Commit c690bae6 authored by Will JALLET's avatar Will JALLET 💸

Upgrade jupyterhub chart

parent d1c9fce2
Pipeline #4516 passed with stage
in 13 seconds
appVersion: v0.8.1 appVersion: 0.9.3
description: Multi-user Jupyter installation description: Multi-user Jupyter installation
home: https://z2jh.jupyter.org home: https://z2jh.jupyter.org
icon: https://jupyter.org/assets/hublogo.svg icon: https://jupyter.org/assets/hublogo.svg
...@@ -6,5 +6,5 @@ kubeVersion: '>=1.8.0-0' ...@@ -6,5 +6,5 @@ kubeVersion: '>=1.8.0-0'
name: jupyterhub name: jupyterhub
sources: sources:
- https://github.com/jupyterhub/zero-to-jupyterhub-k8s - https://github.com/jupyterhub/zero-to-jupyterhub-k8s
tillerVersion: '>=2.7.0-0' tillerVersion: '>=2.9.1-0'
version: v0.7-560a7cd version: 0.8-c0b4dcf
This diff is collapsed.
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
generate some output based on one single dictionary of input that we call the generate some output based on one single dictionary of input that we call the
helpers scope. When you are in helm, you access your current scope with a helpers scope. When you are in helm, you access your current scope with a
single a single punctuation (.). single a single punctuation (.).
When you ask a helper to render its content, one often forward the current When you ask a helper to render its content, one often forward the current
scope to the helper in order to allow it to access .Release.Name, scope to the helper in order to allow it to access .Release.Name,
.Values.rbac.enabled and similar values. .Values.rbac.enabled and similar values.
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
To let a helper access the current scope along with additional values we have To let a helper access the current scope along with additional values we have
opted to create dictionary containing additional values that is then populated opted to create dictionary containing additional values that is then populated
with additional values from the current scope through a the merge function. with additional values from the current scope through a the merge function.
#### Example - Passing a new scope augmented with the old #### Example - Passing a new scope augmented with the old
{{- $_ := merge (dict "appLabel" "kube-lego") . }} {{- $_ := merge (dict "appLabel" "kube-lego") . }}
{{- include "jupyterhub.matchLabels" $_ | nindent 6 }} {{- include "jupyterhub.matchLabels" $_ | nindent 6 }}
...@@ -55,7 +55,7 @@ ...@@ -55,7 +55,7 @@
## Example usage ## Example usage
```yaml ```yaml
# Excerpt from proxy/autohttps/deployment.yaml # Excerpt from proxy/autohttps/deployment.yaml
apiVersion: apps/v1beta2 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: {{ include "jupyterhub.nameField" . }} name: {{ include "jupyterhub.nameField" . }}
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
Used by "jupyterhub.labels" and "jupyterhub.nameField". Used by "jupyterhub.labels" and "jupyterhub.nameField".
NOTE: The component label is determined by either... NOTE: The component label is determined by either...
- 1: The provided scope's .componentLabel - 1: The provided scope's .componentLabel
- 2: The template's filename if living in the root folder - 2: The template's filename if living in the root folder
- 3: The template parent folder's name - 3: The template parent folder's name
- : ...and is combined with .componentPrefix and .componentSuffix - : ...and is combined with .componentPrefix and .componentSuffix
...@@ -163,12 +163,77 @@ component: {{ include "jupyterhub.componentLabel" . }} ...@@ -163,12 +163,77 @@ component: {{ include "jupyterhub.componentLabel" . }}
{{- /* {{- /*
jupyterhub.podCullerSelector: jupyterhub.dockerconfigjson:
Used to by the pod-culler to select singleuser-server pods. It simply Creates a base64 encoded docker registry json blob for use in a image pull
reformats "jupyterhub.matchLabels" and sets the componentLabel value so secret, just like the `kubectl create secret docker-registry` command does
`component=singleuser-server` is output. for the generated secrets data.dockerconfigjson field. The output is
verified to be exactly the same even if you have a password spanning
multiple lines as you may need to use a private GCR registry.
- https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
*/}} */}}
{{- define "jupyterhub.podCullerSelector" -}} {{- define "jupyterhub.dockerconfigjson" -}}
{{- $_ := merge (dict "componentLabel" "singleuser-server") . -}} {{ include "jupyterhub.dockerconfigjson.yaml" . | b64enc }}
{{ include "jupyterhub.matchLabels" $_ | replace ": " "=" | replace "\n" "," | quote }} {{- end }}
{{- define "jupyterhub.dockerconfigjson.yaml" -}}
{{- with .Values.singleuser.imagePullSecret -}}
{
"auths": {
{{ .registry | default "https://index.docker.io/v1/" | quote }}: {
"username": {{ .username | quote }},
"password": {{ .password | quote }},
{{- if .email }}
"email": {{ .email | quote }},
{{- end }}
"auth": {{ (print .username ":" .password) | b64enc | quote }}
}
}
}
{{- end }}
{{- end }}
{{- /*
jupyterhub.resources:
The resource request of a singleuser.
*/}}
{{- define "jupyterhub.resources" -}}
{{- $r1 := .Values.singleuser.cpu.guarantee -}}
{{- $r2 := .Values.singleuser.memory.guarantee -}}
{{- $r3 := .Values.singleuser.extraResource.guarantees -}}
{{- $r := or $r1 $r2 $r3 -}}
{{- $l1 := .Values.singleuser.cpu.limit -}}
{{- $l2 := .Values.singleuser.memory.limit -}}
{{- $l3 := .Values.singleuser.extraResource.limits -}}
{{- $l := or $l1 $l2 $l3 -}}
{{- if $r -}}
requests:
{{- if $r1 }}
cpu: {{ .Values.singleuser.cpu.guarantee }}
{{- end }}
{{- if $r2 }}
memory: {{ .Values.singleuser.memory.guarantee }}
{{- end }}
{{- if $r3 }}
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- if $l }}
limits:
{{- if $l1 }}
cpu: {{ .Values.singleuser.cpu.limit }}
{{- end }}
{{- if $l2 }}
memory: {{ .Values.singleuser.memory.limit }}
{{- end }}
{{- if $l3 }}
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }} {{- end }}
...@@ -12,6 +12,7 @@ data: ...@@ -12,6 +12,7 @@ data:
cull.timeout: {{ .Values.cull.timeout | quote }} cull.timeout: {{ .Values.cull.timeout | quote }}
cull.every: {{ .Values.cull.every | quote }} cull.every: {{ .Values.cull.every | quote }}
cull.concurrency: {{ .Values.cull.concurrency | quote }} cull.concurrency: {{ .Values.cull.concurrency | quote }}
cull.max-age: {{ .Values.cull.maxAge | quote }}
{{- end }} {{- end }}
...@@ -67,10 +68,11 @@ data: ...@@ -67,10 +68,11 @@ data:
auth.gitlab.client-secret: {{ .Values.auth.gitlab.clientSecret | quote }} auth.gitlab.client-secret: {{ .Values.auth.gitlab.clientSecret | quote }}
auth.gitlab.callback-url: {{ .Values.auth.gitlab.callbackUrl | quote }} auth.gitlab.callback-url: {{ .Values.auth.gitlab.callbackUrl | quote }}
{{- end }} {{- end }}
{{- if eq .Values.auth.type "mediawiki" }} {{- if eq .Values.auth.type "mediawiki" }}
auth.mediawiki.client-id: {{ .Values.auth.mediawiki.clientId | quote }} auth.mediawiki.client-id: {{ .Values.auth.mediawiki.clientId | quote }}
auth.mediawiki.client-secret: {{ .Values.auth.mediawiki.clientSecret | quote }} auth.mediawiki.client-secret: {{ .Values.auth.mediawiki.clientSecret | quote }}
auth.mediawiki.callback-url: {{ .Values.auth.mediawiki.callbackUrl | quote }}
auth.mediawiki.index-url: {{ .Values.auth.mediawiki.indexUrl | quote }} auth.mediawiki.index-url: {{ .Values.auth.mediawiki.indexUrl | quote }}
{{- end }} {{- end }}
...@@ -80,7 +82,7 @@ data: ...@@ -80,7 +82,7 @@ data:
auth.globus.callback-url: {{ .Values.auth.globus.callbackUrl | quote }} auth.globus.callback-url: {{ .Values.auth.globus.callbackUrl | quote }}
auth.globus.identity-provider: {{ .Values.auth.globus.identityProvider | quote }} auth.globus.identity-provider: {{ .Values.auth.globus.identityProvider | quote }}
{{- end }} {{- end }}
{{- if eq .Values.auth.type "lti" }} {{- if eq .Values.auth.type "lti" }}
auth.lti.consumers: | auth.lti.consumers: |
{{- .Values.auth.lti.consumers | toYaml | trimSuffix "\n" | nindent 4 }} {{- .Values.auth.lti.consumers | toYaml | trimSuffix "\n" | nindent 4 }}
