-
Notifications
You must be signed in to change notification settings - Fork 791
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support fullnameOverride / nameOverride and reference resources by named templates #1923
Conversation
6f643a3
to
7586247
Compare
7586247
to
4e73c8d
Compare
ef778d9
to
6001377
Compare
6001377
to
461089f
Compare
5a0fab5
to
f8dbdf4
Compare
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hub-secret is actually a resource used by other Helm charts
I found only one reference to this in mybinder.org-deploy and none elsewhere, so I don't think that's enough of a reason to leave it out of this consistency update. We will need to be aware of this and make that one line update to mybinder.org-deploy when we next bump this chart, but it is an okay requirement, I think. Plus, it would probably be more prudent for consumers of that info to use .Values.jupyterhub.proxy.secretToken
in its own secret rather than accessing the secret itself. I'd call that an 'unprotected private api access' like accessing a _private
attribute in Python. Not really a problem to do, but it's okay to expect more churn if you do use them. The error will also be pretty informative ("failed to mount nonexistent hub-secret volume: no such secret" or similar).
9320a72
to
2cf91ac
Compare
0fb0678
to
2b61e10
Compare
2b61e10
to
afb3f44
Compare
jupyterhub/zero-to-jupyterhub-k8s#1923 Merge pull request #1923 from consideRatio/pr/fullname-override
@@ -47,9 +47,9 @@ spec: | |||
{{- .Values.hub.extraVolumes | toYaml | trimSuffix "\n" | nindent 8 }} | |||
{{- end }} | |||
{{- if eq .Values.hub.db.type "sqlite-pvc" }} | |||
- name: hub-db-dir | |||
- name: pvc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a possibly breaking change, btw. If you are using initContainers that also mount /srv/jupyterhub
, you'll end up with this error:
Error: UPGRADE FAILED: cannot patch "hub" with kind Deployment: Deployment.apps "hub" is invalid: spec.template.spec.containers[1].volumeMounts[0].name: Not found: "hub-db-dir"
We should at least note this somewhere.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good point
Summary
Most helm charts provide a
fullnameOverride
configuration and anameOverride
configuration, something that also ships with thehelm create
boilerplate. This PR introduce such configuration options, but the default values are set in a way that retain the current naming convention.With the new configuration options, there are five kinds of naming schemes that can be used depending on if
fullnameOverride
andnameOverride
are null, blank, or non-blank strings.""
""
""
Changes
{{ include "jupyterhub.hub.fullname" . }}
..
scope from a chart with JupyterHub as a dependency chart.This will be useful for binderhub for example.
hub
,proxy-public
, anduser-scheduler-ref
which correspond to their named template name. This is useful if you want to mount one name to an environment variable for example.fullnameOverride
andnameOverride
config options addedPeriphery changes
traefik-proxy-config
andhub-config
are renamed toautohttps
andhub
.By doing so we become more systematic in how we name things and avoid introducing two additional named templates to reference specifically for these configmaps.
/etc/jupyterhub/config/config.yaml
which isn't mounted anyhowIt's not possible for someone to put a file there either because we mount the configmap in a way that would replace that folder.
Some benefits ?
Some downsides ?
Review notes
In #1978 I added the ability to see a diff on the rendered Helm templates between the latest dev release of the chart and the PR. It isn't helpful for changes to the hub configmap or the autohttps configmap as those were renamed. For those specifically, it's better to not use this diff but the unrendered diff with GitHub's normal UI.
Here is an example helm diff for 1329fa9 which currently is the latest change.
The documentation is updated in the configuration reference, see the PR docs preview.
Implementation deliberations
New default naming convention?
Do we want to transition to a new default naming convention, namely where fullnameOverride and nameOverride is
null
and our resources are named with arelease-(jupyterhub-)component
pattern.Perhaps, but not in this PR.
Disallow changes to fullnameOverride / nameOverride?
Should we allow a change fullnameOverride / nameOverride where it probably leads to issues, or should we make template rendering fail if attempting to do so?
Perhaps, but not in this PR.
Should this PR solve #1791?
It currently doesn't. I think the following pieces are missing.
KubeSpawner's created resources must not have conflicts, so pod_name_template, pvc_name_template and more needs to be configured to include the helm release name or similar.
KubeSpawner's resource inspections must filter out only the pod it manages.
Currently, only one label is used as a selector, the configurable component_label which is
component: singleuser-server
by default. While this could be modified to include more information, KubeSpawner should instead support the ability to include more selector labels.Decision
No, let's work towards that in future PRs. This PR is already a sizable chunk that is quite cohesive on its own.