/
values.yaml
360 lines (316 loc) · 10.3 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
pdb:
enabled: true
maxUnavailable: 1
minAvailable:
replicas: 1
resources:
requests:
cpu: 0.2
memory: 512Mi
rbac:
enabled: true
nodeSelector: {}
tolerations: []
image:
name: quay.io/jupyterhub/k8s-binderhub
tag: "set-by-chartpress"
pullPolicy: ""
pullSecrets: []
# registry here is only used to create docker config.json
registry:
# key in 'auths' in docker config.json,
# ~always the registry url
url:
# registry username+password
username:
password:
service:
type: LoadBalancer
labels: {}
annotations:
prometheus.io/scrape: "true"
nodePort:
loadBalancerIP:
config:
# These c.BinderHub properties are referenced by the Helm chart
BinderHub:
# auth_enabled:
base_url: /
build_node_selector: {}
# hub_url:
# hub_url_local:
use_registry: true
KubernetesBuildExecutor: {}
extraConfig: {}
extraFiles: {}
extraPodSpec: {}
# Two bits of config need to be set to fully enable cors.
# config.BinderHub.cors_allow_origin controls the allowed origins for the
# binderhub api, and jupyterhub.hub.config.BinderSpawner.cors_allow_origin
# controls the allowed origins for the spawned user notebooks. You most
# likely want to set both of those to the same value.
jupyterhub:
# Deprecated values, kept here so we can provide useful error messages
custom:
cors: {}
cull:
enabled: true
users: true
hub:
config:
JupyterHub:
authenticator_class: nullauthenticator.NullAuthenticator
BinderSpawner:
auth_enabled: false
loadRoles:
binder:
services:
- binder
scopes:
- servers
# we don't need admin:users if auth is not enabled!
- "admin:users"
extraConfig:
0-binderspawnermixin: |
"""
Helpers for creating BinderSpawners
FIXME:
This file is defined in binderhub/binderspawner_mixin.py
and is copied to helm-chart/binderhub/values.yaml
by ci/check_embedded_chart_code.py
The BinderHub repo is just used as the distribution mechanism for this spawner,
BinderHub itself doesn't require this code.
Longer term options include:
- Move BinderSpawnerMixin to a separate Python package and include it in the Z2JH Hub
image
- Override the Z2JH hub with a custom image built in this repository
- Duplicate the code here and in binderhub/binderspawner_mixin.py
"""
from tornado import web
from traitlets import Bool, Unicode
from traitlets.config import Configurable
class BinderSpawnerMixin(Configurable):
"""
Mixin to convert a JupyterHub container spawner to a BinderHub spawner
Container spawner must support the following properties that will be set
via spawn options:
- image: Container image to launch
- token: JupyterHub API token
"""
def __init__(self, *args, **kwargs):
# Is this right? Is it possible to having multiple inheritance with both
# classes using traitlets?
# https://stackoverflow.com/questions/9575409/calling-parent-class-init-with-multiple-inheritance-whats-the-right-way
# https://github.com/ipython/traitlets/pull/175
super().__init__(*args, **kwargs)
auth_enabled = Bool(
False,
help="""
Enable authenticated binderhub setup.
Requires `jupyterhub-singleuser` to be available inside the repositories
being built.
""",
config=True,
)
cors_allow_origin = Unicode(
"",
help="""
Origins that can access the spawned notebooks.
Sets the Access-Control-Allow-Origin header in the spawned
notebooks. Set to '*' to allow any origin to access spawned
notebook servers.
See also BinderHub.cors_allow_origin in binderhub config
for controlling CORS policy for the BinderHub API endpoint.
""",
config=True,
)
def get_args(self):
if self.auth_enabled:
args = super().get_args()
else:
args = [
"--ip=0.0.0.0",
f"--port={self.port}",
f"--NotebookApp.base_url={self.server.base_url}",
f"--NotebookApp.token={self.user_options['token']}",
"--NotebookApp.trust_xheaders=True",
]
if self.default_url:
args.append(f"--NotebookApp.default_url={self.default_url}")
if self.cors_allow_origin:
args.append("--NotebookApp.allow_origin=" + self.cors_allow_origin)
# allow_origin=* doesn't properly allow cross-origin requests to single files
# see https://github.com/jupyter/notebook/pull/5898
if self.cors_allow_origin == "*":
args.append("--NotebookApp.allow_origin_pat=.*")
args += self.args
# ServerApp compatibility: duplicate NotebookApp args
for arg in list(args):
if arg.startswith("--NotebookApp."):
args.append(arg.replace("--NotebookApp.", "--ServerApp."))
return args
def start(self):
if not self.auth_enabled:
if "token" not in self.user_options:
raise web.HTTPError(400, "token required")
if "image" not in self.user_options:
raise web.HTTPError(400, "image required")
if "image" in self.user_options:
self.image = self.user_options["image"]
return super().start()
def get_env(self):
env = super().get_env()
if "repo_url" in self.user_options:
env["BINDER_REPO_URL"] = self.user_options["repo_url"]
for key in (
"binder_ref_url",
"binder_launch_host",
"binder_persistent_request",
"binder_request",
):
if key in self.user_options:
env[key.upper()] = self.user_options[key]
return env
00-binder: |
# image & token are set via spawn options
from kubespawner import KubeSpawner
class BinderSpawner(BinderSpawnerMixin, KubeSpawner):
pass
c.JupyterHub.spawner_class = BinderSpawner
services:
binder:
display: false
singleuser:
# start jupyterlab server *if available*
# fallback on jupyter-notebook
cmd:
- python3
- "-c"
- |
import os
import sys
try:
import jupyterlab
import jupyterlab.labapp
major = int(jupyterlab.__version__.split(".", 1)[0])
except Exception as e:
print("Failed to import jupyterlab: {e}", file=sys.stderr)
have_lab = False
else:
have_lab = major >= 3
if have_lab:
# technically, we could accept another jupyter-server-based frontend
print("Launching jupyter-lab", file=sys.stderr)
exe = "jupyter-lab"
else:
print("jupyter-lab not found, launching jupyter-notebook", file=sys.stderr)
exe = "jupyter-notebook"
# launch the notebook server
os.execvp(exe, sys.argv)
events: true
storage:
type: none
memory:
guarantee:
prePuller:
hook:
enabled: false
continuous:
enabled: false
deployment:
readinessProbe:
enabled: true
initialDelaySeconds: 0
periodSeconds: 5
failureThreshold: 1000 # we rely on the liveness probe to resolve issues if needed
timeoutSeconds: 3
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 3
timeoutSeconds: 10
labels: {}
imageBuilderType: "host"
dind:
initContainers: []
daemonset:
image:
name: docker.io/library/docker
tag: "24.0.7-dind" # ref: https://hub.docker.com/_/docker/tags
pullPolicy: ""
pullSecrets: []
# Additional command line arguments to pass to dockerd
extraArgs: []
lifecycle: {}
extraVolumes: []
extraVolumeMounts: []
storageDriver: overlay2
resources: {}
hostSocketDir: /var/run/dind
hostLibDir: /var/lib/dind
# Podman in Kubernetes
pink:
initContainers: []
daemonset:
image:
name: quay.io/podman/stable
tag: "v4.8.1" # ref: https://quay.io/repository/podman/stable
pullPolicy: ""
pullSecrets: []
lifecycle: {}
extraVolumes: []
extraVolumeMounts: []
resources: {}
hostStorageDir: /var/lib/pink/storage
hostSocketDir: /var/run/pink
imageCleaner:
enabled: true
image:
name: quay.io/jupyterhub/docker-image-cleaner
tag: "1.0.0-beta.3"
pullPolicy: ""
pullSecrets: []
# delete an image at most every 5 seconds
delay: 5
# Interpret threshold values as percentage or bytes
imageGCThresholdType: "relative"
# when 80% of inodes are used,
# cull images until it drops below 60%
imageGCThresholdHigh: 80
imageGCThresholdLow: 60
# cull images on the host docker as well as dind
# configuration to use if `imageBuilderType: host` is configured
host:
dockerSocket: /var/run/docker.sock
dockerLibDir: /var/lib/docker
ingress:
enabled: false
https:
enabled: false
type: kube-lego
hosts: []
ingressClassName:
annotations:
{}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
pathSuffix:
# Suffix added to Ingress's routing path pattern.
# Specify `*` if your ingress matches path by glob pattern.
pathType: Prefix
tls:
[]
# Secrets must be manually created in the namespace.
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
initContainers: []
lifecycle: {}
extraVolumes: []
extraVolumeMounts: []
extraEnv: {}
podAnnotations: {}
# Deprecated values, kept here so we can provide useful error messages
cors: {}
global: {}