...@@ -108,7 +110,7 @@ data: ...@@ -108,7 +110,7 @@ data:
auth.ldap.dn.user.search-base: {{ .Values.auth.ldap.dn.user.searchBase | quote }} auth.ldap.dn.user.search-base: {{ .Values.auth.ldap.dn.user.searchBase | quote }}
auth.ldap.dn.user.attribute: {{ .Values.auth.ldap.dn.user.attribute | quote }} auth.ldap.dn.user.attribute: {{ .Values.auth.ldap.dn.user.attribute | quote }}
{{- end }} {{- end }}
{{- if eq .Values.auth.type "dummy" }} {{- if eq .Values.auth.type "dummy" }}
{{- if .Values.auth.dummy.password }} {{- if .Values.auth.dummy.password }}
auth.dummy.password: {{ .Values.auth.dummy.password | quote }} auth.dummy.password: {{ .Values.auth.dummy.password | quote }}
...@@ -127,12 +129,19 @@ data: ...@@ -127,12 +129,19 @@ data:
{{- if .Values.singleuser.initContainers }} {{- if .Values.singleuser.initContainers }}
singleuser.init-containers: {{ toJson .Values.singleuser.initContainers | quote }} singleuser.init-containers: {{ toJson .Values.singleuser.initContainers | quote }}
{{- end }} {{- end }}
{{- if .Values.singleuser.extraContainers }}
singleuser.extra-containers: {{ toJson .Values.singleuser.extraContainers | quote }}
{{- end }}
singleuser.network-tools.image.name: {{ .Values.singleuser.networkTools.image.name | quote }} singleuser.network-tools.image.name: {{ .Values.singleuser.networkTools.image.name | quote }}
singleuser.network-tools.image.tag: {{ .Values.singleuser.networkTools.image.tag | quote }} singleuser.network-tools.image.tag: {{ .Values.singleuser.networkTools.image.tag | quote }}
singleuser.cloud-metadata: | singleuser.cloud-metadata: |
{{- .Values.singleuser.cloudMetadata | toYaml | trimSuffix "\n" | nindent 4 }} {{- .Values.singleuser.cloudMetadata | toYaml | trimSuffix "\n" | nindent 4 }}
singleuser.start-timeout: {{ .Values.singleuser.startTimeout | quote }} singleuser.start-timeout: {{ .Values.singleuser.startTimeout | quote }}
singleuser.image-spec: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}
singleuser.image-pull-policy: {{ .Values.singleuser.image.pullPolicy | quote }} singleuser.image-pull-policy: {{ .Values.singleuser.image.pullPolicy | quote }}
{{- if .Values.singleuser.imagePullSecret.enabled }}
singleuser.image-pull-secret-name: singleuser-image-credentials
{{- end }}
{{- if .Values.singleuser.cmd }} {{- if .Values.singleuser.cmd }}
singleuser.cmd: {{ .Values.singleuser.cmd | quote }} singleuser.cmd: {{ .Values.singleuser.cmd | quote }}
{{- end }} {{- end }}
...@@ -146,9 +155,6 @@ data: ...@@ -146,9 +155,6 @@ data:
singleuser.service-account-name: {{ .Values.singleuser.serviceAccountName | quote }} singleuser.service-account-name: {{ .Values.singleuser.serviceAccountName | quote }}
{{- end }} {{- end }}
singleuser.node-selector: {{ toJson .Values.singleuser.nodeSelector | quote }} singleuser.node-selector: {{ toJson .Values.singleuser.nodeSelector | quote }}
{{- if .Values.singleuser.schedulerStrategy }}
singleuser.scheduler-strategy: {{ .Values.singleuser.schedulerStrategy | quote }}
{{- end }}
singleuser.storage.type: {{ .Values.singleuser.storage.type | quote }} singleuser.storage.type: {{ .Values.singleuser.storage.type | quote }}
singleuser.storage.home_mount_path: {{ .Values.singleuser.storage.homeMountPath | quote }} singleuser.storage.home_mount_path: {{ .Values.singleuser.storage.homeMountPath | quote }}
singleuser.storage.extra-volumes: {{ toJson .Values.singleuser.storage.extraVolumes | quote }} singleuser.storage.extra-volumes: {{ toJson .Values.singleuser.storage.extraVolumes | quote }}
...@@ -179,19 +185,77 @@ data: ...@@ -179,19 +185,77 @@ data:
{{- if .Values.singleuser.cpu.guarantee }} {{- if .Values.singleuser.cpu.guarantee }}
singleuser.cpu.guarantee: {{ .Values.singleuser.cpu.guarantee | quote }} singleuser.cpu.guarantee: {{ .Values.singleuser.cpu.guarantee | quote }}
{{- end }} {{- end }}
{{- if .Values.singleuser.extraResource.limits }}
singleuser.extra-resource.limits: |
{{- range $key, $value := .Values.singleuser.extraResource.limits }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraResource.guarantees }}
singleuser.extra-resource.guarantees: |
{{- range $key, $value := .Values.singleuser.extraResource.guarantees }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraAnnotations }}
singleuser.extra-annotations: |
{{- range $key, $value := .Values.singleuser.extraAnnotations }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
singleuser.extra-labels: | singleuser.extra-labels: |
hub.jupyter.org/network-access-hub: "true" hub.jupyter.org/network-access-hub: "true"
{{- range $key, $value := .Values.singleuser.extraLabels }} {{- range $key, $value := .Values.singleuser.extraLabels }}
{{ $key | quote }}: {{ $value | quote }} {{ $key | quote }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- if .Values.singleuser.storage.extraLabels }}
singleuser.storage-extra-labels: |
{{- range $key, $value := .Values.singleuser.storage.extraLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.singleuser.extraEnv }} {{- if .Values.singleuser.extraEnv }}
singleuser.extra-env: | singleuser.extra-env: |
{{- range $key, $value := .Values.singleuser.extraEnv }} {{- range $key, $value := .Values.singleuser.extraEnv }}
{{ $key | quote }}: {{ $value | quote }} {{ $key | quote }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
singleuser.tolerations: |
{{- include "jupyterhub.userTolerations" . | nindent 4 }}
{{- if include "jupyterhub.userNodeAffinityRequired" . }}
singleuser.node-affinity-required: |
{{- include "jupyterhub.userNodeAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userNodeAffinityPreferred" . }}
singleuser.node-affinity-preferred: |
{{- include "jupyterhub.userNodeAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAffinityRequired" . }}
singleuser.pod-affinity-required: |
{{- include "jupyterhub.userPodAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAffinityPreferred" . }}
singleuser.pod-affinity-preferred: |
{{- include "jupyterhub.userPodAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAntiAffinityRequired" . }}
singleuser.pod-anti-affinity-required: |
{{- include "jupyterhub.userPodAntiAffinityRequired" . | nindent 4 }}
{{- end }}
{{- if include "jupyterhub.userPodAntiAffinityPreferred" . }}
singleuser.pod-anti-affinity-preferred: |
{{- include "jupyterhub.userPodAntiAffinityPreferred" . | nindent 4 }}
{{- end }}
{{- if .Values.scheduling.userScheduler.enabled }}
singleuser.scheduler-name: "{{ .Release.Name }}-user-scheduler"
{{- end }}
{{- if .Values.scheduling.podPriority.enabled }}
singleuser.priority_class_name: "{{ .Release.Name }}-default-priority"
{{- end }}
{{- /* KubeSpawner */}} {{- /* KubeSpawner */}}
kubespawner.common-labels: | kubespawner.common-labels: |
{{- $_ := merge (dict "heritageLabel" "jupyterhub") . }} {{- $_ := merge (dict "heritageLabel" "jupyterhub") . }}
...@@ -199,7 +263,9 @@ data: ...@@ -199,7 +263,9 @@ data:
{{- /* Hub */}} {{- /* Hub */}}
hub.allow-named-servers: {{ .Values.hub.allowNamedServers | quote }}
hub.concurrent-spawn-limit: {{ .Values.hub.concurrentSpawnLimit | quote }} hub.concurrent-spawn-limit: {{ .Values.hub.concurrentSpawnLimit | quote }}
hub.consecutive-failure-limit: {{ .Values.hub.consecutiveFailureLimit | quote }}
{{- if .Values.hub.activeServerLimit }} {{- if .Values.hub.activeServerLimit }}
hub.active-server-limit: {{ .Values.hub.activeServerLimit | quote }} hub.active-server-limit: {{ .Values.hub.activeServerLimit | quote }}
{{- end }} {{- end }}
......
apiVersion: apps/v1beta2 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: hub name: hub
...@@ -30,21 +30,11 @@ spec: ...@@ -30,21 +30,11 @@ spec:
{{- .Values.hub.annotations | toYaml | trimSuffix "\n" | nindent 8 }} {{- .Values.hub.annotations | toYaml | trimSuffix "\n" | nindent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.scheduling.podPriority.enabled }}
priorityClassName: {{ .Release.Name }}-default-priority
{{- end }}
nodeSelector: {{ toJson .Values.hub.nodeSelector }} nodeSelector: {{ toJson .Values.hub.nodeSelector }}
affinity: {{- include "jupyterhub.coreAffinity" . | nindent 6 }}
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchExpressions:
- key: component
operator: In
values: ['proxy']
- key: release
operator: In
values: [{{ .Release.Name | quote }}]
volumes: volumes:
- name: config - name: config
configMap: configMap:
...@@ -118,9 +108,6 @@ spec: ...@@ -118,9 +108,6 @@ spec:
{{- .Values.hub.resources | toYaml | trimSuffix "\n" | nindent 12 }} {{- .Values.hub.resources | toYaml | trimSuffix "\n" | nindent 12 }}
imagePullPolicy: {{ .Values.hub.imagePullPolicy }} imagePullPolicy: {{ .Values.hub.imagePullPolicy }}
env: env:
{{- /* Put this here directly so hub will restart when we change this */}}
- name: SINGLEUSER_IMAGE
value: "{{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}"
{{- if .Values.hub.cookieSecret }} {{- if .Values.hub.cookieSecret }}
- name: JPY_COOKIE_SECRET - name: JPY_COOKIE_SECRET
valueFrom: valueFrom:
......
...@@ -2,7 +2,7 @@ ...@@ -2,7 +2,7 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: NetworkPolicy kind: NetworkPolicy
metadata: metadata:
name: hub-network-policy name: hub
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
spec: spec:
......
...@@ -6,7 +6,7 @@ metadata: ...@@ -6,7 +6,7 @@ metadata:
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
spec: spec:
minAvailable: 1 minAvailable: {{ .Values.hub.pdb.minAvailable }}
selector: selector:
matchLabels: matchLabels:
{{- include "jupyterhub.matchLabels" . | nindent 6 }} {{- include "jupyterhub.matchLabels" . | nindent 6 }}
......
...@@ -7,7 +7,7 @@ metadata: ...@@ -7,7 +7,7 @@ metadata:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
--- ---
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hub name: hub
labels: labels:
...@@ -21,7 +21,7 @@ rules: ...@@ -21,7 +21,7 @@ rules:
verbs: ["get", "watch", "list"] verbs: ["get", "watch", "list"]
--- ---
kind: RoleBinding kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hub name: hub
labels: labels:
......
...@@ -4,11 +4,10 @@ Returns an image-puller daemonset. Two daemonsets will be created like this. ...@@ -4,11 +4,10 @@ Returns an image-puller daemonset. Two daemonsets will be created like this.
- continuous-image-puller: for newly added nodes image pulling - continuous-image-puller: for newly added nodes image pulling
*/}} */}}
{{- define "jupyterhub.imagePuller.daemonset" -}} {{- define "jupyterhub.imagePuller.daemonset" -}}
apiVersion: extensions/v1beta1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
{{- $label := print "-" .Release.Time.Seconds }} name: {{ print .componentPrefix "image-puller" }}
name: {{ print .componentPrefix "image-puller" }}{{- if .hook }}{{ $label }}{{- end }}
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
{{- if .hook }} {{- if .hook }}
...@@ -20,7 +19,7 @@ metadata: ...@@ -20,7 +19,7 @@ metadata:
Allows the daemonset to be deleted when the image-awaiter job is completed. Allows the daemonset to be deleted when the image-awaiter job is completed.
*/}} */}}
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "-10" "helm.sh/hook-weight": "-10"
{{- end }} {{- end }}
spec: spec:
...@@ -34,11 +33,25 @@ spec: ...@@ -34,11 +33,25 @@ spec:
template: template:
metadata: metadata:
labels: labels:
{{- /* Changes here will cause the Deployment to restart the pods. */}} {{- /* Changes here will cause the DaemonSet to restart the pods. */}}
{{- include "jupyterhub.matchLabels" . | nindent 8 }} {{- include "jupyterhub.matchLabels" . | nindent 8 }}
spec: spec:
tolerations:
{{- include "jupyterhub.userTolerations" . | nindent 8 }}
nodeSelector: {{ toJson .Values.singleuser.nodeSelector }}
{{- if include "jupyterhub.userNodeAffinityRequired" . }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
{{- include "jupyterhub.userNodeAffinityRequired" . | nindent 14 }}
{{- end }}
terminationGracePeriodSeconds: 0 terminationGracePeriodSeconds: 0
automountServiceAccountToken: false automountServiceAccountToken: false
{{- if .Values.singleuser.imagePullSecret.enabled }}
imagePullSecrets:
- name: {{ if .hook -}} hook- {{- end -}} singleuser-image-credentials
{{- end }}
initContainers: initContainers:
- name: image-pull-singleuser - name: image-pull-singleuser
image: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }} image: {{ .Values.singleuser.image.name }}:{{ .Values.singleuser.image.tag }}
...@@ -59,6 +72,15 @@ spec: ...@@ -59,6 +72,15 @@ spec:
{{- range $k, $v := .Values.prePuller.extraImages }} {{- range $k, $v := .Values.prePuller.extraImages }}
- name: image-pull-{{ $k }} - name: image-pull-{{ $k }}
image: {{ $v.name }}:{{ $v.tag }} image: {{ $v.name }}:{{ $v.tag }}
imagePullPolicy: {{ $v.policy | default "IfNotPresent" }}
command:
- /bin/sh
- -c
- echo "Pulling complete"
{{- end }}
{{- range $k, $container := .Values.singleuser.extraContainers }}
- name: image-pull-singleuser-extra-container-{{ $k }}
image: {{ $container.image }}
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
command: command:
- /bin/sh - /bin/sh
......
...@@ -9,24 +9,24 @@ command. ...@@ -9,24 +9,24 @@ command.
apiVersion: batch/v1 apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }} name: hook-image-awaiter
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true" hub.jupyter.org/deletable: "true"
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "10" "helm.sh/hook-weight": "10"
spec: spec:
template: template:
metadata: metadata:
labels: labels:
{{- /* Changes here will cause the Deployment to restart the pods. */}} {{- /* Changes here will cause the Job to restart the pods. */}}
{{- include "jupyterhub.matchLabels" . | nindent 8 }} {{- include "jupyterhub.matchLabels" . | nindent 8 }}
spec: spec:
restartPolicy: Never restartPolicy: Never
{{- if .Values.rbac.enabled }} {{- if .Values.rbac.enabled }}
serviceAccountName: hook-image-awaiter-{{ .Release.Time.Seconds }} serviceAccountName: hook-image-awaiter
{{- end }} {{- end }}
containers: containers:
- image: {{ .Values.prePuller.hook.image.name }}:{{ .Values.prePuller.hook.image.tag }} - image: {{ .Values.prePuller.hook.image.name }}:{{ .Values.prePuller.hook.image.tag }}
...@@ -38,5 +38,5 @@ spec: ...@@ -38,5 +38,5 @@ spec:
- -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token - -auth-token-path=/var/run/secrets/kubernetes.io/serviceaccount/token
- -api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT) - -api-server-address=https://$(KUBERNETES_SERVICE_HOST):$(KUBERNETES_SERVICE_PORT)
- -namespace={{ .Release.Namespace }} - -namespace={{ .Release.Namespace }}
- -daemonset=hook-image-puller-{{ .Release.Time.Seconds }} - -daemonset=hook-image-puller
{{- end }} {{- end }}
...@@ -9,28 +9,28 @@ This service account... ...@@ -9,28 +9,28 @@ This service account...
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }} name: hook-image-awaiter
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true" hub.jupyter.org/deletable: "true"
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "0" "helm.sh/hook-weight": "0"
--- ---
{{- /* {{- /*
... will be used by this role... ... will be used by this role...
*/}} */}}
kind: Role kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1 apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hook-image-awaiter-{{ .Release.Time.Seconds }} name: hook-image-awaiter
labels: labels:
{{- include "jupyterhub.labels" . | nindent 4 }} {{- include "jupyterhub.labels" . | nindent 4 }}
hub.jupyter.org/deletable: "true" hub.jupyter.org/deletable: "true"
annotations: annotations:
"helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
"helm.sh/hook-weight": "0"