diff --git a/README.md b/README.md index b38a0fb6a9..dfba868bb4 100644 --- a/README.md +++ b/README.md @@ -62,17 +62,22 @@ An ibox-iscsi storage class needs to be deployed to the k8s cluster. See https: ### Deploy the chart - `cd jupyterhub/` -- `helm install --namespace jup --name jupyterhub --values values.yaml --values config.yaml .` +- Execute one of: + - `helm install --namespace jup --name jupyterhub --values values.yaml --values config.yaml .` + - `helm upgrade --install jupyter --values values.yaml --values config.yaml .` - `kubectl -n jup get all` - Monitor the jup namespace and verify jupyterhub is deployed properly. ### Access from your laptop -- `kubectl port-forward -n jup 9000:8000 +- `kubectl port-forward -n jup "proxy-NNN name" 9000:8000` - Visit http://http://127.0.0.1:9000 + - If necessary, you may another local port rather than 9000. - Use any name and passwd (for now). - Create a notebook. ### Jupyterhub teardown - `helm delete --purge jupyterhub` -- There may be user pods running. For each: +- There may be user pods running. These have names such as "pod/jupyter-". For each: - `kubectl -n jup delete pod ` +- Delete the namespace: + - `kubectl delete namespace jup` diff --git a/images/hub/Dockerfile b/images/hub/Dockerfile index 84799a867d..123c897bde 100644 --- a/images/hub/Dockerfile +++ b/images/hub/Dockerfile @@ -15,6 +15,7 @@ RUN apt-get update && \ build-essential \ sqlite3 \ curl \ + vim \ dnsutils \ $(bash -c 'if [[ $JUPYTERHUB_VERSION == "git"* ]]; then \ # workaround for https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1794589 @@ -58,5 +59,14 @@ RUN chown ${NB_USER}:${NB_USER} /srv/jupyterhub # JupyterHub API port EXPOSE 8081 +# Patch ldapauthenticator.py v. 1.2.2 +# https://github.com/jupyterhub/ldapauthenticator/issues/128 +RUN \ + infinisrc="/usr/local/lib/python3.6/dist-packages/ldapauthenticator/ldapauthenticator.py" \ + && infinitemp="/root/ldapauthenticator.py" \ + && awk '/return conn.response\[0\]\['\''attributes'\''\]\[self.lookup_dn_user_dn_attribute\]/ { $0=$0"[0]" } 1' "$infinisrc" > "$infinitemp" \ + && sed -i 's?\r??g' "$infinitemp" \ + && mv "$infinitemp" "$infinisrc" + USER ${NB_USER} CMD ["jupyterhub", "--config", "/srv/jupyterhub_config.py"] diff --git a/jupyterhub/.helmignore b/jupyterhub/.helmignore old mode 100644 new mode 100755 index f0c1319444..28d9ff3826 --- a/jupyterhub/.helmignore +++ b/jupyterhub/.helmignore @@ -15,6 +15,7 @@ *.bak *.tmp *~ +*.un~ # Various IDEs .project .idea/ diff --git a/jupyterhub/Chart.yaml b/jupyterhub/Chart.yaml old mode 100644 new mode 100755 index 9eb00fa384..0f2b437172 --- a/jupyterhub/Chart.yaml +++ b/jupyterhub/Chart.yaml @@ -1,10 +1,10 @@ -name: jupyterhub -version: 0.9-dev appVersion: 1.0.0 description: Multi-user Jupyter installation home: https://z2jh.jupyter.org -sources: - - https://github.com/jupyterhub/zero-to-jupyterhub-k8s icon: https://jupyter.org/assets/hublogo.svg kubeVersion: '>=1.11.0-0' +name: jupyterhub +sources: +- https://github.com/jupyterhub/zero-to-jupyterhub-k8s tillerVersion: '>=2.11.0-0' +version: 0.9-b609a67 diff --git a/jupyterhub/config.yaml b/jupyterhub/config.yaml index f75a344af2..2e533ad538 100644 --- a/jupyterhub/config.yaml +++ b/jupyterhub/config.yaml @@ -20,3 +20,84 @@ iscsi: readonly: false networkspaces: iscsi1 poolName: "ps-k8s-cicd" + +# CN=infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com +### LDAP Configuration +# auth: +# type: ldap +# ldap: +# server: +# address: infinidat.com +# dn: +# templates: [] +# #- 'uid={username},ou=Security Groups,dc=infinidat,dc=com' +# #- 'uid={username},ou=Groups,dc=infinidat,dc=com' +# #- 'uid={username},ou=Corp,dc=infinidat,dc=com' +# state: +# enabled: false +# admin: +# access: true +# users: +# - dohlemacher +# - kfred + +# CN=infinidat,OU=Security Groups,OU=Groups,OU=Corp,DC=infinidat,DC=com +### LDAP/AD Configuration +auth: + type: ldap + ldap: + server: + address: 'infinidat.com' + dn: + lookup: true + search: + filter: '({login_attr}={login})' + templates: + - 'CN={username},ou=Professional Services USA,ou=Infinidat Global,ou=Users,ou=Corp,dc=infinidat,dc=com' + # - 'uid={username},ou=Security