Skip to content

Commit

Permalink
psdev-296: Fix deployment with LDAP supported.
Browse files Browse the repository at this point in the history
Fix LDAP with a hack workaround described in
jupyterhub/ldapauthenticator#128.
The hub dockerfile applies a patch to the ldapathenticator py module.

This is based on upstream version 0.9-b609a67 helm chart.
This was obtained from a tarball so a bit disconnected from upstream. However, it is working so checking in.

DCO 1.1 Signed-off-by: David Ohlemacher <[email protected]>
sqqqrly committed Jul 11, 2019
1 parent c867e72 commit c9436a0
Showing 46 changed files with 140 additions and 35 deletions.
11 changes: 8 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -62,17 +62,22 @@ An ibox-iscsi storage class needs to be deployed to the k8s cluster. See https:

### Deploy the chart
- `cd jupyterhub/`
- `helm install --namespace jup --name jupyterhub --values values.yaml --values config.yaml .`
- Execute one of:
- `helm install --namespace jup --name jupyterhub --values values.yaml --values config.yaml .`
- `helm upgrade --install jupyter --values values.yaml --values config.yaml .`
- `kubectl -n jup get all`
- Monitor the jup namespace and verify jupyterhub is deployed properly.

### Access from your laptop
- `kubectl port-forward -n jup <proxy-NNN name> 9000:8000
- `kubectl port-forward -n jup "proxy-NNN name" 9000:8000`
- Visit http://http://127.0.0.1:9000
- If necessary, you may another local port rather than 9000.
- Use any name and passwd (for now).
- Create a notebook.

### Jupyterhub teardown
- `helm delete --purge jupyterhub`
- There may be user pods running. For each:
- There may be user pods running. These have names such as "pod/jupyter-<user>". For each:
- `kubectl -n jup delete pod <user pod name>`
- Delete the namespace:
- `kubectl delete namespace jup`
10 changes: 10 additions & 0 deletions images/hub/Dockerfile
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@ RUN apt-get update && \
build-essential \
sqlite3 \
curl \
vim \
dnsutils \
$(bash -c 'if [[ $JUPYTERHUB_VERSION == "git"* ]]; then \
# workaround for https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1794589
@@ -58,5 +59,14 @@ RUN chown ${NB_USER}:${NB_USER} /srv/jupyterhub
# JupyterHub API port
EXPOSE 8081

# Patch ldapauthenticator.py v. 1.2.2
# https://github.com/jupyterhub/ldapauthenticator/issues/128
RUN \
infinisrc="/usr/local/lib/python3.6/dist-packages/ldapauthenticator/ldapauthenticator.py" \
&& infinitemp="/root/ldapauthenticator.py" \
&& awk '/return conn.response\[0\]\['\''attributes'\''\]\[self.lookup_dn_user_dn_attribute\]/ { $0=$0"[0]" } 1' "$infinisrc" > "$infinitemp" \
&& sed -i 's?\r??g' "$infinitemp" \
&& mv "$infinitemp" "$infinisrc"

USER ${NB_USER}
CMD ["jupyterhub", "--config", "/srv/jupyterhub_config.py"]
1 change: 1 addition & 0 deletions jupyterhub/.helmignore
100644 → 100755
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@
*.bak
*.tmp
*~
*.un~
# Various IDEs
.project
.idea/
8 changes: 4 additions & 4 deletions jupyterhub/Chart.yaml
100644 → 100755
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name: jupyterhub
version: 0.9-dev
appVersion: 1.0.0
description: Multi-user Jupyter installation
home: https://z2jh.jupyter.org
sources:
- https://github.com/jupyterhub/zero-to-jupyterhub-k8s
icon: https://jupyter.org/assets/hublogo.svg
kubeVersion: '>=1.11.0-0'
name: jupyterhub
sources:
- https://github.com/jupyterhub/zero-to-jupyterhub-k8s
tillerVersion: '>=2.11.0-0'
version: 0.9-b609a67
81 changes: 81 additions & 0 deletions jupyterhub/config.yaml
Original file line number Diff line number Diff line change
@@ -20,3 +20,84 @@ iscsi:
readonly: false
networkspaces: iscsi1
poolName: "ps-k8s-cicd"

# CN=infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com
### LDAP Configuration
# auth:
# type: ldap
# ldap:
# server:
# address: infinidat.com
# dn:
# templates: []
# #- 'uid={username},ou=Security Groups,dc=infinidat,dc=com'
# #- 'uid={username},ou=Groups,dc=infinidat,dc=com'
# #- 'uid={username},ou=Corp,dc=infinidat,dc=com'
# state:
# enabled: false
# admin:
# access: true
# users:
# - dohlemacher
# - kfred

# CN=infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com
### LDAP/AD Configuration
auth:
type: ldap
ldap:
server:
address: 'infinidat.com'
dn:
lookup: true
search:
filter: '({login_attr}={login})'
templates:
- 'CN={username},ou=Professional Services USA,ou=Infinidat Global,ou=Users,ou=Corp,dc=infinidat,dc=com'
# - 'uid={username},ou=Security Groups,dc=infinidat,dc=com'
# - 'uid={username},ou=Groups,dc=infinidat,dc=com'
# - 'uid={username},ou=Corp,dc=infinidat,dc=com'
#- 'uid={username},ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com'
user:
searchBase: 'ou=Professional Services USA,ou=Infinidat Global,ou=Users,ou=Corp,dc=infinidat,dc=com'
# 'ou=Security Groups,ou=Groups,ou=Corp,dc=infinidat,dc=com'
escape: False
attribute: 'sAMAccountName'
dnAttribute: 'cn'
allowedGroups:
- 'cn=US Professional Services,ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com'
#- 'CN=Professional Services US,ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com'
#- 'CN=infinidat,OU=Security Groups,dc=infinidat,dc=com'
#- 'CN=infinidat,OU=Groups,OU=Corp,dc=infinidat,dc=com'
#- 'CN=infinidat,OU=Corp,dc=infinidat,dc=com'
state:
enabled: false
admin:
access: true
users:
- dohlemacher
- kfred

