Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • epics-containers/jupyter-chart
1 result
Show changes
Commits on Source (37)
Hide whitespace changes
Inline Side-by-side
templates/_helpers.tpl
View file @ dd64ee70
......@@ -35,6 +35,8 @@ helm.sh/chart: {{ include "jupyter-control-notebook-chart.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
beamline: {{ .Values.beamline | quote }}
{{- end }}
{{/*
......
templates/deployment.yaml
View file @ dd64ee70
......@@ -19,124 +19,54 @@ spec:
labels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 8 }}
spec:
initContainers:
- name: fix-permissions
image: baltig.infn.it:4567/epics-containers/container-init
command:
- sh
- -c
- |
ls -latr /home/jovyan
id
# chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/jovyan
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- if .Values.serviceAccountName }}
serviceAccountName: {{ .Values.serviceAccountName | quote }}
{{- end }}
serviceAccountName: {{ include "jupyter-control-notebook-chart.serviceAccountName" . }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan/work
stdin: {{ .Values.image.stdinOpen }}
tty: {{ .Values.image.tty }}
{{- if .Values.configCA.existingConfigMap}}
envFrom:
- configMapRef:
name: {{ .Values.configCA.existingConfigMap }}
{{- end }}
ports:
- name: http
containerPort: 8888
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- toYaml .Values.securityContext | nindent 8 }}
{{- end }}
volumes:
- name: jupyter-data
persistentVolumeClaim:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "jupyter-control-notebook-chart.fullname" . }}
labels:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
spec:
serviceName: "jupyter-notebook"
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- if .Values.securityContext.runAsUser }}
fsGroup: {{ .Values.securityContext.runAsUser }}
{{- end }}
labels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 8 }}
spec:
initContainers:
- name: fix-permissions
image: baltig.infn.it:4567/epics-containers/container-init
command:
- sh
- -c
- |
mountdir=/home/jovyan
cd $mountdir
if [ -n {{ .Values.gitRepoConfig.url }} ]; then
if [ -n "{{ .Values.gitRepoConfig.branch }}" ];then
git clone -b {{ .Values.gitRepoConfig.branch }} {{ .Values.gitRepoConfig.url }} --recurse-submodules
- name: fix-permissions
image: baltig.infn.it:4567/epics-containers/container-init
command:
- sh
- -c
- |
mountdir=/home/jovyan
cd $mountdir
id=`id`
url="{{ .Values.gitRepoConfig.url }}"
echo "ID: $id git $url"
if [ -n "$url" ]; then
clone_dir=$(basename "$url" .git)
echo "* git directory $clone_dir"
if [ -d $clone_dir ]; then
cd $clone_dir
git pull --recurse-submodules
else
if [ -n "{{ .Values.gitRepoConfig.branch }}" ]; then
git clone --depth 1 -b {{ .Values.gitRepoConfig.branch }} {{ .Values.gitRepoConfig.url }} --recurse-submodules
else
git clone {{ .Values.gitRepoConfig.url }} --recurse-submodules
fi
if [ -d temp-config/{{ .Values.gitRepoConfig.path}} ];then
if [ "{{ .Values.gitRepoConfig.path }}" != "." ];then
mv temp-config/{{ .Values.gitRepoConfig.path }}/* $mountdir/
fi
git clone --depth 1{{ .Values.gitRepoConfig.url }} --recurse-submodules
fi
fi
fi
fi
ls -latr /home/jovyan
id
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan
ls -latr
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan
{{- if .Values.resources }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- end }}
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "jupyter-control-notebook-chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
......@@ -144,29 +74,61 @@ spec:
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan/work
{{- range .Values.nfsMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- end }}
{{- if .Values.image.stdinOpen }}
stdin: {{ .Values.image.stdinOpen }}
{{- end }}
{{- if .Values.image.tty }}
tty: {{ .Values.image.tty }}
{{- if .Values.configCA.existingConfigMap}}
{{- end }}
envFrom:
- configMapRef:
name: {{ .Values.configCA.existingConfigMap }}
{{- end }}
