Merge pull request jupyterhub#35 from data-8/helm

Add Helm

data8-jhub/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

data8-jhub/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: UC Berkeley data8's version of jupyterhub.
+name: data8-jhub
+version: 0.1.0

data8-jhub/charts/jhubcull/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

data8-jhub/charts/jhubcull/Chart.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: Culler for jupyterhub
+name: jhubcull
+version: 0.1.0

data8-jhub/charts/jhubcull/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing {{.Chart.Name}}. This chart is a culler for jhub that kills idle notebooks. The chart contains a single deployment with a single pod that uses the jupyterhub api to cull idle notebooks.
+
+Your release is named {{ .Release.Name }}.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get {{ .Release.Name }}

data8-jhub/charts/jhubcull/templates/_helpers.tpl

@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 24 -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
+{{- end -}}

data8-jhub/charts/jhubcull/templates/configmap.yaml

@@ -0,0 +1,6 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: cull-config
+data:
+  auth.jhub-token.cull: {{.Values.secrets.jhubApiToken | quote}}

data8-jhub/charts/jhubcull/templates/deployment.yaml

@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: cull-deployment
+  labels:
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+spec:
+  replicas: {{ .Values.replicaCount }}
+  template:
+    metadata:
+      labels:
+        name: cull-pod
+    spec:
+      containers:
+        - name: cull-container
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          command:
+            - /bin/sh
+            - -c
+          args: ['python /srv/cull/cull_idle_servers.py --timeout={{ .Values.cull_timeout }} --cull_every={{ .Values.cull_every }} --url=http://${HUB_SERVICE_HOST}:${HUB_SERVICE_PORT}/hub']
+          env:
+          - name: JPY_API_TOKEN
+            valueFrom:
+              configMapKeyRef:
+                name: hub-config
+                key: auth.jhub-token.cull

data8-jhub/charts/jhubcull/values.yaml

@@ -0,0 +1,9 @@
+# Default values for jhubcull.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 1
+cull_timeout: 3600
+cull_every: 600
+image:
+  repository: data8/jupyterhub-k8s-cull
+  tag: master

data8-jhub/templates/NOTES.txt

@@ -0,0 +1,8 @@
+Thank you for installing {{.Chart.Name}}. Your release is named {{ .Release.Name }}.
+
+This chart is UC Berkeley data8's version of jupyterhub.
+
+To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get {{ .Release.Name }}

data8-jhub/templates/_helpers.tpl

@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 24 -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 24 -}}
+{{- end -}}

data8-jhub/templates/configmap.yaml

@@ -0,0 +1,9 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: hub-config
+data:
+  auth.jhub-token.proxy: {{.Values.secrets.jhubTokenProxy | quote}}
+  oauth.client-id.google: {{.Values.secrets.clientIdGoogle | quote}}
+  oauth.client-secret.google: {{.Values.secrets.clientSecretGoogle | quote}}
+  auth.jhub-token.cull: {{.Values.jhubcull.secrets.jhubApiToken | quote}}

data8-jhub/templates/deployment.yaml

@@ -0,0 +1,151 @@
+#
+# We are using a GCE disk as persistent storage for the Hub
+# and for each individual user node.
+#
+# A volume for the hub is automatically provisioned b/c its pvc
+# is using a storage class. There is no need to manually provision
+# any disks on the cluster.
+#
+# When a single user pod is spun up, a corresponding pvc is
+# dynamically provisioned by kubespawner. If a pvc for that user
+# already exists, the pod mounts to the existing pvc.
+#
+
+kind: StorageClass
+apiVersion: storage.k8s.io/v1beta1
+metadata:
+  name: gce-standard-storage
+provisioner: kubernetes.io/gce-pd
+parameters:
+  type: pd-standard
+  zone: us-central1-a
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: data8-workdir
+  annotations:
+    volume.beta.kubernetes.io/storage-class: gce-standard-storage
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxy-api
+spec:
+  selector:
+    name: proxy-pod
+  ports:
+    - protocol: TCP
+      port: 8001
+      targetPort: 8001
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxy-public
+spec:
+  type: LoadBalancer
+  selector:
+    name: proxy-pod
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8000
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hub
+spec:
+  selector:
+    name: hub-pod
+  ports:
+    - protocol: TCP
+      port: 8081
+      targetPort: 8081
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: hub-deployment
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: hub-pod
+    spec:
+      volumes:
+      - name: data8-workdir-volume
+        persistentVolumeClaim:
+          claimName: data8-workdir
+      containers:
+      - name: hub-container
+        image: data8/jupyterhub-k8s-hub:master
+        imagePullPolicy: Always
+        volumeMounts:
+          - mountPath: /srv/jupyterhub
+            name: data8-workdir-volume
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        - name: CULL_JHUB_TOKEN
+          valueFrom:
+            configMapKeyRef:
+              name: hub-config
+              key: auth.jhub-token.cull
+        - name: CONFIGPROXY_AUTH_TOKEN
+          valueFrom:
+            configMapKeyRef:
+              name: hub-config
+              key: auth.jhub-token.proxy
+        - name: GOOGLE_OAUTH_CLIENT_ID
+          valueFrom:
+            configMapKeyRef:
+              name: hub-config
+              key: oauth.client-id.google
+        - name: GOOGLE_OAUTH_CLIENT_SECRET
+          valueFrom:
+            configMapKeyRef:
+              name: hub-config
+              key: oauth.client-secret.google
+        - name: OAUTH_CALLBACK_URL
+          value: "{{ .Values.oauthCallbackUrl }}"
+        ports:
+          - containerPort: 8081
+            name: hub
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: proxy-deployment
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        name: proxy-pod
+    spec:
+      containers:
+      - name: proxy-container
+        image: yuvipanda/nchp:v1
+        env:
+          - name: CONFIGPROXY_AUTH_TOKEN
+            valueFrom:
+              configMapKeyRef:
+                name: hub-config
+                key: auth.jhub-token.proxy
+        ports:
+          - containerPort: 8000
+            name: proxy-public
+          - containerPort: 8001
+            name: api
+

data8-jhub/values.yaml

@@ -0,0 +1,25 @@
+# Default values for jupyterhub-k8s.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+replicaCount: 1
+oauthCallbackUrl: http://derrick-jhub.calblueprint.org/hub/oauth_callback
+image:
+  repository: data8/jupyterhub-k8s-hub
+  tag: master
+  pullPolicy: IfNotPresent
+
+# TODO: Make this secure
+secrets:
+  # Used to authenticate the hub to the proxy. This string was generated with `pwgen 64`.
+  # Please generate a new one for your own deployment!
+  jhubTokenProxy: "Kev4Shai9phai0Eez2aiyaefaepheutei3baehaiseipheef1Ah2cah4xeaquohr"
+
+  # Add in oauth secrets! These are gonna get invalidated soon because we
+  # already accidentally exposed them so yolo
+  clientIdGoogle: "92948014362-c7jc8k20co1e4eqmg8095818htadijat.apps.googleusercontent.com"
+  clientSecretGoogle: "BabUWSqHd4ZekBqiaur4S1cm"
+
+jhubcull:
+  secrets:
+    # Used to authenticate the culler to the hub. This string was generated with `openssl rand -hex 32`.
+    jhubApiToken: "13fdff1305cd883e49223908186a63294922dadb59b5d1122473041f160c4b03"