### Dummy auth working with a common password
# auth:
# type: dummy
# whitelist:
# users:
# - dohlemacher
# - kfred
# - jnichols
# - gtouretsky
# admin:
# access: true
# users:
# - dohlemacher
# dummy:
# password: xsignnet1
# ldap:
# dn:
# search: {}
# user: {}
# user: {}
# state:
# enabled: false
# cryptoKey:
Empty file modified jupyterhub/schema.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/NOTES.txt
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/_helpers.tpl
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/configmap.yaml
100644 → 100755
Empty file.
7 changes: 6 additions & 1 deletion jupyterhub/templates/hub/deployment.yaml
100644 → 100755
Original file line number Diff line number Diff line change
@@ -69,7 +69,12 @@ spec:
{{- end }}
- name: hub
image: {{ .Values.hub.image.name }}:{{ .Values.hub.image.tag }}
command:
### Alternative to run jh process manually via an exec.
# command:
# - "sleep"
# args:
# - "96000"
command:
- jupyterhub
- --config
- /srv/jupyterhub_config.py
Empty file modified jupyterhub/templates/hub/image-credentials-secret.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/netpol.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/pdb.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/pvc.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/rbac.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/secret.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/hub/service.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/image-puller/_daemonset-helper.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/image-puller/daemonset.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/image-puller/job.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/image-puller/rbac.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/ingress.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/_README.txt
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/configmap-nginx.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/deployment.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/ingress-internal.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/rbac.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/autohttps/service.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/deployment.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/netpol.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/pdb.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/secret.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/proxy/service.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/_scheduling-helpers.tpl
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/priorityclass.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-placeholder/pdb.yaml
100644 → 100755
Empty file.
Empty file.
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-scheduler/_helpers.tpl
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-scheduler/configmap.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-scheduler/deployment.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-scheduler/pdb.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/scheduling/user-scheduler/rbac.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/singleuser/image-credentials-secret.yaml
100644 → 100755
Empty file.
Empty file modified jupyterhub/templates/singleuser/netpol.yaml
100644 → 100755
Empty file.
57 changes: 30 additions & 27 deletions jupyterhub/values.yaml
Original file line number Diff line number Diff line change
@@ -10,6 +10,7 @@ hub:
baseUrl: /
cookieSecret:
publicURL:
initContainers: []
uid: 0
fsGid: 0
nodeSelector: {}
@@ -43,8 +44,11 @@ hub:
extraVolumes: []
extraVolumeMounts: []
image:
name: jupyterhub/k8s-hub
tag: '0.8.2'
# name: jupyterhub/k8s-hub
# tag: '0.9-445a953'
name: sqqqrly/k8s-hub-patched
tag: '0.9-445a953-patch'
pullPolicy: Always
resources:
requests:
cpu: 200m
@@ -86,8 +90,7 @@ proxy:
chp:
image:
name: jupyterhub/configurable-http-proxy
tag: 3.0.0
pullPolicy: IfNotPresent
tag: 4.1.0
resources:
requests:
cpu: 200m
@@ -98,12 +101,12 @@ proxy:
tag: 0.15.0
pullPolicy: IfNotPresent
proxyBodySize: 64m
hstsIncludeSubdomains: 'false'
resources: {}
lego:
image:
name: jetstack/kube-lego
tag: 0.1.7
pullPolicy: IfNotPresent
resources: {}
labels: {}
nodeSelector: {}
@@ -132,23 +135,23 @@ proxy:
cidr: 0.0.0.0/0


auth:
type: dummy
whitelist:
users:
admin:
access: true
users:
dummy:
password:
ldap:
dn:
search: {}
user: {}
user: {}
state:
enabled: false
cryptoKey:
# auth:
# type: dummy
# whitelist:
# users:
# admin:
# access: true
# users:
# dummy:
# password:
# ldap:
# dn:
# search: {}
# user: {}
# user: {}
# state:
# enabled: false
# cryptoKey:


singleuser:
@@ -166,7 +169,7 @@ singleuser:
networkTools:
image:
name: jupyterhub/k8s-network-tools
tag: '0.8.2'
tag: '0.9-b51ffeb'
cloudMetadata:
enabled: false
ip: 169.254.169.254
@@ -207,7 +210,7 @@ singleuser:
storageAccessModes: [ReadWriteOnce]
image:
name: jupyterhub/k8s-singleuser-sample
tag: '0.8.2'
tag: '0.9-b51ffeb'
pullPolicy: IfNotPresent
imagePullSecret:
enabled: false
@@ -266,9 +269,9 @@ prePuller:
enabled: true
image:
name: jupyterhub/k8s-image-awaiter
tag: '0.8.2'
tag: '0.9-b51ffeb'
continuous:
enabled: false
enabled: true
extraImages: {}
pause:
image:
@@ -294,4 +297,4 @@ cull:


debug:
enabled: false
enabled: true

0 comments on commit c9436a0

Please sign in to comment.