name: {{ .Values.epicsConfiguration.name | default "default-config" }}
env:
- name: NOTEBOOK_ARGS
value: "--PasswordIdentityProvider.hashed_password={{ .Values.hashedpass }}"
{{- if .Values.configCA.address_list }}
- name: JUPYTER_SERVER_URL
value: "http://127.0.0.1:8888"
{{- if .Values.epicsConfiguration.gateway }}
- name: EPICS_CA_ADDR_LIST
value: {{ .Values.configCA.address_list | quote }}
value: {{ .Values.epicsConfiguration.gateway | quote }}
- name: EPICS_CA_AUTO_ADDR_LIST
value: "NO"
{{- end }}
{{- range .Values.nfsMounts }}
- name: {{ .name | upper }}_SERVER
value: {{ .server | quote }}
- name: {{ .name | upper }}_SERVER_PATH
value: {{ .path | quote }}
- name: {{ .name | upper }}_DIR
value: {{ .mountPath | quote }}
{{- end }}
ports:
- name: http
containerPort: 8888
protocol: TCP
command:
- sh
- -c
- |
{{- range .Values.nfsMounts }}
mkdir -p {{ .mountPath }}/notebook
{{- end }}
echo "Starting Notebook"
{{- range .Values.pip }}
echo "installing {{.}}"
pip install {{.}}
{{- end }}
tini -g -- start.sh /usr/local/bin/start-notebook.py
{{- if .Values.resources }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
......@@ -180,18 +142,17 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
{{- range .Values.nfsMounts }}
- name: {{ .name }}
nfs:
server: {{ .server }}
path: {{ .path }}
{{- end }}
{{- if .Values.dataVolume.claim }}
- name: jupyter-data
persistentVolumeClaim:
{{- if .Values.dataVolume.claim }}
claimName: {{ .Values.dataVolume.claim }}
{{- end }}
{{- if not .Values.dataVolume.claim }}
volumeClaimTemplates:
- metadata:
name: {{ include "jupyter-control-notebook-chart.fullname" . }}-jupyter-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.dataVolume.size }}
{{- end }}
{{- else }}
- name: jupyter-data
emptyDir: {}
{{- end }}
templates/ingress.yaml
View file @ dd64ee70
......@@ -51,10 +51,10 @@ spec:
service:
name: {{ $fullName }}
port:
number: {{ .port }}
number: 80
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ .port }}
servicePort: 80
{{- end }}
{{- end }}
{{- end }}
......
templates/service.yaml
View file @ dd64ee70
......@@ -6,6 +6,11 @@ metadata:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.staticIP }}
clusterIP: {{.Values.staticIP}}
{{- else }}
clusterIP: None
{{- end }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
......
templates/tests/test-connection.yaml deleted 100644 → 0
View file @ de2a2c03
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "jupyter-control-notebook-chart.fullname" . }}-test-connection"
labels:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "jupyter-control-notebook-chart.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
values.yaml
View file @ dd64ee70
......@@ -26,11 +26,7 @@ serviceAccount:
podAnnotations: {}
securityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 0
securityContext: {}
service:
type: ClusterIP
......@@ -53,7 +49,9 @@ ingress:
# hosts:
# - chart-example.local
resources: {}
resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
......@@ -78,14 +76,9 @@ tolerations: []
affinity: {}
configCA:
existingConfigMap: "" # name of existing configMap that set CA parameters
address_list: ""
max_array_bytes: "10000000"
dataVolume:
claim: ## an existing claim or empty will create a new one
size: 50Gi ## size of the claim
claim: "" ## an existing claim or empty will create a new one
size: 10Gi ## size of the claim
accessMode: ReadWriteOnce
gitRepoConfig:
......@@ -94,4 +87,14 @@ gitRepoConfig:
path: "."
exec: "" ## start script (if any) to execute
## in a python console from jupyter_server.auth import passwd; passwd()
hashedpass: "argon2:$argon2id$v=19$m=10240,t=10,p=8$yZEhXIv+GjgLRKsPbRRCnA$81V1v2J9EQlYdcQ3uKQMzUrfrVQAcYXOOP++op6rtoo"
\ No newline at end of file
hashedpass: "argon2:$argon2id$v=19$m=10240,t=10,p=8$yZEhXIv+GjgLRKsPbRRCnA$81V1v2J9EQlYdcQ3uKQMzUrfrVQAcYXOOP++op6rtoo"
epicsConfiguration:
name: ## load the epicsConfigurationMap
gateway: ## if defined EPICS_CA_ADDR_LIST is overridden
pip:
- infn-ophyd-hal
staticIP:
nfsMounts: