Skip to content

Commit

Permalink
Merge pull request #3625 from yuvipanda/openscapes-unify
Browse files Browse the repository at this point in the history 
Unify Openscapes profile list config
  • Loading branch information
@yuvipanda
yuvipanda authored Jan 30, 2024
2 parents 6aacefb + 9c64733 commit c761173
Show file tree
Hide file tree
Showing 4 changed files with 153 additions and 203 deletions.
123 changes: 123 additions & 0 deletions config/clusters/openscapes/common.values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,126 @@ basehub:
singleuser:
serviceAccountName: cloud-user-sa
defaultUrl: /lab
profileList:
- display_name: Python
description: Python datascience environment
default: true
allowed_teams:
- 2i2c-org:hub-access-for-2i2c-staff
- NASA-Openscapes:workshopaccess-2i2c
- NASA-Openscapes:longtermaccess-2i2c
- NASA-Openscapes:championsaccess-2i2c
kubespawner_override:
image: openscapes/python:4f340eb
profile_options: &profile_options
requests: &profile_options_resource_allocation
display_name: Resource Allocation
choices:
mem_1_9:
display_name: 1.9 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 1992701952
mem_limit: 1992701952
cpu_guarantee: 0.234375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
default: true
mem_3_7:
display_name: 3.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 3985403904
mem_limit: 3985403904
cpu_guarantee: 0.46875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_7_4:
display_name: 7.4 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 7970807808
mem_limit: 7970807808
cpu_guarantee: 0.9375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_14_8:
display_name: 14.8 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 15941615616
mem_limit: 15941615616
cpu_guarantee: 1.875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_29_7:
display_name: 29.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 31883231232
mem_limit: 31883231232
cpu_guarantee: 3.75
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_60_6:
display_name: 60.6 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 65094813696
mem_limit: 65094813696
cpu_guarantee: 7.86
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
mem_121_2:
display_name: 121.2 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 130189627392
mem_limit: 130189627392
cpu_guarantee: 15.72
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
- display_name: R
description: R (with RStudio) + Python environment
allowed_teams:
- 2i2c-org:hub-access-for-2i2c-staff
- NASA-Openscapes:workshopaccess-2i2c
- NASA-Openscapes:longtermaccess-2i2c
- NASA-Openscapes:championsaccess-2i2c
kubespawner_override:
image: openscapes/rocker:a7596b5
# Ensures container working dir is homedir
# https://github.com/2i2c-org/infrastructure/issues/2559
working_dir: /home/rstudio
profile_options: *profile_options
- display_name: Matlab
description: Matlab environment
allowed_teams:
- 2i2c-org:hub-access-for-2i2c-staff
- NASA-Openscapes:workshopaccess-2i2c
- NASA-Openscapes:longtermaccess-2i2c
- NASA-Openscapes:championsaccess-2i2c
kubespawner_override:
image: openscapes/matlab:2023-11-28
profile_options: *profile_options
- display_name: "Bring your own image"
description: Specify your own docker image (must have python and jupyterhub installed in it)
slug: custom
allowed_teams:
- NASA-Openscapes:longtermaccess-2i2c
- 2i2c-org:hub-access-for-2i2c-staff
profile_options:
image:
display_name: Image
unlisted_choice:
enabled: True
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices: {}
resource_allocation: *profile_options_resource_allocation
scheduling:
userScheduler:
enabled: true
Expand All @@ -46,7 +166,10 @@ basehub:
JupyterHub:
authenticator_class: github
GitHubOAuthenticator:
enable_auth_state: true
populate_teams_in_auth_state: true
allowed_organizations:
- 2i2c-org:hub-access-for-2i2c-staff
- NASA-Openscapes:workshopaccess-2i2c
- NASA-Openscapes:longtermaccess-2i2c
- NASA-Openscapes:championsaccess-2i2c
Expand Down
87 changes: 0 additions & 87 deletions config/clusters/openscapes/prod.values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,93 +11,6 @@ basehub:
singleuser:
extraEnv:
SCRATCH_BUCKET: s3://openscapeshub-scratch/$(JUPYTERHUB_USER)
profileList:
- display_name: Python
description: Python datascience environment
default: true
kubespawner_override:
image: openscapes/python:4f340eb
profile_options: &profile_options
requests:
display_name: Resource Allocation
choices:
mem_1_9:
display_name: 1.9 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 1992701952
mem_limit: 1992701952
cpu_guarantee: 0.234375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
default: true
mem_3_7:
display_name: 3.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 3985403904
mem_limit: 3985403904
cpu_guarantee: 0.46875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_7_4:
display_name: 7.4 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 7970807808
mem_limit: 7970807808
cpu_guarantee: 0.9375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_14_8:
display_name: 14.8 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 15941615616
mem_limit: 15941615616
cpu_guarantee: 1.875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_29_7:
display_name: 29.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 31883231232
mem_limit: 31883231232
cpu_guarantee: 3.75
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_60_6:
display_name: 60.6 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 65094813696
mem_limit: 65094813696
cpu_guarantee: 7.86
