }}
{{- if .Values.singleuser.cmd }}
singleuser.cmd: {{ .Values.singleuser.cmd | quote }}
{{- end }}
......@@ -146,9 +155,6 @@ data:
singleuser.service-account-name: {{ .Values.singleuser.serviceAccountName | quote }}
{{- end }}
singleuser.node-selector: {{ toJson .Values.singleuser.nodeSelector | quote }}
{{- if .Values.singleuser.schedulerStrategy }}
singleuser.scheduler-strategy: {{ .Values.singleuser.schedulerStrategy | quote }}
{{- end }}
singleuser.storage.type: {{ .Values.singleuser.storage.type | quote }}
singleuser.storage.home_mount_path: {{ .Values.singleuser.storage.homeMountPath | quote }}
singleuser.storage.extra-volumes: {{ toJson .Values.singleuser.storage.extraVolumes | quote }}
......@@ -179,19 +185,77 @@ data:
{{- if .Values.singleuser.cpu.guarantee }}
singleuser.cpu.guarantee: {{ .Values.singleuser.cpu.guarantee | quote }}
{{- end }}
{{- if .Values.singleuser.extraResource.limits }}
singleuser.extra-resource.limits: |
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraResource.guarantees }}
singleuser.extra-resource.guarantees: |
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraAnnotations }}
singleuser.extra-annotations: |
{{- range $key, $value := .Values.singleuser.extraAnnotations }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
singleuser.extra-labels: |
hub.jupyter.org/network-access-hub: "true"
{{- range $key, $value := .Values.singleuser.extraLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.singleuser.storage.extraLabels }}
singleuser.storage-extra-labels: |
{{- range $key, $value := .Values.singleuser.storage.extraLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraEnv }}
singleuser.extra-env: |
{{- range $key, $value := .Values.singleuser.extraEnv }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
singleuser.tolerations: |
{{- include "jupyterhub.userTolerations" . | nindent 4 }}
{{- if include "jupyterhub.userNodeAffinityRequired" . }}
singleuser.node-affinity-required: |
{{- include "jupyterhub.userNodeAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userNodeAffinityPreferred" . }}
singleuser.node-affinity-preferred: |
{{- include "jupyterhub.userNodeAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAffinityRequired" . }}
singleuser.pod-affinity-required: |
{{- include "jupyterhub.userPodAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAffinityPreferred" . }}
singleuser.pod-affinity-preferred: |
{{- include "jupyterhub.userPodAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAntiAffinityRequired" . }}
singleuser.pod-anti-affinity-required: |
{{- include "jupyterhub.userPodAntiAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAntiAffinityPreferred" . }}
singleuser.pod-anti-affinity-preferred: |
{{- include "jupyterhub.userPodAntiAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if .Values.scheduling.userScheduler.enabled }}
singleuser.scheduler-name: "{{ .Release.Name }}-user-scheduler"
{{- end }}
{{- if .Values.scheduling.podPriority.enabled }}
singleuser.priority_class_name: "{{ .Release.Name }}-default-priority"
{{- end }}
{{- /* KubeSpawner */}}
kubespawner.common-labels: |
{{- $_ := merge (dict "heritageLabel" "jupyterhub") . }}
......@@ -199,7 +263,9 @@ data:
{{- /* Hub */}}
hub.allow-named-servers: {{ .Values.hub.allowNamedServers | quote }}
hub.concurrent-spawn-limit: {{ .Values.hub.concurrentSpawnLimit | quote }}
hub.consecutive-failure-limit: {{ .Values.hub.consecutiveFailureLimit | quote }}
{{- if .Values.hub.activeServerLimit }}
hub.active-server-limit: {{ .Values.hub.activeServerLimit | quote }}
{{- end }}
......
apiVersion: apps/v1beta2
apiVersion: apps/v1
kind: Deployment
metadata:
name: hub
......@@ -30,21 +30,11 @@ spec:
{{- .Values.hub.annotations | toYaml | trimSuffix "\n" | nindent 8 }}
{{- end }}
spec:
{{- if .Values.scheduling.podPriority.enabled }}
priorityClassName: {{ .Release.Name }}-default-priority
{{- end }}
nodeSelector: {{ toJson .Values.hub.nodeSelector }}
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: ['proxy']
- key: release
operator: In
values: [{{ .Release.Name | quote }}]
{{- include "jupyterhub.coreAffinity" . | nindent 6 }}
volumes:
- name: config
configMap:
......@@ -118,9 +108,6 @@ spec:
{{- .Values.hub.resources | toYaml | trimSuffix "\n" | nindent 12 }}
imagePullPolicy: {{ .Values.hub.imagePullPolicy }}
env:
{{- /* Put this here directly so hub will restart when we change this */}}
- name: SINGLEUSER_IMAGE
value: "{{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}"
{{- if .Values.hub.cookieSecret }}
- name: JPY_COOKIE_SECRET
valueFrom:
......
......@@ -2,7 +2,7 @@
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: hub-network-policy
name: hub
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
spec:
......
......@@ -6,7 +6,7 @@ metadata:
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
spec:
minAvailable: 1
minAvailable: {{ .Values.hub.pdb.minAvailable }}
selector:
matchLabels:
{{- include "jupyterhub.matchLabels" . | nindent 6 }}
......
......@@ -7,7 +7,7 @@ metadata:
{{- include "jupyterhub.labels" . | nindent 4 }}
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hub
labels:
......@@ -21,7 +21,7 @@ rules:
verbs: ["get", "watch", "list"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hub
labels:
......
......@@ -4,11 +4,10 @@ Returns an image-puller daemonset. Two daemonsets will be created like this.
- continuous-image-puller: for newly added nodes image pulling
*/}}
{{- define "jupyterhub.imagePuller.daemonset" -}}
apiVersion: extensions/v1beta1
apiVersion: apps/v1
kind: DaemonSet
metadata:
{{- $label := print "-" .Release.Time.Seconds }}
name: {{ print .componentPrefix "image-puller" }}{{- if .hook }}{{ $label }}{{- end }}
name: {{ print .componentPrefix "image-puller" }}
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
{{- if .hook }}
......@@ -20,7 +19,7 @@ metadata:
Allows the daemonset to be deleted when the image-awaiter job is completed.
*/}}
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-10"
{{- end }}
spec:
......@@ -34,11 +33,25 @@ spec:
template:
metadata:
labels:
{{- /* Changes here will cause the Deployment to restart the pods. */}}
{{- /* Changes here will cause the DaemonSet to restart the pods. */}}
{{- include "jupyterhub.matchLabels" . | nindent 8 }}
spec:
tolerations:
{{- include "jupyterhub.userTolerations" . | nindent 8 }}
nodeSelector: {{ toJson .Values.singleuser.nodeSelector }}
{{- if include "jupyterhub.userNodeAffinityRequired" . }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- include "jupyterhub.userNodeAffinityRequired" . | nindent 14 }}
{{- end }}
terminationGracePeriodSeconds: 0
automountServiceAccountToken: false
{{- if .Values.singleuser.imagePullSecret.enabled }}
imagePullSecrets:
- name: {{ if .hook -}} hook- {{- end -}} singleuser-image-credentials
{{- end }}
initContainers:
- name: image-pull-singleuser
image: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}
......@@ -59,6 +72,15 @@ spec:
{{- range $k, $v := .Values.prePuller.extraImages }}
- name: image-pull-{{ $k }}
image: {{ $v.name }}:{{ $v.tag }}
imagePullPolicy: {{ $v.policy | default "IfNotPresent" }}
command:
- /bin/sh
- -c
- echo "Pulling complete"
{{- end }}
{{- range $k, $container := .Values.singleuser.extraContainers }}
- name: image-pull-singleuser-extra-container-{{ $k }}
image: {{ $container.image }}
imagePullPolicy: IfNotPresent
command:
- /bin/sh
......
......@@ -9,24 +9,24 @@ command.
apiVersion: batch/v1
kind: Job
metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true"
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "10"
spec:
template:
metadata:
labels:
{{- /* Changes here will cause the Deployment to restart the pods. */}}
{{- /* Changes here will cause the Job to restart the pods. */}}
{{- include "jupyterhub.matchLabels" . | nindent 8 }}
spec:
restartPolicy: Never
{{- if .Values.rbac.enabled }}
serviceAccountName: hook-image-awaiter-{{ .Release.Time.Seconds }}
serviceAccountName: hook-image-awaiter
{{- end }}
containers:
- image: {{ .Values.prePuller.hook.image.name }}:{{ .Values.prePuller.hook.image.tag }}
......@@ -38,5 +38,5 @@ spec:
- -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token
- -api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT)
- -namespace={{ .Release.Namespace }}
- -daemonset=hook-image-puller-{{ .Release.Time.Seconds }}
- -daemonset=hook-image-puller
{{- end }}
......@@ -9,28 +9,28 @@ This service account...
apiVersion: v1
kind: ServiceAccount
metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true"
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "0"
---
{{- /*
... will be used by this role...
*/}}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true"
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "0"
rules:
- apiGroups: ["apps"] # "" indicates the core API group
......@@ -41,23 +41,23 @@ rules:
... as declared by this binding.
*/}}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true"
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "0"
subjects:
- kind: ServiceAccount
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: hook-image-awaiter-{{ .Release.Time.Seconds }}
name: hook-image-awaiter
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end }}
{{- $HTTPS := (and .Values.proxy.https.hosts .Values.proxy.https.enabled) }}
{{- $autoHTTPS := (and $HTTPS (eq .Values.proxy.https.type "letsencrypt")) }}
{{- if $autoHTTPS -}}
apiVersion: apps/v1beta2
apiVersion: apps/v1
kind: Deployment
metadata:
name: autohttps
......@@ -35,22 +35,12 @@ spec:
{{- if .Values.rbac.enabled }}
serviceAccountName: autohttps
{{- end }}
nodeSelector: {{ toJson .Values.proxy.nodeSelector }}
{{- if .Values.scheduling.podPriority.enabled }}
priorityClassName: {{ .Release.Name }}-default-priority
{{- end }}
terminationGracePeriodSeconds: 60
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: ['hub']
- key: release
operator: In
values: [{{ .Release.Name | quote }}]
nodeSelector: {{ toJson .Values.proxy.nodeSelector }}
{{- include "jupyterhub.coreAffinity" . | nindent 6 }}
containers:
- name: nginx
image: "{{ .Values.proxy.nginx.image.name }}:{{ .Values.proxy.nginx.image.tag }}"
......
......@@ -11,7 +11,7 @@ metadata:
labels:
{{- include "jupyterhub.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: nginx-{{ .Release.Name }}
......@@ -74,7 +74,7 @@ rules:
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: nginx-{{ .Release.Name }}
......@@ -89,7 +89,7 @@ subjects:
name: autohttps
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: nginx
......@@ -129,7 +129,7 @@ rules:
- get
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: kube-lego
......@@ -166,7 +166,7 @@ rules:
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: nginx
......@@ -181,7 +181,7 @@ subjects:
name: autohttps
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: kube-lego
......
{{- $manualHTTPS := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "manual")) -}}
apiVersion: apps/v1beta2
{{- $manualHTTPSwithsecret := (and .Values.proxy.https.enabled (eq .Values.proxy.https.type "secret")) -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
......@@ -28,22 +29,18 @@ spec:
{{- .Values.proxy.annotations | toYaml | trimSuffix "\n" | nindent 8 }}
{{- end }}
spec:
nodeSelector: {{ toJson .Values.proxy.nodeSelector }}
terminationGracePeriodSeconds: 60
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: ['hub']
- key: release
operator: In
values: [{{ .Release.Name | quote }}]
{{- if .Values.scheduling.podPriority.enabled }}
priorityClassName: {{ .Release.Name }}-default-priority
{{- end }}
nodeSelector: {{ toJson .Values.proxy.nodeSelector }}
{{- include "jupyterhub.coreAffinity" . | nindent 6 }}
{{- if $manualHTTPSwithsecret }}
volumes:
- name: tls-secret
secret:
secretName: {{ .Values.proxy.https.secret.name }}
{{- end }}
{{- if $manualHTTPS }}
volumes:
- name: tls-secret
......@@ -65,13 +62,18 @@ spec:
- --redirect-port=8000
- --ssl-key=/etc/chp/tls/tls.key
- --ssl-cert=/etc/chp/tls/tls.crt
{{- else if $manualHTTPSwithsecret }}
- --port=8443
- --redirect-port=8000
- --ssl-key=/etc/chp/tls/{{ .Values.proxy.https.secret.key }}
- --ssl-cert=/etc/chp/tls/{{ .Values.proxy.https.secret.crt }}
{{- else }}
- --port=8000
{{- end }}