From f924bbd9abaf657b264ed19165bc6f94e5000686 Mon Sep 17 00:00:00 2001 From: rschneider Date: Wed, 23 Nov 2022 11:53:38 -0700 Subject: [PATCH 1/5] Incomplete version of jh per user storage --- defaults/main.yml | 6 ++ templates/config.old.yaml.j2 | 139 +++++++++++++++++++++++++++++++++++ templates/config.yaml.j2 | 68 ++++++++++++++++- templates/per_user_pvc.yaml | 7 ++ 4 files changed, 219 insertions(+), 1 deletion(-) create mode 100644 templates/config.old.yaml.j2 create mode 100644 templates/per_user_pvc.yaml diff --git a/defaults/main.yml b/defaults/main.yml index cd7a470..710fdcf 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,3 +14,9 @@ JH_SINGLEUSER_CPU_GUARANTEE: 0.5 JH_INGRESS_CLASS: "nginx" JH_INGRESS_BODY_SIZE: "4096m" JH_PREPULL_IMAGES: true +JH_PERUSER_STORAGE_PV_NAME: postgres-db +JH_PERUSER_STORAGE_PVC_NAME: postgres-test +JH_PERUSER_STORAGE_MOUNT_DIR: /var/lib/postgresql/data +JH_PERUSER_STORAGE_CPU_LIMIT: 1.0 +JH_PERUSER_STORAGE_MEMORY_LIMIT: 512Mi +JH_PERUSER_STORAGE: true diff --git a/templates/config.old.yaml.j2 b/templates/config.old.yaml.j2 new file mode 100644 index 0000000..f7e2852 --- /dev/null +++ b/templates/config.old.yaml.j2 @@ -0,0 +1,139 @@ +# This file can update the JupyterHub Helm chart's default configuration values. +# +# For reference see the configuration reference and default values, but make +# sure to refer to the Helm chart version of interest to you! +# +# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c +# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html +# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml +# Available chart versions: https://jupyterhub.github.io/helm-chart/ +# +# Google is not currently supported +# +# If you update this file directly and want to redeploy via helm: +# +# helm upgrade -f /opt/jupyterhub/config.yaml jupyterhub jupyterhub/jupyterhub +hub: +{% if JH_RESOURCES_REQUEST_CPU is defined or JH_RESOURCES_REQUEST_MEMORY is defined %} + resources: + requests: +{% if JH_RESOURCES_REQUEST_CPU is defined %} + cpu: {{ JH_RESOURCES_REQUEST_CPU }} +{% endif %} +{% if JH_RESOURCES_REQUEST_MEMORY is defined %} + memory: {{ JH_RESOURCES_REQUEST_MEMORY }} +{% endif %} +{% endif %} +{% if JH_DB_PVC_STORAGE_CLASS_NAME is defined %} + db: + pvc: + storageClassName: "{{ JH_DB_PVC_STORAGE_CLASS_NAME }}" +{% endif %} + config: + JupyterHub: +# this could be useful later for forcing matching to specific nodes +# scheduling: +# corePods: +# nodeAffinity: +# # matchNodePurpose valid options: +# # - ignore +# # - prefer (the default) +# # - require +# matchNodePurpose: require +{% if JH_AUTH_CLASS != "default" %} + authenticator_class: {{ JH_AUTH_CLASS }} +{% endif %} + Authenticator: +{% if JH_ADMINS is defined %} + admin_users: +{% for user in JH_ADMINS %} + - {{ user }} +{% endfor %} +{% endif %} +{% if JH_ALLOWED_USERS is defined %} + allowed_users: +{% for user in JH_ALLOWED_USERS %} + - {{ user }} +{% endfor %} +{% endif %} +{% if JH_AUTH_CLASS == "github" %} + GitHubOAuthenticator: + client_id: "{{ JH_OAUTH2_CLIENT_ID }}" + client_secret: "{{ JH_OAUTH2_CLIENT_SECRET }}" + oauth_callback_url: {{ JH_OAUTH2_CALLBACK_URL }} +{% elif JH_AUTH_CLASS == "dummy" %} + DummyAuthenticator: + password: "{{ JH_DUMMY_PASS }}" +{% else %} +{% endif %} + extraConfig: + cyverse_config.py: | + c.Spawner.http_timeout = {{ JH_SINGLEUSER_HTTP_TIMEOUT }} +singleuser: + defaultUrl: "{{ JH_SINGLEUSER_DEFAULT_URL }}" + startTimeout: {{ JH_SINGLEUSER_START_TIMEOUT }} + image: + name: {{ JH_SINGLEUSER_IMAGE }} + tag: "{{ JH_SINGLEUSER_IMAGE_TAG | string }}" + memory: + guarantee: "{{ JH_SINGLEUSER_MEMORY_GUARANTEE }}" +{% if JH_SINGLEUSER_MEMORY_LIMIT is defined %} + limit: "{{ JH_SINGLEUSER_MEMORY_LIMIT }}" +{% endif %} + cpu: + guarantee: {{ JH_SINGLEUSER_CPU_GUARANTEE }} +{% if JH_SINGLEUSER_CPU_LIMIT is defined %} + limit: {{ JH_SINGLEUSER_CPU_LIMIT }} +{% endif %} +{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} + storage: + extraVolumes: + - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" + persistentVolumeClaim: + claimName: "{{ JH_SHARED_STORAGE_PVC_NAME }}" + extraVolumeMounts: + - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" + mountPath: {{ JH_SHARED_STORAGE_MOUNT_DIR }} +{% endif %} +{% if JH_SINGLEUSER_GPU_ENABLE is defined and JH_SINGLEUSER_GPU_ENABLE|bool %} + profileList: + - display_name: "GPU Server" + description: "Spawns a notebook server with access to a GPU" + kubespawner_override: + extra_resource_limits: + nvidia.com/gpu: "1" +{% endif %} + +# uncomment only if debugging container issues +cull: + enabled: false +proxy: +{% if JH_INGRESS_ENABLED is defined and JH_INGRESS_ENABLED|bool %} + service: + type: ClusterIP +{% endif %} + chp: + resources: + requests: + # 0m - 1000m + cpu: 1000m + # 100Mi - 600Mi + memory: 500Mi + +{% if JH_INGRESS_ENABLED is defined and JH_INGRESS_ENABLED|bool %} +ingress: + enabled: true + annotations: +{% if JH_INGRESS_CLASS == "nginx" %} + nginx.ingress.kubernetes.io/proxy-body-size: "{{ JH_INGRESS_BODY_SIZE }}" +{% endif %} + kubernetes.io/ingress.class: "{{ JH_INGRESS_CLASS }}" +{% if JH_INGRESS_HOSTNAME is defined %} + hosts: + - {{ JH_INGRESS_HOSTNAME }} +{% endif %} +{% endif %} + +prePuller: + hook: + enabled: {{ JH_PREPULL_IMAGES }} diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 index b344af5..2231bca 100644 --- a/templates/config.yaml.j2 +++ b/templates/config.yaml.j2 @@ -85,6 +85,72 @@ singleuser: {% if JH_SINGLEUSER_CPU_LIMIT is defined %} limit: {{ JH_SINGLEUSER_CPU_LIMIT }} {% endif %} +{% if JH_PERUSER_STORAGE is defined and JH_PERUSER_STORAGE|bool %} + initContainers: + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && chown 1000:1000 /home/jovyan/shared-readwrite && chown 1000:1000 {{ JH_PERUSER_STORAGE_MOUNT_DIR }} && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 +# volumeMounts: +# - name: home +# mountPath: /home/jovyan +# subPath: "jovyan" + # Here so we can chown it appropriately +# - name: home +# mountPath: /home/jovyan/shared-readwrite +# subPath: _shared +# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} +# storage: +# extraVolumes: +# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" +# persistentVolumeClaim: +# claimName: '{{ JH_PERUSER_STORAGE_PVC_NAME }}-{{ ansible_user }}' +# extraVolumeMounts: +# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} + extraContainers: + - name: postgres + image: postgres:14.5 # use the latest version available at https://hub.docker.com/_/postgres/tags + args: + # Listen only on localhost, rather than on all interfaces + # This allows us to use passwordless login, as only the user notebook container can access this + - -c + - listen_addresses=127.0.0.1 + resources: + limits: + # Best effort only. No more than 1 CPU, and if postgres uses more than {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }}, restart it + memory: {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }} + cpu: {{ JH_PERUSER_STORAGE_CPU_LIMIT }} + requests: + # If we don't set requests, k8s sets requests == limits! + # So we set something tiny + memory: 64Mi + cpu: 0.01 + env: + # Configured using the env vars documented in https://hub.docker.com/_/postgres/ + # Postgres is only listening on localhost, so we can trust all connections that come to it + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" + - name: POSTGRES_USER + value: "jovyan" + securityContext: + runAsUser: 