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
mem_121_2:
display_name: 121.2 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 130189627392
mem_limit: 130189627392
cpu_guarantee: 15.72
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
- display_name: R
description: R (with RStudio) + Python environment
kubespawner_override:
image: openscapes/rocker:a7596b5
# Ensures container working dir is homedir
# https://github.com/2i2c-org/infrastructure/issues/2559
working_dir: /home/rstudio
profile_options: *profile_options
- display_name: Matlab
description: Matlab environment
kubespawner_override:
image: openscapes/matlab:2023-11-28
profile_options: *profile_options
hub:
config:
GitHubOAuthenticator:
Expand Down
116 changes: 0 additions & 116 deletions config/clusters/openscapes/staging.values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,122 +11,6 @@ basehub:
singleuser:
extraEnv:
SCRATCH_BUCKET: s3://openscapeshub-scratch-staging/$(JUPYTERHUB_USER)
profileList:
- display_name: Python
description: Python datascience environment
default: true
profile_options:
image:
display_name: Image and Tag
unlisted_choice: &unlisted_choice
enabled: true
display_name: "Custom image"
validation_regex: "^.+:.+$"
validation_message: "Must be a publicly available docker image, of form <image-name>:<tag>"
kubespawner_override:
image: "{value}"
choices:
default:
display_name: openscapes/python:4f340eb
default: true
kubespawner_override:
image: openscapes/python:4f340eb
requests: &requests_profile_options
display_name: Resource Allocation
choices:
mem_1_9:
display_name: 1.9 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 1992701952
mem_limit: 1992701952
cpu_guarantee: 0.234375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
default: true
mem_3_7:
display_name: 3.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 3985403904
mem_limit: 3985403904
cpu_guarantee: 0.46875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_7_4:
display_name: 7.4 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 7970807808
mem_limit: 7970807808
cpu_guarantee: 0.9375
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_14_8:
display_name: 14.8 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 15941615616
mem_limit: 15941615616
cpu_guarantee: 1.875
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_29_7:
display_name: 29.7 GB RAM, upto 3.7 CPUs
kubespawner_override:
mem_guarantee: 31883231232
mem_limit: 31883231232
cpu_guarantee: 3.75
cpu_limit: 3.75
node_selector:
node.kubernetes.io/instance-type: r5.xlarge
mem_60_6:
display_name: 60.6 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 65094813696
mem_limit: 65094813696
cpu_guarantee: 7.86
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
mem_121_2:
display_name: 121.2 GB RAM, upto 15.7 CPUs
kubespawner_override:
mem_guarantee: 130189627392
mem_limit: 130189627392
cpu_guarantee: 15.72
cpu_limit: 15.72
node_selector:
node.kubernetes.io/instance-type: r5.4xlarge
- display_name: R
description: R (with RStudio) + Python environment
profile_options:
image:
display_name: Image and Tag
unlisted_choice: *unlisted_choice
choices:
default:
display_name: openscapes/rocker:a7596b5
default: true
kubespawner_override:
image: openscapes/rocker:a7596b5
# Ensures container working dir is homedir
# https://github.com/2i2c-org/infrastructure/issues/2559
working_dir: /home/rstudio
requests: *requests_profile_options
- display_name: Matlab
description: Matlab environment
profile_options:
image:
display_name: Image and Tag
unlisted_choice: *unlisted_choice
choices:
default:
display_name: openscapes/matlab:2023-11-28
default: true
kubespawner_override:
image: openscapes/matlab:2023-06-29
requests: *requests_profile_options
hub:
config:
GitHubOAuthenticator:
Expand Down
30 changes: 30 additions & 0 deletions docs/hub-deployment-guide/configure-auth/github-orgs.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,3 +230,33 @@ To enable this access,
that profile. Add `2i2c-org:hub-access-for-2i2c-staff` to all
`allowed_teams` so 2i2c engineers can log in to debug issues. If
`allowed_teams` is not set, that profile is not available to anyone.

### Enabling team based access on hub with pre-existing users

If this is being enabled for users on a hub with *pre-existing* users, they
will all need to be logged out before deployment. This would force them to
re-login next time, and that will set `auth_state` properly so we can filter
based on team membership - without that, we won't know which teams the user
belongs to, and they will get an opaque 'Access denied' error.

1. Check with the community to know *when* is a good time to log everyone
out. If users have running servers, they will need to refresh the page -
which will put them through the authentication flow again. It's best to
do this at a time when minimal or no users are running, to minimze
disruption.

2. We log everyone out by regenerating [hub.cookieSecret](https://z2jh.jupyter.org/en/stable/resources/reference.html#hub-cookiesecret).
The easiest way to do this is to simply delete the kubernetes secret
named `hub` in the namespace of the hub, and then do a deployment. So
once the PR for deployment is ready, run the following command:

```bash
# Get kubectl access to the cluster
deployer use-cluster-credentials <cluster-name>
kubectl -n <hub-name> delete secret hub
```

After that, you can deploy either manually or by merging your PR.

This should log everyone out, and when they log in, they should see
the profiles they have access to!

0 comments on commit c761173

Please sign in to comment.