Groups,dc=infinidat,dc=com' + # - 'uid={username},ou=Groups,dc=infinidat,dc=com' + # - 'uid={username},ou=Corp,dc=infinidat,dc=com' + #- 'uid={username},ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com' + user: + searchBase: 'ou=Professional Services USA,ou=Infinidat Global,ou=Users,ou=Corp,dc=infinidat,dc=com' + # 'ou=Security Groups,ou=Groups,ou=Corp,dc=infinidat,dc=com' + escape: False + attribute: 'sAMAccountName' + dnAttribute: 'cn' + allowedGroups: + - 'cn=US Professional Services,ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com' + #- 'CN=Professional Services US,ou=Non team dls,ou=Groups,ou=Corp,dc=infinidat,dc=com' + #- 'CN=infinidat,OU=Security Groups,dc=infinidat,dc=com' + #- 'CN=infinidat,OU=Groups,OU=Corp,dc=infinidat,dc=com' + #- 'CN=infinidat,OU=Corp,dc=infinidat,dc=com' + state: + enabled: false + admin: + access: true + users: + - dohlemacher + - kfred + +### Dummy auth working with a common password +# auth: +# type: dummy +# whitelist: +# users: +# - dohlemacher +# - kfred +# - jnichols +# - gtouretsky +# admin: +# access: true +# users: +# - dohlemacher +# dummy: +# password: xsignnet1 +# ldap: +# dn: +# search: {} +# user: {} +# user: {} +# state: +# enabled: false +# cryptoKey: diff --git a/jupyterhub/schema.yaml b/jupyterhub/schema.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/NOTES.txt b/jupyterhub/templates/NOTES.txt old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/_helpers.tpl b/jupyterhub/templates/_helpers.tpl old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/configmap.yaml b/jupyterhub/templates/hub/configmap.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/deployment.yaml b/jupyterhub/templates/hub/deployment.yaml old mode 100644 new mode 100755 index cd3d87185a..4d2a78d1a5 --- a/jupyterhub/templates/hub/deployment.yaml +++ b/jupyterhub/templates/hub/deployment.yaml @@ -69,7 +69,12 @@ spec: {{- end }} - name: hub image: {{ .Values.hub.image.name }}:{{ .Values.hub.image.tag }} - command: + ### Alternative to run jh process manually via an exec. + # command: + # - "sleep" + # args: + # - "96000" + command: - jupyterhub - --config - /srv/jupyterhub_config.py diff --git a/jupyterhub/templates/hub/image-credentials-secret.yaml b/jupyterhub/templates/hub/image-credentials-secret.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/netpol.yaml b/jupyterhub/templates/hub/netpol.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/pdb.yaml b/jupyterhub/templates/hub/pdb.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/pvc.yaml b/jupyterhub/templates/hub/pvc.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/rbac.yaml b/jupyterhub/templates/hub/rbac.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/secret.yaml b/jupyterhub/templates/hub/secret.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/hub/service.yaml b/jupyterhub/templates/hub/service.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/image-puller/_daemonset-helper.yaml b/jupyterhub/templates/image-puller/_daemonset-helper.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/image-puller/daemonset.yaml b/jupyterhub/templates/image-puller/daemonset.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/image-puller/job.yaml b/jupyterhub/templates/image-puller/job.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/image-puller/rbac.yaml b/jupyterhub/templates/image-puller/rbac.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/ingress.yaml b/jupyterhub/templates/ingress.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/_README.txt b/jupyterhub/templates/proxy/autohttps/_README.txt old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/configmap-nginx.yaml b/jupyterhub/templates/proxy/autohttps/configmap-nginx.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/deployment.yaml b/jupyterhub/templates/proxy/autohttps/deployment.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/ingress-internal.yaml b/jupyterhub/templates/proxy/autohttps/ingress-internal.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/rbac.yaml b/jupyterhub/templates/proxy/autohttps/rbac.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/autohttps/service.yaml b/jupyterhub/templates/proxy/autohttps/service.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/deployment.yaml b/jupyterhub/templates/proxy/deployment.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/netpol.yaml b/jupyterhub/templates/proxy/netpol.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/pdb.yaml b/jupyterhub/templates/proxy/pdb.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/secret.yaml b/jupyterhub/templates/proxy/secret.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/proxy/service.yaml b/jupyterhub/templates/proxy/service.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/_scheduling-helpers.tpl b/jupyterhub/templates/scheduling/_scheduling-helpers.tpl old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/priorityclass.yaml b/jupyterhub/templates/scheduling/priorityclass.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml b/jupyterhub/templates/scheduling/user-placeholder/pdb.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml b/jupyterhub/templates/scheduling/user-placeholder/priorityclass.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml b/jupyterhub/templates/scheduling/user-placeholder/statefulset.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-scheduler/_helpers.tpl b/jupyterhub/templates/scheduling/user-scheduler/_helpers.tpl old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml b/jupyterhub/templates/scheduling/user-scheduler/configmap.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml b/jupyterhub/templates/scheduling/user-scheduler/deployment.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml b/jupyterhub/templates/scheduling/user-scheduler/pdb.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml b/jupyterhub/templates/scheduling/user-scheduler/rbac.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/singleuser/image-credentials-secret.yaml b/jupyterhub/templates/singleuser/image-credentials-secret.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/templates/singleuser/netpol.yaml b/jupyterhub/templates/singleuser/netpol.yaml old mode 100644 new mode 100755 diff --git a/jupyterhub/values.yaml b/jupyterhub/values.yaml index ab3c0eef2d..6b55e23b07 100755 --- a/jupyterhub/values.yaml +++ b/jupyterhub/values.yaml @@ -10,6 +10,7 @@ hub: baseUrl: / cookieSecret: publicURL: + initContainers: [] uid: 0 fsGid: 0 nodeSelector: {} @@ -43,8 +44,11 @@ hub: extraVolumes: [] extraVolumeMounts: [] image: - name: jupyterhub/k8s-hub - tag: '0.8.2' + # name: jupyterhub/k8s-hub + # tag: '0.9-445a953' + name: sqqqrly/k8s-hub-patched + tag: '0.9-445a953-patch' + pullPolicy: Always resources: requests: cpu: 200m @@ -86,8 +90,7 @@ proxy: chp: image: name: jupyterhub/configurable-http-proxy - tag: 3.0.0 - pullPolicy: IfNotPresent + tag: 4.1.0 resources: requests: cpu: 200m @@ -98,12 +101,12 @@ proxy: tag: 0.15.0 pullPolicy: IfNotPresent proxyBodySize: 64m + hstsIncludeSubdomains: 'false' resources: {} lego: image: name: jetstack/kube-lego tag: 0.1.7 - pullPolicy: IfNotPresent resources: {} labels: {} nodeSelector: {} @@ -132,23 +135,23 @@ proxy: cidr: 0.0.0.0/0 -auth: - type: dummy - whitelist: - users: - admin: - access: true - users: - dummy: - password: - ldap: - dn: - search: {} - user: {} - user: {} - state: - enabled: false - cryptoKey: +# auth: +# type: dummy +# whitelist: +# users: +# admin: +# access: true +# users: +# dummy: +# password: +# ldap: +# dn: +# search: {} +# user: {} +# user: {} +# state: +# enabled: false +# cryptoKey: singleuser: @@ -166,7 +169,7 @@ singleuser: networkTools: image: name: jupyterhub/k8s-network-tools - tag: '0.8.2' + tag: '0.9-b51ffeb' cloudMetadata: enabled: false ip: 169.254.169.254 @@ -207,7 +210,7 @@ singleuser: storageAccessModes: [ReadWriteOnce] image: name: jupyterhub/k8s-singleuser-sample - tag: '0.8.2' + tag: '0.9-b51ffeb' pullPolicy: IfNotPresent imagePullSecret: enabled: false @@ -266,9 +269,9 @@ prePuller: enabled: true image: name: jupyterhub/k8s-image-awaiter - tag: '0.8.2' + tag: '0.9-b51ffeb' continuous: - enabled: false + enabled: true extraImages: {} pause: image: @@ -294,4 +297,4 @@ cull: debug: - enabled: false + enabled: true