1000 +# volumeMounts: + # Mount the user homedirectory in the postgres db container as well, so postgres commands + # that load data into the db from disk work +# - name: home +# mountPath: /home/jovyan +# subPath: "jovyan" +# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} +{% endif %} {% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} storage: extraVolumes: @@ -129,7 +195,7 @@ ingress: {% endif %} kubernetes.io/ingress.class: "{{ JH_INGRESS_CLASS }}" {% if JH_INGRESS_HOSTNAME is defined %} - hosts: + hosts: - {{ JH_INGRESS_HOSTNAME }} {% endif %} {% endif %} diff --git a/templates/per_user_pvc.yaml b/templates/per_user_pvc.yaml new file mode 100644 index 0000000..33c65dc --- /dev/null +++ b/templates/per_user_pvc.yaml @@ -0,0 +1,7 @@ +jupyterhub: + custom: + singleuser: + extraPVCs: + - name: postgres-{username} + class: standard + capacity: 1Gi From 84459d19b0f0a8237d69273da28f8e9e2ede6e41 Mon Sep 17 00:00:00 2001 From: rschneider Date: Wed, 31 May 2023 15:17:27 -0700 Subject: [PATCH 2/5] added irods csi driver pv and pvc when needed --- ...config.old.yaml.j2 => config.test.yaml.j2} | 81 +++++++++++++++++- templates/config.yaml.j2 | 85 ++++--------------- 2 files changed, 96 insertions(+), 70 deletions(-) rename templates/{config.old.yaml.j2 => config.test.yaml.j2} (56%) diff --git a/templates/config.old.yaml.j2 b/templates/config.test.yaml.j2 similarity index 56% rename from templates/config.old.yaml.j2 rename to templates/config.test.yaml.j2 index f7e2852..2838503 100644 --- a/templates/config.old.yaml.j2 +++ b/templates/config.test.yaml.j2 @@ -85,16 +85,95 @@ singleuser: {% if JH_SINGLEUSER_CPU_LIMIT is defined %} limit: {{ JH_SINGLEUSER_CPU_LIMIT }} {% endif %} -{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} +{% if JH_PERUSER_STORAGE is defined and JH_PERUSER_STORAGE|bool %} + initContainers: + - name: volume-mount-ownership-fix + image: busybox + command: + [ + "sh", + "-c", + "id && chown 1000:1000 /home/jovyan && chown 1000:1000 /home/jovyan/shared-readwrite && chown 1000:1000 {{ JH_PERUSER_STORAGE_MOUNT_DIR }} && ls -lhd /home/jovyan", + ] + securityContext: + runAsUser: 0 +# volumeMounts: +# - name: home +# mountPath: /home/jovyan +# subPath: "jovyan" + # Here so we can chown it appropriately +# - name: home +# mountPath: /home/jovyan/shared-readwrite +# subPath: _shared +# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} +# storage: +# extraVolumes: +# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" +# persistentVolumeClaim: +# claimName: '{{ JH_PERUSER_STORAGE_PVC_NAME }}-{{ ansible_user }}' +# extraVolumeMounts: +# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} + extraContainers: + - name: postgres + image: postgres:14.5 # use the latest version available at https://hub.docker.com/_/postgres/tags + args: + # Listen only on localhost, rather than on all interfaces + # This allows us to use passwordless login, as only the user notebook container can access this + - -c + - listen_addresses=127.0.0.1 + resources: + limits: + # Best effort only. No more than 1 CPU, and if postgres uses more than {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }}, restart it + memory: {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }} + cpu: {{ JH_PERUSER_STORAGE_CPU_LIMIT }} + requests: + # If we don't set requests, k8s sets requests == limits! + # So we set something tiny + memory: 64Mi + cpu: 0.01 + env: + # Configured using the env vars documented in https://hub.docker.com/_/postgres/ + # Postgres is only listening on localhost, so we can trust all connections that come to it + - name: POSTGRES_HOST_AUTH_METHOD + value: "trust" + - name: POSTGRES_USER + value: "jovyan" + securityContext: + runAsUser: 1000 +# volumeMounts: + # Mount the user homedirectory in the postgres db container as well, so postgres commands + # that load data into the db from disk work +# - name: home +# mountPath: /home/jovyan +# subPath: "jovyan" +# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} +# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} +{% endif %} +{% if (JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool) or (IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool) %} storage: extraVolumes: +{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" persistentVolumeClaim: claimName: "{{ JH_SHARED_STORAGE_PVC_NAME }}" +{% endif %} +{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} + - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" + persistentVolumeClaim: + claimName: "{{ IRODS_CSI_DRIVER_PVC_NAME }}" +{% endif %} extraVolumeMounts: +{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" mountPath: {{ JH_SHARED_STORAGE_MOUNT_DIR }} {% endif %} +{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} + - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" + mountPath: {{ IRODS_CSI_DRIVER_MOUNT_DIR }} +{% endif %} +{% endif %} {% if JH_SINGLEUSER_GPU_ENABLE is defined and JH_SINGLEUSER_GPU_ENABLE|bool %} profileList: - display_name: "GPU Server" diff --git a/templates/config.yaml.j2 b/templates/config.yaml.j2 index 2231bca..3055edc 100644 --- a/templates/config.yaml.j2 +++ b/templates/config.yaml.j2 @@ -85,82 +85,29 @@ singleuser: {% if JH_SINGLEUSER_CPU_LIMIT is defined %} limit: {{ JH_SINGLEUSER_CPU_LIMIT }} {% endif %} -{% if JH_PERUSER_STORAGE is defined and JH_PERUSER_STORAGE|bool %} - initContainers: - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && chown 1000:1000 /home/jovyan/shared-readwrite && chown 1000:1000 {{ JH_PERUSER_STORAGE_MOUNT_DIR }} && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 -# volumeMounts: -# - name: home -# mountPath: /home/jovyan -# subPath: "jovyan" - # Here so we can chown it appropriately -# - name: home -# mountPath: /home/jovyan/shared-readwrite -# subPath: _shared -# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} -# storage: -# extraVolumes: -# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" -# persistentVolumeClaim: -# claimName: '{{ JH_PERUSER_STORAGE_PVC_NAME }}-{{ ansible_user }}' -# extraVolumeMounts: -# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} - extraContainers: - - name: postgres - image: postgres:14.5 # use the latest version available at https://hub.docker.com/_/postgres/tags - args: - # Listen only on localhost, rather than on all interfaces - # This allows us to use passwordless login, as only the user notebook container can access this - - -c - - listen_addresses=127.0.0.1 - resources: - limits: - # Best effort only. No more than 1 CPU, and if postgres uses more than {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }}, restart it - memory: {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }} - cpu: {{ JH_PERUSER_STORAGE_CPU_LIMIT }} - requests: - # If we don't set requests, k8s sets requests == limits! - # So we set something tiny - memory: 64Mi - cpu: 0.01 - env: - # Configured using the env vars documented in https://hub.docker.com/_/postgres/ - # Postgres is only listening on localhost, so we can trust all connections that come to it - - name: POSTGRES_HOST_AUTH_METHOD - value: "trust" - - name: POSTGRES_USER - value: "jovyan" - securityContext: - runAsUser: 1000 -# volumeMounts: - # Mount the user homedirectory in the postgres db container as well, so postgres commands - # that load data into the db from disk work -# - name: home -# mountPath: /home/jovyan -# subPath: "jovyan" -# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} -{% endif %} -{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} +{% if (JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool) or (IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool) %} storage: extraVolumes: +{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" persistentVolumeClaim: claimName: "{{ JH_SHARED_STORAGE_PVC_NAME }}" +{% endif %} +{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} + - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" + persistentVolumeClaim: + claimName: "{{ IRODS_CSI_DRIVER_PVC_NAME }}" +{% endif %} extraVolumeMounts: +{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" mountPath: {{ JH_SHARED_STORAGE_MOUNT_DIR }} {% endif %} +{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} + - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" + mountPath: {{ IRODS_CSI_DRIVER_MOUNT_DIR }} +{% endif %} +{% endif %} {% if JH_SINGLEUSER_GPU_ENABLE is defined and JH_SINGLEUSER_GPU_ENABLE|bool %} profileList: - display_name: "GPU Server" @@ -195,11 +142,11 @@ ingress: {% endif %} kubernetes.io/ingress.class: "{{ JH_INGRESS_CLASS }}" {% if JH_INGRESS_HOSTNAME is defined %} - hosts: + hosts: - {{ JH_INGRESS_HOSTNAME }} {% endif %} {% endif %} prePuller: hook: - enabled: {{ JH_PREPULL_IMAGES }} + enabled: {{ JH_PREPULL_IMAGES }} \ No newline at end of file From f0c1e6f29723fc53080458be03dd1a05ec9c10e8 Mon Sep 17 00:00:00 2001 From: rschneider Date: Fri, 9 Jun 2023 09:57:15 -0700 Subject: [PATCH 3/5] removed test files before sending to main branch --- templates/config.test.yaml.j2 | 218 ---------------------------------- templates/per_user_pvc.yaml | 7 -- 2 files changed, 225 deletions(-) delete mode 100644 templates/config.test.yaml.j2 delete mode 100644 templates/per_user_pvc.yaml diff --git a/templates/config.test.yaml.j2 b/templates/config.test.yaml.j2 deleted file mode 100644 index 2838503..0000000 --- a/templates/config.test.yaml.j2 +++ /dev/null @@ -1,218 +0,0 @@ -# This file can update the JupyterHub Helm chart's default configuration values. -# -# For reference see the configuration reference and default values, but make -# sure to refer to the Helm chart version of interest to you! -# -# Introduction to YAML: https://www.youtube.com/watch?v=cdLNKUoMc6c -# Chart config reference: https://zero-to-jupyterhub.readthedocs.io/en/stable/resources/reference.html -# Chart default values: https://github.com/jupyterhub/zero-to-jupyterhub-k8s/blob/HEAD/jupyterhub/values.yaml -# Available chart versions: https://jupyterhub.github.io/helm-chart/ -# -# Google is not currently supported -# -# If you update this file directly and want to redeploy via helm: -# -# helm upgrade -f /opt/jupyterhub/config.yaml jupyterhub jupyterhub/jupyterhub -hub: -{% if JH_RESOURCES_REQUEST_CPU is defined or JH_RESOURCES_REQUEST_MEMORY is defined %} - resources: - requests: -{% if JH_RESOURCES_REQUEST_CPU is defined %} - cpu: {{ JH_RESOURCES_REQUEST_CPU }} -{% endif %} -{% if JH_RESOURCES_REQUEST_MEMORY is defined %} - memory: {{ JH_RESOURCES_REQUEST_MEMORY }} -{% endif %} -{% endif %} -{% if JH_DB_PVC_STORAGE_CLASS_NAME is defined %} - db: - pvc: - storageClassName: "{{ JH_DB_PVC_STORAGE_CLASS_NAME }}" -{% endif %} - config: - JupyterHub: -# this could be useful later for forcing matching to specific nodes -# scheduling: -# corePods: -# nodeAffinity: -# # matchNodePurpose valid options: -# # - ignore -# # - prefer (the default) -# # - require -# matchNodePurpose: require -{% if JH_AUTH_CLASS != "default" %} - authenticator_class: {{ JH_AUTH_CLASS }} -{% endif %} - Authenticator: -{% if JH_ADMINS is defined %} - admin_users: -{% for user in JH_ADMINS %} - - {{ user }} -{% endfor %} -{% endif %} -{% if JH_ALLOWED_USERS is defined %} - allowed_users: -{% for user in JH_ALLOWED_USERS %} - - {{ user }} -{% endfor %} -{% endif %} -{% if JH_AUTH_CLASS == "github" %} - GitHubOAuthenticator: - client_id: "{{ JH_OAUTH2_CLIENT_ID }}" - client_secret: "{{ JH_OAUTH2_CLIENT_SECRET }}" - oauth_callback_url: {{ JH_OAUTH2_CALLBACK_URL }} -{% elif JH_AUTH_CLASS == "dummy" %} - DummyAuthenticator: - password: "{{ JH_DUMMY_PASS }}" -{% else %} -{% endif %} - extraConfig: - cyverse_config.py: | - c.Spawner.http_timeout = {{ JH_SINGLEUSER_HTTP_TIMEOUT }} -singleuser: - defaultUrl: "{{ JH_SINGLEUSER_DEFAULT_URL }}" - startTimeout: {{ JH_SINGLEUSER_START_TIMEOUT }} - image: - name: {{ JH_SINGLEUSER_IMAGE }} - tag: "{{ JH_SINGLEUSER_IMAGE_TAG | string }}" - memory: - guarantee: "{{ JH_SINGLEUSER_MEMORY_GUARANTEE }}" -{% if JH_SINGLEUSER_MEMORY_LIMIT is defined %} - limit: "{{ JH_SINGLEUSER_MEMORY_LIMIT }}" -{% endif %} - cpu: - guarantee: {{ JH_SINGLEUSER_CPU_GUARANTEE }} -{% if JH_SINGLEUSER_CPU_LIMIT is defined %} - limit: {{ JH_SINGLEUSER_CPU_LIMIT }} -{% endif %} -{% if JH_PERUSER_STORAGE is defined and JH_PERUSER_STORAGE|bool %} - initContainers: - - name: volume-mount-ownership-fix - image: busybox - command: - [ - "sh", - "-c", - "id && chown 1000:1000 /home/jovyan && chown 1000:1000 /home/jovyan/shared-readwrite && chown 1000:1000 {{ JH_PERUSER_STORAGE_MOUNT_DIR }} && ls -lhd /home/jovyan", - ] - securityContext: - runAsUser: 0 -# volumeMounts: -# - name: home -# mountPath: /home/jovyan -# subPath: "jovyan" - # Here so we can chown it appropriately -# - name: home -# mountPath: /home/jovyan/shared-readwrite -# subPath: _shared -# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} -# storage: -# extraVolumes: -# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" -# persistentVolumeClaim: -# claimName: '{{ JH_PERUSER_STORAGE_PVC_NAME }}-{{ ansible_user }}' -# extraVolumeMounts: -# - name: "{{ JH_PERUSER_STORAGE_PV_NAME }}" -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} - extraContainers: - - name: postgres - image: postgres:14.5 # use the latest version available at https://hub.docker.com/_/postgres/tags - args: - # Listen only on localhost, rather than on all interfaces - # This allows us to use passwordless login, as only the user notebook container can access this - - -c - - listen_addresses=127.0.0.1 - resources: - limits: - # Best effort only. No more than 1 CPU, and if postgres uses more than {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }}, restart it - memory: {{ JH_PERUSER_STORAGE_MEMORY_LIMIT }} - cpu: {{ JH_PERUSER_STORAGE_CPU_LIMIT }} - requests: - # If we don't set requests, k8s sets requests == limits! - # So we set something tiny - memory: 64Mi - cpu: 0.01 - env: - # Configured using the env vars documented in https://hub.docker.com/_/postgres/ - # Postgres is only listening on localhost, so we can trust all connections that come to it - - name: POSTGRES_HOST_AUTH_METHOD - value: "trust" - - name: POSTGRES_USER - value: "jovyan" - securityContext: - runAsUser: 1000 -# volumeMounts: - # Mount the user homedirectory in the postgres db container as well, so postgres commands - # that load data into the db from disk work -# - name: home -# mountPath: /home/jovyan -# subPath: "jovyan" -# - name: {{ JH_PERUSER_STORAGE_PV_NAME }} -# mountPath: {{ JH_PERUSER_STORAGE_MOUNT_DIR }} -{% endif %} -{% if (JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool) or (IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool) %} - storage: - extraVolumes: -{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" - persistentVolumeClaim: - claimName: "{{ JH_SHARED_STORAGE_PVC_NAME }}" -{% endif %} -{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} - - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" - persistentVolumeClaim: - claimName: "{{ IRODS_CSI_DRIVER_PVC_NAME }}" -{% endif %} - extraVolumeMounts: -{% if JH_SHARED_STORAGE_ENABLE is defined and JH_SHARED_STORAGE_ENABLE|bool %} - - name: "{{ JH_SHARED_STORAGE_PV_NAME }}" - mountPath: {{ JH_SHARED_STORAGE_MOUNT_DIR }} -{% endif %} -{% if IRODS_CSI_DRIVER_ENABLE is defined and IRODS_CSI_DRIVER_ENABLE|bool %} - - name: "{{ IRODS_CSI_DRIVER_PV_NAME }}" - mountPath: {{ IRODS_CSI_DRIVER_MOUNT_DIR }} -{% endif %} -{% endif %} -{% if JH_SINGLEUSER_GPU_ENABLE is defined and JH_SINGLEUSER_GPU_ENABLE|bool %} - profileList: - - display_name: "GPU Server" - description: "Spawns a notebook server with access to a GPU" - kubespawner_override: - extra_resource_limits: - nvidia.com/gpu: "1" -{% endif %} - -# uncomment only if debugging container issues -cull: - enabled: false -proxy: -{% if JH_INGRESS_ENABLED is defined and JH_INGRESS_ENABLED|bool %} - service: - type: ClusterIP -{% endif %} - chp: - resources: - requests: - # 0m - 1000m - cpu: 1000m - # 100Mi - 600Mi - memory: 500Mi - -{% if JH_INGRESS_ENABLED is defined and JH_INGRESS_ENABLED|bool %} -ingress: - enabled: true - annotations: -{% if JH_INGRESS_CLASS == "nginx" %} - nginx.ingress.kubernetes.io/proxy-body-size: "{{ JH_INGRESS_BODY_SIZE }}" -{% endif %} - kubernetes.io/ingress.class: "{{ JH_INGRESS_CLASS }}" -{% if JH_INGRESS_HOSTNAME is defined %} - hosts: - - {{ JH_INGRESS_HOSTNAME }} -{% endif %} -{% endif %} - -prePuller: - hook: - enabled: {{ JH_PREPULL_IMAGES }} diff --git a/templates/per_user_pvc.yaml b/templates/per_user_pvc.yaml deleted file mode 100644 index 33c65dc..0000000 --- a/templates/per_user_pvc.yaml +++ /dev/null @@ -1,7 +0,0 @@ -jupyterhub: - custom: - singleuser: - extraPVCs: - - name: postgres-{username} - class: standard - capacity: 1Gi From 7047649002f48ad25fa4faa49ddac57997a89da0 Mon Sep 17 00:00:00 2001 From: rschneider Date: Fri, 9 Jun 2023 10:01:51 -0700 Subject: [PATCH 4/5] fixed README after adding irods csi driver stuff --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 67fe7e9..af5889b 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,11 @@ Role Variables * JH_SHARED_STORAGE_PVC_NAME, set to the persistent volume claim name * JH_SHARED_STORAGE_MOUNT_DIR, set to the mount directory within container, default = /home/jovyan/shared +* IRODS_CSI_DRIVER_ENABLE, set to true if enabling a second pv/pvc for the irods csi driver +* IRODS_CSI_DRIVER_PV_NAME, set to the persistent volume name for the irods csi driver +* IRODS_CSI_DRIVER_PVC_NAME, set to the persistent volume claim name for the irods csi driver +* IRODS_CSI_DRIVER_MOUNT_DIR, set to the mount directory within container for the irods csi driver + * JH_RESOURCES_REQUEST_CPU, if set this is the cpu setting for the hub container, 0m - 1000m * JH_RESOURCES_REQUEST_MEMORY, if set this is the memory setting for the hub container, 200Mi - 4Gi From 2ac8ed2100cbf0f3b9d5aaff6047b16e12b52018 Mon Sep 17 00:00:00 2001 From: rschneider Date: Fri, 9 Jun 2023 10:04:35 -0700 Subject: [PATCH 5/5] removed test vars from defaults --- defaults/main.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 3ff4dab..1dc7286 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -14,9 +14,3 @@ JH_SINGLEUSER_CPU_GUARANTEE: 0.5 JH_INGRESS_CLASS: "nginx" JH_INGRESS_BODY_SIZE: "4096m" JH_PREPULL_IMAGES: true -JH_PERUSER_STORAGE_PV_NAME: postgres-db -JH_PERUSER_STORAGE_PVC_NAME: postgres-test -JH_PERUSER_STORAGE_MOUNT_DIR: /var/lib/postgresql/data -JH_PERUSER_STORAGE_CPU_LIMIT: 1.0 -JH_PERUSER_STORAGE_MEMORY_LIMIT: 512Mi -JH_PERUSER_STORAGE: true