Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • epics-containers/jupyter-chart
1 result
Show changes
Commits on Source (37)
Hide whitespace changes
Inline Side-by-side
templates/_helpers.tpl
View file @ dd64ee70
...@@ -35,6 +35,8 @@ helm.sh/chart: {{ include "jupyter-control-notebook-chart.chart" . }} ...@@ -35,6 +35,8 @@ helm.sh/chart: {{ include "jupyter-control-notebook-chart.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }} {{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/managed-by: {{ .Release.Service }}
beamline: {{ .Values.beamline | quote }}
{{- end }} {{- end }}
{{/* {{/*
......
templates/deployment.yaml
View file @ dd64ee70
...@@ -19,124 +19,54 @@ spec: ...@@ -19,124 +19,54 @@ spec:
labels: labels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 8 }} {{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 8 }}
spec: spec:
initContainers: {{- if .Values.serviceAccountName }}
- name: fix-permissions serviceAccountName: {{ .Values.serviceAccountName | quote }}
image: baltig.infn.it:4567/epics-containers/container-init
command:
- sh
- -c
- |
ls -latr /home/jovyan
id
# chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/jovyan
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "jupyter-control-notebook-chart.serviceAccountName" . }} {{- if .Values.securityContext }}
securityContext: securityContext:
{{- toYaml .Values.securityContext | nindent 12 }} {{- toYaml .Values.securityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
- name: jupyter-data
mountPath: /home/jovyan/work
stdin: {{ .Values.image.stdinOpen }}
tty: {{ .Values.image.tty }}
{{- if .Values.configCA.existingConfigMap}}
envFrom:
- configMapRef:
name: {{ .Values.configCA.existingConfigMap }}
{{- end }}
ports:
- name: http
containerPort: 8888
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
volumes: {{- if .Values.securityContext.runAsUser }}
- name: jupyter-data fsGroup: {{ .Values.securityContext.runAsUser }}
persistentVolumeClaim:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "jupyter-control-notebook-chart.fullname" . }}
labels:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
spec:
serviceName: "jupyter-notebook"
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
labels:
{{- include "jupyter-control-notebook-chart.selectorLabels" . | nindent 8 }}
spec:
initContainers: initContainers:
- name: fix-permissions - name: fix-permissions
image: baltig.infn.it:4567/epics-containers/container-init image: baltig.infn.it:4567/epics-containers/container-init
command: command:
- sh - sh
- -c - -c
- | - |
mountdir=/home/jovyan mountdir=/home/jovyan
cd $mountdir cd $mountdir
if [ -n {{ .Values.gitRepoConfig.url }} ]; then id=`id`
if [ -n "{{ .Values.gitRepoConfig.branch }}" ];then url="{{ .Values.gitRepoConfig.url }}"
git clone -b {{ .Values.gitRepoConfig.branch }} {{ .Values.gitRepoConfig.url }} --recurse-submodules echo "ID: $id git $url"
if [ -n "$url" ]; then
clone_dir=$(basename "$url" .git)
echo "* git directory $clone_dir"
if [ -d $clone_dir ]; then
cd $clone_dir
git pull --recurse-submodules
else
if [ -n "{{ .Values.gitRepoConfig.branch }}" ]; then
git clone --depth 1 -b {{ .Values.gitRepoConfig.branch }} {{ .Values.gitRepoConfig.url }} --recurse-submodules
else else
git clone {{ .Values.gitRepoConfig.url }} --recurse-submodules git clone --depth 1{{ .Values.gitRepoConfig.url }} --recurse-submodules
fi fi
if [ -d temp-config/{{ .Values.gitRepoConfig.path}} ];then fi
if [ "{{ .Values.gitRepoConfig.path }}" != "." ];then
mv temp-config/{{ .Values.gitRepoConfig.path }}/* $mountdir/
fi
fi fi
fi ls -latr
volumeMounts:
- name: jupyter-data
ls -latr /home/jovyan mountPath: /home/jovyan
id {{- if .Values.resources }}
resources:
volumeMounts: {{ toYaml .Values.resources | indent 12 }}
- name: jupyter-data {{- end }}
mountPath: /home/jovyan
{{- with .Values.imagePullSecrets }} {{- with .Values.imagePullSecrets }}
imagePullSecrets: imagePullSecrets:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
serviceAccountName: {{ include "jupyter-control-notebook-chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
containers: containers:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
...@@ -144,29 +74,61 @@ spec: ...@@ -144,29 +74,61 @@ spec:
volumeMounts: volumeMounts:
- name: jupyter-data - name: jupyter-data
mountPath: /home/jovyan/work mountPath: /home/jovyan/work
{{- range .Values.nfsMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- end }}
{{- if .Values.image.stdinOpen }}
stdin: {{ .Values.image.stdinOpen }} stdin: {{ .Values.image.stdinOpen }}
{{- end }}
{{- if .Values.image.tty }}
tty: {{ .Values.image.tty }} tty: {{ .Values.image.tty }}
{{- if .Values.configCA.existingConfigMap}} {{- end }}
envFrom: envFrom:
- configMapRef: - configMapRef:
name: {{ .Values.configCA.existingConfigMap }} name: {{ .Values.epicsConfiguration.name | default "default-config" }}
{{- end }}
env: env:
- name: NOTEBOOK_ARGS - name: NOTEBOOK_ARGS
value: "--PasswordIdentityProvider.hashed_password={{ .Values.hashedpass }}" value: "--PasswordIdentityProvider.hashed_password={{ .Values.hashedpass }}"
{{- if .Values.configCA.address_list }} - name: JUPYTER_SERVER_URL
value: "http://127.0.0.1:8888"
{{- if .Values.epicsConfiguration.gateway }}
- name: EPICS_CA_ADDR_LIST - name: EPICS_CA_ADDR_LIST
value: {{ .Values.configCA.address_list | quote }} value: {{ .Values.epicsConfiguration.gateway | quote }}
- name: EPICS_CA_AUTO_ADDR_LIST - name: EPICS_CA_AUTO_ADDR_LIST
value: "NO" value: "NO"
{{- end }} {{- end }}
{{- range .Values.nfsMounts }}
- name: {{ .name | upper }}_SERVER
value: {{ .server | quote }}
- name: {{ .name | upper }}_SERVER_PATH
value: {{ .path | quote }}
- name: {{ .name | upper }}_DIR
value: {{ .mountPath | quote }}
{{- end }}
ports: ports:
- name: http - name: http
containerPort: 8888 containerPort: 8888
protocol: TCP protocol: TCP
command:
- sh
- -c
- |
{{- range .Values.nfsMounts }}
mkdir -p {{ .mountPath }}/notebook
{{- end }}
echo "Starting Notebook"
{{- range .Values.pip }}
echo "installing {{.}}"
pip install {{.}}
{{- end }}
tini -g -- start.sh /usr/local/bin/start-notebook.py
{{- if .Values.resources }}
resources: resources:
{{- toYaml .Values.resources | nindent 12 }} {{- toYaml .Values.resources | nindent 12 }}
{{- end }}
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
...@@ -180,18 +142,17 @@ spec: ...@@ -180,18 +142,17 @@ spec:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
volumes: volumes:
{{- range .Values.nfsMounts }}
- name: {{ .name }}
nfs:
server: {{ .server }}
path: {{ .path }}
{{- end }}
{{- if .Values.dataVolume.claim }}
- name: jupyter-data - name: jupyter-data
persistentVolumeClaim: persistentVolumeClaim:
{{- if .Values.dataVolume.claim }}
claimName: {{ .Values.dataVolume.claim }} claimName: {{ .Values.dataVolume.claim }}
{{- end }} {{- else }}
{{- if not .Values.dataVolume.claim }} - name: jupyter-data
volumeClaimTemplates: emptyDir: {}
- metadata: {{- end }}
name: {{ include "jupyter-control-notebook-chart.fullname" . }}-jupyter-data
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: {{ .Values.dataVolume.size }}
{{- end }}
templates/ingress.yaml
View file @ dd64ee70
...@@ -51,10 +51,10 @@ spec: ...@@ -51,10 +51,10 @@ spec:
service: service:
name: {{ $fullName }} name: {{ $fullName }}
port: port:
number: {{ .port }} number: 80
{{- else }} {{- else }}
serviceName: {{ $fullName }} serviceName: {{ $fullName }}
servicePort: {{ .port }} servicePort: 80
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}
......
templates/service.yaml
View file @ dd64ee70
...@@ -6,6 +6,11 @@ metadata: ...@@ -6,6 +6,11 @@ metadata:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }} {{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
{{- if .Values.staticIP }}
clusterIP: {{.Values.staticIP}}
{{- else }}
clusterIP: None
{{- end }}
ports: ports:
- port: {{ .Values.service.port }} - port: {{ .Values.service.port }}
targetPort: http targetPort: http
......
templates/tests/test-connection.yaml deleted 100644 → 0
View file @ de2a2c03
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "jupyter-control-notebook-chart.fullname" . }}-test-connection"
labels:
{{- include "jupyter-control-notebook-chart.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": test
spec:
containers:
- name: wget
image: busybox
command: ['wget']
args: ['{{ include "jupyter-control-notebook-chart.fullname" . }}:{{ .Values.service.port }}']
restartPolicy: Never
values.yaml
View file @ dd64ee70
...@@ -26,11 +26,7 @@ serviceAccount: ...@@ -26,11 +26,7 @@ serviceAccount:
podAnnotations: {} podAnnotations: {}
securityContext: securityContext: {}
runAsNonRoot: true
runAsUser: 1000
fsGroup: 0
service: service:
type: ClusterIP type: ClusterIP
...@@ -53,7 +49,9 @@ ingress: ...@@ -53,7 +49,9 @@ ingress:
# hosts: # hosts:
# - chart-example.local # - chart-example.local
resources: {} resources:
{}
# We usually recommend not to specify default resources and to leave this as a conscious # We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little # choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following # resources, such as Minikube. If you do want to specify resources, uncomment the following
...@@ -78,14 +76,9 @@ tolerations: [] ...@@ -78,14 +76,9 @@ tolerations: []
affinity: {} affinity: {}
configCA:
existingConfigMap: "" # name of existing configMap that set CA parameters
address_list: ""
max_array_bytes: "10000000"
dataVolume: dataVolume:
claim: ## an existing claim or empty will create a new one claim: "" ## an existing claim or empty will create a new one
size: 50Gi ## size of the claim size: 10Gi ## size of the claim
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
gitRepoConfig: gitRepoConfig:
...@@ -94,4 +87,14 @@ gitRepoConfig: ...@@ -94,4 +87,14 @@ gitRepoConfig:
path: "." path: "."
exec: "" ## start script (if any) to execute exec: "" ## start script (if any) to execute
## in a python console from jupyter_server.auth import passwd; passwd() ## in a python console from jupyter_server.auth import passwd; passwd()
hashedpass: "argon2:$argon2id$v=19$m=10240,t=10,p=8$yZEhXIv+GjgLRKsPbRRCnA$81V1v2J9EQlYdcQ3uKQMzUrfrVQAcYXOOP++op6rtoo" hashedpass: "argon2:$argon2id$v=19$m=10240,t=10,p=8$yZEhXIv+GjgLRKsPbRRCnA$81V1v2J9EQlYdcQ3uKQMzUrfrVQAcYXOOP++op6rtoo"
\ No newline at end of file
epicsConfiguration:
name: ## load the epicsConfigurationMap
gateway: ## if defined EPICS_CA_ADDR_LIST is overridden
pip:
- infn-ophyd-hal
staticIP:
nfsMounts: